} // Get item category and condition id $ids = QueryOperator::getItemRelatedIds(addslashes($new_auction["itemCategory"]), $new_auction["itemCondition"]); // Prepare item parameters $item[] = SessionOperator::getUser()->getUserId(); $item[] = $new_auction["itemName"]; $item[] = $new_auction["itemBrand"]; $item[] = $ids["categoryId"]; $item[] = $ids["conditionId"]; $item[] = $new_auction["itemDescription"]; $item[] = $newImageName; // Prepare auction parameters $startTime = date_create($new_auction["startTime"])->format('Y-m-d H:i:s'); $endTime = date_create($new_auction["endTime"])->format('Y-m-d H:i:s'); $auction[] = ""; $auction[] = $new_auction["quantity"]; $auction[] = $new_auction["startPrice"]; $auction[] = $new_auction["reservePrice"]; $auction[] = $startTime; $auction[] = $endTime; // Store auction in database $ids = QueryOperator::addAuction($item, $auction); // Set event timer QueryOperator::addAuctionEvent($endTime, SessionOperator::getUser()->getUserId(), $ids["auctionId"]); // Store image name in database QueryOperator::uploadImage($ids["itemId"], $newImageName, "items"); // Set feedback session SessionOperator::setNotification(SessionOperator::CREATED_AUCTION); // Return to live auctions page HelperOperator::redirectTo("../views/my_live_auctions_view.php"); }
receive an email to change your password. </p> </div> <!-- instructions end --> <!-- forgot password start --> <form method="post" action="../scripts/password.php"> <div class="col-xs-4 form-group-lg"> <label class="text-danger">  <?php echo SessionOperator::getInputErrors("email"); ?> </label> <input type="text" name="email" class="form-control" id="email" maxlength="45" placeholder="Enter your email here" <?php echo 'value = "' . SessionOperator::getFormInput("email") . '"'; ?> > </div> <div class="col-xs-8"> <label> </label><br> <button type="submit" name="resetPassword" id="resetPassword" class="btn btn-success btn-lg">Reset Password</button> </div> </form> <!-- forgot password end --> </div> <!-- main end --> <!-- footer start --> <?php
<?php require_once "../classes/class.helper_operator.php"; require_once "../config/config.php"; require_once "../classes/class.query_operator.php"; require_once "../classes/class.session_operator.php"; // Delete profile image from file system and image name from database $user = SessionOperator::getUser(); unlink(ROOT . $user->getImage()); QueryOperator::uploadImage($user->getUserId(), null, "users"); // Update user session $user = QueryOperator::getAccount(SessionOperator::getUser()->getUserId()); SessionOperator::updateUser(new User($user)); // Set feedback session SessionOperator::setNotification(SessionOperator::DELETED_PROFILE_PHOTO); HelperOperator::redirectTo("../views/profile_view.php");
<?php require_once "../classes/class.helper_operator.php"; require_once "../classes/class.session_operator.php"; require_once "../classes/class.validation_operator.php"; require_once "../classes/class.query_operator.php"; require_once "../classes/class.db_auction_watch.php"; /* @var User $user*/ $user = SessionOperator::getUser(); $auctionId = $_GET["liveAuction"]; if (!is_numeric($auctionId)) { HelperOperator::redirectTo("../views/open_live_auction_view.php?" . $_SERVER['QUERY_STRING']); } // Check user hasn't already watched $alreadyWatching = DbAuctionWatch::withConditions("WHERE userId = " . $user->getUserId() . " AND auctionId =" . $auctionId)->exists() ? true : false; if ($alreadyWatching) { HelperOperator::redirectTo("../views/open_live_auction_view.php?" . $_SERVER['QUERY_STRING']); } // Create an auction_watch $watch = new DbAuctionWatch(array("userId" => $user->getUserId(), "auctionId" => $auctionId)); // Add to watch list $watch->create(); // Set feedback session SessionOperator::setNotification(SessionOperator::CREATED_WATCH); HelperOperator::redirectTo("../views/open_live_auction_view.php?" . $_SERVER['QUERY_STRING']);
