// Prevent sql injection if (!is_numeric($auctionId)) { HelperOperator::redirectTo("../views/my_live_auctions_view.php"); } /* @var User $user */ $user = SessionOperator::getUser(); $userId = $user->getUserId(); /* @var DbAuction $auction */ /* @var DbItem $item */ $auction = DbAuction::find($auctionId); $item = DbItem::find($auction->getField("itemId")); // User owns auction if ($item->getField("userId") == $userId) { // Notifiy current highest bidder $highestBid = QueryOperator::getAuctionBids($auctionId, 1)[0]; if (!empty($highestBid)) { $comment = "The auction \"" . $item->getField("itemName") . " " . $item->getField("itemBrand") . "\" with "; $comment .= "your current highest bid of " . $highestBid->getBidPrice() . " GSP was deleted by " . $user->getUsername() . "."; QueryOperator::addNotification($highestBid->getBidderId(), $comment, QueryOperator::NOTIFICATION_AUCTION_DELETED); } // Delete auction $auction->delete(); if (!empty($imageName = $item->getField("image"))) { unlink(ROOT . $imageName); } // Delete auction event QueryOperator::dropAuctionEvent($auctionId); // Set feedback session SessionOperator::setNotification(SessionOperator::DELETED_AUCTION); } HelperOperator::redirectTo("../views/my_live_auctions_view.php");
$feedback = ["score" => $_POST["score"], "comment" => $_POST["comment"]]; if (ValidationOperator::hasEmtpyFields($feedback)) { // Create a session for all inputs so that they can be recovered after the page returns SessionOperator::setFormInput($feedback); // Redirect back HelperOperator::redirectTo($redirectUrl); } $auctionId = $_POST["auctionId"]; $creatorId = SessionOperator::getUser()->getUserId(); //get the id of receiver $receiverUsername = $_POST["receiverUsername"]; /* @var DbUser $receiver */ $receiver = DbUser::withConditions("WHERE username = '******'")->first(); //check receiver exists AND there is no existing feedback (we only allow one) if ($receiver == null or DbFeedback::withConditions("WHERE auctionId = " . $auctionId . " AND creatorId = " . $creatorId . " AND receiverId = " . $receiver->getId())->exists()) { HelperOperator::redirectTo($redirectUrl); } // Create Feedback $now = new DateTime("now", new DateTimeZone(TIMEZONE)); $feedback = new DbFeedback(array("auctionId" => $_POST["auctionId"], "creatorId" => SessionOperator::getUser()->getUserId(), "receiverId" => $receiver->getId(), "score" => $_POST["score"], "comment" => $_POST["comment"], "time" => $now->format('Y-m-d H:i:s'))); $feedback->create(); // Notify receiver $auction = DbAuction::find($auctionId); $item = DbItem::find($auction->getField("itemId")); $comment = "You received a feedback from \"" . SessionOperator::getUser()->getUserName() . "\" in your participation in \""; $comment .= $item->getField("itemName") . " - " . $item->getField("itemBrand") . "\"."; QueryOperator::addNotification($receiver->getId(), $comment, QueryOperator::NOTIFICATION_FEEDBACK_RECEIVED); // Set feedback session SessionOperator::setNotification(SessionOperator::FEEDBACK_SENT); // Return to page HelperOperator::redirectTo($redirectUrl);
$auctionId = (int) $_GET["auctionId"]; $bidPrice = $_GET["bidPrice"]; $auction = QueryOperator::getLiveAuction($auctionId); $user = SessionOperator::getUser(); $userId = (int) $user->getUserId(); // Incorrect inputs if (ValidationOperator::hasEmtpyFields($_GET) || !ValidationOperator::isPositiveNumber($bidPrice, "bidPrice") || !ValidationOperator::checkBidPrice($bidPrice, $auctionId)) { // Create a session for bid price so that it can be recovered after the page returns SessionOperator::setFormInput(["bidPrice" => $bidPrice]); } else { // Notify outbid user (only if it is not the same user) $highestBidderId = $auction->getHighestBidderId(); if (!is_null($highestBidderId) && $highestBidderId != $userId) { $comment = "You were outbid on the auction \"" . $auction->getItemName() . " " . $auction->getItemBrand() . "\" by "; $comment .= "by \"" . $user->getUserName() . "\". The new highest bid is " . $bidPrice . " GSP."; QueryOperator::addNotification($highestBidderId, $comment, QueryOperator::NOTIFICATION_OUTBID); } $comment = "You received a new bid on the auction \"" . $auction->getItemName() . " " . $auction->getItemBrand() . "\" by "; $comment .= "by \"" . $user->getUserName() . "\". The new highest bid is " . $bidPrice . " GSP."; QueryOperator::addNotification($auction->getSellerId(), $comment, QueryOperator::NOTIFICATION_NEW_BID); // Place bid QueryOperator::placeBid($auctionId, $userId, $bidPrice); $dbAuction = DbAuction::find($auctionId); $dbAuction->setField("highestBidderId", $userId); $dbAuction->save(); // Set feedback session SessionOperator::setNotification(SessionOperator::PLACED_BID); } } // Return back to page HelperOperator::redirectTo("../views/open_live_auction_view.php?liveAuction=" . $auctionId . "&s=1");