function printError($scriptName, $startTime, $title, $error) { printHTMLheader("RUBBoS ERROR: {$title}"); print "<h2>We cannot process your request due to the following error :</h2><br>\n"; print $error; printHTMLfooter($scriptName, $startTime); }
$userId = 0; $access = 0; if ($nickname != null && $password != null) { $result = mysql_query("SELECT id,access FROM users WHERE nickname=\"{$nickname}\" AND password=\"{$password}\"", $link) or die("ERROR: Authentification query failed"); if (mysql_num_rows($result) != 0) { $row = mysql_fetch_array($result); $userId = $row["id"]; $access = $row["access"]; } mysql_free_result($result); } if ($userId == 0 || $access == 0) { printHTMLheader("RUBBoS: Moderation"); print "<p><center><h2>Sorry, but this feature is only accessible by users with an author access.</h2></center><p>\n"; } else { printHTMLheader("RUBBoS: Comment moderation result"); print "<center><h2>Comment moderation result:</h2></center><p>\n"; // mysql_query("LOCK TABLES users WRITE, comments WRITE", $link) or die("ERROR: Failed to acquire locks on users and comments tables."); $result = mysql_query("SELECT writer,rating FROM {$comment_table} WHERE id={$commentId}", $link) or die("ERROR: Query failed"); if (mysql_num_rows($result) == 0) { // mysql_query("UNLOCK TABLES", $link) or die("ERROR: Failed to unlock users and comments tables."); die("<h3>ERROR: Sorry, but this comment does not exist.</h3><br>\n"); } $row = mysql_fetch_array($result); if ($row["rating"] == -1 && $rating == -1 || $row["rating"] == 5 && $rating == 1) { print "Comment rating is already to its maximum, updating only user's rating."; } else { // Update ratings if ($rating != 0) { mysql_query("UPDATE users SET rating=rating+{$rating} WHERE id=" . $row["writer"]) or die("ERROR: Unable to update user's rating\n"); mysql_query("UPDATE {$comment_table} SET rating=rating+{$rating} WHERE id={$commentId}") or die("ERROR: Unable to update comment's rating\n");
} getDatabaseLink($link); $result = mysql_query("SELECT * FROM stories WHERE id={$storyId}") or die("ERROR: Query failed"); if (mysql_num_rows($result) == 0) { $result = mysql_query("SELECT * FROM old_stories WHERE id={$storyId}") or die("ERROR: Query failed"); $comment_table = "old_comments"; } else { $comment_table = "comments"; } if (mysql_num_rows($result) == 0) { die("<h3>ERROR: Sorry, but this story does not exist.</h3><br>\n"); } $row = mysql_fetch_array($result); $username = getUserName($row["writer"], $link); // Display the story printHTMLheader("RUBBoS: Viewing story " . $row["title"]); printHTMLHighlighted($row["title"]); print "Posted by " . $username . " on " . $row["date"] . "<br>\n"; print $row["body"] . "<br>\n"; print "<p><center><a href=\"PostComment.php?comment_table={$comment_table}&storyId={$storyId}&parent=0\">Post a comment on this story</a></center><p>"; // Display filter chooser header print "<br><hr><br>"; print "<center><form action=\"ViewComment.php\" method=POST>\n" . "<input type=hidden name=commentId value=0>\n" . "<input type=hidden name=storyId value={$storyId}>\n" . "<input type=hidden name=comment_table value={$comment_table}>\n" . "<B>Filter :</B>  <SELECT name=filter>\n"; $count_result = mysql_query("SELECT rating, COUNT(rating) AS count FROM {$comment_table} WHERE story_id={$storyId} GROUP BY rating ORDER BY rating", $link) or die("ERROR: Query failed"); $i = -1; while ($count_row = mysql_fetch_array($count_result)) { while ($i < 6 && $count_row["rating"] != $i) { if ($i == $filter) { print "<OPTION selected value=\"{$i}\">{$i}: 0 comment</OPTION>\n"; } else { print "<OPTION value=\"{$i}\">{$i}: 0 comment</OPTION>\n";
if (mysql_num_rows($result) == 0) { printError($scriptName, $startTime, "BuyNow", "<h3>ERROR: Sorry, but this item does not exist.</h3><br>"); commit($link); exit; } $row = mysql_fetch_array($result); $sellerNameResult = mysql_query("SELECT nickname FROM users WHERE id={$userId}", $link); if (!$sellerNameResult) { error_log("[" . __FILE__ . "] Query 'SELECT nickname FROM users WHERE id={$userId}' failed: " . mysql_error($link)); die("ERROR: Seller '{$userId}' name query failed: " . mysql_error($link)); } $sellerNameRow = mysql_fetch_array($sellerNameResult); $sellerName = $sellerNameRow["nickname"]; mysql_free_result($sellerNameResult); commit($link); printHTMLheader("RUBiS: Buy Now"); printHTMLHighlighted("You are ready to buy this item: " . $row["name"]); print "<TABLE>\n"; print "<TR><TD>Quantity<TD><b><BIG>" . $row["quantity"] . "</BIG></b>\n"; print "<TR><TD>Seller<TD><a href=\"ViewUserInfo.php?userId=" . $row["seller"] . "\">{$sellerName}</a> (<a href=\"PutCommentAuth.php?to=" . $row["seller"] . "&itemId=" . $row["id"] . "\">Leave a comment on this user</a>)\n"; print "<TR><TD>Started<TD>" . $row["start_date"] . "\n"; print "<TR><TD>Ends<TD>" . $row["end_date"] . "\n"; print "</TABLE>\n"; printHTMLHighlighted("Item description"); print $row["description"]; print "<br><p>\n"; printHTMLHighlighted("Buy Now"); print "<form action=\"StoreBuyNow.php\" method=POST>\n" . "<input type=hidden name=userId value={$userId}>\n" . "<input type=hidden name=itemId value=" . $row["id"] . ">\n" . "<input type=hidden name=maxQty value=" . $row["quantity"] . ">\n"; if ($row["quantity"] > 1) { print "<center><table><tr><td>Quantity:</td><td><input type=text size=5 name=qty></td></tr></table></center>\n"; } else {
