From 31155fb925fdd102cfd6296b45dccc0153908783 Mon Sep 17 00:00:00 2001
From: s416267 <kampap@st.amu.edu.pl>
Date: Sun, 16 Dec 2018 20:05:52 +0100
Subject: [PATCH] komentarze + rating dla nie/zalogowanych

---
 blog-post/comment.php   |   8 ++--
 blog-post/css/style.css |   7 ++-
 blog-post/post.php      | 103 +++++++++++++++++++++++++++++++++++-----
 blog-post/rating.php    |   7 +--
 4 files changed, 105 insertions(+), 20 deletions(-)

diff --git a/blog-post/comment.php b/blog-post/comment.php
index ecb7013..6a0b8dc 100644
--- a/blog-post/comment.php
+++ b/blog-post/comment.php
@@ -1,13 +1,13 @@
-<?php
+<?php if( !isset( $_SESSION ) ) session_start();
 include "../settings/db_connect.php";
 $_SESSION['message'] = '';
 $post=$_GET['post'];
+$user=$_SESSION['user']; 
 if ($_SERVER['REQUEST_METHOD'] == "POST"){
         $tekst = $mysqli->real_escape_string($_POST['tekst']);
                 $_SESSION['tekst'] = $tekst;
-                $sql = "INSERT INTO comments (tekst)"
-                        . "Values ('$tekst')";
-                
+                $sql = "INSERT INTO comments (post_id, username, tekst)"
+                        . "Values ('$post' , '$user' , '$tekst')";				
                 if($mysqli->query($sql) === true){
                     $_SESSION['message'] = "Dodanie komentarza się powiodło!";
                     header("location:post.php?post=$post");
diff --git a/blog-post/css/style.css b/blog-post/css/style.css
index 6edc748..c0ffc79 100644
--- a/blog-post/css/style.css
+++ b/blog-post/css/style.css
@@ -29,6 +29,7 @@ z {
 }
 
 
+
 post {
 
 		font-size: 18px;
@@ -122,8 +123,9 @@ post {
 	line-height: 1.3;
 	font-weight: 300;
 	text-align: left;
-
 }
+
+
 .name-desc po
 { font-style: italic;
 	font-size: 19px;
@@ -284,4 +286,5 @@ object-fit:scale-down;
 .rate > input:checked ~ label:hover ~ label,
 .rate > label:hover ~ input:checked ~ label {
     color: #f4c741;
-}
\ No newline at end of file
+}
+
diff --git a/blog-post/post.php b/blog-post/post.php
index b322ed3..068a058 100644
--- a/blog-post/post.php
+++ b/blog-post/post.php
@@ -1,6 +1,8 @@
+<?php if( !isset( $_SESSION ) ) session_start();
+?>
+
 <?php
 include "../settings/db_connect.php";
-
 $post = $_GET['post'];
 
 if ($sql =  $mysqli->prepare("SELECT blog_id FROM post WHERE post_id =$post"))
@@ -15,6 +17,8 @@ if ($sql =  $mysqli->prepare("SELECT blog_id FROM post WHERE post_id =$post"))
 $sql->close();
 
 ?>
+
+
 <html lang="pl-PL">
 <head>
   <meta charset="utf-8">
@@ -60,11 +64,25 @@ $sql->close();
     <div class="container">
 	
       <div class="row">
-       
 
 
 <?php
 
+//wyliczanie średniej dla posta
+if ($sql =  $mysqli->prepare("SELECT ROUND(AVG(R1.rating),1) as averageRating  FROM rating R1 RIGHT JOIN (SELECT MAX(R2.timestamp) AS timestamp FROM rating R2 GROUP BY R2.username) R2 ON R1.timestamp=R2.timestamp WHERE post_id=$post"))
+{							
+						$sql->execute();
+						$sql->bind_result($averageRating); 
+						while ($sql->fetch()){}}
+//ocena uzytkownika
+if(!empty($_SESSION['user'])){ 
+$user=$_SESSION['user']; 
+if ($sql =  $mysqli->prepare("SELECT rating FROM rating WHERE post_id=$post AND username='$user'"))
+{
+						$sql->execute();
+						$sql->bind_result($userRating); 
+while ($sql->fetch()){}}		}				
+
 $trash = '';
 if ($sql =  $mysqli->prepare("SELECT * FROM post WHERE post_id =$post"))
 {
@@ -88,8 +106,33 @@ if ($sql =  $mysqli->prepare("SELECT * FROM post WHERE post_id =$post"))
 			<div class="col-lg-12 name-desc">
 			<post><?php echo $main; ?></post>
 			<br>
-			</div>
-				
+		</div> 
+		
+			
+
+	<?php		if(empty($_SESSION['user'])){   ?>
+
+				        
+					
+					<div class="container">
+			            <div class="col-lg-12 col-md-12 col-sm-12 col-xs-12  name-desc">
+							<h4><?php echo $date; ?></h4>
+						</div><br>
+						<div class="col-lg-6 col-md-6 col-sm-6 col-xs-12  name-desc">
+                          
+                             		
+										<div class="rate2">
+										<z>Średnia ocena: <?php echo $averageRating ?> </z>
+										</div>
+									
+                                
+                        
+						</div>
+					</div>
+	<?php } 
+else{
+?> 
+						
 		<div id="particles-js">
             <div class="container">
 				<form class="form" action="rating.php?post=<?php echo $post; ?>" method="post" enctype="multipart/form-data" autocomplete="off">
@@ -97,11 +140,15 @@ if ($sql =  $mysqli->prepare("SELECT * FROM post WHERE post_id =$post"))
                         <div class="col-lg-12 col-md-12 col-sm-12 col-xs-12  name-desc">
 							<h4><?php echo $date; ?></h4>
 						</div><br>
+						
+						
 						<div class="col-lg-6 col-md-6 col-sm-6 col-xs-12  name-desc elementsOnRegisterMain">
                             <div class="form-group inputmain">
                              		<div class="form-group">
 										<div class="rate">
-										<z>Ocena:</z>
+										<z>Twoja ocena: <?php echo $userRating ?> </z> <br>
+										
+
 												
