function printError($scriptName, $startTime, $title, $error)
{
printHTMLheader("RUBBoS ERROR: {$title}");
print "<h2>We cannot process your request due to the following error :</h2><br>\n";
print $error;
printHTMLfooter($scriptName, $startTime);
}
$userId = 0;
$access = 0;
if ($nickname != null && $password != null) {
$result = mysql_query("SELECT id,access FROM users WHERE nickname=\"{$nickname}\" AND password=\"{$password}\"", $link) or die("ERROR: Authentification query failed");
if (mysql_num_rows($result) != 0) {
$row = mysql_fetch_array($result);
$userId = $row["id"];
$access = $row["access"];
}
mysql_free_result($result);
}
if ($userId == 0 || $access == 0) {
printHTMLheader("RUBBoS: Moderation");
print "<p><center><h2>Sorry, but this feature is only accessible by users with an author access.</h2></center><p>\n";
} else {
printHTMLheader("RUBBoS: Comment moderation result");
print "<center><h2>Comment moderation result:</h2></center><p>\n";
// mysql_query("LOCK TABLES users WRITE, comments WRITE", $link) or die("ERROR: Failed to acquire locks on users and comments tables.");
$result = mysql_query("SELECT writer,rating FROM {$comment_table} WHERE id={$commentId}", $link) or die("ERROR: Query failed");
if (mysql_num_rows($result) == 0) {
// mysql_query("UNLOCK TABLES", $link) or die("ERROR: Failed to unlock users and comments tables.");
die("<h3>ERROR: Sorry, but this comment does not exist.</h3><br>\n");
}
$row = mysql_fetch_array($result);
if ($row["rating"] == -1 && $rating == -1 || $row["rating"] == 5 && $rating == 1) {
print "Comment rating is already to its maximum, updating only user's rating.";
} else {
// Update ratings
if ($rating != 0) {
mysql_query("UPDATE users SET rating=rating+{$rating} WHERE id=" . $row["writer"]) or die("ERROR: Unable to update user's rating\n");
mysql_query("UPDATE {$comment_table} SET rating=rating+{$rating} WHERE id={$commentId}") or die("ERROR: Unable to update comment's rating\n");
}
getDatabaseLink($link);
$result = mysql_query("SELECT * FROM stories WHERE id={$storyId}") or die("ERROR: Query failed");
if (mysql_num_rows($result) == 0) {
$result = mysql_query("SELECT * FROM old_stories WHERE id={$storyId}") or die("ERROR: Query failed");
$comment_table = "old_comments";
} else {
$comment_table = "comments";
}
if (mysql_num_rows($result) == 0) {
die("<h3>ERROR: Sorry, but this story does not exist.</h3><br>\n");
}
$row = mysql_fetch_array($result);
$username = getUserName($row["writer"], $link);
// Display the story
printHTMLheader("RUBBoS: Viewing story " . $row["title"]);
printHTMLHighlighted($row["title"]);
print "Posted by " . $username . " on " . $row["date"] . "<br>\n";
print $row["body"] . "<br>\n";
print "<p><center><a href=\"PostComment.php?comment_table={$comment_table}&storyId={$storyId}&parent=0\">Post a comment on this story</a></center><p>";
// Display filter chooser header
print "<br><hr><br>";
print "<center><form action=\"ViewComment.php\" method=POST>\n" . "<input type=hidden name=commentId value=0>\n" . "<input type=hidden name=storyId value={$storyId}>\n" . "<input type=hidden name=comment_table value={$comment_table}>\n" . "<B>Filter :</B>  <SELECT name=filter>\n";
$count_result = mysql_query("SELECT rating, COUNT(rating) AS count FROM {$comment_table} WHERE story_id={$storyId} GROUP BY rating ORDER BY rating", $link) or die("ERROR: Query failed");
$i = -1;
while ($count_row = mysql_fetch_array($count_result)) {
while ($i < 6 && $count_row["rating"] != $i) {
if ($i == $filter) {
print "<OPTION selected value=\"{$i}\">{$i}: 0 comment</OPTION>\n";
} else {
print "<OPTION value=\"{$i}\">{$i}: 0 comment</OPTION>\n";
if (mysql_num_rows($result) == 0) {
printError($scriptName, $startTime, "BuyNow", "<h3>ERROR: Sorry, but this item does not exist.</h3><br>");
commit($link);
exit;
}
$row = mysql_fetch_array($result);
$sellerNameResult = mysql_query("SELECT nickname FROM users WHERE id={$userId}", $link);
if (!$sellerNameResult) {
error_log("[" . __FILE__ . "] Query 'SELECT nickname FROM users WHERE id={$userId}' failed: " . mysql_error($link));
die("ERROR: Seller '{$userId}' name query failed: " . mysql_error($link));
}
$sellerNameRow = mysql_fetch_array($sellerNameResult);
$sellerName = $sellerNameRow["nickname"];
mysql_free_result($sellerNameResult);
commit($link);
printHTMLheader("RUBiS: Buy Now");
printHTMLHighlighted("You are ready to buy this item: " . $row["name"]);
print "<TABLE>\n";
print "<TR><TD>Quantity<TD><b><BIG>" . $row["quantity"] . "</BIG></b>\n";
print "<TR><TD>Seller<TD><a href=\"ViewUserInfo.php?userId=" . $row["seller"] . "\">{$sellerName}</a> (<a href=\"PutCommentAuth.php?to=" . $row["seller"] . "&itemId=" . $row["id"] . "\">Leave a comment on this user</a>)\n";
print "<TR><TD>Started<TD>" . $row["start_date"] . "\n";
print "<TR><TD>Ends<TD>" . $row["end_date"] . "\n";
print "</TABLE>\n";
printHTMLHighlighted("Item description");
