    // Get item category and condition id
    $ids = QueryOperator::getItemRelatedIds(addslashes($new_auction["itemCategory"]), $new_auction["itemCondition"]);
    // Prepare item parameters
    $item[] = SessionOperator::getUser()->getUserId();
    $item[] = $new_auction["itemName"];
    $item[] = $new_auction["itemBrand"];
    $item[] = $ids["categoryId"];
    $item[] = $ids["conditionId"];
    $item[] = $new_auction["itemDescription"];
    $item[] = $newImageName;
    // Prepare auction parameters
    $startTime = date_create($new_auction["startTime"])->format('Y-m-d H:i:s');
    $endTime = date_create($new_auction["endTime"])->format('Y-m-d H:i:s');
    $auction[] = "";
    $auction[] = $new_auction["quantity"];
    $auction[] = $new_auction["startPrice"];
    $auction[] = $new_auction["reservePrice"];
    $auction[] = $startTime;
    $auction[] = $endTime;
    // Store auction in database
    $ids = QueryOperator::addAuction($item, $auction);
    // Set event timer
    QueryOperator::addAuctionEvent($endTime, SessionOperator::getUser()->getUserId(), $ids["auctionId"]);
    // Store image name in database
    QueryOperator::uploadImage($ids["itemId"], $newImageName, "items");
    // Set feedback session
    // Return to live auctions page
                receive an email to change your password.
        <!-- instructions end -->

        <!-- forgot password start -->
        <form method="post" action="../scripts/password.php">
            <div class="col-xs-4 form-group-lg">
                <label class="text-danger">&nbsp
echo SessionOperator::getInputErrors("email");
                <input type="text" name="email" class="form-control" id="email" maxlength="45" placeholder="Enter your email here"
echo 'value = "' . SessionOperator::getFormInput("email") . '"';
            <div class="col-xs-8">
                <button type="submit" name="resetPassword" id="resetPassword" class="btn btn-success btn-lg">Reset Password</button>
        <!-- forgot password end -->

    <!-- main end -->

    <!-- footer start -->
Пример #3

require_once "../classes/class.helper_operator.php";
require_once "../config/config.php";
require_once "../classes/class.query_operator.php";
require_once "../classes/class.session_operator.php";
// Delete profile image from file system and image name from database
$user = SessionOperator::getUser();
unlink(ROOT . $user->getImage());
QueryOperator::uploadImage($user->getUserId(), null, "users");
// Update user session
$user = QueryOperator::getAccount(SessionOperator::getUser()->getUserId());
SessionOperator::updateUser(new User($user));
// Set feedback session
Пример #4

require_once "../classes/class.helper_operator.php";
require_once "../classes/class.session_operator.php";
require_once "../classes/class.validation_operator.php";
require_once "../classes/class.query_operator.php";
require_once "../classes/class.db_auction_watch.php";
/* @var User $user*/
$user = SessionOperator::getUser();
$auctionId = $_GET["liveAuction"];
if (!is_numeric($auctionId)) {
    HelperOperator::redirectTo("../views/open_live_auction_view.php?" . $_SERVER['QUERY_STRING']);
// Check user hasn't already watched
$alreadyWatching = DbAuctionWatch::withConditions("WHERE userId = " . $user->getUserId() . " AND auctionId =" . $auctionId)->exists() ? true : false;
if ($alreadyWatching) {
    HelperOperator::redirectTo("../views/open_live_auction_view.php?" . $_SERVER['QUERY_STRING']);
// Create an auction_watch
$watch = new DbAuctionWatch(array("userId" => $user->getUserId(), "auctionId" => $auctionId));
// Add to watch list
// Set feedback session
HelperOperator::redirectTo("../views/open_live_auction_view.php?" . $_SERVER['QUERY_STRING']);
// Prevent sql injection
if (!is_numeric($auctionId)) {
/* @var User $user */
$user = SessionOperator::getUser();
$userId = $user->getUserId();
/* @var DbAuction $auction */
/* @var DbItem $item */
$auction = DbAuction::find($auctionId);
$item = DbItem::find($auction->getField("itemId"));
// User owns auction
if ($item->getField("userId") == $userId) {
    // Notifiy current highest bidder
    $highestBid = QueryOperator::getAuctionBids($auctionId, 1)[0];
    if (!empty($highestBid)) {
        $comment = "The auction \"" . $item->getField("itemName") . " " . $item->getField("itemBrand") . "\" with ";
        $comment .= "your current highest bid of " . $highestBid->getBidPrice() . " GSP was deleted by " . $user->getUsername() . ".";
        QueryOperator::addNotification($highestBid->getBidderId(), $comment, QueryOperator::NOTIFICATION_AUCTION_DELETED);
    // Delete auction
    if (!empty($imageName = $item->getField("image"))) {
        unlink(ROOT . $imageName);
    // Delete auction event
    // Set feedback session
Пример #6