// Prevent sql injection if (!is_numeric($auctionId)) { HelperOperator::redirectTo("../views/my_live_auctions_view.php"); } /* @var User $user */ $user = SessionOperator::getUser(); $userId = $user->getUserId(); /* @var DbAuction $auction */ /* @var DbItem $item */ $auction = DbAuction::find($auctionId); $item = DbItem::find($auction->getField("itemId")); // User owns auction if ($item->getField("userId") == $userId) { // Notifiy current highest bidder $highestBid = QueryOperator::getAuctionBids($auctionId, 1)[0]; if (!empty($highestBid)) { $comment = "The auction \"" . $item->getField("itemName") . " " . $item->getField("itemBrand") . "\" with "; $comment .= "your current highest bid of " . $highestBid->getBidPrice() . " GSP was deleted by " . $user->getUsername() . "."; QueryOperator::addNotification($highestBid->getBidderId(), $comment, QueryOperator::NOTIFICATION_AUCTION_DELETED); } // Delete auction $auction->delete(); if (!empty($imageName = $item->getField("image"))) { unlink(ROOT . $imageName); } // Delete auction event QueryOperator::dropAuctionEvent($auctionId); // Set feedback session SessionOperator::setNotification(SessionOperator::DELETED_AUCTION); } HelperOperator::redirectTo("../views/my_live_auctions_view.php");
<?php require_once "../classes/class.session_operator.php"; require_once "../classes/class.query_operator.php"; // Mark notification as seen if (isset($_GET["notificationId"])) { $id = $_GET["notificationId"]; QueryOperator::haveSeen(SessionOperator::getUser()->getUserId(), $id); }
<?php require_once "../classes/class.session_operator.php"; require_once "../classes/class.helper_operator.php"; if (!SessionOperator::isLoggedIn()) { HelperOperator::redirectTo("../index.php"); }
<?php if (!is_null($notification = SessionOperator::getNotification())) { ?> <script> $.notify({ icon: "glyphicon glyphicon-ok", title: <?php echo json_encode($notification[0]); ?> , message: <?php echo json_encode($notification[1]); ?> },{ type: <?php echo json_encode($notification[2]); ?> }); </script> <?php }
} } else { $error = []; if (($upload = ValidationOperator::checkImage()) != null) { // A user is logged in if (!is_null($user = SessionOperator::getUser())) { // Create random image name $newImageName = UPLOAD_PROFILE_IMAGE . uniqid("", true) . "." . $upload["imageExtension"]; // Upload new profile picture to file system if (move_uploaded_file($upload["image"], ROOT . $newImageName)) { // Delete old profile pic (if exists) if (!empty($imageName = $user->getImage())) { unlink(ROOT . $imageName); } // Store image name in database QueryOperator::uploadImage($user->getUserId(), $newImageName, "users"); // Update user session $user = QueryOperator::getAccount($user->getUserId()); SessionOperator::updateUser(new User($user)); // Set feedback session SessionOperator::setNotification(SessionOperator::UPLOADED_PROFILE_PHOTO); } else { $error["upload"] = "Image cannot be uploaded "; SessionOperator::setInputErrors($error); } } } } } // Redirect back HelperOperator::redirectTo("../views/profile_view.php");
SessionOperator::setNotification(SessionOperator::CHANGED_PASSWORD); // Send a password changed confirmation email to the user $mail = new Email($email, $userDetails["firstName"], $userDetails["lastName"]); $mail->preparePasswordConfirmEmail(); $mail->sentEmail(); HelperOperator::redirectTo("../index.php"); } else { SessionOperator::setFormInput($passwordFields); } HelperOperator::redirectTo("../views/change_password_view.php?email=" . $email); } else { if (isset($_POST["changePasswordSignedIn"])) { // Retrieve Passwords $passwordFields = ["currentPassword" => $_POST["currentPassword"], "password1" => $_POST["password1"], "password2" => $_POST["password2"]]; // Get current user session $user = SessionOperator::getUser(); // Current password is correct and both new passwords are valid and match if (!ValidationOperator::hasEmtpyFields($passwordFields) && ValidationOperator::isCurrentPassword($passwordFields["currentPassword"]) && ValidationOperator::validPasswords($passwordFields["password1"], $passwordFields["password2"])) { QueryOperator::updatePassword($user->getEmail(), $passwordFields["password2"]); SessionOperator::setNotification(SessionOperator::CHANGED_PASSWORD); // Send a password changed confirmation email to the user $mail = new Email($user->getEmail(), $user->getFirstName(), $user->getLastName()); $mail->preparePasswordConfirmEmail(); $mail->sentEmail(); } else { SessionOperator::setFormInput($passwordFields); } HelperOperator::redirectTo("../views/account_view.php"); } } }