print $row["description"];
print "<br><p>\n";
printHTMLHighlighted("Buy Now");
print "<form action=\"StoreBuyNow.php\" method=POST>\n" . "<input type=hidden name=userId value={$userId}>\n" . "<input type=hidden name=itemId value=" . $row["id"] . ">\n" . "<input type=hidden name=maxQty value=" . $row["quantity"] . ">\n";
if ($row["quantity"] > 1) {
print "<center><table><tr><td>Quantity:</td><td><input type=text size=5 name=qty></td></tr></table></center>\n";
} else {
$itemNameResult = mysql_query("SELECT name FROM old_items WHERE old_items.id={$itemId}", $link) or die("ERROR: Query failed");
}
if (mysql_num_rows($itemNameResult) == 0) {
commit($link);
die("<h3>ERROR: Sorry, but this item does not exist.</h3><br>\n");
}
$itemNameRow = mysql_fetch_array($itemNameResult);
$itemName = $itemNameRow["name"];
// Get the list of bids for this item
$bidsListResult = mysql_query("SELECT * FROM bids WHERE item_id={$itemId} ORDER BY date DESC", $link) or die("ERROR: Bids list query failed");
if (mysql_num_rows($bidsListResult) == 0) {
print "<h2>There is no bid for {$itemName}. </h2><br>";
} else {
print "<h2><center>Bid history for {$itemName}</center></h2><br>";
}
printHTMLheader("RUBiS: Bid history for {$itemName}.");
print "<TABLE border=\"1\" summary=\"List of bids\">\n" . "<THEAD>\n" . "<TR><TH>User ID<TH>Bid amount<TH>Date of bid\n" . "<TBODY>\n";
while ($bidsListRow = mysql_fetch_array($bidsListResult)) {
$bidAmount = $bidsListRow["bid"];
$bidDate = $bidsListRow["date"];
$userId = $bidsListRow["user_id"];
// Get the bidder nickname
if ($userId != 0) {
$userNameResult = mysql_query("SELECT nickname FROM users WHERE id={$userId}", $link) or die("ERROR: User nickname query failed");
$userNameRow = mysql_fetch_array($userNameResult);
$nickname = $userNameRow["nickname"];
mysql_free_result($userNameResult);
} else {
print "Cannot lookup the user!<br>";
printHTMLfooter($scriptName, $startTime);
exit;
}
if ($maxBid < $minBid) {
printError("<h3>Your maximum bid of \${$maxBid} is not acceptable because it is below the \${$minBid} minimum bid !<br></h3>");
return;
}
if ($maxBid < $bid) {
printError("<h3>Your maximum bid of \${$maxBid} is not acceptable because it is below your current bid of \${$bid} !<br></h3>");
return;
}
getDatabaseLink($link);
begin($link);
// Add bid to database and update values in item
$now = date("Y:m:d H:i:s");
mysql_query("LOCK TABLES bids WRITE, items WRITE", $link) or die("ERROR: Failed to acquire locks on items and bids tables.");
$result = mysql_query("SELECT max_bid FROM items WHERE id={$itemId}", $link) or die("ERROR: Failed to update number of bids in database. DEADLOCK!!");
$row = mysql_fetch_array($result);
if ($maxBid > $row["max_bid"]) {
mysql_query("UPDATE items SET max_bid={$maxBid} WHERE id={$itemId}", $link) or die("ERROR: Failed to update maximum bid in database. DEADLOCK!!");
}
mysql_query("INSERT INTO bids VALUES (NULL, {$userId}, {$itemId}, {$qty}, {$bid}, {$maxBid}, '{$now}')", $link) or die("ERROR: Failed to insert new bid in database. DEADLOCK!!");
mysql_query("UPDATE items SET nb_of_bids=nb_of_bids+1 WHERE id={$itemId}", $link) or die("ERROR: Failed to update number of bids in database. DEADLOCK!!");
mysql_query("UNLOCK TABLES", $link) or die("ERROR: Failed to unlock items and bids tables.");
commit($link);
printHTMLheader("RUBiS: Bidding result");
print "<center><h2>Your bid has been successfully processed.</h2></center>\n";
mysql_close($link);
printHTMLfooter($scriptName, $startTime);
?>
</body>
</html>
exit;
}
$userRow = mysql_fetch_array($toRes);
$rating = $rating + $userRow["rating"];
$result = mysql_query("UPDATE users SET rating={$rating} WHERE id={$to}");
if (!$result) {
error_log("[" . __FILE__ . "] Unable to update user's rating 'UPDATE users SET rating={$rating} WHERE id={$to}': " . mysql_error($link));
die("ERROR: Unable to update user's rating for user '{$to}': " . mysql_error($link));
}
// Add bid to database
$now = date("Y:m:d H:i:s");
$result = mysql_query("INSERT INTO comments VALUES (NULL, {$from}, {$to}, {$itemId}, {$rating}, '{$now}', \"{$comment}\")", $link);
if (!$result) {
error_log("[" . __FILE__ . "] Failed to insert new comment in database 'INSERT INTO comments VALUES (NULL, {$from}, {$to}, {$itemId}, {$rating}, '{$now}', \"{$comment}\")': " . mysql_error($link));
die("ERROR: Failed to insert new comment in database: " . mysql_error($link));
}
// $result = mysql_query("UNLOCK TABLES", $link);
// if (!$result)
// {
// error_log("[".__FILE__."] Failed to unlock users and comments tables: " . mysql_error($link));
// die("ERROR: Failed to unlock users and comments tables: " . mysql_error($link));
// }
commit($link);
printHTMLheader("RUBiS: Comment posting");
print "<center><h2>Your comment has been successfully posted.</h2></center>\n";
mysql_close($link);
printHTMLfooter($scriptName, $startTime);
?>
</body>
</html>
// Authenticate the user
$userId = authenticate($nickname, $password, $link);
