require_once $_SERVER['DOCUMENT_ROOT'] . '/config/config.php'; // Only process when start auction button was clicked if (!isset($_POST["createFeedback"])) { HelperOperator::redirectTo("../views/my_sold_auctions_view.php"); } $origin = $_POST["origin"]; if ($origin == "won") { $redirectUrl = "../views/my_successful_bids_view.php"; } elseif ($origin == "sold") { $redirectUrl = "../views/my_sold_auctions_view.php"; } else { $redirectUrl = "../views/my_sold_auctions_view.php"; } // Validate feedback input $feedback = ["score" => $_POST["score"], "comment" => $_POST["comment"]]; if (ValidationOperator::hasEmtpyFields($feedback)) { // Create a session for all inputs so that they can be recovered after the page returns SessionOperator::setFormInput($feedback); // Redirect back HelperOperator::redirectTo($redirectUrl); } $auctionId = $_POST["auctionId"]; $creatorId = SessionOperator::getUser()->getUserId(); //get the id of receiver $receiverUsername = $_POST["receiverUsername"]; /* @var DbUser $receiver */ $receiver = DbUser::withConditions("WHERE username = '******'")->first(); //check receiver exists AND there is no existing feedback (we only allow one) if ($receiver == null or DbFeedback::withConditions("WHERE auctionId = " . $auctionId . " AND creatorId = " . $creatorId . " AND receiverId = " . $receiver->getId())->exists()) { HelperOperator::redirectTo($redirectUrl); }
<?php require_once "../classes/class.helper_operator.php"; require_once "../classes/class.query_operator.php"; require_once "../classes/class.validation_operator.php"; require_once "../classes/class.email.php"; require_once "../classes/class.db_auction.php"; $auctionId = null; if (isset($_GET["auctionId"]) && isset($_GET["bidPrice"])) { $auctionId = (int) $_GET["auctionId"]; $bidPrice = $_GET["bidPrice"]; $auction = QueryOperator::getLiveAuction($auctionId); $user = SessionOperator::getUser(); $userId = (int) $user->getUserId(); // Incorrect inputs if (ValidationOperator::hasEmtpyFields($_GET) || !ValidationOperator::isPositiveNumber($bidPrice, "bidPrice") || !ValidationOperator::checkBidPrice($bidPrice, $auctionId)) { // Create a session for bid price so that it can be recovered after the page returns SessionOperator::setFormInput(["bidPrice" => $bidPrice]); } else { // Notify outbid user (only if it is not the same user) $highestBidderId = $auction->getHighestBidderId(); if (!is_null($highestBidderId) && $highestBidderId != $userId) { $comment = "You were outbid on the auction \"" . $auction->getItemName() . " " . $auction->getItemBrand() . "\" by "; $comment .= "by \"" . $user->getUserName() . "\". The new highest bid is " . $bidPrice . " GSP."; QueryOperator::addNotification($highestBidderId, $comment, QueryOperator::NOTIFICATION_OUTBID); } $comment = "You received a new bid on the auction \"" . $auction->getItemName() . " " . $auction->getItemBrand() . "\" by "; $comment .= "by \"" . $user->getUserName() . "\". The new highest bid is " . $bidPrice . " GSP."; QueryOperator::addNotification($auction->getSellerId(), $comment, QueryOperator::NOTIFICATION_NEW_BID); // Place bid QueryOperator::placeBid($auctionId, $userId, $bidPrice);
if (!isset($_POST["save"]) && !isset($_POST["upload"])) { HelperOperator::redirectTo("../views/profile_view.php"); } else { if (isset($_POST["save"])) { // Store POST values $update = ["username" => addslashes($_POST["username"]), "firstName" => addslashes($_POST["firstName"]), "lastName" => addslashes($_POST["lastName"]), "address" => addslashes($_POST["address"]), "postcode" => addslashes($_POST["postcode"]), "city" => addslashes($_POST["city"]), "country" => addslashes($_POST["country"])]; // Add empty string for default country if ($update["country"] == "Country") { $update["country"] = ""; } else { $update["country"] = QueryOperator::getCountryId($update["country"]); } // Get changed input fields (if available) $changedFields = ValidationOperator::getChangedFields($update); // Check inputs if (!empty($changedFields) && !ValidationOperator::hasEmtpyFields($update) && (!isset($changedFields["username"]) || !ValidationOperator::isTaken($update["username"]))) { // Update user information $user = SessionOperator::getUser(); QueryOperator::updateAccount($user->getUserId(), $update); // Update user session $user = QueryOperator::getAccount($user->getUserId()); SessionOperator::updateUser(new User($user)); // Set feedback session SessionOperator::setNotification(SessionOperator::UPDATED_PROFILE_INFO); } } else { $error = []; if (($upload = ValidationOperator::checkImage()) != null) { // A user is logged in if (!is_null($user = SessionOperator::getUser())) { // Create random image name