<?php require_once "../classes/class.session_operator.php"; require_once "../classes/class.query_operator.php"; require_once "../scripts/user_session.php"; $allNotifications = QueryOperator::getNotifications(SessionOperator::getUser()->getUserId()); ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="description" content=""> <meta name="author" content=""> <title>Notifications</title> <!-- Font --> <link href='https://fonts.googleapis.com/css?family=Open+Sans' rel='stylesheet' type='text/css'> <!-- CSS --> <link href="../css/bootstrap.min.css" rel="stylesheet"> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css"> <link href="../css/animate.css" rel="stylesheet" type="text/css"> <link href="../css/metisMenu.min.css" rel="stylesheet"> <link href="../css/sb-admin-2.css" rel="stylesheet"> <link href="../css/dataTables.bootstrap.css" rel="stylesheet"> <link href="../css/main.css" rel="stylesheet">
<?php require_once "../classes/class.helper_operator.php"; require_once "../classes/class.session_operator.php"; require_once "../classes/class.user.php"; // Sign in button was clicked if (isset($_POST["signIn"])) { require_once "../classes/class.query_operator.php"; require_once "../classes/class.session_operator.php"; $email = trim($_POST["loginEmail"]); $password = trim($_POST["loginPassword"]); // Login details correct if (!is_null($account = QueryOperator::checkAccount($email, $password))) { // Login user and redirect to home page SessionOperator::login(new User($account)); HelperOperator::redirectTo("../views/my_live_auctions_view.php"); } else { // Create a session for the login inputs so that they can be recovered after the page reloads SessionOperator::setFormInput(["loginEmail" => $email, "loginPassword" => $password]); // Create a session for incorrect email and user details $message = "The entered email and password did not match our records, please try again."; SessionOperator::setInputErrors(["login" => $message]); } } // Sign in button was not clicked or sign in failed HelperOperator::redirectTo("../index.php");
?> " > </div> </div> <label class="col-xs-offset-2 text-danger">  <?php echo SessionOperator::getInputErrors("country"); ?> </label> <div class="form-group"> <label class="col-xs-2 control-label">Country</label> <div class="col-xs-10"> <select name="country" class="selectpicker form-control" data-dropup-auto="false"> <option default>Country</option> <?php $country = SessionOperator::getUser()->getCountry(); $countries = QueryOperator::getCountriesList(); print_r($countries); foreach ($countries as $value) { $selected = ""; if ($value == $country) { $selected = "selected"; } ?> <option value="<?php echo $value; ?> " title="<?php echo htmlspecialchars($value); ?> " <?php
require_once "../classes/class.validation_operator.php"; require_once "../classes/class.query_operator.php"; // Only process when sign up button was clicked if (!isset($_POST["signUp"])) { HelperOperator::redirectTo("../index.php"); } // Store POST values $registration = ["username" => $_POST["username"], "email" => $_POST["email"], "firstName" => $_POST["firstName"], "lastName" => $_POST["lastName"], "address" => $_POST["address"], "postcode" => $_POST["postcode"], "city" => $_POST["city"], "country" => $_POST["country"], "password1" => $_POST["password1"], "password2" => $_POST["password2"]]; // Add empty string for default country if ($registration["country"] == "Country") { $registration["country"] = ""; } // Check inputs if (ValidationOperator::hasEmtpyFields($registration) || ValidationOperator::isTaken($registration["username"], $registration["email"]) || !ValidationOperator::validPasswords($registration["password1"], $registration["password2"])) { // Create a session for all inputs so that they can be recovered after