public static function isCurrentPassword($currentPassword)
{
$userId = SessionOperator::getUser()->getUserId();
// Password matches
if (QueryOperator::checkPassword($userId, $currentPassword)) {
return true;
}
// Password does not match
SessionOperator::setInputErrors(["currentPassword" => self::PASSWORD[self::INCORRECT_PASSWORD]]);
return false;
}
$feedback = ["score" => $_POST["score"], "comment" => $_POST["comment"]];
if (ValidationOperator::hasEmtpyFields($feedback)) {
// Create a session for all inputs so that they can be recovered after the page returns
SessionOperator::setFormInput($feedback);
// Redirect back
HelperOperator::redirectTo($redirectUrl);
}
$auctionId = $_POST["auctionId"];
$creatorId = SessionOperator::getUser()->getUserId();
//get the id of receiver
$receiverUsername = $_POST["receiverUsername"];
/* @var DbUser $receiver */
$receiver = DbUser::withConditions("WHERE username = '******'")->first();
//check receiver exists AND there is no existing feedback (we only allow one)
if ($receiver == null or DbFeedback::withConditions("WHERE auctionId = " . $auctionId . " AND creatorId = " . $creatorId . " AND receiverId = " . $receiver->getId())->exists()) {
HelperOperator::redirectTo($redirectUrl);
}
// Create Feedback
$now = new DateTime("now", new DateTimeZone(TIMEZONE));
$feedback = new DbFeedback(array("auctionId" => $_POST["auctionId"], "creatorId" => SessionOperator::getUser()->getUserId(), "receiverId" => $receiver->getId(), "score" => $_POST["score"], "comment" => $_POST["comment"], "time" => $now->format('Y-m-d H:i:s')));
$feedback->create();
// Notify receiver
$auction = DbAuction::find($auctionId);
$item = DbItem::find($auction->getField("itemId"));
$comment = "You received a feedback from \"" . SessionOperator::getUser()->getUserName() . "\" in your participation in \"";
$comment .= $item->getField("itemName") . " - " . $item->getField("itemBrand") . "\".";
QueryOperator::addNotification($receiver->getId(), $comment, QueryOperator::NOTIFICATION_FEEDBACK_RECEIVED);
// Set feedback session
SessionOperator::setNotification(SessionOperator::FEEDBACK_SENT);
// Return to page
HelperOperator::redirectTo($redirectUrl);
<?php
require_once "../classes/class.helper_operator.php";
require_once "../config/config.php";
require_once "../classes/class.query_operator.php";
require_once "../classes/class.session_operator.php";
// Delete profile image from file system and image name from database
$user = SessionOperator::getUser();
unlink(ROOT . $user->getImage());
QueryOperator::uploadImage($user->getUserId(), null, "users");
// Update user session
$user = QueryOperator::getAccount(SessionOperator::getUser()->getUserId());
SessionOperator::updateUser(new User($user));
// Set feedback session
SessionOperator::setNotification(SessionOperator::DELETED_PROFILE_PHOTO);
HelperOperator::redirectTo("../views/profile_view.php");
<?php
require_once "../classes/class.session_operator.php";
require_once "../classes/class.query_operator.php";
require_once "../scripts/user_session.php";
$user = SessionOperator::getUser();
$soldAuctions = QueryOperator::getSellersSoldAuctions($user->getUserId());
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="">
<meta name="author" content="">
<title>Sold Auctions</title>
<!-- Font -->
<link href='https://fonts.googleapis.com/css?family=Open+Sans' rel='stylesheet' type='text/css'>
<!-- CSS -->
<link href="../css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css">
<link href="../css/animate.css" rel="stylesheet" type="text/css">
<link href="../css/metisMenu.min.css" rel="stylesheet">
<link href="../css/sb-admin-2.css" rel="stylesheet">
<link href="../css/dataTables.bootstrap.css" rel="stylesheet">
</li>
<li>
<a href="../views/my_successful_bids_view.php"><i class="fa fa fa-thumbs-up fa-fw"></i> Won Auctions</a>
</li>
<li>
<a href="../views/my_unsuccessful_bids_view.php"><i class="fa fa-thumbs-down fa-fw"></i> Lost Auctions</a>
</li>
</ul>
</li>
<li>