if ($userId == -1) {
rollback($link);
die("<h2>ERROR: You don't have an account on RUBis! You have to register first.</h2><br>");
}
$userResult = mysql_query("SELECT * FROM users WHERE users.id={$userId}", $link);
if (!$userResult) {
error_log("[" . __FILE__ . "] Query 'SELECT * FROM users WHERE users.id={$userId}' failed: " . mysql_error($link));
die("ERROR: Query failed: " . mysql_error($link));
}
if (mysql_num_rows($userResult) == 0) {
rollback($link);
die("<h3>ERROR: Sorry, but this user '{$userId}' does not exist.</h3><br>\n");
}
printHTMLheader("RUBiS: About me");
// Get general information about the user
$userRow = mysql_fetch_array($userResult);
$firstname = $userRow["firstname"];
$lastname = $userRow["lastname"];
$nickname = $userRow["nickname"];
$email = $userRow["email"];
$creationDate = $userRow["creation_date"];
$rating = $userRow["rating"];
printHTMLHighlighted("<h2>Information about " . $nickname . "<br></h2>");
print "Real life name : " . $firstname . " " . $lastname . "<br>";
print "Email address : " . $email . "<br>";
print "User since : " . $creationDate . "<br>";
print "Current rating : <b>" . $rating . "</b><br><p>";
// Get the items the user has bid on
$bidsResult = mysql_query("SELECT item_id, bids.max_bid FROM bids, items WHERE bids.user_id={$userId} AND bids.item_id=items.id AND items.end_date>=NOW() GROUP BY item_id", $link);
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<body>
<?php
$scriptName = "ReviewStories.php";
include "PHPprinter.php";
$startTime = getMicroTime();
getDatabaseLink($link);
printHTMLheader("RUBBoS: Review Stories");
$now = date("Y:m:d H:i:s");
$result = mysql_query("SELECT * FROM submissions ORDER BY date DESC LIMIT 10", $link) or die("ERROR: Query failed");
if (mysql_num_rows($result) == 0) {
print "<h2>Sorry, but there is no submitted story available at this time.</h2><br>\n";
}
while ($row = mysql_fetch_array($result)) {
print "<br><hr>\n";
printHTMLHighlighted($row["title"]);
$username = getUserName($row["writer"], $link);
print "<B>Posted by " . $username . " on " . $row["date"] . "</B><br>\n";
print $row["body"];
print "<br><p><center><B>[ <a href=\"/PHP/AcceptStory.php?storyId=" . $row["id"] . "\">Accept</a> | <a href=\"/PHP/RejectStory.php?storyId=" . $row["id"] . "\">Reject</a> ]</B><p>\n";
}
mysql_free_result($result);
mysql_close($link);
printHTMLfooter($scriptName, $startTime);
?>
</body>
</html>
mysql_free_result($nicknameResult);
// Add user to database
$now = date("Y:m:d H:i:s");
$result = mysql_query("INSERT INTO users VALUES (NULL, \"{$firstname}\", \"{$lastname}\", \"{$nickname}\", \"{$password}\", \"{$email}\", 0, 0, '{$now}', {$regionId})", $link);
if (!$result) {
error_log("[" . __FILE__ . "] Failed to insert new user in database INSERT INTO users VALUES (NULL, \"{$firstname}\", \"{$lastname}\", \"{$nickname}\", \"{$password}\", \"{$email}\", 0, 0, '{$now}', {$regionId})': " . mysql_error($link));
die("ERROR: Failed to insert new user '{$nickname}' in database: " . mysql_error($link));
}
$result = mysql_query("SELECT * FROM users WHERE nickname=\"{$nickname}\"", $link);
if (!$result) {
error_log("[" . __FILE__ . "] Query 'SELECT * FROM users WHERE nickname=\"{$nickname}\"' failed: " . mysql_error($link));
die("ERROR: Query user failed: " . mysql_error($link));
}
$row = mysql_fetch_array($result);
commit($link);
printHTMLheader("RUBiS: Welcome to {$nickname}");
print "<h2>Your registration has been processed successfully</h2><br>\n";
print "<h3>Welcome {$nickname}</h3>\n";
print "RUBiS has stored the following information about you:<br>\n";
print "First Name : " . $row["firstname"] . "<br>\n";
print "Last Name : " . $row["lastname"] . "<br>\n";
print "Nick Name : " . $row["nickname"] . "<br>\n";
print "Email : " . $row["email"] . "<br>\n";
print "Password : "******"password"] . "<br>\n";
print "Region : {$region}<br>\n";
print "<br>The following information has been automatically generated by RUBiS:<br>\n";
print "User id :" . $row["id"] . "<br>\n";
print "Creation date :" . $row["creation_date"] . "<br>\n";
print "Rating :" . $row["rating"] . "<br>\n";
print "Balance :" . $row["balance"] . "<br>\n";
mysql_free_result($result);
}
$page = $HTTP_POST_VARS['page'];
if ($page == null) {
$page = $HTTP_GET_VARS['page'];
if ($page == null) {
$page = 0;
}
}
$nbOfStories = $HTTP_POST_VARS['nbOfStories'];
if ($nbOfStories == null) {
$nbOfStories = $HTTP_GET_VARS['nbOfStories'];
if ($nbOfStories == null) {
$nbOfStories = 25;
}
}
printHTMLheader("RUBBoS Older Stories");
// Display the date chooser
print "<form action=\"/PHP/OlderStories.php\" method=POST>\n";
print "<center><B>Date (day/month/year):</B><SELECT name=day>\n";
for ($i = 1; $i < 32; $i++) {
print "<OPTION value=\"{$i}\">{$i}</OPTION>\n";
}
print "</SELECT> / <SELECT name=month>\n";
for ($i = 1; $i < 13; $i++) {
print "<OPTION value=\"{$i}\">{$i}</OPTION>\n";
}