 												<input type="submit" id="star5" name="rating" value=5 />
 												<input type="submit" id="star4" name="rating" value=4 />
@@ -114,7 +161,9 @@ if ($sql =  $mysqli->prepare("SELECT * FROM post WHERE post_id =$post"))
 												<label for="star3" title="3 gwiazdki">3 stars</label>
 												<label for="star2" title="2 gwiazdki">2 stars</label>
 												<label for="star1" title="1 gwiazdka">1 star</label>
-										</div>
+												
+										
+										</div><z>Średnia ocena: <?php echo $averageRating ?> </z> 
 									</div>
                             </div>          
                         
@@ -124,7 +173,15 @@ if ($sql =  $mysqli->prepare("SELECT * FROM post WHERE post_id =$post"))
 				</form>
 			 </div>
 		</div>
-			
+						
+						
+						
+						<?php ;} ?>
+
+		
+		
+		
+		
         <?php }
         $sql->close();
  }
@@ -132,15 +189,16 @@ else die( "Błąd w zapytaniu SQL! Sprawdź kod SQL w PhpMyAdmin." );
 				
 		
 
-if ($sql =  $mysqli->prepare("SELECT * FROM comments ORDER BY comment_id"))
+if ($sql =  $mysqli->prepare("SELECT comments.comment_id, comments.post_id, comments.username, comments.tekst, comments.data_dodania, comments.data_modyfikacji, user.user_id FROM comments LEFT JOIN user ON comments.username=user.username WHERE post_id =$post ORDER BY comment_id"))
 {
         $sql->execute();
-        $sql->bind_result($comment_id,$post_id,$username,$tekst,$data_dodania, $data_modyfikacji); ?>
-	       <div class="name-desc"> <h1> Komentarze</h1> </div>
+        $sql->bind_result($comment_id,$post_id,$username,$tekst,$data_dodania, $data_modyfikacji, $user_id); ?>
+	       <div class="name-desc"> <h1>Komentarze</h1> </div>
         <?php while ($sql->fetch())
         { ?> 
+
 				<div class="col-lg-12 col-md-12 col-sm-12 col-xs-12 name-desc">
-						<a href="blog.php"><po><?php echo $username; ?></po></a>
+						<a href="../blog-post/blog.php?user_id=<?php echo $user_id; ?>"><po><?php echo $username; ?></po></a>
 					 <h6><?php echo $tekst; ?></h6>
 					<h5><?php echo $data_modyfikacji; ?></h5>
         </div>
@@ -148,8 +206,30 @@ if ($sql =  $mysqli->prepare("SELECT * FROM comments ORDER BY comment_id"))
         $sql->close();
         $mysqli->close();  
  } ?>
+ 
+ 
 			<div class="name"> <h2> Dodaj komentarz:</h2> </div>
 
+
+<?php
+	
+			if(empty($_SESSION['user'])){ ?>
+			
+			            <div class="container">
+                <form class="form" action="../admin-zone/login.php?post=<?php echo $post; ?>" method="post" enctype="multipart/form-data" autocomplete="off">
+                    <div class="row registerFooter">
+                        <div class="offset-3 col-6 offset-3 elementsOnRegisterFooter">
+                            <div>
+                              <input type="submit" value="Zaloguj się by komentować i oceniać wpisy" name="register" class="btn btn-block" />
+                            </div>
+                        </div>
+                    </div>
+                </form>
+            </div>
+			<?php
+			}
+else{
+?> 
             <div class="container">
                 <form class="form" action="comment.php?post=<?php echo $post; ?>" method="post" enctype="multipart/form-data" autocomplete="off">
                     <div class="row registerMain">
@@ -170,5 +250,6 @@ if ($sql =  $mysqli->prepare("SELECT * FROM comments ORDER BY comment_id"))
                     </div>
                 </form>
             </div>
+<?php ;} ?>
   </body>
 </html>
diff --git a/blog-post/rating.php b/blog-post/rating.php
index 81331c2..a6f2d1e 100644
--- a/blog-post/rating.php
+++ b/blog-post/rating.php
@@ -1,12 +1,13 @@
-<?php
+<?php if( !isset( $_SESSION ) ) session_start();
 include "../settings/db_connect.php";
 $_SESSION['message'] = '';
 $post=$_GET['post'];
+$user=$_SESSION['user']; 
 if ($_SERVER['REQUEST_METHOD'] == "POST"){
         $rating = $mysqli->real_escape_string($_POST['rating']);
                 $_SESSION['rating'] = $rating;
-                $sql = "INSERT INTO rating (rating)"
-                        . "Values ($rating)";
+                $sql = "INSERT INTO rating (post_id, username, rating)"
+                        . "Values ($post, '$user', $rating)";
                 
                 if($mysqli->query($sql) === true){
                     $_SESSION['message'] = "Dodanie oceny się powiodło!";