<a href="../views/my_watch_list_view.php"><i class="fa fa-eye fa-fw"></i> My Watch List</a>
</li>
<li>
<a href="../views/my_feedbacks_view.php?username=<?php
echo SessionOperator::getUser()->getUsername();
?>
">
<i class="fa fa-envelope fa-fw"></i> My Feedbacks
</a>
</li>
</ul>
</div>
</div>
<!-- side menu end -->
<!-- logout modal start -->
<div class="modal fade" id="logout" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<?php
require_once "../classes/class.session_operator.php";
require_once "../classes/class.query_operator.php";
// Mark notification as seen
if (isset($_GET["notificationId"])) {
$id = $_GET["notificationId"];
QueryOperator::haveSeen(SessionOperator::getUser()->getUserId(), $id);
}
<?php
require_once "../classes/class.helper_operator.php";
require_once "../classes/class.session_operator.php";
require_once "../classes/class.validation_operator.php";
require_once "../classes/class.query_operator.php";
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/class.db_auction.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/class.db_auction_watch.php';
$watchId = $_GET["id"];
// Prevent sql injection
if (!is_numeric($watchId)) {
HelperOperator::redirectTo("../views/my_watch_list_view.php");
}
/* @var User $user */
$userId = SessionOperator::getUser()->getUserId();
/* @var DbAuctionWatch $auction */
$watch = DbAuctionWatch::find($watchId);
// User owns watch
if ($watch->getField("userId") == $userId) {
// Delete watch
$watch->delete();
// Set feedback session
SessionOperator::setNotification(SessionOperator::DELETED_WATCH);
}
HelperOperator::redirectTo("../views/my_watch_list_view.php");
<?php
require_once "../classes/class.session_operator.php";
require_once "../classes/class.query_operator.php";
$newAlerts = QueryOperator::getNotifications(SessionOperator::getUser()->getUserId(), QueryOperator::NOTIFICATION_UNNOTIFIED);
$alerts = null;
foreach ($newAlerts as $newAlert) {
$alerts .= "\n <li id=\"notification{$newAlert->getNotificationId()}\">\n <a href=\"#\">\n <div>\n <i class=\"{$newAlert->getCategoryIcon()}\"></i> <span style=\"padding-left: 10px\">{$newAlert->getCategoryName()}</span>\n <span class=\"pull-right text-muted small\">{$newAlert->getTime()}</span><br>\n <div style=\"padding-left: 26px; color: #253b52; margin-bottom: 5px; font-style: italic; font-size: 12px\">{$newAlert->getMessage()}</div>\n <span style=\"padding-left: 22px\"><button class=\"btn btn-sm btn-default\" id=\"deleteAlert_{$newAlert->getNotificationId()}\">Delete</button></span>\n </div>\n </a>\n </li>\n <li class=\"divider\" id=\"divider{$newAlert->getNotificationId()}\"></li>\n ";
}
echo $alerts;
} else {
echo "<br><h5>Nobody gave you a buyer feedback!</h5>";
}
?>
</div>
</div>
<!-- feedbacks end -->
<?php
} else {
?>
<div class="row">
<div class="well text-center">
<h1 class="text-danger">No feedback available</h1>
<?php
if ($_GET["username"] == SessionOperator::getUser()->getUserName()) {
?>
<h4>In order to receive feedbacks, you must sell or win an auction. Only then, a buyer or a seller can rate you.</h4>
<?php
}
?>
</div>
</div>
<?php
}
?>
<!-- footer start -->
<div class="footer">
<div class="container">
// Check inputs
if (!empty($changedFields) && !ValidationOperator::hasEmtpyFields($update) && (!isset($changedFields["username"]) || !ValidationOperator::isTaken($update["username"]))) {
// Update user information
$user = SessionOperator::getUser();
QueryOperator::updateAccount($user->getUserId(), $update);
// Update user session
$user = QueryOperator::getAccount($user->getUserId());
SessionOperator::updateUser(new User($user));
// Set feedback session
SessionOperator::setNotification(SessionOperator::UPDATED_PROFILE_INFO);
}
} else {
$error = [];
if (($upload = ValidationOperator::checkImage()) != null) {
// A user is logged in
if (!is_null($user = SessionOperator::getUser())) {
// Create random image name
$newImageName = UPLOAD_PROFILE_IMAGE . uniqid("", true) . "." . $upload["imageExtension"];
// Upload new profile picture to file system
