db = Database::getInstance(); } /** * Create a new comment */ public function create($data) { $sql = "INSERT INTO comments (publication_id, parent_id, name, email, content, ip_address, user_agent) VALUES (?, ?, ?, ?, ?, ?, ?)"; return $this->db->execute($sql, [ $data['publication_id'], $data['parent_id'] ?? null, $data['name'], $data['email'] ?? null, $data['content'], $_SERVER['REMOTE_ADDR'] ?? null, $_SERVER['HTTP_USER_AGENT'] ?? null ]); } /** * Create an admin reply (bypasses captcha, auto-approved) */ public function createAdminReply($data) { $sql = "INSERT INTO comments (publication_id, parent_id, name, content, status, admin_reply, replied_by) VALUES (?, ?, ?, ?, 'approved', TRUE, ?)"; return $this->db->execute($sql, [ $data['publication_id'], $data['parent_id'], $data['name'] ?? 'Admin', $data['content'], $data['replied_by'] ]); } /** * Get approved comments for a publication */ public function getApprovedByPublication($publicationId) { $sql = "SELECT c.*, u.username as replied_by_username FROM comments c LEFT JOIN users u ON c.replied_by = u.id WHERE c.publication_id = ? AND c.status = 'approved' ORDER BY c.created_at ASC"; return $this->db->fetchAll($sql, [$publicationId]); } /** * Get all comments for admin (including pending) */ public function getAll($status = null, $limit = 50, $offset = 0) { $sql = "SELECT c.*, p.title as publication_title, u.username as replied_by_username FROM comments c LEFT JOIN publications p ON c.publication_id = p.id LEFT JOIN users u ON c.replied_by = u.id"; $params = []; if ($status) { $sql .= " WHERE c.status = ?"; $params[] = $status; } $sql .= " ORDER BY c.created_at DESC LIMIT ? OFFSET ?"; $params[] = $limit; $params[] = $offset; return $this->db->fetchAll($sql, $params); } /** * Get comment by ID */ public function getById($id) { $sql = "SELECT c.*, p.title as publication_title, u.username as replied_by_username FROM comments c LEFT JOIN publications p ON c.publication_id = p.id LEFT JOIN users u ON c.replied_by = u.id WHERE c.id = ?"; return $this->db->fetch($sql, [$id]); } /** * Update comment status (approve/reject) */ public function updateStatus($id, $status) { $sql = "UPDATE comments SET status = ?, updated_at = CURRENT_TIMESTAMP WHERE id = ?"; return $this->db->execute($sql, [$status, $id]); } /** * Delete a comment */ public function delete($id) { $sql = "DELETE FROM comments WHERE id = ?"; return $this->db->execute($sql, [$id]); } /** * Get comment count by status */ public function getCountByStatus($status = null) { if ($status) { $sql = "SELECT COUNT(*) as count FROM comments WHERE status = ?"; $result = $this->db->fetch($sql, [$status]); } else { $sql = "SELECT COUNT(*) as count FROM comments"; $result = $this->db->fetch($sql); } return $result['count']; } /** * Get comment count for a publication */ public function getCountByPublication($publicationId) { $sql = "SELECT COUNT(*) as count FROM comments WHERE publication_id = ? AND status = 'approved'"; $result = $this->db->fetch($sql, [$publicationId]); return $result['count']; } /** * Validate comment data */ public function validate($data, $isAdmin = false) { $errors = []; // Common validations if (empty($data['content'])) { $errors[] = 'Comment content is required'; } elseif (strlen($data['content']) > 2000) { $errors[] = 'Comment content is too long (max 2000 characters)'; } if (empty($data['publication_id'])) { $errors[] = 'Publication ID is required'; } // Public user validations (not for admin) if (!$isAdmin) { if (empty($data['name'])) { $errors[] = 'Name is required'; } elseif (strlen($data['name']) > 100) { $errors[] = 'Name is too long (max 100 characters)'; } if (!empty($data['email']) && !filter_var($data['email'], FILTER_VALIDATE_EMAIL)) { $errors[] = 'Invalid email address'; } } return $errors; } /** * Check if user can reply to comment */ public function canReply($commentId, $userId) { // Admins can reply to any comment if ($userId) { $userSql = "SELECT role FROM users WHERE id = ?"; $user = $this->db->fetch($userSql, [$userId]); if ($user && $user['role'] === 'admin') { return true; } } // Check if this is a reply to own comment (for future enhancement) $commentSql = "SELECT user_id FROM comments WHERE id = ?"; $comment = $this->db->fetch($commentSql, [$commentId]); return false; // Only admins can reply for now } /** * Get recent comments for admin dashboard */ public function getRecent($limit = 10) { $sql = "SELECT c.*, p.title as publication_title FROM comments c LEFT JOIN publications p ON c.publication_id = p.id ORDER BY c.created_at DESC LIMIT ?"; return $this->db->fetchAll($sql, [$limit]); } /** * Get pending comments count */ public function getPendingCount() { return $this->getCountByStatus('pending'); } }