// Prevent sql injection
if (!is_numeric($auctionId)) {
HelperOperator::redirectTo("../views/my_live_auctions_view.php");
}
/* @var User $user */
$user = SessionOperator::getUser();
$userId = $user->getUserId();
/* @var DbAuction $auction */
/* @var DbItem $item */
$auction = DbAuction::find($auctionId);
$item = DbItem::find($auction->getField("itemId"));
// User owns auction
if ($item->getField("userId") == $userId) {
// Notifiy current highest bidder
$highestBid = QueryOperator::getAuctionBids($auctionId, 1)[0];
if (!empty($highestBid)) {
$comment = "The auction \"" . $item->getField("itemName") . " " . $item->getField("itemBrand") . "\" with ";
$comment .= "your current highest bid of " . $highestBid->getBidPrice() . " GSP was deleted by " . $user->getUsername() . ".";
QueryOperator::addNotification($highestBid->getBidderId(), $comment, QueryOperator::NOTIFICATION_AUCTION_DELETED);
}
// Delete auction
$auction->delete();
if (!empty($imageName = $item->getField("image"))) {
unlink(ROOT . $imageName);
}
// Delete auction event
QueryOperator::dropAuctionEvent($auctionId);
// Set feedback session
SessionOperator::setNotification(SessionOperator::DELETED_AUCTION);
}
HelperOperator::redirectTo("../views/my_live_auctions_view.php");
$feedback = ["score" => $_POST["score"], "comment" => $_POST["comment"]];
if (ValidationOperator::hasEmtpyFields($feedback)) {
// Create a session for all inputs so that they can be recovered after the page returns
SessionOperator::setFormInput($feedback);
// Redirect back
HelperOperator::redirectTo($redirectUrl);
}
$auctionId = $_POST["auctionId"];
$creatorId = SessionOperator::getUser()->getUserId();
//get the id of receiver
$receiverUsername = $_POST["receiverUsername"];
/* @var DbUser $receiver */
$receiver = DbUser::withConditions("WHERE username = '******'")->first();
//check receiver exists AND there is no existing feedback (we only allow one)
if ($receiver == null or DbFeedback::withConditions("WHERE auctionId = " . $auctionId . " AND creatorId = " . $creatorId . " AND receiverId = " . $receiver->getId())->exists()) {
HelperOperator::redirectTo($redirectUrl);
}
// Create Feedback
$now = new DateTime("now", new DateTimeZone(TIMEZONE));
$feedback = new DbFeedback(array("auctionId" => $_POST["auctionId"], "creatorId" => SessionOperator::getUser()->getUserId(), "receiverId" => $receiver->getId(), "score" => $_POST["score"], "comment" => $_POST["comment"], "time" => $now->format('Y-m-d H:i:s')));
$feedback->create();
// Notify receiver
$auction = DbAuction::find($auctionId);
$item = DbItem::find($auction->getField("itemId"));
$comment = "You received a feedback from \"" . SessionOperator::getUser()->getUserName() . "\" in your participation in \"";
$comment .= $item->getField("itemName") . " - " . $item->getField("itemBrand") . "\".";
QueryOperator::addNotification($receiver->getId(), $comment, QueryOperator::NOTIFICATION_FEEDBACK_RECEIVED);
// Set feedback session
SessionOperator::setNotification(SessionOperator::FEEDBACK_SENT);
// Return to page
HelperOperator::redirectTo($redirectUrl);
$auctionId = (int) $_GET["auctionId"];
$bidPrice = $_GET["bidPrice"];
$auction = QueryOperator::getLiveAuction($auctionId);
$user = SessionOperator::getUser();
$userId = (int) $user->getUserId();
// Incorrect inputs
if (ValidationOperator::hasEmtpyFields($_GET) || !ValidationOperator::isPositiveNumber($bidPrice, "bidPrice") || !ValidationOperator::checkBidPrice($bidPrice, $auctionId)) {
// Create a session for bid price so that it can be recovered after the page returns
SessionOperator::setFormInput(["bidPrice" => $bidPrice]);
} else {
// Notify outbid user (only if it is not the same user)
$highestBidderId = $auction->getHighestBidderId();
if (!is_null($highestBidderId) && $highestBidderId != $userId) {
$comment = "You were outbid on the auction \"" . $auction->getItemName() . " " . $auction->getItemBrand() . "\" by ";
$comment .= "by \"" . $user->getUserName() . "\". The new highest bid is " . $bidPrice . " GSP.";
QueryOperator::addNotification($highestBidderId, $comment, QueryOperator::NOTIFICATION_OUTBID);
}
$comment = "You received a new bid on the auction \"" . $auction->getItemName() . " " . $auction->getItemBrand() . "\" by ";
$comment .= "by \"" . $user->getUserName() . "\". The new highest bid is " . $bidPrice . " GSP.";
QueryOperator::addNotification($auction->getSellerId(), $comment, QueryOperator::NOTIFICATION_NEW_BID);
// Place bid
QueryOperator::placeBid($auctionId, $userId, $bidPrice);
$dbAuction = DbAuction::find($auctionId);
$dbAuction->setField("highestBidderId", $userId);
$dbAuction->save();
// Set feedback session
SessionOperator::setNotification(SessionOperator::PLACED_BID);
}
}
// Return back to page
HelperOperator::redirectTo("../views/open_live_auction_view.php?liveAuction=" . $auctionId . "&s=1");