print "</SELECT> / <SELECT name=year>\n";
for ($i = 2001; $i < 2013; $i++) {
print "<OPTION value=\"{$i}\">{$i}</OPTION>\n";
}
print "</SELECT><p><input type=submit value=\"Retrieve stories from this date!\"><p>\n";
error_log("[" . __FILE__ . "] Query 'SELECT * FROM items WHERE items.id={$itemId}' failed: " . mysql_error($link));
die("ERROR: Item query failed for item '{$itemId}': " . mysql_error($link));
}
if (mysql_num_rows($result) == 0) {
printError($scriptName, $startTime, "PutComment", "<h3>Sorry, but this item does not exist.</h3><br>");
commit($link);
exit;
}
$toRes = mysql_query("SELECT * FROM users WHERE id=\"{$to}\"");
if (!$toRes) {
error_log("[" . __FILE__ . "] Query 'SELECT * FROM users WHERE id=\"{$to}\"' failed: " . mysql_error($link));
die("ERROR: User query failed for user '{$to}': " . mysql_error($link));
}
if (mysql_num_rows($toRes) == 0) {
printError($scriptName, $startTime, "PutComment", "<h3>Sorry, but this user does not exist.</h3><br>");
commit($link);
exit;
}
$row = mysql_fetch_array($result);
$userRow = mysql_fetch_array($toRes);
printHTMLheader("RUBiS: Comment service");
print "<center><h2>Give feedback about your experience with " . $row["name"] . "</h2><br>\n";
print "<form action=\"/PHP/StoreComment.php\" method=POST>\n" . "<input type=hidden name=to value={$to}>\n" . "<input type=hidden name=from value={$userId}>\n" . "<input type=hidden name=itemId value={$itemId}>\n" . "<center><table>\n" . "<tr><td><b>From</b><td>{$nickname}\n" . "<tr><td><b>To</b><td>" . $userRow["nickname"] . "\n" . "<tr><td><b>About item</b><td>" . $row["name"] . "\n" . "<tr><td><b>Rating</b>\n" . "<td><SELECT name=rating>\n" . "<OPTION value=\"5\">Excellent</OPTION>\n" . "<OPTION value=\"3\">Average</OPTION>\n" . "<OPTION selected value=\"0\">Neutral</OPTION>\n" . "<OPTION value=\"-3\">Below average</OPTION>\n" . "<OPTION value=\"-5\">Bad</OPTION>\n" . "</SELECT></table><p><br>\n" . "<TEXTAREA rows=\"20\" cols=\"80\" name=\"comment\">Write your comment here</TEXTAREA><br><p>\n" . "<input type=submit value=\"Post this comment now!\"></center><p>\n";
mysql_free_result($result);
commit($link);
mysql_close($link);
printHTMLfooter($scriptName, $startTime);
?>
</body>
</html>
<body>
<?php
$scriptName = "PutCommentAuth.php";
include "PHPprinter.php";
$startTime = getMicroTime();
$itemId = $HTTP_POST_VARS['itemId'];
if ($itemId == null) {
$itemId = $HTTP_GET_VARS['itemId'];
if ($itemId == null) {
printError($scriptName, $startTime, "Authentification for comment", "You must provide an item identifier!<br>");
exit;
}
}
$to = $HTTP_POST_VARS['to'];
if ($to == null) {
$to = $HTTP_GET_VARS['to'];
if ($to == null) {
printError($scriptName, $startTime, "Authentification for comment", "You must provide a user identifier!<br>");
exit;
}
}
printHTMLheader("RUBiS: User authentification for comment");
include "put_comment_auth_header.html";
print "<input type=hidden name=\"to\" value=\"{$to}\">";
print "<input type=hidden name=\"itemId\" value=\"{$itemId}\">";
include "auth_footer.html";
printHTMLfooter($scriptName, $startTime);
?>
</body>
</html>
$maxBid = $xRow["bid"];
break;
}
}
}
$firstBid = $maxBid;
$nbOfBidsResult = mysql_query("SELECT COUNT(*) AS bid FROM bids WHERE item_id=" . $row["id"], $link);
if (!$nbOfBidsResult) {
error_log("[" . __FILE__ . "] Query 'SELECT COUNT(*) AS bid FROM bids WHERE item_id=" . $row["id"] . "' failed: " . mysql_error($link));
die("ERROR: Nb of bids query failed: " . mysql_error($link));
}
$nbOfBidsRow = mysql_fetch_array($nbOfBidsResult);
$nbOfBids = $nbOfBidsRow["bid"];
mysql_free_result($nbOfBidsResult);
}
printHTMLheader("RUBiS: Viewing " . $row["name"]);
printHTMLHighlighted($row["name"]);
print "<TABLE>\n" . "<TR><TD>Currently<TD><b><BIG>{$maxBid}</BIG></b>\n";
// Check if the reservePrice has been met (if any)
$reservePrice = $row["reserve_price"];
if ($reservePrice > 0) {
if ($maxBid >= $reservePrice) {
print "(The reserve price has been met)\n";
} else {
print "(The reserve price has NOT been met)\n";
}
}
$sellerNameResult = mysql_query("SELECT users.nickname FROM users WHERE id=" . $row["seller"], $link);
if (!$sellerNameResult) {
error_log("[" . __FILE__ . "] Query 'SELECT users.nickname FROM users WHERE id=" . $row["seller"] . "' failed: " . mysql_error($link));
die("ERROR: Seller name query failed for user '" . $row["seller"] . "': " . mysql_error($link));
if ($password == null) {
printError($scriptName, $startTime, "Author", "You must provide a password!<br>");
exit;
}
}
getDatabaseLink($link);
// Authenticate the user
$userId = 0;
$access = 0;
if ($nickname != null && $password != null) {
$result = mysql_query("SELECT id,access FROM users WHERE nickname=\"{$nickname}\" AND password=\"{$password}\"", $link) or die("ERROR: Authentification query failed");
if (mysql_num_rows($result) != 0) {
$row = mysql_fetch_array($result);
$userId = $row["id"];
$access = $row["access"];
}
mysql_free_result($result);