require_once "../classes/class.session_operator.php";
require_once "../classes/class.query_operator.php";
// Mark notification as seen
if (isset($_GET["notificationId"])) {
    $id = $_GET["notificationId"];
    QueryOperator::haveSeen(SessionOperator::getUser()->getUserId(), $id);
Пример #7

require_once "../classes/class.session_operator.php";
require_once "../classes/class.helper_operator.php";
if (!SessionOperator::isLoggedIn()) {
Пример #8

if (!is_null($notification = SessionOperator::getNotification())) {
            icon: "glyphicon glyphicon-ok",
            title: <?php 
    echo json_encode($notification[0]);
            message: <?php 
    echo json_encode($notification[1]);
            type: <?php 
    echo json_encode($notification[2]);
    } else {
        $error = [];
        if (($upload = ValidationOperator::checkImage()) != null) {
            // A user is logged in
            if (!is_null($user = SessionOperator::getUser())) {
                // Create random image name
                $newImageName = UPLOAD_PROFILE_IMAGE . uniqid("", true) . "." . $upload["imageExtension"];
                // Upload new profile picture to file system
                if (move_uploaded_file($upload["image"], ROOT . $newImageName)) {
                    // Delete old profile pic (if exists)
                    if (!empty($imageName = $user->getImage())) {
                        unlink(ROOT . $imageName);
                    // Store image name in database
                    QueryOperator::uploadImage($user->getUserId(), $newImageName, "users");
                    // Update user session
                    $user = QueryOperator::getAccount($user->getUserId());
                    SessionOperator::updateUser(new User($user));
                    // Set feedback session
                } else {
                    $error["upload"] = "Image cannot be uploaded ";
// Redirect back
Пример #10
            // Send a password changed confirmation email to the user
            $mail = new Email($email, $userDetails["firstName"], $userDetails["lastName"]);
        } else {
        HelperOperator::redirectTo("../views/change_password_view.php?email=" . $email);
    } else {
        if (isset($_POST["changePasswordSignedIn"])) {
            // Retrieve Passwords
            $passwordFields = ["currentPassword" => $_POST["currentPassword"], "password1" => $_POST["password1"], "password2" => $_POST["password2"]];
            // Get current user session
            $user = SessionOperator::getUser();
            // Current password is correct and both new passwords are valid and match
            if (!ValidationOperator::hasEmtpyFields($passwordFields) && ValidationOperator::isCurrentPassword($passwordFields["currentPassword"]) && ValidationOperator::validPasswords($passwordFields["password1"], $passwordFields["password2"])) {
                QueryOperator::updatePassword($user->getEmail(), $passwordFields["password2"]);
                // Send a password changed confirmation email to the user
                $mail = new Email($user->getEmail(), $user->getFirstName(), $user->getLastName());
            } else {

require_once "../classes/class.session_operator.php";
require_once "../classes/class.query_operator.php";
require_once "../scripts/user_session.php";
$allNotifications = QueryOperator::getNotifications(SessionOperator::getUser()->getUserId());
<!DOCTYPE html>
<html lang="en">