$itemNameResult = mysql_query("SELECT name FROM old_items WHERE old_items.id={$itemId}", $link) or die("ERROR: Query failed"); } if (mysql_num_rows($itemNameResult) == 0) { commit($link); die("<h3>ERROR: Sorry, but this item does not exist.</h3><br>\n"); } $itemNameRow = mysql_fetch_array($itemNameResult); $itemName = $itemNameRow["name"]; // Get the list of bids for this item $bidsListResult = mysql_query("SELECT * FROM bids WHERE item_id={$itemId} ORDER BY date DESC", $link) or die("ERROR: Bids list query failed"); if (mysql_num_rows($bidsListResult) == 0) { print "<h2>There is no bid for {$itemName}. </h2><br>"; } else { print "<h2><center>Bid history for {$itemName}</center></h2><br>"; } printHTMLheader("RUBiS: Bid history for {$itemName}."); print "<TABLE border=\"1\" summary=\"List of bids\">\n" . "<THEAD>\n" . "<TR><TH>User ID<TH>Bid amount<TH>Date of bid\n" . "<TBODY>\n"; while ($bidsListRow = mysql_fetch_array($bidsListResult)) { $bidAmount = $bidsListRow["bid"]; $bidDate = $bidsListRow["date"]; $userId = $bidsListRow["user_id"]; // Get the bidder nickname if ($userId != 0) { $userNameResult = mysql_query("SELECT nickname FROM users WHERE id={$userId}", $link) or die("ERROR: User nickname query failed"); $userNameRow = mysql_fetch_array($userNameResult); $nickname = $userNameRow["nickname"]; mysql_free_result($userNameResult); } else { print "Cannot lookup the user!<br>"; printHTMLfooter($scriptName, $startTime); exit;
} if ($maxBid < $minBid) { printError("<h3>Your maximum bid of \${$maxBid} is not acceptable because it is below the \${$minBid} minimum bid !<br></h3>"); return; } if ($maxBid < $bid) { printError("<h3>Your maximum bid of \${$maxBid} is not acceptable because it is below your current bid of \${$bid} !<br></h3>"); return; } getDatabaseLink($link); begin($link); // Add bid to database and update values in item $now = date("Y:m:d H:i:s"); mysql_query("LOCK TABLES bids WRITE, items WRITE", $link) or die("ERROR: Failed to acquire locks on items and bids tables."); $result = mysql_query("SELECT max_bid FROM items WHERE id={$itemId}", $link) or die("ERROR: Failed to update number of bids in database. DEADLOCK!!"); $row = mysql_fetch_array($result); if ($maxBid > $row["max_bid"]) { mysql_query("UPDATE items SET max_bid={$maxBid} WHERE id={$itemId}", $link) or die("ERROR: Failed to update maximum bid in database. DEADLOCK!!"); } mysql_query("INSERT INTO bids VALUES (NULL, {$userId}, {$itemId}, {$qty}, {$bid}, {$maxBid}, '{$now}')", $link) or die("ERROR: Failed to insert new bid in database. DEADLOCK!!"); mysql_query("UPDATE items SET nb_of_bids=nb_of_bids+1 WHERE id={$itemId}", $link) or die("ERROR: Failed to update number of bids in database. DEADLOCK!!"); mysql_query("UNLOCK TABLES", $link) or die("ERROR: Failed to unlock items and bids tables."); commit($link); printHTMLheader("RUBiS: Bidding result"); print "<center><h2>Your bid has been successfully processed.</h2></center>\n"; mysql_close($link); printHTMLfooter($scriptName, $startTime); ?> </body> </html>
exit; } $userRow = mysql_fetch_array($toRes); $rating = $rating + $userRow["rating"]; $result = mysql_query("UPDATE users SET rating={$rating} WHERE id={$to}"); if (!$result) { error_log("[" . __FILE__ . "] Unable to update user's rating 'UPDATE users SET rating={$rating} WHERE id={$to}': " . mysql_error($link)); die("ERROR: Unable to update user's rating for user '{$to}': " . mysql_error($link)); } // Add bid to database $now = date("Y:m:d H:i:s"); $result = mysql_query("INSERT INTO comments VALUES (NULL, {$from}, {$to}, {$itemId}, {$rating}, '{$now}', \"{$comment}\")", $link); if (!$result) { error_log("[" . __FILE__ . "] Failed to insert new comment in database 'INSERT INTO comments VALUES (NULL, {$from}, {$to}, {$itemId}, {$rating}, '{$now}', \"{$comment}\")': " . mysql_error($link)); die("ERROR: Failed to insert new comment in database: " . mysql_error($link)); } // $result = mysql_query("UNLOCK TABLES", $link); // if (!$result) // { // error_log("[".__FILE__."] Failed to unlock users and comments tables: " . mysql_error($link)); // die("ERROR: Failed to unlock users and comments tables: " . mysql_error($link)); // } commit($link); printHTMLheader("RUBiS: Comment posting"); print "<center><h2>Your comment has been successfully posted.</h2></center>\n"; mysql_close($link); printHTMLfooter($scriptName, $startTime); ?> </body> </html>