}
if ($userId == 0 || $access == 0) {
printHTMLheader("RUBBoS: Author page");
print "<p><center><h2>Sorry, but this feature is only accessible by users with an author access.</h2></center><p>\n";
} else {
printHTMLheader("RUBBoS: Author page");
print "<p><center><h2>Which administrative task do you want to do ?</h2></center>\n" . "<p><p><a href=\"ReviewStories.php?authorId={$userId}\">Review submitted stories</a><br>\n";
}
mysql_close($link);
printHTMLfooter($scriptName, $startTime);
?>
</body>
</html>
$page = $_GET['page'];
} else {
$page = 0;
}
}
$nbOfItems = NULL;
if (isset($_POST['nbOfItems'])) {
$nbOfItems = $_POST['nbOfItems'];
} else {
if (isset($_GET['nbOfItems'])) {
$nbOfItems = $_GET['nbOfItems'];
} else {
$nbOfItems = 25;
}
}
printHTMLheader("RUBiS: Items in category {$categoryName}");
print "<h2>Items in category {$categoryName}</h2><br><br>";
getDatabaseLink($link);
begin($link);
$result = mysql_query("SELECT items.id,items.name,items.initial_price,items.max_bid,items.nb_of_bids,items.end_date FROM items WHERE category={$categoryId} AND end_date>=NOW() LIMIT " . $page * $nbOfItems . ",{$nbOfItems}", $link);
if (!$result) {
error_log("[" . __FILE__ . "] Query 'SELECT items.id,items.name,items.initial_price,items.max_bid,items.nb_of_bids,items.end_date FROM items WHERE category={$categoryId} AND end_date>=NOW() LIMIT " . $page * $nbOfItems . ",{$nbOfItems}' failed: " . mysql_error($link));
die("ERROR: Query failed for category '{$categoryId}', page '{$page}' and nbOfItems '{$nbOfItems}': " . mysql_error($link));
}
if (mysql_num_rows($result) == 0) {
if ($page == 0) {
print "<h2>Sorry, but there are no items available in this category !</h2>";
} else {
print "<h2>Sorry, but there are no more items available in this category !</h2>";
print "<p><CENTER>\n<a href=\"SearchItemsByCategory.php?category={$categoryId}" . "&categoryName=" . urlencode($categoryName) . "&page=" . ($page - 1) . "&nbOfItems={$nbOfItems}\">Previous page</a>\n</CENTER>\n";
}
}
$password = $HTTP_POST_VARS['password'];
if ($password == null) {
$password = $HTTP_GET_VARS['password'];
}
getDatabaseLink($link);
$userId = -1;
if ($username != null && $username != "" || $password != null && $password != "") {
// Authenticate the user
$userId = authenticate($username, $password, $link);
if ($userId == -1) {
printError($scriptName, $startTime, "Authentication", "You don't have an account on RUBiS!<br>You have to register first.<br>\n");
exit;
}
}
printHTMLheader("RUBiS available categories");
begin($link);
$result = mysql_query("SELECT * FROM categories", $link) or die("ERROR: Query failed");
commit($link);
if (mysql_num_rows($result) == 0) {
print "<h2>Sorry, but there is no category available at this time. Database table is empty</h2><br>\n";
} else {
print "<h2>Currently available categories</h2><br>\n";
}
while ($row = mysql_fetch_array($result)) {
if ($region != NULL) {
print "<a href=\"/PHP/SearchItemsByRegion.php?category=" . $row["id"] . "&categoryName=" . urlencode($row["name"]) . "®ion={$region}\">" . $row["name"] . "</a><br>\n";
} else {
if ($userId != -1) {
print "<a href=\"/PHP/SellItemForm.php?category=" . $row["id"] . "&user={$userId}\">" . $row["name"] . "</a><br>\n";
} else {
$result = mysql_query("SELECT * FROM items WHERE items.id={$itemId}") or die("ERROR: Query failed");
if (mysql_num_rows($result) == 0) {
printError($scriptName, $startTime, "BuyNow", "<h3>Sorry, but this item does not exist.</h3><br>");
commit($link);
exit;
}
$row = mysql_fetch_array($result);
$newQty = $row["quantity"] - $qty;
if ($newQty == 0) {
mysql_query("UPDATE items SET end_date=NOW(),quantity={$newQty} WHERE id={$itemId}") or die("ERROR: Failed to update item");
} else {
mysql_query("UPDATE items SET quantity={$newQty} WHERE id={$itemId}") or die("ERROR: Failed to update item");
}
// Add BuyNow to database
$now = date("Y:m:d H:i:s");
mysql_query("INSERT INTO buy_now VALUES (NULL, {$userId}, {$itemId}, {$qty}, '{$now}')", $link) or die("ERROR: Failed to insert new BuyNow in database.");
mysql_query("UNLOCK TABLES", $link) or die("ERROR: Failed to unlock items and buy_now tables.");
printHTMLheader("RUBiS: BuyNow result");
if ($qty == 1) {
print "<center><h2>Your have successfully bought this item.</h2></center>\n";
} else {
print "<center><h2>Your have successfully bought these items.</h2></center>\n";
}
commit($link);
mysql_free_result($result);
mysql_close($link);
printHTMLfooter($scriptName, $startTime);
?>
</body>
</html>
$maxBid = $xRow["bid"];
break;
}
}
}
$firstBid = $maxBid;
$nbOfBidsResult = mysql_query("SELECT COUNT(*) AS bid FROM bids WHERE item_id=" . $row["id"], $link);
if (!$nbOfBidsResult) {
error_log("[" . __FILE__ . "] Query failed 'SELECT COUNT(*) AS bid FROM bids WHERE item_id=" . $row["id"] . "': " . mysql_error($link));
die("ERROR: Nb of bids query failed for item '" . $row["id"] . "': " . mysql_error($link));
}