the page returns SessionOperator::setFormInput($registration); } else { // Create new user $registration["country"] = QueryOperator::getCountryId($registration["country"]); $encryptedPassword = password_hash($registration["password1"], PASSWORD_BCRYPT); $confirmCode = QueryOperator::addAccount(array($registration["username"], $registration["email"], $registration["firstName"], $registration["lastName"], $registration["address"], $registration["postcode"], $registration["city"], $registration["country"], $encryptedPassword)); // Create a session for the successfully submitted registration (account not verified yet) SessionOperator::setNotification(SessionOperator::SUBMITTED_REGISTRATION); // Email a verification link to the user - must be verified before accessing the new account require_once "../classes/class.email.php"; $mail = new Email($registration["email"], $registration["firstName"], $registration["lastName"]); $mail->prepareVerificationEmail($confirmCode); $mail->sentEmail(); } // Redirect back HelperOperator::redirectTo("../index.php");
<?php require_once "../classes/class.helper_operator.php"; require_once "../classes/class.session_operator.php"; require_once "../classes/class.validation_operator.php"; require_once "../classes/class.query_operator.php"; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/class.db_auction.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/class.db_auction_watch.php'; $watchId = $_GET["id"]; // Prevent sql injection if (!is_numeric($watchId)) { HelperOperator::redirectTo("../views/my_watch_list_view.php"); } /* @var User $user */ $userId = SessionOperator::getUser()->getUserId(); /* @var DbAuctionWatch $auction */ $watch = DbAuctionWatch::find($watchId); // User owns watch if ($watch->getField("userId") == $userId) { // Delete watch $watch->delete(); // Set feedback session SessionOperator::setNotification(SessionOperator::DELETED_WATCH); } HelperOperator::redirectTo("../views/my_watch_list_view.php");
<?php require_once "../classes/class.session_operator.php"; require_once "../classes/class.query_operator.php"; $newAlerts = QueryOperator::getNotifications(SessionOperator::getUser()->getUserId(), QueryOperator::NOTIFICATION_UNNOTIFIED); $alerts = null; foreach ($newAlerts as $newAlert) { $alerts .= "\n <li id=\"notification{$newAlert->getNotificationId()}\">\n <a href=\"#\">\n <div>\n <i class=\"{$newAlert->getCategoryIcon()}\"></i> <span style=\"padding-left: 10px\">{$newAlert->getCategoryName()}</span>\n <span class=\"pull-right text-muted small\">{$newAlert->getTime()}</span><br>\n <div style=\"padding-left: 26px; color: #253b52; margin-bottom: 5px; font-style: italic; font-size: 12px\">{$newAlert->getMessage()}</div>\n <span style=\"padding-left: 22px\"><button class=\"btn btn-sm btn-default\" id=\"deleteAlert_{$newAlert->getNotificationId()}\">Delete</button></span>\n </div>\n </a>\n </li>\n <li class=\"divider\" id=\"divider{$newAlert->getNotificationId()}\"></li>\n "; } echo $alerts;
public static function isPositiveNumber($fieldValue, $fieldName) { $error = []; // Is a number if (is_numeric($fieldValue)) { // Is positive if ($fieldValue > 0) { return true; } else { $error[$fieldName] = $fieldName . self::PRICES[self::INVALID_SIZE]; } } else { $error[$fieldName] = $fieldName . self::PRICES[self::WRONG_FORMAT]; } // Error SessionOperator::setInputErrors($error); return false; }
} else { echo "<br><h5>Nobody gave you a buyer feedback!</h5>"; } ?> </div> </div> <!-- feedbacks end --> <?php } else { ?> <div class="row"> <div class="well text-center"> <h1 class="text-danger">No feedback available</h1> <?php if ($_GET["username"] == SessionOperator::getUser()->getUserName()) { ?> <h4>In order to receive feedbacks, you must sell or win an auction. Only then, a buyer or a seller can rate you.</h4> <?php } ?> </div> </div> <?php } ?> <!-- footer start --> <div class="footer"> <div class="container">