// Authenticate the user $userId = authenticate($nickname, $password, $link); if ($userId == -1) { rollback($link); die("<h2>ERROR: You don't have an account on RUBis! You have to register first.</h2><br>"); } $userResult = mysql_query("SELECT * FROM users WHERE users.id={$userId}", $link); if (!$userResult) { error_log("[" . __FILE__ . "] Query 'SELECT * FROM users WHERE users.id={$userId}' failed: " . mysql_error($link)); die("ERROR: Query failed: " . mysql_error($link)); } if (mysql_num_rows($userResult) == 0) { rollback($link); die("<h3>ERROR: Sorry, but this user '{$userId}' does not exist.</h3><br>\n"); } printHTMLheader("RUBiS: About me"); // Get general information about the user $userRow = mysql_fetch_array($userResult); $firstname = $userRow["firstname"]; $lastname = $userRow["lastname"]; $nickname = $userRow["nickname"]; $email = $userRow["email"]; $creationDate = $userRow["creation_date"]; $rating = $userRow["rating"]; printHTMLHighlighted("<h2>Information about " . $nickname . "<br></h2>"); print "Real life name : " . $firstname . " " . $lastname . "<br>"; print "Email address : " . $email . "<br>"; print "User since : " . $creationDate . "<br>"; print "Current rating : <b>" . $rating . "</b><br><p>"; // Get the items the user has bid on $bidsResult = mysql_query("SELECT item_id, bids.max_bid FROM bids, items WHERE bids.user_id={$userId} AND bids.item_id=items.id AND items.end_date>=NOW() GROUP BY item_id", $link);
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <body> <?php $scriptName = "ReviewStories.php"; include "PHPprinter.php"; $startTime = getMicroTime(); getDatabaseLink($link); printHTMLheader("RUBBoS: Review Stories"); $now = date("Y:m:d H:i:s"); $result = mysql_query("SELECT * FROM submissions ORDER BY date DESC LIMIT 10", $link) or die("ERROR: Query failed"); if (mysql_num_rows($result) == 0) { print "<h2>Sorry, but there is no submitted story available at this time.</h2><br>\n"; } while ($row = mysql_fetch_array($result)) { print "<br><hr>\n"; printHTMLHighlighted($row["title"]); $username = getUserName($row["writer"], $link); print "<B>Posted by " . $username . " on " . $row["date"] . "</B><br>\n"; print $row["body"]; print "<br><p><center><B>[ <a href=\"/PHP/AcceptStory.php?storyId=" . $row["id"] . "\">Accept</a> | <a href=\"/PHP/RejectStory.php?storyId=" . $row["id"] . "\">Reject</a> ]</B><p>\n"; } mysql_free_result($result); mysql_close($link); printHTMLfooter($scriptName, $startTime); ?> </body> </html>
mysql_free_result($nicknameResult); // Add user to database $now = date("Y:m:d H:i:s"); $result = mysql_query("INSERT INTO users VALUES (NULL, \"{$firstname}\", \"{$lastname}\", \"{$nickname}\", \"{$password}\", \"{$email}\", 0, 0, '{$now}', {$regionId})", $link); if (!$result) { error_log("[" . __FILE__ . "] Failed to insert new user in database INSERT INTO users VALUES (NULL, \"{$firstname}\", \"{$lastname}\", \"{$nickname}\", \"{$password}\", \"{$email}\", 0, 0, '{$now}', {$regionId})': " . mysql_error($link)); die("ERROR: Failed to insert new user '{$nickname}' in database: " . mysql_error($link)); } $result = mysql_query("SELECT * FROM users WHERE nickname=\"{$nickname}\"", $link); if (!$result) { error_log("[" . __FILE__ . "] Query 'SELECT * FROM users WHERE nickname=\"{$nickname}\"' failed: " . mysql_error($link)); die("ERROR: Query user failed: " . mysql_error($link)); } $row = mysql_fetch_array($result); commit($link); printHTMLheader("RUBiS: Welcome to {$nickname}"); print "<h2>Your registration has been processed successfully</h2><br>\n"; print "<h3>Welcome {$nickname}</h3>\n"; print "RUBiS has stored the following information about you:<br>\n"; print "First Name : " . $row["firstname"] . "<br>\n"; print "Last Name : " . $row["lastname"] . "<br>\n"; print "Nick Name : " . $row["nickname"] . "<br>\n"; print "Email : " . $row["email"] . "<br>\n"; print "Password : "******"password"] . "<br>\n"; print "Region : {$region}<br>\n"; print "<br>The following information has been automatically generated by RUBiS:<br>\n"; print "User id :" . $row["id"] . "<br>\n"; print "Creation date :" . $row["creation_date"] . "<br>\n"; print "Rating :" . $row["rating"] . "<br>\n"; print "Balance :" . $row["balance"] . "<br>\n"; mysql_free_result($result);
} $page = $HTTP_POST_VARS['page']; if ($page == null) { $page = $HTTP_GET_VARS['page']; if ($page == null) { $page = 0; } } $nbOfStories = $HTTP_POST_VARS['nbOfStories']; if ($nbOfStories == null) { $nbOfStories = $HTTP_GET_VARS['nbOfStories']; if ($nbOfStories == null) { $nbOfStories = 25; } } printHTMLheader("RUBBoS Older Stories"); // Display the date chooser print "<form action=\"/PHP/OlderStories.php\" method=POST>\n"; print "<center><B>Date (day/month/year):</B><SELECT name=day>\n"; for ($i = 1; $i < 32; $i++) { print "<OPTION value=\"{$i}\">{$i}</OPTION>\n"; } print "</SELECT> / <SELECT name=month>\n"; for ($i = 1; $i < 13; $i++) { print "<OPTION value=\"{$i}\">{$i}</OPTION>\n"; } print "</SELECT> / <SELECT name=year>\n"; for ($i = 2001; $i < 2013; $i++) { print "<OPTION value=\"{$i}\">{$i}</OPTION>\n"; } print "</SELECT><p><input type=submit value=\"Retrieve stories from this date!\"><p>\n";
