<?php
// bids/user_bids GET
//include '../auth.php';
include '../../sql_statements.php';
include '../../helper.php';
$get_data = validate_data("GET", array("bidder_user_id"));
$bidder_user_id = $get_data['bidder_user_id']['value'];
// echo bids_user_bids($bidder_user_id);
$result = db_r_function(bids_user_bids($bidder_user_id));
if ($result) {
http_response_code(200);
echo $result;
} else {
http_response_code(500);
echo '{"error":"no data returned"}';
}
<?php
// auctions/retrieve_all GET OK
include '../../sql_statements.php';
include '../../helper.php';
$result = db_r_function(auctions_retrieve_all());
if ($result) {
http_response_code(200);
echo $result;
} else {
echo '{error:"no data returned"}';
}
<?php
// users/authenticate POST
include '../../sql_statements.php';
include '../../helper.php';
include '../../post_header.php';
$post_data = validate_data("POST", array("username", "password"));
$username = $post_data['username']['value'];
$password = md5($post_data['password']['value']);
$result = db_r_function(users_authenticate($username, $password));
//echo $result . " ". users_authenticate($username, $password);
if ($result != "[]") {
http_response_code(200);
session_start();
$token = md5(uniqid(rand(), true));
$user_id = json_decode($result, TRUE)[0]["user_id"];
$_SESSION['access_token'] = $token;
$_SESSION['user_id'] = $user_id;
echo '{"access_token":"' . $token . '","user_id":' . $user_id . '}';
} else {
http_response_code(401);
echo '{"error":"Invalid username and password pair."}';
}
<?php
// items/user_items GET POOR
include '../../auth.php';
include '../../sql_statements.php';
include '../../helper.php';
$owner_user_id = intval($_GET['user_id']);
$result = db_r_function(items_user_items($owner_user_id));
if ($result) {
http_response_code(200);
echo $result;
} else {
http_response_code(500);
echo '{error:"no data returned"}';
}
<?php
// users/rating GET
include '../../sql_statements.php';
include '../../helper.php';
$get_data = validate_data("GET", array("user_id"));
$user_id = $get_data['user_id']['value'];
$result = db_r_function(users_rating($user_id));
if ($result) {
http_response_code(200);
echo $result;
} else {
http_response_code(200);
echo '{"error":"no data returned"}';
}
<?php
// Dependency: https://github.com/Synchro/PHPMailer
include '../../sql_statements.php';
include '../../helper.php';
include '../PHPMailer/PHPMailerAutoload.php';
include '../emailconfig.php';
$result = db_r_function(event_retrieve_watches());
$data = json_decode($result, true);
foreach ($data as $watch) {
if (!is_null($watch['email'])) {
// if an email address was returned
$watcher_text = "Hey, @" . $watch['username'] . "!\n\nWatch out, someone has bid GBP " . $watch['bid_price'] . " on '" . $watch['title'] . "' Better go outbid them quickly! \n\nGood luck!\nHashtagories";
$seller_text = "Hey, @" . $watch['username'] . "!\n\nJust to let you know, someone has bid GBP " . $watch['bid_price'] . " on '" . $watch['title'] . "' \n\nHappy selling!\nHashtagories";
if ($watch['watch_user_id'] != $watch['owner_user_id']) {
// if the watcher is not the owner
$buyer_mail = new PHPMailer();
$buyer_mail->isSMTP();
// Set mailer to use SMTP
$buyer_mail->Host = SMTP_HOSTNAME;
// Specify main and backup SMTP servers
$buyer_mail->SMTPAuth = true;
// Enable SMTP authentication
$buyer_mail->Username = SENDER;
// SMTP username
$buyer_mail->Password = PASSWORD;
// SMTP password
$buyer_mail->SMTPSecure = 'tls';
// Enable TLS encryption, `ssl` also accepted
$buyer_mail->Port = 587;
// TCP port to connect to
<?php
// users/self GET
include '../auth.php';
include '../sql_statements.php';
include '../helper.php';
$get_data = validate_data("GET", array("user_id"));
$user_id = $get_data['user_id']['value'];
$result = db_r_function(users_self($user_id));
if ($result) {
http_response_code(200);
echo $result;
} else {
http_response_code(200);
echo '{"error":"no data returned"}';
}
<?php
// bids/auction_bids GET OK
include '../../sql_statements.php';
include '../../helper.php';
$auction_id = intval($_GET['auction_id']);
$result = db_r_function(bids_auction_bids($auction_id));
if ($result) {
http_response_code(200);
echo $result;
} else {
echo '[]';
}
<?php
// items/create POST OK
// include '../../auth.php';
include '../../sql_statements.php';
include '../../helper.php';
include '../../post_header.php';
$post_data = validate_data("POST", array("owner_user_id", "title", "description", "image_ref"));
$owner_user_id = $post_data['owner_user_id']['value'];
$title = $post_data['title']['value'];
$description = $post_data['description']['value'];
$image_ref = $post_data['image_ref']['value'];
preg_match_all("/#(\\w+)/", $description, $tags);
$result = db_r_function(items_create($owner_user_id, $title, $description, $image_ref));
$new_item = json_decode($result, true)[0]['last_insert_id()'];
// var_dump($result);
// var_dump($new_item);
// for each found hashtag in regex,
// create hashtag relationship
//var_dump($tags[1]);
foreach ($tags[1] as $t) {
//echo hashtagories_tag_item($new_item, $t);
//echo
db_cud_function(hashtagories_tag_item($new_item, $t));
}
if ($result) {
http_response_code(201);
echo $result;
} else {
http_response_code(304);
//Not modified
<?php
include '../../sql_statements.php';