    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta name="description" content="">
    <meta name="author" content="">


    <!-- Font -->
    <link href='https://fonts.googleapis.com/css?family=Open+Sans' rel='stylesheet' type='text/css'>

    <!-- CSS -->
    <link href="../css/bootstrap.min.css" rel="stylesheet">
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css">
    <link href="../css/animate.css" rel="stylesheet" type="text/css">
    <link href="../css/metisMenu.min.css" rel="stylesheet">
    <link href="../css/sb-admin-2.css" rel="stylesheet">
    <link href="../css/dataTables.bootstrap.css" rel="stylesheet">
    <link href="../css/main.css" rel="stylesheet">
Пример #12

require_once "../classes/class.helper_operator.php";
require_once "../classes/class.session_operator.php";
require_once "../classes/class.user.php";
// Sign in button was clicked
if (isset($_POST["signIn"])) {
    require_once "../classes/class.query_operator.php";
    require_once "../classes/class.session_operator.php";
    $email = trim($_POST["loginEmail"]);
    $password = trim($_POST["loginPassword"]);
    // Login details correct
    if (!is_null($account = QueryOperator::checkAccount($email, $password))) {
        // Login user and redirect to home page
        SessionOperator::login(new User($account));
    } else {
        // Create a session for the login inputs so that they can be recovered after the page reloads
        SessionOperator::setFormInput(["loginEmail" => $email, "loginPassword" => $password]);
        // Create a session for incorrect email and user details
        $message = "The entered email and password did not match our records, please try again.";
        SessionOperator::setInputErrors(["login" => $message]);
// Sign in button was not clicked or sign in failed
Пример #13
" >
                    <label class="col-xs-offset-2 text-danger">&nbsp
echo SessionOperator::getInputErrors("country");
                    <div class="form-group">
                        <label class="col-xs-2 control-label">Country</label>
                        <div class="col-xs-10">
                            <select name="country" class="selectpicker form-control" data-dropup-auto="false">
                                <option default>Country</option>
$country = SessionOperator::getUser()->getCountry();
$countries = QueryOperator::getCountriesList();
foreach ($countries as $value) {
    $selected = "";
    if ($value == $country) {
        $selected = "selected";
                                        <option value="<?php 
    echo $value;
" title="<?php 
    echo htmlspecialchars($value);
" <?php 
Пример #14
require_once "../classes/class.validation_operator.php";
require_once "../classes/class.query_operator.php";
// Only process when sign up button was clicked
if (!isset($_POST["signUp"])) {
// Store POST values
$registration = ["username" => $_POST["username"], "email" => $_POST["email"], "firstName" => $_POST["firstName"], "lastName" => $_POST["lastName"], "address" => $_POST["address"], "postcode" => $_POST["postcode"], "city" => $_POST["city"], "country" => $_POST["country"], "password1" => $_POST["password1"], "password2" => $_POST["password2"]];
// Add empty string for default country
if ($registration["country"] == "Country") {
    $registration["country"] = "";
// Check inputs
if (ValidationOperator::hasEmtpyFields($registration) || ValidationOperator::isTaken($registration["username"], $registration["email"]) || !ValidationOperator::validPasswords($registration["password1"], $registration["password2"])) {
    // Create a session for all inputs so that they can be recovered after the page returns
} else {
    // Create new user
    $registration["country"] = QueryOperator::getCountryId($registration["country"]);
    $encryptedPassword = password_hash($registration["password1"], PASSWORD_BCRYPT);
    $confirmCode = QueryOperator::addAccount(array($registration["username"], $registration["email"], $registration["firstName"], $registration["lastName"], $registration["address"], $registration["postcode"], $registration["city"], $registration["country"], $encryptedPassword));
    // Create a session for the successfully submitted registration (account not verified yet)
    // Email a verification link to the user - must be verified before accessing the new account
    require_once "../classes/class.email.php";
    $mail = new Email($registration["email"], $registration["firstName"], $registration["lastName"]);
// Redirect back
Пример #15