$nbOfBidsRow = mysql_fetch_array($nbOfBidsResult);
$nbOfBids = $nbOfBidsRow["bid"];
mysql_free_result($nbOfBidsResult);
}
printHTMLheader("RUBiS: Bidding");
printHTMLHighlighted("You are ready to bid on: " . $row["name"]);
print "<TABLE>\n" . "<TR><TD>Currently<TD><b><BIG>{$maxBid}</BIG></b>\n";
// Check if the reservePrice has been met (if any)
$reservePrice = $row["reserve_price"];
if ($reservePrice > 0) {
if ($maxBid >= $reservePrice) {
print "(The reserve price has been met)\n";
} else {
print "(The reserve price has NOT been met)\n";
}
}
$sellerNameResult = mysql_query("SELECT users.nickname FROM users WHERE id=" . $row["seller"], $link);
if (!$sellerNameResult) {
error_log("[" . __FILE__ . "] Query failed 'SELECT users.nickname FROM users WHERE id=" . $row["seller"] . "': " . mysql_error($link));
die("ERROR: Seller name query failed for seller '" . $row["seller"] . "': " . mysql_error($link));
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<body>
<?php
$scriptName = "StoriesOfTheDay.php";
include "PHPprinter.php";
$startTime = getMicroTime();
getDatabaseLink($link);
printHTMLheader("RUBBoS stories of the day");
$bodySizeLimit = 512;
$now = date("Y:m:d H:i:s");
$result = mysql_query("SELECT * FROM stories ORDER BY date DESC LIMIT 10", $link) or die("ERROR: Query failed");
if (mysql_num_rows($result) == 0) {
print "<h2>Sorry, but there is no story available at this time.</h2><br>\n";
}
while ($row = mysql_fetch_array($result)) {
print "<br><hr>\n";
printHTMLHighlighted("<a href=\"/PHP/ViewStory.php?storyId=" . $row["id"] . "\">" . $row["title"] . "</a>");
$username = getUserName($row["writer"], $link);
print "<B>Posted by " . $username . " on " . $row["date"] . "</B><br>\n";
if (strlen($row["body"]) > $bodySizeLimit) {
print substr($row["body"], 1, $bodySizeLimit);
print "<br><B>...</B>";
} else {
print $row["body"];
}
print "<br>\n";
}
mysql_free_result($result);
mysql_close($link);
printHTMLfooter($scriptName, $startTime);
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<body>
<?php
$scriptName = "RejectStory.php";
include "PHPprinter.php";
$startTime = getMicroTime();
$storyId = $HTTP_POST_VARS['storyId'];
if ($storyId == null) {
$storyId = $HTTP_GET_VARS['storyId'];
if ($storyId == null) {
printError($scriptName, $startTime, "RejectStory", "<h3>You must provide a story identifier !<br></h3>");
exit;
}
}
getDatabaseLink($link);
printHTMLheader("RUBBoS: Story submission result");
print "<center><h2>Story submission result:</h2></center><p>\n";
$result = mysql_query("SELECT id FROM submissions WHERE id={$storyId}") or die("ERROR: Query failed");
if (mysql_num_rows($result) == 0) {
die("<h3>ERROR: Sorry, but this story does not exist.</h3><br>\n");
}
// Delete entry from database
mysql_query("DELETE FROM submissions WHERE id={$storyId}", $link);
print "The story has been successfully removed from the submissions database table<br>\n";
mysql_close($link);
printHTMLfooter($scriptName, $startTime);
?>
</body>
</html>
}
$page = $HTTP_POST_VARS['page'];
if ($page == null) {
$page = $HTTP_GET_VARS['page'];
if ($page == null) {
$page = 0;
}
}
$nbOfStories = $HTTP_POST_VARS['nbOfStories'];
if ($nbOfStories == null) {
$nbOfStories = $HTTP_GET_VARS['nbOfStories'];
if ($nbOfStories == null) {
$nbOfStories = 25;
}
}
printHTMLheader("RUBBoS Browse Stories By Category");
print "<br><h2>Stories in category {$categoryName}</h2><br>";
getDatabaseLink($link);
$result = mysql_query("SELECT * FROM stories WHERE category={$categoryId} ORDER BY date DESC LIMIT " . $page * $nbOfStories . ",{$nbOfStories}", $link) or die("ERROR: Query failed");
if (mysql_num_rows($result) == 0) {
if ($page == 0) {
print "<h2>Sorry, but there is no story available in this category !</h2>";
} else {
print "<h2>Sorry, but there are no more stories available at this time.</h2><br>\n";
print "<p><CENTER>\n<a href=\"BrowseStoriesByCategory.php?category={$categoryId}" . "&categoryName=" . urlencode($categoryName) . "&page=" . ($page - 1) . "&nbOfStories={$nbOfStories}\">Previous page</a>\n</CENTER>\n";
}
mysql_free_result($result);
mysql_close($link);
printHTMLfooter($scriptName, $startTime);
exit;
}
$comment_table = $HTTP_GET_VARS['comment_table'];
if ($comment_table == null) {
printError($scriptName, $startTime, "Moderating comment", "You must provide a comment table!<br>");
exit;
}
}
$commentId = $HTTP_POST_VARS['commentId'];
if ($commentId == null) {
$commentId = $HTTP_GET_VARS['commentId'];
if ($commentId == null) {
printError($scriptName, $startTime, "Moderating comment", "You must provide a comment identifier!<br>");
exit;
}
}
getDatabaseLink($link);
printHTMLheader("RUBBoS: Comment moderation");
$result = mysql_query("SELECT * FROM {$comment_table} WHERE id={$commentId}", $link) or die("ERROR: Query failed");
if (mysql_num_rows($result) == 0) {
die("<h3>ERROR: Sorry, but this comment does not exist.</h3><br>\n");
}
$row = mysql_fetch_array($result);