error_log("[" . __FILE__ . "] Query 'SELECT * FROM items WHERE items.id={$itemId}' failed: " . mysql_error($link)); die("ERROR: Item query failed for item '{$itemId}': " . mysql_error($link)); } if (mysql_num_rows($result) == 0) { printError($scriptName, $startTime, "PutComment", "<h3>Sorry, but this item does not exist.</h3><br>"); commit($link); exit; } $toRes = mysql_query("SELECT * FROM users WHERE id=\"{$to}\""); if (!$toRes) { error_log("[" . __FILE__ . "] Query 'SELECT * FROM users WHERE id=\"{$to}\"' failed: " . mysql_error($link)); die("ERROR: User query failed for user '{$to}': " . mysql_error($link)); } if (mysql_num_rows($toRes) == 0) { printError($scriptName, $startTime, "PutComment", "<h3>Sorry, but this user does not exist.</h3><br>"); commit($link); exit; } $row = mysql_fetch_array($result); $userRow = mysql_fetch_array($toRes); printHTMLheader("RUBiS: Comment service"); print "<center><h2>Give feedback about your experience with " . $row["name"] . "</h2><br>\n"; print "<form action=\"/PHP/StoreComment.php\" method=POST>\n" . "<input type=hidden name=to value={$to}>\n" . "<input type=hidden name=from value={$userId}>\n" . "<input type=hidden name=itemId value={$itemId}>\n" . "<center><table>\n" . "<tr><td><b>From</b><td>{$nickname}\n" . "<tr><td><b>To</b><td>" . $userRow["nickname"] . "\n" . "<tr><td><b>About item</b><td>" . $row["name"] . "\n" . "<tr><td><b>Rating</b>\n" . "<td><SELECT name=rating>\n" . "<OPTION value=\"5\">Excellent</OPTION>\n" . "<OPTION value=\"3\">Average</OPTION>\n" . "<OPTION selected value=\"0\">Neutral</OPTION>\n" . "<OPTION value=\"-3\">Below average</OPTION>\n" . "<OPTION value=\"-5\">Bad</OPTION>\n" . "</SELECT></table><p><br>\n" . "<TEXTAREA rows=\"20\" cols=\"80\" name=\"comment\">Write your comment here</TEXTAREA><br><p>\n" . "<input type=submit value=\"Post this comment now!\"></center><p>\n"; mysql_free_result($result); commit($link); mysql_close($link); printHTMLfooter($scriptName, $startTime); ?> </body> </html>
<body> <?php $scriptName = "PutCommentAuth.php"; include "PHPprinter.php"; $startTime = getMicroTime(); $itemId = $HTTP_POST_VARS['itemId']; if ($itemId == null) { $itemId = $HTTP_GET_VARS['itemId']; if ($itemId == null) { printError($scriptName, $startTime, "Authentification for comment", "You must provide an item identifier!<br>"); exit; } } $to = $HTTP_POST_VARS['to']; if ($to == null) { $to = $HTTP_GET_VARS['to']; if ($to == null) { printError($scriptName, $startTime, "Authentification for comment", "You must provide a user identifier!<br>"); exit; } } printHTMLheader("RUBiS: User authentification for comment"); include "put_comment_auth_header.html"; print "<input type=hidden name=\"to\" value=\"{$to}\">"; print "<input type=hidden name=\"itemId\" value=\"{$itemId}\">"; include "auth_footer.html"; printHTMLfooter($scriptName, $startTime); ?> </body> </html>
$maxBid = $xRow["bid"]; break; } } } $firstBid = $maxBid; $nbOfBidsResult = mysql_query("SELECT COUNT(*) AS bid FROM bids WHERE item_id=" . $row["id"], $link); if (!$nbOfBidsResult) { error_log("[" . __FILE__ . "] Query 'SELECT COUNT(*) AS bid FROM bids WHERE item_id=" . $row["id"] . "' failed: " . mysql_error($link)); die("ERROR: Nb of bids query failed: " . mysql_error($link)); } $nbOfBidsRow = mysql_fetch_array($nbOfBidsResult); $nbOfBids = $nbOfBidsRow["bid"]; mysql_free_result($nbOfBidsResult); } printHTMLheader("RUBiS: Viewing " . $row["name"]); printHTMLHighlighted($row["name"]); print "<TABLE>\n" . "<TR><TD>Currently<TD><b><BIG>{$maxBid}</BIG></b>\n"; // Check if the reservePrice has been met (if any) $reservePrice = $row["reserve_price"]; if ($reservePrice > 0) { if ($maxBid >= $reservePrice) { print "(The reserve price has been met)\n"; } else { print "(The reserve price has NOT been met)\n"; } } $sellerNameResult = mysql_query("SELECT users.nickname FROM users WHERE id=" . $row["seller"], $link); if (!$sellerNameResult) { error_log("[" . __FILE__ . "] Query 'SELECT users.nickname FROM users WHERE id=" . $row["seller"] . "' failed: " . mysql_error($link)); die("ERROR: Seller name query failed for user '" . $row["seller"] . "': " . mysql_error($link));
if ($password == null) { printError($scriptName, $startTime, "Author", "You must provide a password!<br>"); exit; } } getDatabaseLink($link); // Authenticate the user $userId = 0; $access = 0; if ($nickname != null && $password != null) { $result = mysql_query("SELECT id,access FROM users WHERE nickname=\"{$nickname}\" AND password=\"{$password}\"", $link) or die("ERROR: Authentification query failed"); if (mysql_num_rows($result) != 0) { $row = mysql_fetch_array($result); $userId = $row["id"]; $access = $row["access"]; } mysql_free_result($result); } if ($userId == 0 || $access == 0) { printHTMLheader("RUBBoS: Author page"); print "<p><center><h2>Sorry, but this feature is only accessible by users with an author access.</h2></center><p>\n"; } else { printHTMLheader("RUBBoS: Author page"); print "<p><center><h2>Which administrative task do you want to do ?</h2></center>\n" . "<p><p><a href=\"ReviewStories.php?authorId={$userId}\">Review submitted stories</a><br>\n"; } mysql_close($link); printHTMLfooter($scriptName, $startTime); ?> </body> </html>