require_once "../classes/class.helper_operator.php";
require_once "../classes/class.session_operator.php";
require_once "../classes/class.validation_operator.php";
require_once "../classes/class.query_operator.php";
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/class.db_auction.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/class.db_auction_watch.php';
$watchId = $_GET["id"];
// Prevent sql injection
if (!is_numeric($watchId)) {
/* @var User $user */
$userId = SessionOperator::getUser()->getUserId();
/* @var DbAuctionWatch $auction */
$watch = DbAuctionWatch::find($watchId);
// User owns watch
if ($watch->getField("userId") == $userId) {
    // Delete watch
    // Set feedback session
Пример #16

require_once "../classes/class.session_operator.php";
require_once "../classes/class.query_operator.php";
$newAlerts = QueryOperator::getNotifications(SessionOperator::getUser()->getUserId(), QueryOperator::NOTIFICATION_UNNOTIFIED);
$alerts = null;
foreach ($newAlerts as $newAlert) {
    $alerts .= "\n        <li id=\"notification{$newAlert->getNotificationId()}\">\n            <a href=\"#\">\n                <div>\n                    <i class=\"{$newAlert->getCategoryIcon()}\"></i> <span style=\"padding-left: 10px\">{$newAlert->getCategoryName()}</span>\n                    <span class=\"pull-right text-muted small\">{$newAlert->getTime()}</span><br>\n                    <div style=\"padding-left: 26px; color: #253b52; margin-bottom: 5px; font-style: italic; font-size: 12px\">{$newAlert->getMessage()}</div>\n                    <span style=\"padding-left: 22px\"><button class=\"btn btn-sm btn-default\" id=\"deleteAlert_{$newAlert->getNotificationId()}\">Delete</button></span>\n                </div>\n            </a>\n        </li>\n        <li class=\"divider\" id=\"divider{$newAlert->getNotificationId()}\"></li>\n    ";
echo $alerts;
 public static function isPositiveNumber($fieldValue, $fieldName)
     $error = [];
     // Is a number
     if (is_numeric($fieldValue)) {
         // Is positive
         if ($fieldValue > 0) {
             return true;
         } else {
             $error[$fieldName] = $fieldName . self::PRICES[self::INVALID_SIZE];
     } else {
         $error[$fieldName] = $fieldName . self::PRICES[self::WRONG_FORMAT];
     // Error
     return false;
    } else {
        echo "<br><h5>Nobody gave you a buyer feedback!</h5>";
                <!-- feedbacks end -->

} else {
                <div class="row">
                    <div class="well text-center">
                        <h1 class="text-danger">No feedback available</h1>
    if ($_GET["username"] == SessionOperator::getUser()->getUserName()) {
                        <h4>In order to receive feedbacks, you must sell or win an auction. Only then, a buyer or a seller can rate you.</h4>

            <!-- footer start -->
            <div class="footer">
                <div class="container">
Пример #19
                        <a href="../views/my_successful_bids_view.php"><i class="fa fa fa-thumbs-up fa-fw"></i> Won Auctions</a>
                        <a href="../views/my_unsuccessful_bids_view.php"><i class="fa fa-thumbs-down fa-fw"></i> Lost Auctions</a>

                <a href="../views/my_watch_list_view.php"><i class="fa fa-eye fa-fw"></i> My Watch List</a>
                <a href="../views/my_feedbacks_view.php?username=<?php 
echo SessionOperator::getUser()->getUsername();
                    <i class="fa fa-envelope fa-fw"></i> My Feedbacks
<!-- side menu end -->