print "<p><br><center><h2>Moderate a comment !</h2></center><br>\n<br><hr><br>";
$username = getUserName($row["writer"], $link);
print "<TABLE width=\"100%\" bgcolor=\"#CCCCFF\"><TR><TD><FONT size=\"4\" color=\"#000000\"><center><B><a href=\"ViewComment.php?comment_table={$comment_table}&storyId=" . $row["storyId"] . "&commentId=" . $row["id"] . "\">" . $row["subject"] . "</a></B> </FONT> (Score:" . $row["rating"] . ")</center></TABLE>\n";
print "<TABLE><TR><TD><B>Posted by " . $username . " on " . $row["date"] . "</B><p>\n";
print "<TR><TD>" . $row["comment"] . "</TABLE><p><hr><p>\n" . "<form action=\"StoreModeratorLog.php\" method=POST>\n" . "<input type=hidden name=commentId value={$commentId}>\n" . "<input type=hidden name=comment_table value={$comment_table}>\n" . "<center><table>\n" . "<tr><td><b>Nickname</b><td><input type=text size=20 name=nickname>\n" . "<tr><td><b>Password</b><td><input type=text size=20 name=password>\n" . "<tr><td><b>Rating</b><td><SELECT name=rating>\n" . "<OPTION value=\"-1\">-1: Offtopic</OPTION>\n" . "<OPTION selected value=\"0\">0: Not rated</OPTION>\n" . "<OPTION value=\"1\">1: Interesting</OPTION>\n" . "</SELECT></table><p><br>\n" . "<input type=submit value=\"Moderate this comment now!\"></center><p>\n";
printHTMLfooter($scriptName, $startTime);
?>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<body>
<?php
$scriptName = "BrowseRegions.php";
include "PHPprinter.php";
$startTime = getMicroTime();
printHTMLheader("RUBiS available regions");
getDatabaseLink($link);
begin($link);
$result = mysql_query("SELECT * FROM regions", $link) or die("ERROR: Query failed");
commit($link);
if (mysql_num_rows($result) == 0) {
print "<h2>Sorry, but there is no region available at this time. Database table is empty</h2><br>";
} else {
print "<h2>Currently available regions</h2><br>";
}
while ($row = mysql_fetch_array($result)) {
print "<a href=\"/PHP/BrowseCategories.php?region=" . $row["id"] . "\">" . $row["name"] . "</a><br>\n";
}
mysql_free_result($result);
mysql_close($link);
printHTMLfooter($scriptName, $startTime);
?>
</body>
</html>
$body = $HTTP_GET_VARS['body'];
if ($body == null) {
printError($scriptName, $startTime, "StoreComment", "<h3>You must provide a comment body!<br></h3>");
exit;
}
}
$comment_table = $HTTP_POST_VARS['comment_table'];
if ($comment_table == null) {
$comment_table = $HTTP_GET_VARS['comment_table'];
if ($comment_table == null) {
printError($scriptName, $startTime, "Viewing comment", "You must provide a comment table!<br>");
exit;
}
}
getDatabaseLink($link);
printHTMLheader("RUBBoS: Comment submission result");
print "<center><h2>Comment submission result:</h2></center><p>\n";
// Authenticate the user
$userId = authenticate($nickname, $password, $link);
if ($userId == 0) {
print "Comment posted by the 'Anonymous Coward'<br>\n";
} else {
print "Comment posted by user #{$userId}<br>\n";
}
// Add comment to database
$now = date("Y:m:d H:i:s");
$result = mysql_query("INSERT INTO {$comment_table} VALUES (NULL, {$userId}, {$storyId}, {$parent}, 0, 0, '{$now}', \"{$subject}\", \"{$body}\")", $link) or die("ERROR: Failed to insert new comment in database.");
$result = mysql_query("UPDATE {$comment_table} SET childs=childs+1 WHERE id={$parent}", $link) or die("ERROR: Failed to update parent childs in database.");
print "Your comment has been successfully stored in the {$table} database table<br>\n";
mysql_close($link);
printHTMLfooter($scriptName, $startTime);
} else {
$description = "No description";
}
}
getDatabaseLink($link);
begin($link);
// Add item to database
$start = date("Y:m:d H:i:s");
$end = date("Y:m:d H:i:s", mktime(date("H"), date("i"), date("s"), date("m"), date("d") + $duration, date("Y")));
$result = mysql_query("INSERT INTO items VALUES (NULL, \"{$name}\", \"{$description}\", {$initialPrice}, {$qty}, {$reservePrice}, {$buyNow}, 0, 0, '{$start}', '{$end}', {$userId}, {$categoryId})", $link);
if (!$result) {
error_log("[" . __FILE__ . "] Failed to insert new item in database. MySQL reports '" . mysql_error($link) . "' while querying 'INSERT INTO items VALUES (NULL, \"{$name}\", \"{$description}\", {$initialPrice}, {$qty}, {$reservePrice}, {$buyNow}, '{$start}', '{$end}', {$userId}, {$categoryId})': ");
die("ERROR: Failed to insert new item in database. MySQL reports '" . mysql_error($link) . "' while querying 'INSERT INTO items VALUES (NULL, \"{$name}\", \"{$description}\", {$initialPrice}, {$qty}, {$reservePrice}, {$buyNow}, '{$start}', '{$end}', {$userId}, {$categoryId})'");
}
commit($link);
printHTMLheader("RUBiS: Selling {$name}");
print "<center><h2>Your Item has been successfully registered.</h2></center><br>\n";
print "<b>RUBiS has stored the following information about your item:</b><br><p>\n";
print "<TABLE>\n";
print "<TR><TD>Name<TD>{$name}\n";
print "<TR><TD>Description<TD>{$description}\n";
print "<TR><TD>Initial price<TD>{$initialPrice}\n";