$page = $_GET['page']; } else { $page = 0; } } $nbOfItems = NULL; if (isset($_POST['nbOfItems'])) { $nbOfItems = $_POST['nbOfItems']; } else { if (isset($_GET['nbOfItems'])) { $nbOfItems = $_GET['nbOfItems']; } else { $nbOfItems = 25; } } printHTMLheader("RUBiS: Items in category {$categoryName}"); print "<h2>Items in category {$categoryName}</h2><br><br>"; getDatabaseLink($link); begin($link); $result = mysql_query("SELECT items.id,items.name,items.initial_price,items.max_bid,items.nb_of_bids,items.end_date FROM items WHERE category={$categoryId} AND end_date>=NOW() LIMIT " . $page * $nbOfItems . ",{$nbOfItems}", $link); if (!$result) { error_log("[" . __FILE__ . "] Query 'SELECT items.id,items.name,items.initial_price,items.max_bid,items.nb_of_bids,items.end_date FROM items WHERE category={$categoryId} AND end_date>=NOW() LIMIT " . $page * $nbOfItems . ",{$nbOfItems}' failed: " . mysql_error($link)); die("ERROR: Query failed for category '{$categoryId}', page '{$page}' and nbOfItems '{$nbOfItems}': " . mysql_error($link)); } if (mysql_num_rows($result) == 0) { if ($page == 0) { print "<h2>Sorry, but there are no items available in this category !</h2>"; } else { print "<h2>Sorry, but there are no more items available in this category !</h2>"; print "<p><CENTER>\n<a href=\"SearchItemsByCategory.php?category={$categoryId}" . "&categoryName=" . urlencode($categoryName) . "&page=" . ($page - 1) . "&nbOfItems={$nbOfItems}\">Previous page</a>\n</CENTER>\n"; }
} $password = $HTTP_POST_VARS['password']; if ($password == null) { $password = $HTTP_GET_VARS['password']; } getDatabaseLink($link); $userId = -1; if ($username != null && $username != "" || $password != null && $password != "") { // Authenticate the user $userId = authenticate($username, $password, $link); if ($userId == -1) { printError($scriptName, $startTime, "Authentication", "You don't have an account on RUBiS!<br>You have to register first.<br>\n"); exit; } } printHTMLheader("RUBiS available categories"); begin($link); $result = mysql_query("SELECT * FROM categories", $link) or die("ERROR: Query failed"); commit($link); if (mysql_num_rows($result) == 0) { print "<h2>Sorry, but there is no category available at this time. Database table is empty</h2><br>\n"; } else { print "<h2>Currently available categories</h2><br>\n"; } while ($row = mysql_fetch_array($result)) { if ($region != NULL) { print "<a href=\"/PHP/SearchItemsByRegion.php?category=" . $row["id"] . "&categoryName=" . urlencode($row["name"]) . "®ion={$region}\">" . $row["name"] . "</a><br>\n"; } else { if ($userId != -1) { print "<a href=\"/PHP/SellItemForm.php?category=" . $row["id"] . "&user={$userId}\">" . $row["name"] . "</a><br>\n"; } else {
$result = mysql_query("SELECT * FROM items WHERE items.id={$itemId}") or die("ERROR: Query failed"); if (mysql_num_rows($result) == 0) { printError($scriptName, $startTime, "BuyNow", "<h3>Sorry, but this item does not exist.</h3><br>"); commit($link); exit; } $row = mysql_fetch_array($result); $newQty = $row["quantity"] - $qty; if ($newQty == 0) { mysql_query("UPDATE items SET end_date=NOW(),quantity={$newQty} WHERE id={$itemId}") or die("ERROR: Failed to update item"); } else { mysql_query("UPDATE items SET quantity={$newQty} WHERE id={$itemId}") or die("ERROR: Failed to update item"); } // Add BuyNow to database $now = date("Y:m:d H:i:s"); mysql_query("INSERT INTO buy_now VALUES (NULL, {$userId}, {$itemId}, {$qty}, '{$now}')", $link) or die("ERROR: Failed to insert new BuyNow in database."); mysql_query("UNLOCK TABLES", $link) or die("ERROR: Failed to unlock items and buy_now tables."); printHTMLheader("RUBiS: BuyNow result"); if ($qty == 1) { print "<center><h2>Your have successfully bought this item.</h2></center>\n"; } else { print "<center><h2>Your have successfully bought these items.</h2></center>\n"; } commit($link); mysql_free_result($result); mysql_close($link); printHTMLfooter($scriptName, $startTime); ?> </body> </html>