SessionOperator::setNotification(SessionOperator::CHANGED_PASSWORD); // Send a password changed confirmation email to the user $mail = new Email($email, $userDetails["firstName"], $userDetails["lastName"]); $mail->preparePasswordConfirmEmail(); $mail->sentEmail(); HelperOperator::redirectTo("../index.php"); } else { SessionOperator::setFormInput($passwordFields); } HelperOperator::redirectTo("../views/change_password_view.php?email=" . $email); } else { if (isset($_POST["changePasswordSignedIn"])) { // Retrieve Passwords $passwordFields = ["currentPassword" => $_POST["currentPassword"], "password1" => $_POST["password1"], "password2" => $_POST["password2"]]; // Get current user session $user = SessionOperator::getUser(); // Current password is correct and both new passwords are valid and match if (!ValidationOperator::hasEmtpyFields($passwordFields) && ValidationOperator::isCurrentPassword($passwordFields["currentPassword"]) && ValidationOperator::validPasswords($passwordFields["password1"], $passwordFields["password2"])) { QueryOperator::updatePassword($user->getEmail(), $passwordFields["password2"]); SessionOperator::setNotification(SessionOperator::CHANGED_PASSWORD); // Send a password changed confirmation email to the user $mail = new Email($user->getEmail(), $user->getFirstName(), $user->getLastName()); $mail->preparePasswordConfirmEmail(); $mail->sentEmail(); } else { SessionOperator::setFormInput($passwordFields); } HelperOperator::redirectTo("../views/account_view.php"); } } }
require_once "../classes/class.helper_operator.php"; require_once "../classes/class.session_operator.php"; require_once "../classes/class.validation_operator.php"; require_once "../classes/class.query_operator.php"; // Only process when sign up button was clicked if (!isset($_POST["signUp"])) { HelperOperator::redirectTo("../index.php"); } // Store POST values $registration = ["username" => $_POST["username"], "email" => $_POST["email"], "firstName" => $_POST["firstName"], "lastName" => $_POST["lastName"], "address" => $_POST["address"], "postcode" => $_POST["postcode"], "city" => $_POST["city"], "country" => $_POST["country"], "password1" => $_POST["password1"], "password2" => $_POST["password2"]]; // Add empty string for default country if ($registration["country"] == "Country") { $registration["country"] = ""; } // Check inputs if (ValidationOperator::hasEmtpyFields($registration) || ValidationOperator::isTaken($registration["username"], $registration["email"]) || !ValidationOperator::validPasswords($registration["password1"], $registration["password2"])) { // Create a session for all inputs so that they can be recovered after the page returns SessionOperator::setFormInput($registration); } else { // Create new user $registration["country"] = QueryOperator::getCountryId($registration["country"]); $encryptedPassword = password_hash($registration["password1"], PASSWORD_BCRYPT); $confirmCode = QueryOperator::addAccount(array($registration["username"], $registration["email"], $registration["firstName"], $registration["lastName"], $registration["address"], $registration["postcode"], $registration["city"], $registration["country"], $encryptedPassword)); // Create a session for the successfully submitted registration (account not verified yet) SessionOperator::setNotification(SessionOperator::SUBMITTED_REGISTRATION); // Email a verification link to the user - must be verified before accessing the new account require_once "../classes/class.email.php"; $mail = new Email($registration["email"], $registration["firstName"], $registration["lastName"]); $mail->prepareVerificationEmail($confirmCode); $mail->sentEmail(); }
require_once "../classes/class.query_operator.php"; // Only process when start auction button was clicked if (!isset($_POST["startAuction"])) { HelperOperator::redirectTo("../views/create_auction_view.php"); } // Store POST values $new_auction = ["item" => $_POST["item"], "itemName" => $_POST["itemName"], "itemBrand" => $_POST["itemBrand"], "itemCategory" => $_POST["itemCategory"], "itemCondition" => $_POST["itemCondition"], "itemDescription" => $_POST["itemDescription"], "quantity" => $_POST["quantity"], "startPrice" => $_POST["startPrice"], "reservePrice" => $_POST["reservePrice"], "startTime" => $_POST["startTime"], "endTime" => $_POST["endTime"]]; // Add empty string for default selects if ($new_auction["itemCategory"] == "Select") { $new_auction["itemCategory"] = ""; } if ($new_auction["itemCondition"] == "Select") { $new_auction["itemCondition"] = ""; } // Check inputs if (ValidationOperator::hasEmtpyFields($new_auction) || ($upload = ValidationOperator::checkImage()) == null || !ValidationOperator::checkPrizes($new_auction["startPrice"], $new_auction["reservePrice"])) { // Create a session for all inputs so that they can be recovered after the page returns SessionOperator::setFormInput($new_auction); // Redirect back HelperOperator::redirectTo("../views/create_auction_view.php"); } else { // Create random image name $newImageName = UPLOAD_ITEM_IMAGE . uniqid("", true) . "." . $upload["imageExtension"]; // Cannot upload image to file system, otherwise, image uploaded if (!move_uploaded_file($upload["image"], ROOT . $newImageName)) { $error["upload"] = "Image cannot be uploaded "; SessionOperator::setInputErrors($error); HelperOperator::redirectTo("../views/create_auction_view.php"); } // Get item category and condition id $ids = QueryOperator::getItemRelatedIds(addslashes($new_auction["itemCategory"]), $new_auction["itemCondition"]);