<!-- logout modal start -->
<div class="modal fade" id="logout" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
    <div class="modal-dialog">
        <div class="modal-content">

if (($errors = SessionOperator::getAllErrors()) != null) {
    <div class="alert alert-danger fade in">
        <a href="#" class="close" data-dismiss="alert" aria-label="close">&times;</a>
        <strong>Input error!</strong><br>
    foreach ($errors as $key => $message) {
        echo "<li>" . $message . "</li>";
Пример #21
    $auctionId = (int) $_GET["auctionId"];
    $bidPrice = $_GET["bidPrice"];
    $auction = QueryOperator::getLiveAuction($auctionId);
    $user = SessionOperator::getUser();
    $userId = (int) $user->getUserId();
    // Incorrect inputs
    if (ValidationOperator::hasEmtpyFields($_GET) || !ValidationOperator::isPositiveNumber($bidPrice, "bidPrice") || !ValidationOperator::checkBidPrice($bidPrice, $auctionId)) {
        // Create a session for bid price so that it can be recovered after the page returns
        SessionOperator::setFormInput(["bidPrice" => $bidPrice]);
    } else {
        // Notify outbid user (only if it is not the same user)
        $highestBidderId = $auction->getHighestBidderId();
        if (!is_null($highestBidderId) && $highestBidderId != $userId) {
            $comment = "You were outbid on the auction \"" . $auction->getItemName() . " " . $auction->getItemBrand() . "\" by ";
            $comment .= "by \"" . $user->getUserName() . "\". The new highest bid is " . $bidPrice . " GSP.";
            QueryOperator::addNotification($highestBidderId, $comment, QueryOperator::NOTIFICATION_OUTBID);
        $comment = "You received a new bid on the auction \"" . $auction->getItemName() . " " . $auction->getItemBrand() . "\" by ";
        $comment .= "by \"" . $user->getUserName() . "\". The new highest bid is " . $bidPrice . " GSP.";
        QueryOperator::addNotification($auction->getSellerId(), $comment, QueryOperator::NOTIFICATION_NEW_BID);
        // Place bid
        QueryOperator::placeBid($auctionId, $userId, $bidPrice);
        $dbAuction = DbAuction::find($auctionId);
        $dbAuction->setField("highestBidderId", $userId);
        // Set feedback session
// Return back to page
HelperOperator::redirectTo("../views/open_live_auction_view.php?liveAuction=" . $auctionId . "&s=1");
Пример #22

require_once "../classes/class.helper_operator.php";
require_once "../classes/class.session_operator.php";
echo count($bids);
if (!$isMyAuction) {
                                <form method="GET" action="../scripts/place_bid.php">
                                    <div class="col-xs-8">
                                        <input type="hidden" name="auctionId" value="<?php 
    echo $auction->getAuctionId();
                                        <input type="text" class="form-control" name="bidPrice" maxlength="11" style="height: 30px"
    echo 'value = "' . SessionOperator::getFormInput("bidPrice") . '"';
                                    <div class="col-xs-4">
                                        <button type="submit" class="btn btn-primary" style="height: 30px; padding: 4px 12px">Place Bid</button>

                                <div class="col-xs-12">
    if (!$alreadyWatching) {
        $href = '"../scripts/create_watch.php?' . $_SERVER['QUERY_STRING'] . '"';
        echo '<a href=' . $href . '><i class="fa fa-eye"></i> Add to watch list</a>';
    } else {
        echo "<a class=\"text-success\" href=\"my_watch_list_view.php#auction{$auction->getAuctionId()}\"><i class=\"fa fa-eye\"></i> Watching</a>";
Пример #24

require_once "../classes/class.helper_operator.php";
require_once "../classes/class.session_operator.php";
// Ignore manual calls to 'confirmation.php'
if (isset($_GET["email"]) && isset($_GET["confirm_code"])) {
    // Retrieve email and confirmation code from link
    $email = $_GET["email"];
    $confirm_code = $_GET["confirm_code"];
    // Check if email and confirmation code originate from an unverified user account
    require_once "../classes/class.query_operator.php";
    $result = QueryOperator::checkVerificationLink($email, $confirm_code);
    // Verification link is correct
    if (!empty($result)) {
        // Active user account
        // Create a session for completed registration
        // Email a registration confirmation to the user
        require_once "../classes/class.email.php";
        $mail = new Email($email, $result["firstName"], $result["lastName"]);
// Redirect to homepage
                                    <span class="input-group-addon">
                                        <span class="glyphicon glyphicon-calendar"></span>