$maxBid = $xRow["bid"]; break; } } } $firstBid = $maxBid; $nbOfBidsResult = mysql_query("SELECT COUNT(*) AS bid FROM bids WHERE item_id=" . $row["id"], $link); if (!$nbOfBidsResult) { error_log("[" . __FILE__ . "] Query failed 'SELECT COUNT(*) AS bid FROM bids WHERE item_id=" . $row["id"] . "': " . mysql_error($link)); die("ERROR: Nb of bids query failed for item '" . $row["id"] . "': " . mysql_error($link)); } $nbOfBidsRow = mysql_fetch_array($nbOfBidsResult); $nbOfBids = $nbOfBidsRow["bid"]; mysql_free_result($nbOfBidsResult); } printHTMLheader("RUBiS: Bidding"); printHTMLHighlighted("You are ready to bid on: " . $row["name"]); print "<TABLE>\n" . "<TR><TD>Currently<TD><b><BIG>{$maxBid}</BIG></b>\n"; // Check if the reservePrice has been met (if any) $reservePrice = $row["reserve_price"]; if ($reservePrice > 0) { if ($maxBid >= $reservePrice) { print "(The reserve price has been met)\n"; } else { print "(The reserve price has NOT been met)\n"; } } $sellerNameResult = mysql_query("SELECT users.nickname FROM users WHERE id=" . $row["seller"], $link); if (!$sellerNameResult) { error_log("[" . __FILE__ . "] Query failed 'SELECT users.nickname FROM users WHERE id=" . $row["seller"] . "': " . mysql_error($link)); die("ERROR: Seller name query failed for seller '" . $row["seller"] . "': " . mysql_error($link));
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <body> <?php $scriptName = "StoriesOfTheDay.php"; include "PHPprinter.php"; $startTime = getMicroTime(); getDatabaseLink($link); printHTMLheader("RUBBoS stories of the day"); $bodySizeLimit = 512; $now = date("Y:m:d H:i:s"); $result = mysql_query("SELECT * FROM stories ORDER BY date DESC LIMIT 10", $link) or die("ERROR: Query failed"); if (mysql_num_rows($result) == 0) { print "<h2>Sorry, but there is no story available at this time.</h2><br>\n"; } while ($row = mysql_fetch_array($result)) { print "<br><hr>\n"; printHTMLHighlighted("<a href=\"/PHP/ViewStory.php?storyId=" . $row["id"] . "\">" . $row["title"] . "</a>"); $username = getUserName($row["writer"], $link); print "<B>Posted by " . $username . " on " . $row["date"] . "</B><br>\n"; if (strlen($row["body"]) > $bodySizeLimit) { print substr($row["body"], 1, $bodySizeLimit); print "<br><B>...</B>"; } else { print $row["body"]; } print "<br>\n"; } mysql_free_result($result); mysql_close($link); printHTMLfooter($scriptName, $startTime);
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <body> <?php $scriptName = "RejectStory.php"; include "PHPprinter.php"; $startTime = getMicroTime(); $storyId = $HTTP_POST_VARS['storyId']; if ($storyId == null) { $storyId = $HTTP_GET_VARS['storyId']; if ($storyId == null) { printError($scriptName, $startTime, "RejectStory", "<h3>You must provide a story identifier !<br></h3>"); exit; } } getDatabaseLink($link); printHTMLheader("RUBBoS: Story submission result"); print "<center><h2>Story submission result:</h2></center><p>\n"; $result = mysql_query("SELECT id FROM submissions WHERE id={$storyId}") or die("ERROR: Query failed"); if (mysql_num_rows($result) == 0) { die("<h3>ERROR: Sorry, but this story does not exist.</h3><br>\n"); } // Delete entry from database mysql_query("DELETE FROM submissions WHERE id={$storyId}", $link); print "The story has been successfully removed from the submissions database table<br>\n"; mysql_close($link); printHTMLfooter($scriptName, $startTime); ?> </body> </html>
} $page = $HTTP_POST_VARS['page']; if ($page == null) { $page = $HTTP_GET_VARS['page']; if ($page == null) { $page = 0; } } $nbOfStories = $HTTP_POST_VARS['nbOfStories']; if ($nbOfStories == null) { $nbOfStories = $HTTP_GET_VARS['nbOfStories']; if ($nbOfStories == null) { $nbOfStories = 25; } } printHTMLheader("RUBBoS Browse Stories By Category"); print "<br><h2>Stories in category {$categoryName}</h2><br>"; getDatabaseLink($link); $result = mysql_query("SELECT * FROM stories WHERE category={$categoryId} ORDER BY date DESC LIMIT " . $page * $nbOfStories . ",{$nbOfStories}", $link) or die("ERROR: Query failed"); if (mysql_num_rows($result) == 0) { if ($page == 0) { print "<h2>Sorry, but there is no story available in this category !</h2>"; } else { print "<h2>Sorry, but there are no more stories available at this time.</h2><br>\n"; print "<p><CENTER>\n<a href=\"BrowseStoriesByCategory.php?category={$categoryId}" . "&categoryName=" . urlencode($categoryName) . "&page=" . ($page - 1) . "&nbOfStories={$nbOfStories}\">Previous page</a>\n</CENTER>\n"; } mysql_free_result($result); mysql_close($link); printHTMLfooter($scriptName, $startTime); exit; }
$comment_table = $HTTP_GET_VARS['comment_table']; if ($comment_table == null) { printError($scriptName, $startTime, "Moderating comment", "You must provide a comment table!<br>"); exit; } } $commentId = $HTTP_POST_VARS['commentId']; if ($commentId == null) { $commentId = $HTTP_GET_VARS['commentId']; if ($commentId == null) { printError($scriptName, $startTime, "Moderating comment", "You must provide a comment identifier!<br>"); exit; } } getDatabaseLink($link); printHTMLheader("RUBBoS: Comment moderation"); $result = mysql_query("SELECT * FROM {$comment_table} WHERE id={$commentId}", $link) or die("ERROR: Query failed"); if (mysql_num_rows($result) == 0) { die("<h3>ERROR: Sorry, but this comment does not exist.</h3><br>\n"); } $row = mysql_fetch_array($result); print "<p><br><center><h2>Moderate a comment !