</li> <li> <a href="../views/my_successful_bids_view.php"><i class="fa fa fa-thumbs-up fa-fw"></i> Won Auctions</a> </li> <li> <a href="../views/my_unsuccessful_bids_view.php"><i class="fa fa-thumbs-down fa-fw"></i> Lost Auctions</a> </li> </ul> </li> <li> <a href="../views/my_watch_list_view.php"><i class="fa fa-eye fa-fw"></i> My Watch List</a> </li> <li> <a href="../views/my_feedbacks_view.php?username=<?php echo SessionOperator::getUser()->getUsername(); ?> "> <i class="fa fa-envelope fa-fw"></i> My Feedbacks </a> </li> </ul> </div> </div> <!-- side menu end --> <!-- logout modal start --> <div class="modal fade" id="logout" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <div class="modal-dialog"> <div class="modal-content">
<?php if (($errors = SessionOperator::getAllErrors()) != null) { ?> <div class="alert alert-danger fade in"> <a href="#" class="close" data-dismiss="alert" aria-label="close">×</a> <strong>Input error!</strong><br> <ul> <?php foreach ($errors as $key => $message) { echo "<li>" . $message . "</li>"; } ?> </ul> </div> <?php }
$auctionId = (int) $_GET["auctionId"]; $bidPrice = $_GET["bidPrice"]; $auction = QueryOperator::getLiveAuction($auctionId); $user = SessionOperator::getUser(); $userId = (int) $user->getUserId(); // Incorrect inputs if (ValidationOperator::hasEmtpyFields($_GET) || !ValidationOperator::isPositiveNumber($bidPrice, "bidPrice") || !ValidationOperator::checkBidPrice($bidPrice, $auctionId)) { // Create a session for bid price so that it can be recovered after the page returns SessionOperator::setFormInput(["bidPrice" => $bidPrice]); } else { // Notify outbid user (only if it is not the same user) $highestBidderId = $auction->getHighestBidderId(); if (!is_null($highestBidderId) && $highestBidderId != $userId) { $comment = "You were outbid on the auction \"" . $auction->getItemName() . " " . $auction->getItemBrand() . "\" by "; $comment .= "by \"" . $user->getUserName() . "\". The new highest bid is " . $bidPrice . " GSP."; QueryOperator::addNotification($highestBidderId, $comment, QueryOperator::NOTIFICATION_OUTBID); } $comment = "You received a new bid on the auction \"" . $auction->getItemName() . " " . $auction->getItemBrand() . "\" by "; $comment .= "by \"" . $user->getUserName() . "\". The new highest bid is " . $bidPrice . " GSP."; QueryOperator::addNotification($auction->getSellerId(), $comment, QueryOperator::NOTIFICATION_NEW_BID); // Place bid QueryOperator::placeBid($auctionId, $userId, $bidPrice); $dbAuction = DbAuction::find($auctionId); $dbAuction->setField("highestBidderId", $userId); $dbAuction->save(); // Set feedback session SessionOperator::setNotification(SessionOperator::PLACED_BID); } } // Return back to page HelperOperator::redirectTo("../views/open_live_auction_view.php?liveAuction=" . $auctionId . "&s=1");
<?php require_once "../classes/class.helper_operator.php"; require_once "../classes/class.session_operator.php"; SessionOperator::logout(); HelperOperator::redirectTo("../index.php");
echo count($bids); ?> bids</p> </div> <?php if (!$isMyAuction) { ?> <form method="GET" action="../scripts/place_bid.php"> <div class="col-xs-8"> <input type="hidden" name="auctionId" value="<?php echo $auction->getAuctionId(); ?> "> <input type="text" class="form-control" name="bidPrice" maxlength="11" style="height: 30px" <?php echo 'value = "' . SessionOperator::getFormInput("bidPrice") . '"'; ?> ><br> </div> <div class="col-xs-4"> <button type="submit" class="btn btn-primary" style="height: 30px; padding: 4px 12px">Place Bid</button> </div> </form> <div class="col-xs-12"> <?php if (!$alreadyWatching) { $href = '"../scripts/create_watch.php?' . $_SERVER['QUERY_STRING'] . '"'; echo '<a href=' . $href . '><i class="fa fa-eye"></i> Add to watch list</a>'; } else { echo "<a class=\"text-success\" href=\"my_watch_list_view.php#auction{$auction->getAuctionId()}\"><i class=\"fa fa-eye\"></i> Watching</a>";