print "<TR><TD>ReservePrice<TD>{$reservePrice}\n";
print "<TR><TD>Buy Now<TD>{$buyNow}\n";
print "<TR><TD>Quantity<TD>{$qty}\n";
print "<TR><TD>Duration<TD>{$duration}\n";
print "</TABLE>\n";
print "<br><b>The following information has been automatically generated by RUBiS:</b><br>\n";
print "<TABLE>\n";
print "<TR><TD>User id<TD>{$userId}\n";
print "<TR><TD>Category id<TD>{$categoryId}\n";
$userId = $HTTP_POST_VARS['userId'];
if ($userId == null) {
$userId = $HTTP_GET_VARS['userId'];
if ($userId == null) {
printError($scriptName, $startTime, "Viewing user information", "You must provide an item identifier!<br>");
exit;
}
}
getDatabaseLink($link);
begin($link);
$userResult = mysql_query("SELECT * FROM users WHERE users.id={$userId}", $link) or die("ERROR: Query failed");
if (mysql_num_rows($userResult) == 0) {
commit($link);
die("<h3>ERROR: Sorry, but this user does not exist.</h3><br>\n");
}
printHTMLheader("RUBiS: View user information");
// Get general information about the user
$userRow = mysql_fetch_array($userResult);
$firstname = $userRow["firstname"];
$lastname = $userRow["lastname"];
$nickname = $userRow["nickname"];
$email = $userRow["email"];
$creationDate = $userRow["creation_date"];
$rating = $userRow["rating"];
print "<h2>Information about " . $nickname . "<br></h2>";
print "Real life name : " . $firstname . " " . $lastname . "<br>";
print "Email address : " . $email . "<br>";
print "User since : " . $creationDate . "<br>";
print "Current rating : <b>" . $rating . "</b><br>";
// Get the comments about the user
$commentsResult = mysql_query("SELECT * FROM comments WHERE comments.to_user_id={$userId}", $link) or die("ERROR: Query failed for the list of comments.");
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<body>
<?php
$scriptName = "BuyNowAuth.php";
include "PHPprinter.php";
$startTime = getMicroTime();
$itemId = NULL;
if (isset($_POST['itemId'])) {
$itemId = $_POST['itemId'];
} else {
if (isset($_GET['itemId'])) {
$itemId = $_GET['itemId'];
} else {
printError($scriptName, $startTime, "Authentification for buying an item", "You must provide an item identifier!<br>");
exit;
}
}
printHTMLheader("RUBiS: User authentification for buying an item");
include "buy_now_auth_header.html";
print "<input type=hidden name=\"itemId\" value=\"{$itemId}\">";
include "auth_footer.html";
printHTMLfooter($scriptName, $startTime);
?>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<body>
<?php
$scriptName = "SubmitStory.php";
include "PHPprinter.php";
$startTime = getMicroTime();
getDatabaseLink($link);
printHTMLheader("RUBBoS: Story submission");
print "<center><h2>Submit your incredible story !</h2><br>\n";
print "<form action=\"StoreStory.php\" method=POST>\n" . "<center><table>\n" . "<tr><td><b>Nickname</b><td><input type=text size=20 name=nickname>\n" . "<tr><td><b>Password</b><td><input type=text size=20 name=password>\n" . "<tr><td><b>Story title</b><td><input type=text size=100 name=title>\n" . "<tr><td><b>Category</b><td><SELECT name=category>\n";
$result = mysql_query("SELECT * FROM categories", $link) or die("ERROR: Query failed");
while ($row = mysql_fetch_array($result)) {
print "<OPTION value=\"" . $row["id"] . "\">" . $row["name"] . "</OPTION>\n";
}
print "</SELECT></table><p><br>\n" . "<TEXTAREA rows=\"20\" cols=\"80\" name=\"body\">Write your story here</TEXTAREA><br><p>\n" . "<input type=submit value=\"Submit this story now!\"></center><p>\n";
mysql_free_result($result);
mysql_close($link);
printHTMLfooter($scriptName, $startTime);
?>
</body>
</html>
printError($scriptName, $startTime, "Viewing comment", "You must provide a comment table!<br>");
exit;
}
}
getDatabaseLink($link);
if ($commentId == 0) {
$parent = 0;
} else {
$result = mysql_query("SELECT parent FROM {$comment_table} WHERE id={$commentId}", $link) or die("ERROR: Query failed");
if (mysql_num_rows($result) == 0) {
die("<h3>ERROR: Sorry, but this comment does not exist.</h3><br>\n");
}
$row = mysql_fetch_array($result);
$parent = $row["parent"];
}
printHTMLheader("RUBBoS: Viewing comments");
// Display comment filter chooser
print "<center><form action=\"/PHP/ViewComment.php\" method=POST>\n" . "<input type=hidden name=commentId value={$commentId}>\n" . "<input type=hidden name=storyId value={$storyId}>\n" . "<input type=hidden name=comment_table value={$comment_table}>\n" . "<B>Filter :</B>  <SELECT name=filter>\n";
$count_result = mysql_query("SELECT rating, COUNT(rating) AS count FROM {$comment_table} WHERE story_id={$storyId} GROUP BY rating ORDER BY rating", $link) or die("ERROR: Query failed");
$i = -1;
while ($count_row = mysql_fetch_array($count_result)) {
while ($i < 6 && $count_row["rating"] != $i) {
if ($i == $filter) {
print "<OPTION selected value=\"{$i}\">{$i}: 0 comment</OPTION>\n";
} else {
print "<OPTION value=\"{$i}\">{$i}: 0 comment</OPTION>\n";
}
$i++;
}
if ($count_row["rating"] == $i) {
if ($i == $filter) {