                        <div class="col-xs-3">
                            <label>End Time</label>
                            <div class="form-group">
                                <div class='input-group date' id='datetimepickerEnd'>
                                    <input type='text' class="form-control" name="endTime" readonly
echo 'value = "' . SessionOperator::getFormInput("endTime") . '"';
                                    <span class="input-group-addon">
                                        <span class="glyphicon glyphicon-calendar"></span>

                <!-- auction details end -->

                <!-- submit auction start -->
Пример #26
$cats = getCatIdAndType($searchCategory);
// Set up pagination object
$total = QueryOperator::countFoundAuctions(buildQuery($searchString, $cats, null));
$page = isset($_GET["page"]) ? $_GET["page"] : 1;
$page = $page <= $total ? $page : 1;
$per_page = 15;
$pagination = new Pagination($page, $per_page, $total);
// Get paginated search results
$catsAndAuctions = QueryOperator::searchAuctions(buildQuery($searchString, $cats, $sort, $per_page, $pagination->offset()));
// Update search sessions
$updated_session = array_merge([SessionOperator::SEARCH_RESULT => $catsAndAuctions], $updated_session);
$updated_session = array_merge([SessionOperator::SEARCH_PAGINATION => $pagination], $updated_session);
// Return back to search page
function buildQuery($searchString, $searchCategory, $sortOption, $limit = null, $offset = null)
    $query = null;
    // Prepare count query
    if (is_null($limit) && is_null($offset)) {
        $query = "SELECT COUNT(*) ";
    } else {
        $query = "SELECT auctions.auctionId, quantity, startPrice, reservePrice, startTime,\n            endTime, itemName, itemBrand, itemDescription, items.image, auctions.views,\n            item_categories.categoryName as subCategoryName, superCategoryName,\n            item_categories.superCategoryId, item_categories.categoryId,\n            conditionName, countryName, COUNT(DISTINCT (bids.bidId)) AS numBids,\n            COUNT(DISTINCT (auction_watches.watchId)) AS numWatches,\n            MAX(bids.bidPrice) AS highestBid,\n            case\n                when MAX(bids.bidPrice)is not null THEN MAX(bids.bidPrice)\n                else startPrice\n            end AS currentPrice ";
    $query .= "FROM auctions\n            LEFT OUTER JOIN bids ON bids.auctionId = auctions.auctionId\n            LEFT OUTER JOIN auction_watches ON auction_watches.auctionId = auctions.auctionId\n            JOIN items ON items.itemId = auctions.itemId\n            JOIN users ON items.userId = users.userId\n            JOIN item_categories ON items.categoryId = item_categories.categoryId\n            JOIN super_item_categories ON  item_categories.superCategoryId = super_item_categories.superCategoryId\n            JOIN item_conditions ON items.conditionId = item_conditions.conditionId\n            JOIN countries ON users.countryId = countries.countryId\n\n        WHERE auctions.startTime < now() AND auctions.endTime > now() AND\n            items.itemName LIKE \"%__ss__%\" __cc__\n        GROUP BY auctions.auctionId ";
    $query = str_replace("__ss__", $searchString, $query);
    if ($searchCategory != null) {
        if ($searchCategory["type"] == "super") {

require_once "../classes/class.session_operator.php";
require_once "../classes/class.query_operator.php";
require_once "../scripts/user_session.php";
$user = SessionOperator::getUser();
$soldAuctions = QueryOperator::getSellersSoldAuctions($user->getUserId());
<!DOCTYPE html>
<html lang="en">