include '../../helper.php';
$result = db_r_function(hashtagories_trending());
if ($result) {
http_response_code(200);
echo $result;
} else {
echo '{"error":"no data returned"}';
}
<?php
// auctions/self GET OK
include '../sql_statements.php';
include '../helper.php';
$auction_id = intval($_GET['auction_id']);
$result = db_r_function(auctions_self($auction_id));
if ($result) {
http_response_code(200);
echo $result;
} else {
echo '{"error":"no data returned"}';
}
<?php
// hashtagories/search
include '../auth.php';
include '../sql_statements.php';
include '../helper.php';
$q = $_GET['query'];
$result = db_r_function(hashtagories_search($q));
if ($result) {
http_response_code(200);
echo $result;
} else {
http_response_code(500);
echo '{"error":"no data returned"}';
}
<?php
// hashtagories/all GET
include '../../sql_statements.php';
include '../../helper.php';
$result = db_r_function(hashtagories_all());
if ($result) {
http_response_code(200);
echo $result;
} else {
echo '{error:"no data returned"}';
}
<?php
// feedback/for_auction GET
include '../../auth.php';
include '../../sql_statements.php';
include '../../helper.php';
$get_data = validate_data("GET", array("feedback_auction_id"));
$feedback_auction_id = $get_data['feedback_auction_id']['value'];
//echo feedback_for_auction($feedback_auction_id);
$result = db_r_function(feedback_for_auction($feedback_auction_id));
if ($result) {
http_response_code(200);
echo $result;
} else {
http_response_code(200);
echo '{"error":"no data returned"}';
}
<?php
// users/username GET
include '../../sql_statements.php';
include '../../helper.php';
$get_data = validate_data("GET", array("user_id"));
$user_id = $get_data['user_id']['value'];
$result = db_r_function(users_username($user_id));
if ($result) {
http_response_code(200);
echo $result;
} else {
http_response_code(200);
echo '{"error":"no data returned"}';
}
<?php
// Dependency: https://github.com/Synchro/PHPMailer
// Triggered by cURL command, runs event_end_expired_auctions() sproc
// and sends all auction completion/feedback invite emails
include '../../sql_statements.php';
include '../../helper.php';
include '../PHPMailer/PHPMailerAutoload.php';
include '../emailconfig.php';
$result = db_r_function(event_end_expired_auctions());
$data = json_decode($result, true);
foreach ($data as $auction) {
print_r($auction);
if ($auction['successful']) {
$seller_text = "Congratulations, your item has sold to " . $auction['buyer_username'] . " for " . $auction['final_bid_price'] . "!\n\nAfter you have sent the item, please fill out some feedback here: " . APP_URL . $auction['seller_feedback_url'] . "\n\nThanks!\nHashtagories";
$buyer_text = "Congratulations, you've purchased an item from " . $auction['seller_username'] . " for " . $auction['final_bid_price'] . "!\n\nAfter you have received the item, please fill out some feedback here: " . APP_URL . $auction['buyer_feedback_url'] . "\n\nThanks!\nHashtagories";
$buyer_mail = new PHPMailer();
//$mail->SMTPDebug = 3; // Enable verbose debug output
$buyer_mail->isSMTP();
// Set mailer to use SMTP
$buyer_mail->Host = SMTP_HOSTNAME;
// Specify main and backup SMTP servers
$buyer_mail->SMTPAuth = true;
// Enable SMTP authentication
$buyer_mail->Username = SENDER;
// SMTP username
$buyer_mail->Password = PASSWORD;
// SMTP password
$buyer_mail->SMTPSecure = 'tls';
// Enable TLS encryption, `ssl` also accepted
$buyer_mail->Port = 587;
<?php
// feedback/for_user GET
//include '../../auth.php';
include '../../sql_statements.php';
include '../../helper.php';
$get_data = validate_data("GET", array("user_id"));
$user_id = $get_data['user_id']['value'];
$result = db_r_function(feedback_for_user($user_id));
if ($result) {
http_response_code(200);
echo $result;
} else {
http_response_code(200);
echo '{"error":"no data returned"}';
}
<?php
// auctions/search GET OK
include '../../sql_statements.php';
include '../../helper.php';
if (isset($_GET['query'])) {
$q = $_GET['query'];
$q_split = preg_split("/\\s/", $q);
$q_send = "'" . join("* ", $q_split) . "*'";
} else {
$q_send = "''";
}
$sort_order = $_GET['sort_order'] ? $_GET['sort_order'] : 0;
$sort = $_GET['sort'] ? $_GET['sort'] : 'views';
if ($sort_order) {
$result = db_r_function(auctions_search_desc($q_send, $sort));
} else {
$result = db_r_function(auctions_search($q_send, $sort));
}
if ($result) {
http_response_code(200);
echo $result;
} else {
echo '{error:"no data returned"}';
}
// SQL stored proc uses this concept:
// http://stackoverflow.com/questions/8149545/pass-array-to-mysql-stored-routine
<?php
// watches/user_watches GET
include '../../auth.php';
include '../../sql_statements.php';
include '../../helper.php';
$get_data = validate_data("GET", array("watch_user_id"));
$watch_user_id = $get_data['watch_user_id']['value'];
$result = db_r_function(watches_user_watches($watch_user_id));
if ($result) {
http_response_code(200);
echo $result;
} else {
http_response_code(200);
echo $result;
}
<?php
// auctions/user_auctions
include '../../auth.php';
include '../../sql_statements.php';
include '../../helper.php';
$user_id = $_GET['user_id'];
$result = db_r_function(auctions_user_auctions($user_id));
if ($result) {
http_response_code(200);
echo $result;
} else {
echo '[]';
}
