alert('Harap login terlebih dahulu.');window.location='/login';"; exit; } $id_pembeli = $_SESSION['id_pembeli']; $id_order = $_POST['id_order']; $rating = intval($_POST['rating']); $deskripsi = mysqli_real_escape_string($conn, $_POST['deskripsi']); $gambar_nama = null; // Proses upload gambar jika ada if (isset($_FILES['gambar_testimoni']) && $_FILES['gambar_testimoni']['error'] === 0) { $folder_upload = '../assets/img/testimoni/'; if (!is_dir($folder_upload)) { mkdir($folder_upload, 0777, true); // Buat folder jika belum ada } $nama_file = $_FILES['gambar_testimoni']['name']; $tmp_file = $_FILES['gambar_testimoni']['tmp_name']; $ext = pathinfo($nama_file, PATHINFO_EXTENSION); $gambar_nama = uniqid('testi_') . '.' . strtolower($ext); $path_gambar = $folder_upload . $gambar_nama; $allowed_ext = ['jpg', 'jpeg', 'png', 'webp']; if (!in_array(strtolower($ext), $allowed_ext)) { echo ""; exit; } if (!move_uploaded_file($tmp_file, $path_gambar)) { echo ""; exit; } } // Cek apakah pesanan sudah diberi testimoni $query_check_testimoni = mysqli_query($conn, "SELECT * FROM testimoni WHERE id_order = '$id_order'"); if (mysqli_num_rows($query_check_testimoni) > 0) { echo ""; exit; } // Simpan testimoni $query_insert = "INSERT INTO testimoni (id_pembeli, id_order, rating, deskripsi, gambar) VALUES ('$id_pembeli', '$id_order', '$rating', '$deskripsi', " . ($gambar_nama ? "'$gambar_nama'" : "NULL") . ")"; if (mysqli_query($conn, $query_insert)) { echo ""; } else { echo ""; } ?>