<?php require_once "../classes/class.helper_operator.php"; require_once "../classes/class.session_operator.php"; // Ignore manual calls to 'confirmation.php' if (isset($_GET["email"]) && isset($_GET["confirm_code"])) { // Retrieve email and confirmation code from link $email = $_GET["email"]; $confirm_code = $_GET["confirm_code"]; // Check if email and confirmation code originate from an unverified user account require_once "../classes/class.query_operator.php"; $result = QueryOperator::checkVerificationLink($email, $confirm_code); // Verification link is correct if (!empty($result)) { // Active user account QueryOperator::activateAccount($result["userId"]); // Create a session for completed registration SessionOperator::setNotification(SessionOperator::COMPLETED_REGISTRATION); // Email a registration confirmation to the user require_once "../classes/class.email.php"; $mail = new Email($email, $result["firstName"], $result["lastName"]); $mail->prepareRegistrationConfirmEmail(); $mail->sentEmail(); } } // Redirect to homepage HelperOperator::redirectTo("../index.php");
?> > <span class="input-group-addon"> <span class="glyphicon glyphicon-calendar"></span> </span> </div> </div> </div> <div class="col-xs-3"> <label>End Time</label> <div class="form-group"> <div class='input-group date' id='datetimepickerEnd'> <input type='text' class="form-control" name="endTime" readonly <?php echo 'value = "' . SessionOperator::getFormInput("endTime") . '"'; ?> > <span class="input-group-addon"> <span class="glyphicon glyphicon-calendar"></span> </span> </div> </div> </div> </div> </div> <!-- auction details end --> <!-- submit auction start -->
} } } $cats = getCatIdAndType($searchCategory); // Set up pagination object $total = QueryOperator::countFoundAuctions(buildQuery($searchString, $cats, null)); $page = isset($_GET["page"]) ? $_GET["page"] : 1; $page = $page <= $total ? $page : 1; $per_page = 15; $pagination = new Pagination($page, $per_page, $total); // Get paginated search results $catsAndAuctions = QueryOperator::searchAuctions(buildQuery($searchString, $cats, $sort, $per_page, $pagination->offset())); // Update search sessions $updated_session = array_merge([SessionOperator::SEARCH_RESULT => $catsAndAuctions], $updated_session); $updated_session = array_merge([SessionOperator::SEARCH_PAGINATION => $pagination], $updated_session); SessionOperator::setSearch($updated_session); // Return back to search page HelperOperator::redirectTo("../views/search_view.php"); function buildQuery($searchString, $searchCategory, $sortOption, $limit = null, $offset = null) { $query = null; // Prepare count query if (is_null($limit) && is_null($offset)) { $query = "SELECT COUNT(*) "; } else { $query = "SELECT auctions.auctionId, quantity, startPrice, reservePrice, startTime,\n endTime, itemName, itemBrand, itemDescription, items.image, auctions.views,\n item_categories.categoryName as subCategoryName, superCategoryName,\n item_categories.superCategoryId, item_categories.categoryId,\n conditionName, countryName, COUNT(DISTINCT (bids.bidId)) AS numBids,\n COUNT(DISTINCT (auction_watches.watchId)) AS numWatches,\n MAX(bids.bidPrice) AS highestBid,\n case\n when MAX(bids.bidPrice)is not null THEN MAX(bids.bidPrice)\n else startPrice\n end AS currentPrice "; } $query .= "FROM auctions\n LEFT OUTER JOIN bids ON bids.auctionId = auctions.auctionId\n LEFT OUTER JOIN auction_watches ON auction_watches.auctionId = auctions.auctionId\n JOIN items ON items.itemId = auctions.itemId\n JOIN users ON items.userId = users.userId\n JOIN item_categories ON items.categoryId = item_categories.categoryId\n JOIN super_item_categories ON item_categories.superCategoryId = super_item_categories.superCategoryId\n JOIN item_conditions ON items.conditionId = item_conditions.conditionId\n JOIN countries ON users.countryId = countries.countryId\n\n WHERE auctions.startTime < now() AND auctions.endTime > now() AND\n items.itemName LIKE \"%__ss__%\" __cc__\n GROUP BY auctions.auctionId "; $query = str_replace("__ss__", $searchString, $query); if ($searchCategory != null) { if ($searchCategory["type"] == "super") {