if (move_uploaded_file($upload["image"], ROOT . $newImageName)) {
// Delete old profile pic (if exists)
if (!empty($imageName = $user->getImage())) {
unlink(ROOT . $imageName);
}
// Store image name in database
QueryOperator::uploadImage($user->getUserId(), $newImageName, "users");
// Update user session
$user = QueryOperator::getAccount($user->getUserId());
SessionOperator::updateUser(new User($user));
// Set feedback session
SessionOperator::setNotification(SessionOperator::UPLOADED_PROFILE_PHOTO);
<?php
require_once "../classes/class.session_operator.php";
require_once "../classes/class.query_operator.php";
require_once "../scripts/user_session.php";
$allNotifications = QueryOperator::getNotifications(SessionOperator::getUser()->getUserId());
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="">
<meta name="author" content="">
<title>Notifications</title>
<!-- Font -->
<link href='https://fonts.googleapis.com/css?family=Open+Sans' rel='stylesheet' type='text/css'>
<!-- CSS -->
<link href="../css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css">
<link href="../css/animate.css" rel="stylesheet" type="text/css">
<link href="../css/metisMenu.min.css" rel="stylesheet">
<link href="../css/sb-admin-2.css" rel="stylesheet">
<link href="../css/dataTables.bootstrap.css" rel="stylesheet">
<link href="../css/main.css" rel="stylesheet">
?>
" >
</div>
</div>
<label class="col-xs-offset-2 text-danger"> 
<?php
echo SessionOperator::getInputErrors("country");
?>
</label>
<div class="form-group">
<label class="col-xs-2 control-label">Country</label>
<div class="col-xs-10">
<select name="country" class="selectpicker form-control" data-dropup-auto="false">
<option default>Country</option>
<?php
$country = SessionOperator::getUser()->getCountry();
$countries = QueryOperator::getCountriesList();
print_r($countries);
foreach ($countries as $value) {
$selected = "";
if ($value == $country) {
$selected = "selected";
}
?>
<option value="<?php
echo $value;
?>
" title="<?php
echo htmlspecialchars($value);
?>
" <?php
}
// Get item category and condition id
$ids = QueryOperator::getItemRelatedIds(addslashes($new_auction["itemCategory"]), $new_auction["itemCondition"]);
// Prepare item parameters
$item[] = SessionOperator::getUser()->getUserId();
$item[] = $new_auction["itemName"];
$item[] = $new_auction["itemBrand"];
$item[] = $ids["categoryId"];
$item[] = $ids["conditionId"];
$item[] = $new_auction["itemDescription"];
$item[] = $newImageName;
// Prepare auction parameters
$startTime = date_create($new_auction["startTime"])->format('Y-m-d H:i:s');
$endTime = date_create($new_auction["endTime"])->format('Y-m-d H:i:s');
$auction[] = "";
$auction[] = $new_auction["quantity"];
$auction[] = $new_auction["startPrice"];
$auction[] = $new_auction["reservePrice"];
$auction[] = $startTime;
$auction[] = $endTime;
// Store auction in database
$ids = QueryOperator::addAuction($item, $auction);
// Set event timer
QueryOperator::addAuctionEvent($endTime, SessionOperator::getUser()->getUserId(), $ids["auctionId"]);
// Store image name in database
QueryOperator::uploadImage($ids["itemId"], $newImageName, "items");
// Set feedback session
SessionOperator::setNotification(SessionOperator::CREATED_AUCTION);
// Return to live auctions page
HelperOperator::redirectTo("../views/my_live_auctions_view.php");
}
<?php
$recommendedAuctions = QueryOperator::getBuyersRecommendedAuctions(SessionOperator::getUser()->getUserId());
if (count($recommendedAuctions) < 20) {
$recommendedAuctions = array_merge($recommendedAuctions, QueryOperator::getMostPopularAuctions(20 - count($recommendedAuctions)));
}
?>
<!-- recommendations start -->
<div class="panel panel-default recommendation-box" <?php
if ($page == "search") {
?>
style="margin-top: 60px"<?php
}
?>
>
<div class="panel-heading">
<h5>
<?php
/*if ($collaborative){
echo "Recommended auctions inspired by your bidding history";
}else{
echo "The Most popular auctions right now";
}*/
echo "Recommended auctions";
?>
</h5>
</div>