</h2></center><br>\n<br><hr><br>"; $username = getUserName($row["writer"], $link); print "<TABLE width=\"100%\" bgcolor=\"#CCCCFF\"><TR><TD><FONT size=\"4\" color=\"#000000\"><center><B><a href=\"ViewComment.php?comment_table={$comment_table}&storyId=" . $row["storyId"] . "&commentId=" . $row["id"] . "\">" . $row["subject"] . "</a></B> </FONT> (Score:" . $row["rating"] . ")</center></TABLE>\n"; print "<TABLE><TR><TD><B>Posted by " . $username . " on " . $row["date"] . "</B><p>\n"; print "<TR><TD>" . $row["comment"] . "</TABLE><p><hr><p>\n" . "<form action=\"StoreModeratorLog.php\" method=POST>\n" . "<input type=hidden name=commentId value={$commentId}>\n" . "<input type=hidden name=comment_table value={$comment_table}>\n" . "<center><table>\n" . "<tr><td><b>Nickname</b><td><input type=text size=20 name=nickname>\n" . "<tr><td><b>Password</b><td><input type=text size=20 name=password>\n" . "<tr><td><b>Rating</b><td><SELECT name=rating>\n" . "<OPTION value=\"-1\">-1: Offtopic</OPTION>\n" . "<OPTION selected value=\"0\">0: Not rated</OPTION>\n" . "<OPTION value=\"1\">1: Interesting</OPTION>\n" . "</SELECT></table><p><br>\n" . "<input type=submit value=\"Moderate this comment now!\"></center><p>\n"; printHTMLfooter($scriptName, $startTime); ?> </body> </html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <body> <?php $scriptName = "BrowseRegions.php"; include "PHPprinter.php"; $startTime = getMicroTime(); printHTMLheader("RUBiS available regions"); getDatabaseLink($link); begin($link); $result = mysql_query("SELECT * FROM regions", $link) or die("ERROR: Query failed"); commit($link); if (mysql_num_rows($result) == 0) { print "<h2>Sorry, but there is no region available at this time. Database table is empty</h2><br>"; } else { print "<h2>Currently available regions</h2><br>"; } while ($row = mysql_fetch_array($result)) { print "<a href=\"/PHP/BrowseCategories.php?region=" . $row["id"] . "\">" . $row["name"] . "</a><br>\n"; } mysql_free_result($result); mysql_close($link); printHTMLfooter($scriptName, $startTime); ?> </body> </html>
$body = $HTTP_GET_VARS['body']; if ($body == null) { printError($scriptName, $startTime, "StoreComment", "<h3>You must provide a comment body!<br></h3>"); exit; } } $comment_table = $HTTP_POST_VARS['comment_table']; if ($comment_table == null) { $comment_table = $HTTP_GET_VARS['comment_table']; if ($comment_table == null) { printError($scriptName, $startTime, "Viewing comment", "You must provide a comment table!<br>"); exit; } } getDatabaseLink($link); printHTMLheader("RUBBoS: Comment submission result"); print "<center><h2>Comment submission result:</h2></center><p>\n"; // Authenticate the user $userId = authenticate($nickname, $password, $link); if ($userId == 0) { print "Comment posted by the 'Anonymous Coward'<br>\n"; } else { print "Comment posted by user #{$userId}<br>\n"; } // Add comment to database $now = date("Y:m:d H:i:s"); $result = mysql_query("INSERT INTO {$comment_table} VALUES (NULL, {$userId}, {$storyId}, {$parent}, 0, 0, '{$now}', \"{$subject}\", \"{$body}\")", $link) or die("ERROR: Failed to insert new comment in database."); $result = mysql_query("UPDATE {$comment_table} SET childs=childs+1 WHERE id={$parent}", $link) or die("ERROR: Failed to update parent childs in database."); print "Your comment has been successfully stored in the {$table} database table<br>\n"; mysql_close($link); printHTMLfooter($scriptName, $startTime);
} else { $description = "No description"; } } getDatabaseLink($link); begin($link); // Add item to database $start = date("Y:m:d H:i:s"); $end = date("Y:m:d H:i:s", mktime(date("H"), date("i"), date("s"), date("m"), date("d") + $duration, date("Y"))); $result = mysql_query("INSERT INTO items VALUES (NULL, \"{$name}\", \"{$description}\", {$initialPrice}, {$qty}, {$reservePrice}, {$buyNow}, 0, 0, '{$start}', '{$end}', {$userId}, {$categoryId})", $link); if (!$result) { error_log("[" . __FILE__ . "] Failed to insert new item in database. MySQL reports '" . mysql_error($link) . "' while querying 'INSERT INTO items VALUES (NULL, \"{$name}\", \"{$description}\", {$initialPrice}, {$qty}, {$reservePrice}, {$buyNow}, '{$start}', '{$end}', {$userId}, {$categoryId})': "); die("ERROR: Failed to insert new item in database. MySQL reports '" . mysql_error($link) . "' while querying 'INSERT INTO items VALUES (NULL, \"{$name}\", \"{$description}\", {$initialPrice}, {$qty}, {$reservePrice}, {$buyNow}, '{$start}', '{$end}', {$userId}, {$categoryId})'"); } commit($link); printHTMLheader("RUBiS: Selling {$name}"); print "<center><h2>Your Item has been successfully registered.</h2></center><br>\n"; print "<b>RUBiS has stored the following information about your item:</b><br><p>\n"; print "<TABLE>\n"; print "<TR><TD>Name<TD>{$name}\n"; print "<TR><TD>Description<TD>{$description}\n"; print "<TR><TD>Initial price<TD>{$initialPrice}\n"; print "<TR><TD>ReservePrice<TD>{$reservePrice}\n"; print "<TR><TD>Buy Now<TD>{$buyNow}\n"; print "<TR><TD>Quantity<TD>{$qty}\n"; print "<TR><TD>Duration<TD>{$duration}\n"; print "</TABLE>\n"; print "<br><b>The following information has been automatically generated by RUBiS:</b><br>\n"; print "<TABLE>\n"; print "<TR><TD>User id<TD>{$userId}\n"; print "<TR><TD>Category id<TD>{$categoryId}\n";