<?php require_once "../classes/class.session_operator.php"; require_once "../classes/class.query_operator.php"; require_once "../scripts/user_session.php"; $user = SessionOperator::getUser(); $soldAuctions = QueryOperator::getSellersSoldAuctions($user->getUserId()); ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="description" content=""> <meta name="author" content=""> <title>Sold Auctions</title> <!-- Font --> <link href='https://fonts.googleapis.com/css?family=Open+Sans' rel='stylesheet' type='text/css'> <!-- CSS --> <link href="../css/bootstrap.min.css" rel="stylesheet"> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css"> <link href="../css/animate.css" rel="stylesheet" type="text/css"> <link href="../css/metisMenu.min.css" rel="stylesheet"> <link href="../css/sb-admin-2.css" rel="stylesheet"> <link href="../css/dataTables.bootstrap.css" rel="stylesheet">
<input type="password" name="password1" class="form-control" id="password1" maxlength="23" placeholder="Create a password" <?php echo 'value = "' . SessionOperator::getFormInput('password1') . '"'; ?> > </div> <div class="form-group-lg col-xs-6"> <label class="text-danger">  <?php echo SessionOperator::getInputErrors("password2"); ?> </label> <input type="password" name="password2" class="form-control" id="password2" maxlength="23" placeholder="Repeat password" <?php echo 'value = "' . SessionOperator::getFormInput('password2') . '"'; ?> > </div> </div> <!-- account details end --> </div><hr> <div class="col-xs-12"> <p class="pull-right"> By clicking this 'Sign up for AuctionHouse' button, you agree to our <a href="">terms of service</a> and <a href="">privacy policy</a> </p> </div> <div class="form-group col-xs-12" id="sign_up_button"> <button type="submit" name="signUp" id="signUp" class="btn btn-success btn-lg pull-right">Sign up for AuctionHouse</button>
$feedback = ["score" => $_POST["score"], "comment" => $_POST["comment"]]; if (ValidationOperator::hasEmtpyFields($feedback)) { // Create a session for all inputs so that they can be recovered after the page returns SessionOperator::setFormInput($feedback); // Redirect back HelperOperator::redirectTo($redirectUrl); } $auctionId = $_POST["auctionId"]; $creatorId = SessionOperator::getUser()->getUserId(); //get the id of receiver $receiverUsername = $_POST["receiverUsername"]; /* @var DbUser $receiver */ $receiver = DbUser::withConditions("WHERE username = '******'")->first(); //check receiver exists AND there is no existing feedback (we only allow one) if ($receiver == null or DbFeedback::withConditions("WHERE auctionId = " . $auctionId . " AND creatorId = " . $creatorId . " AND receiverId = " . $receiver->getId())->exists()) { HelperOperator::redirectTo($redirectUrl); } // Create Feedback $now = new DateTime("now", new DateTimeZone(TIMEZONE)); $feedback = new DbFeedback(array("auctionId" => $_POST["auctionId"], "creatorId" => SessionOperator::getUser()->getUserId(), "receiverId" => $receiver->getId(), "score" => $_POST["score"], "comment" => $_POST["comment"], "time" => $now->format('Y-m-d H:i:s'))); $feedback->create(); // Notify receiver $auction = DbAuction::find($auctionId); $item = DbItem::find($auction->getField("itemId")); $comment = "You received a feedback from \"" . SessionOperator::getUser()->getUserName() . "\" in your participation in \""; $comment .= $item->getField("itemName") . " - " . $item->getField("itemBrand") . "\"."; QueryOperator::addNotification($receiver->getId(), $comment, QueryOperator::NOTIFICATION_FEEDBACK_RECEIVED); // Set feedback session SessionOperator::setNotification(SessionOperator::FEEDBACK_SENT); // Return to page HelperOperator::redirectTo($redirectUrl);
<?php $recommendedAuctions = QueryOperator::getBuyersRecommendedAuctions(SessionOperator::getUser()->getUserId()); if (count($recommendedAuctions) < 20) { $recommendedAuctions = array_merge($recommendedAuctions, QueryOperator::getMostPopularAuctions(20 - count($recommendedAuctions))); } ?> <!-- recommendations start --> <div class="panel panel-default recommendation-box" <?php if ($page == "search") { ?> style="margin-top: 60px"<?php } ?> > <div class="panel-heading"> <h5> <?php /*if ($collaborative){ echo "Recommended auctions inspired by your bidding history"; }else{ echo "The Most popular auctions right now"; }*/ echo "Recommended auctions"; ?> </h5> </div>