'Method not allowed'], 405); } if (!CustomerAuth::isLoggedIn()) { jsonResponse(['error' => 'Please log in to submit a review'], 401); } $customer = CustomerAuth::getFullUser(); $input = json_decode(file_get_contents('php://input'), true); $productId = $input['product_id'] ?? ''; $rating = intval($input['rating'] ?? 0); $title = trim($input['title'] ?? ''); $content = trim($input['content'] ?? ''); if (empty($productId) || $rating < 1 || $rating > 5 || empty($content)) { jsonResponse(['error' => 'Invalid input. Rating and review content are required.'], 400); } // Check if product exists $product = db()->fetch("SELECT product_id FROM products WHERE product_id = :id", ['id' => $productId]); if (!$product) { jsonResponse(['error' => 'Product not found'], 404); } // Check if already reviewed $existingReview = db()->fetch( "SELECT review_id FROM reviews WHERE customer_id = :cid AND product_id = :pid", ['cid' => $customer['customer_id'], 'pid' => $productId] ); if ($existingReview) { jsonResponse(['error' => 'You have already reviewed this product'], 400); } // Create review $reviewId = generateId('rev_'); db()->insert('reviews', [ 'review_id' => $reviewId, 'product_id' => $productId, 'customer_id' => $customer['customer_id'], 'customer_name' => $customer['name'] ?? explode('@', $customer['email'])[0], 'customer_email' => $customer['email'], 'rating' => $rating, 'title' => $title, 'content' => $content, 'status' => 'pending' // Reviews require admin approval ]); jsonResponse([ 'success' => true, 'message' => 'Review submitted successfully. It will be visible after approval.', 'review_id' => $reviewId ]);