$userId = $HTTP_POST_VARS['userId']; if ($userId == null) { $userId = $HTTP_GET_VARS['userId']; if ($userId == null) { printError($scriptName, $startTime, "Viewing user information", "You must provide an item identifier!<br>"); exit; } } getDatabaseLink($link); begin($link); $userResult = mysql_query("SELECT * FROM users WHERE users.id={$userId}", $link) or die("ERROR: Query failed"); if (mysql_num_rows($userResult) == 0) { commit($link); die("<h3>ERROR: Sorry, but this user does not exist.</h3><br>\n"); } printHTMLheader("RUBiS: View user information"); // Get general information about the user $userRow = mysql_fetch_array($userResult); $firstname = $userRow["firstname"]; $lastname = $userRow["lastname"]; $nickname = $userRow["nickname"]; $email = $userRow["email"]; $creationDate = $userRow["creation_date"]; $rating = $userRow["rating"]; print "<h2>Information about " . $nickname . "<br></h2>"; print "Real life name : " . $firstname . " " . $lastname . "<br>"; print "Email address : " . $email . "<br>"; print "User since : " . $creationDate . "<br>"; print "Current rating : <b>" . $rating . "</b><br>"; // Get the comments about the user $commentsResult = mysql_query("SELECT * FROM comments WHERE comments.to_user_id={$userId}", $link) or die("ERROR: Query failed for the list of comments.");
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <body> <?php $scriptName = "BuyNowAuth.php"; include "PHPprinter.php"; $startTime = getMicroTime(); $itemId = NULL; if (isset($_POST['itemId'])) { $itemId = $_POST['itemId']; } else { if (isset($_GET['itemId'])) { $itemId = $_GET['itemId']; } else { printError($scriptName, $startTime, "Authentification for buying an item", "You must provide an item identifier!<br>"); exit; } } printHTMLheader("RUBiS: User authentification for buying an item"); include "buy_now_auth_header.html"; print "<input type=hidden name=\"itemId\" value=\"{$itemId}\">"; include "auth_footer.html"; printHTMLfooter($scriptName, $startTime); ?> </body> </html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <body> <?php $scriptName = "SubmitStory.php"; include "PHPprinter.php"; $startTime = getMicroTime(); getDatabaseLink($link); printHTMLheader("RUBBoS: Story submission"); print "<center><h2>Submit your incredible story !</h2><br>\n"; print "<form action=\"StoreStory.php\" method=POST>\n" . "<center><table>\n" . "<tr><td><b>Nickname</b><td><input type=text size=20 name=nickname>\n" . "<tr><td><b>Password</b><td><input type=text size=20 name=password>\n" . "<tr><td><b>Story title</b><td><input type=text size=100 name=title>\n" . "<tr><td><b>Category</b><td><SELECT name=category>\n"; $result = mysql_query("SELECT * FROM categories", $link) or die("ERROR: Query failed"); while ($row = mysql_fetch_array($result)) { print "<OPTION value=\"" . $row["id"] . "\">" . $row["name"] . "</OPTION>\n"; } print "</SELECT></table><p><br>\n" . "<TEXTAREA rows=\"20\" cols=\"80\" name=\"body\">Write your story here</TEXTAREA><br><p>\n" . "<input type=submit value=\"Submit this story now!\"></center><p>\n"; mysql_free_result($result); mysql_close($link); printHTMLfooter($scriptName, $startTime); ?> </body> </html>
printError($scriptName, $startTime, "Viewing comment", "You must provide a comment table!<br>"); exit; } } getDatabaseLink($link); if ($commentId == 0) { $parent = 0; } else { $result = mysql_query("SELECT parent FROM {$comment_table} WHERE id={$commentId}", $link) or die("ERROR: Query failed"); if (mysql_num_rows($result) == 0) { die("<h3>ERROR: Sorry, but this comment does not exist.</h3><br>\n"); } $row = mysql_fetch_array($result); $parent = $row["parent"]; } printHTMLheader("RUBBoS: Viewing comments"); // Display comment filter chooser print "<center><form action=\"/PHP/ViewComment.php\" method=POST>\n" . "<input type=hidden name=commentId value={$commentId}>\n" . "<input type=hidden name=storyId value={$storyId}>\n" . "<input type=hidden name=comment_table value={$comment_table}>\n" . "<B>Filter :</B>  <SELECT name=filter>\n"; $count_result = mysql_query("SELECT rating, COUNT(rating) AS count FROM {$comment_table} WHERE story_id={$storyId} GROUP BY rating ORDER BY rating", $link) or die("ERROR: Query failed"); $i = -1; while ($count_row = mysql_fetch_array($count_result)) { while ($i < 6 && $count_row["rating"] != $i) { if ($i == $filter) { print "<OPTION selected value=\"{$i}\">{$i}: 0 comment</OPTION>\n"; } else { print "<OPTION value=\"{$i}\">{$i}: 0 comment</OPTION>\n"; } $i++; } if ($count_row["rating"] == $i) { if ($i == $filter) {