    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta name="description" content="">
    <meta name="author" content="">

    <title>Sold Auctions</title>

    <!-- Font -->
    <link href='https://fonts.googleapis.com/css?family=Open+Sans' rel='stylesheet' type='text/css'>

    <!-- CSS -->
    <link href="../css/bootstrap.min.css" rel="stylesheet">
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css">
    <link href="../css/animate.css" rel="stylesheet" type="text/css">
    <link href="../css/metisMenu.min.css" rel="stylesheet">
    <link href="../css/sb-admin-2.css" rel="stylesheet">
    <link href="../css/dataTables.bootstrap.css" rel="stylesheet">
Пример #28
                        <input type="password" name="password1" class="form-control" id="password1" maxlength="23" placeholder="Create a password"
echo 'value = "' . SessionOperator::getFormInput('password1') . '"';

                    <div class="form-group-lg col-xs-6">
                        <label class="text-danger">&nbsp
echo SessionOperator::getInputErrors("password2");
                        <input type="password" name="password2" class="form-control" id="password2" maxlength="23" placeholder="Repeat password"
echo 'value = "' . SessionOperator::getFormInput('password2') . '"';
                <!-- account details end -->

            <div class="col-xs-12">
                <p class="pull-right">
                    By clicking this 'Sign up for AuctionHouse' button, you agree to our <a href="">terms of service</a> and <a href="">privacy policy</a>

            <div class="form-group col-xs-12" id="sign_up_button">
                <button type="submit" name="signUp" id="signUp" class="btn btn-success btn-lg pull-right">Sign up for AuctionHouse</button>
$feedback = ["score" => $_POST["score"], "comment" => $_POST["comment"]];
if (ValidationOperator::hasEmtpyFields($feedback)) {
    // Create a session for all inputs so that they can be recovered after the page returns
    // Redirect back
$auctionId = $_POST["auctionId"];
$creatorId = SessionOperator::getUser()->getUserId();
//get the id of receiver
$receiverUsername = $_POST["receiverUsername"];
/* @var DbUser $receiver */
$receiver = DbUser::withConditions("WHERE username = '******'")->first();
//check receiver exists AND there is no existing feedback (we only allow one)
if ($receiver == null or DbFeedback::withConditions("WHERE auctionId = " . $auctionId . " AND creatorId = " . $creatorId . " AND receiverId = " . $receiver->getId())->exists()) {
// Create Feedback
$now = new DateTime("now", new DateTimeZone(TIMEZONE));
$feedback = new DbFeedback(array("auctionId" => $_POST["auctionId"], "creatorId" => SessionOperator::getUser()->getUserId(), "receiverId" => $receiver->getId(), "score" => $_POST["score"], "comment" => $_POST["comment"], "time" => $now->format('Y-m-d H:i:s')));
// Notify receiver
$auction = DbAuction::find($auctionId);
$item = DbItem::find($auction->getField("itemId"));
$comment = "You received a feedback from \"" . SessionOperator::getUser()->getUserName() . "\" in your participation in \"";
$comment .= $item->getField("itemName") . " - " . $item->getField("itemBrand") . "\".";
QueryOperator::addNotification($receiver->getId(), $comment, QueryOperator::NOTIFICATION_FEEDBACK_RECEIVED);
// Set feedback session
// Return to page

$recommendedAuctions = QueryOperator::getBuyersRecommendedAuctions(SessionOperator::getUser()->getUserId());
if (count($recommendedAuctions) < 20) {
    $recommendedAuctions = array_merge($recommendedAuctions, QueryOperator::getMostPopularAuctions(20 - count($recommendedAuctions)));

<!-- recommendations start -->
<div class="panel panel-default recommendation-box" <?php 
if ($page == "search") {
style="margin-top: 60px"<?php 

    <div class="panel-heading">
/*if ($collaborative){
      echo "Recommended auctions inspired by your bidding history";
      echo "The Most popular auctions right now";
echo "Recommended auctions";
