diff --git a/register.php b/register.php
index 29f5da74c147d31fd80f2598c2f833b3c7c037a5..4ce22b03a15bd6ef8d46d4d40ab75b49824574ad 100644
--- a/register.php
+++ b/register.php
@@ -1,50 +1,36 @@
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
+session_start();
include 'components/connect.php';
-if(isset($_POST['submit'])){
-
- $name = htmlspecialchars($_POST['name'], ENT_QUOTES, 'UTF-8');
- $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
- $pass = password_hash($_POST['pass'], PASSWORD_DEFAULT);
- $c_pass = $_POST['c_pass']; // ใช้เปรียบเทียบตรง ๆ กับ $_POST['pass']
+$user_id = $_SESSION['user_id'] ?? ''; // ดึง user_id จาก session
- // ตรวจสอบว่ารหัสผ่านตรงกันหรือไม่
- if ($c_pass !== $_POST['pass']) {
- $warning_msg[] = 'Confirm password not matched!';
- } else {
-
- // อัปโหลดรูปภาพ
- $rename = NULL; // ตั้งค่าเริ่มต้นเป็น NULL
- if (!empty($_FILES['image']['name'])) {
- $image = $_FILES['image']['name'];
- $ext = pathinfo($image, PATHINFO_EXTENSION);
- $rename = uniqid().'.'.$ext; // ใช้ uniqid() แทน create_unique_id()
- $image_size = $_FILES['image']['size'];
- $image_tmp_name = $_FILES['image']['tmp_name'];
- $image_folder = 'uploaded_files/'.$rename;
+if(isset($_GET['get_id'])){
+ $get_id = $_GET['get_id'];
+}else{
+ header('location:all_posts.php');
+ exit();
+}
- if ($image_size > 2000000) {
- $warning_msg[] = 'Image size is too large!';
- } else {
- move_uploaded_file($image_tmp_name, $image_folder);
- }
- }
+if(isset($_POST['submit'])){
+ if($user_id !== ''){ // เปลี่ยนจาก != เป็น !== เพื่อความแม่นยำ
+ $title = filter_var($_POST['title'], FILTER_SANITIZE_STRING);
+ $description = filter_var($_POST['description'], FILTER_SANITIZE_STRING);
+ $rating = filter_var($_POST['rating'], FILTER_SANITIZE_STRING);
- // ตรวจสอบว่าอีเมลซ้ำหรือไม่
- $verify_email = $conn->prepare("SELECT * FROM `users` WHERE email = ?");
- $verify_email->execute([$email]);
+ $verify_review = $conn->prepare("SELECT * FROM `reviews` WHERE post_id = ? AND user_id = ?");
+ $verify_review->execute([$get_id, $user_id]);
- if ($verify_email->rowCount() > 0) {
- $warning_msg[] = 'Email already taken!';
+ if($verify_review->rowCount() > 0){
+ $warning_msg[] = 'Your review already added!';
} else {
- // เพิ่มข้อมูลลงฐานข้อมูล
- $insert_user = $conn->prepare("INSERT INTO `users`(name, email, password, image) VALUES(?,?,?,?)");
- $insert_user->execute([$name, $email, $pass, $rename]);
-
- $success_msg[] = 'Registered successfully!';
+ $add_review = $conn->prepare("INSERT INTO `reviews`(post_id, user_id, rating, title, description) VALUES(?,?,?,?,?)");
+ $add_review->execute([$get_id, $user_id, $rating, $title, $description]);
+ $success_msg[] = 'Review added!';
}
+ } else {
+ $warning_msg[] = 'Please login first!';
}
}
?>