public function leaveFeedback($user_from_id, $user_to_id, $auction_id, $rating, $comment)
{
$success = false;
$connection = ConnectionManager::getConnection();
$comment = $connection->escape_string($comment);
$sql_leaveFeedback = "INSERT INTO `auction_system`.`feedback` \n (`rating`, `comment`, `user_from_id`, `user_to_id`, `auction_id`) \n VALUES \n ('" . $rating . "', '" . $comment . "', '" . $user_from_id . "', '" . $user_to_id . "', '" . $auction_id . "');\n ";
$result_leaveFeedback = $connection->query($sql_leaveFeedback);
$success = true;
return $success;
}
public function getImage($imageID)
{
$connection = ConnectionManager::getConnection();
$sql = "SELECT i.data AS data,\n i.type AS type\n FROM auction_system.image AS i\n WHERE i.id = '{$imageID}'";
$result = $connection->query($sql);
if ($row = $result->fetch_assoc()) {
$imageData = $row['data'];
$imageType = $row['type'];
$imageDetail = array("imageData" => $imageData, "imageType" => $imageType);
}
return $imageDetail;
}
public function getUserName($userID)
{
//userID sanitized
$userID = (int) $userID;
$connection = ConnectionManager::getConnection();
$sql_userName = "******";
$result_userName = $connection->query($sql_userName);
while ($row = $result_userName->fetch_assoc()) {
$user_to_id = $row['id'];
$first_name = $row['first_name'];
$last_name = $row['last_name'];
}
return $first_name . " " . $last_name;
}
public function isValid($username, $password)
{
$success = false;
$connection = ConnectionManager::getConnection();
//email is safe and sql can not be injected
$username = $connection->escape_string($username);
$password = $connection->escape_string($password);
$sql = "SELECT id, first_name, role_id FROM user\n WHERE username = '******' AND password = '******'";
$result = $connection->query($sql);
//var_dump($result);
if ($row = $result->fetch_assoc()) {
$success = true;
$_SESSION['success'] = true;
$_SESSION['userID'] = $row['id'];
$_SESSION['roleID'] = $row['role_id'];
$_SESSION['firstName'] = $row['first_name'];
}
return $success;
}
public function getUserDetail($userID)
{
$connection = ConnectionManager::getConnection();
//sellerID sanitized
$userID = (int) $userID;
$sql_userinfo = "SELECT user.id AS user_id, user.username, user.first_name, user.last_name, user.description, user.email, feedback.id AS feedback_id, AVG(rating) AS rating, COUNT(feedback.id) AS num_of_ratings\n FROM user\n RIGHT JOIN feedback\n ON user.id = feedback.user_to_id\n WHERE user.id = '{$userID}';\n ";
$result_userinfo = $connection->query($sql_userinfo);
//var_dump($result);
if ($row = $result_userinfo->fetch_assoc()) {
$user_id = $row['user_id'];
$username = $row['username'];
$first_name = $row['first_name'];
$last_name = $row['last_name'];
$description = $row['description'];
$feedback_id = $row['feedback_id'];
$rating = $row['rating'];
$num_of_ratings = $row['num_of_ratings'];
$ProfileDetail = new ProfileDetail($user_id, $username, $first_name, $last_name, $description, $feedback_id, $rating, $num_of_ratings);
return $ProfileDetail;
} else {
throw new RuntimeException("User does not exist with this ID");
}
}
public function getAuctionIDs($sellerID)
{
$connection = ConnectionManager::getConnection();
$sql = "SELECT GROUP_CONCAT(id) AS auctionID from auction WHERE seller_id={$sellerID} AND end_date > NOW()";
$result = $connection->query($sql);
if ($row = $result->fetch_assoc()) {
$auctionIDs = $row['auctionID'];
if ($auctionIDs != '') {
$auctionIDs = explode(',', $auctionIDs);
} else {
$auctionIDs = array();
}
}
return $auctionIDs;
}
/**
* Increments the number of views by 1
* @param $auctionID
* @param $currentUser
*/
public function incrementViews($auctionID, $currentUser)
{
// checks if the seller is looking at an item and if not increments views
// http://stackoverflow.com/questions/2259155/increment-value-in-mysql-update-query
$connection = ConnectionManager::getConnection();
$auctionManager = new AuctionManager();
$sellerId = $auctionManager->getAuctionDetail($auctionID)->sellerID;
if ($sellerId != $currentUser) {
if (!isset($_SESSION["hasVisited'{$auctionID}''"])) {
$_SESSION["hasVisited'{$auctionID}''"] = "yes";
$sql = "UPDATE auction SET views = views + 1 WHERE id = '" . $auctionID . "'";
$connection->query($sql);
}
}
}
