add prevention from self rating videos

kuldp18 · Apr 5, 2024 · 7a8a573 · 7a8a573
1 parent ce70058
commit 7a8a573
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 3 deletions.
diff --git a/includes/star_rating.inc.php b/includes/star_rating.inc.php
@@ -32,6 +32,11 @@
             $errors[] = "Video does not exist";
         }
 
+        // check if user is the creator of the video
+        else if (is_user_video_creator($pdo, $_SESSION["user_id"], $video_id)) {
+            $errors[] = "You cannot rate your own video";
+        }
+
 
 
         if ($errors) {

diff --git a/models/videos.inc.php b/models/videos.inc.php
@@ -205,3 +205,20 @@ function submit_star_rating(object $pdo, int $video_id, string $rating): void
     $stmt->bindParam(":video_id", $video_id, PDO::PARAM_INT);
     $stmt->execute();
 }
+
+// if logged in user and uploader of the video are the same, return true
+function is_user_video_creator(object $pdo, int $user_id, int $video_id): bool
+{
+    $query = "SELECT * FROM videos WHERE user_id = :user_id AND video_id = :video_id";
+    $stmt = $pdo->prepare($query);
+    $stmt->bindParam(":user_id", $user_id, PDO::PARAM_INT);
+    $stmt->bindParam(":video_id", $video_id, PDO::PARAM_INT);
+    $stmt->execute();
+    $result = $stmt->fetch(PDO::FETCH_ASSOC);
+
+    if ($result === false) {
+        return false;
+    }
+
+    return true;
+}
diff --git a/pages/video_page.php b/pages/video_page.php
@@ -151,13 +151,24 @@
 
     <script src="../js/close_modal.js"></script>
     <?php if (isset($current_user_id)) : ?>
-        <script src="../js/star_rating.js"></script>
+        <?php if (!is_user_video_creator($pdo, $current_user_id, $current_video_id)) : ?>
+            <script src="../js/star_rating.js"></script>
+        <?php endif; ?>
+
+        <?php if (is_user_video_creator($pdo, $current_user_id, $current_video_id)) : ?>
+            <script>
+                const stars = document.querySelectorAll(".star i");
+                stars.forEach(star => {
+                    star.style.cursor = "not-allowed";
+                });
+            </script>
+        <?php endif; ?>
     <?php endif; ?>
 
     <?php if (!isset($current_user_id)) : ?>
         <script>
-            const stars = document.querySelectorAll(".star i");
-            stars.forEach(star => {
+            const stars2 = document.querySelectorAll(".star i");
+            stars2.forEach(star => {
                 star.style.cursor = "not-allowed";
             });
         </script>