require_once $_SERVER['DOCUMENT_ROOT'] . '/config/config.php';
// Only process when start auction button was clicked
if (!isset($_POST["createFeedback"])) {
HelperOperator::redirectTo("../views/my_sold_auctions_view.php");
}
$origin = $_POST["origin"];
if ($origin == "won") {
$redirectUrl = "../views/my_successful_bids_view.php";
} elseif ($origin == "sold") {
$redirectUrl = "../views/my_sold_auctions_view.php";
} else {
$redirectUrl = "../views/my_sold_auctions_view.php";
}
// Validate feedback input
$feedback = ["score" => $_POST["score"], "comment" => $_POST["comment"]];
if (ValidationOperator::hasEmtpyFields($feedback)) {
// Create a session for all inputs so that they can be recovered after the page returns
SessionOperator::setFormInput($feedback);
// Redirect back
HelperOperator::redirectTo($redirectUrl);
}
$auctionId = $_POST["auctionId"];
$creatorId = SessionOperator::getUser()->getUserId();
//get the id of receiver
$receiverUsername = $_POST["receiverUsername"];
/* @var DbUser $receiver */
$receiver = DbUser::withConditions("WHERE username = '******'")->first();
//check receiver exists AND there is no existing feedback (we only allow one)
if ($receiver == null or DbFeedback::withConditions("WHERE auctionId = " . $auctionId . " AND creatorId = " . $creatorId . " AND receiverId = " . $receiver->getId())->exists()) {
HelperOperator::redirectTo($redirectUrl);
}
<?php
require_once "../classes/class.helper_operator.php";
require_once "../classes/class.query_operator.php";
require_once "../classes/class.validation_operator.php";
require_once "../classes/class.email.php";
require_once "../classes/class.db_auction.php";
$auctionId = null;
if (isset($_GET["auctionId"]) && isset($_GET["bidPrice"])) {
$auctionId = (int) $_GET["auctionId"];
$bidPrice = $_GET["bidPrice"];
$auction = QueryOperator::getLiveAuction($auctionId);
$user = SessionOperator::getUser();
$userId = (int) $user->getUserId();
// Incorrect inputs
if (ValidationOperator::hasEmtpyFields($_GET) || !ValidationOperator::isPositiveNumber($bidPrice, "bidPrice") || !ValidationOperator::checkBidPrice($bidPrice, $auctionId)) {
// Create a session for bid price so that it can be recovered after the page returns
SessionOperator::setFormInput(["bidPrice" => $bidPrice]);
} else {
// Notify outbid user (only if it is not the same user)
$highestBidderId = $auction->getHighestBidderId();
if (!is_null($highestBidderId) && $highestBidderId != $userId) {
$comment = "You were outbid on the auction \"" . $auction->getItemName() . " " . $auction->getItemBrand() . "\" by ";
$comment .= "by \"" . $user->getUserName() . "\". The new highest bid is " . $bidPrice . " GSP.";
QueryOperator::addNotification($highestBidderId, $comment, QueryOperator::NOTIFICATION_OUTBID);
}
$comment = "You received a new bid on the auction \"" . $auction->getItemName() . " " . $auction->getItemBrand() . "\" by ";
$comment .= "by \"" . $user->getUserName() . "\". The new highest bid is " . $bidPrice . " GSP.";
QueryOperator::addNotification($auction->getSellerId(), $comment, QueryOperator::NOTIFICATION_NEW_BID);
// Place bid
QueryOperator::placeBid($auctionId, $userId, $bidPrice);
// Get changed input fields (if available)
$changedFields = ValidationOperator::getChangedFields($update);
// Check inputs
if (!empty($changedFields) && !ValidationOperator::hasEmtpyFields($update) && (!isset($changedFields["username"]) || !ValidationOperator::isTaken($update["username"]))) {
// Update user information
$user = SessionOperator::getUser();
QueryOperator::updateAccount($user->getUserId(), $update);
// Update user session
$user = QueryOperator::getAccount($user->getUserId());
SessionOperator::updateUser(new User($user));
// Set feedback session
SessionOperator::setNotification(SessionOperator::UPDATED_PROFILE_INFO);
}
} else {
$error = [];
if (($upload = ValidationOperator::checkImage()) != null) {
// A user is logged in
if (!is_null($user = SessionOperator::getUser())) {
// Create random image name
$newImageName = UPLOAD_PROFILE_IMAGE . uniqid("", true) . "." . $upload["imageExtension"];
// Upload new profile picture to file system
if (move_uploaded_file($upload["image"], ROOT . $newImageName)) {
// Delete old profile pic (if exists)
if (!empty($imageName = $user->getImage())) {
unlink(ROOT . $imageName);
}
// Store image name in database
QueryOperator::uploadImage($user->getUserId(), $newImageName, "users");
// Update user session
$user = QueryOperator::getAccount($user->getUserId());
SessionOperator::updateUser(new User($user));
SessionOperator::setNotification(SessionOperator::CHANGED_PASSWORD);
// Send a password changed confirmation email to the user
$mail = new Email($email, $userDetails["firstName"], $userDetails["lastName"]);
$mail->preparePasswordConfirmEmail();
$mail->sentEmail();
HelperOperator::redirectTo("../index.php");
} else {
SessionOperator::setFormInput($passwordFields);
}
HelperOperator::redirectTo("../views/change_password_view.php?email=" . $email);
} else {
if (isset($_POST["changePasswordSignedIn"])) {
// Retrieve Passwords
$passwordFields = ["currentPassword" => $_POST["currentPassword"], "password1" => $_POST["password1"], "password2" => $_POST["password2"]];
// Get current user session
$user = SessionOperator::getUser();
// Current password is correct and both new passwords are valid and match
if (!ValidationOperator::hasEmtpyFields($passwordFields) && ValidationOperator::isCurrentPassword($passwordFields["currentPassword"]) && ValidationOperator::validPasswords($passwordFields["password1"], $passwordFields["password2"])) {
QueryOperator::updatePassword($user->getEmail(), $passwordFields["password2"]);
SessionOperator::setNotification(SessionOperator::CHANGED_PASSWORD);
// Send a password changed confirmation email to the user
$mail = new Email($user->getEmail(), $user->getFirstName(), $user->getLastName());
$mail->preparePasswordConfirmEmail();
$mail->sentEmail();
} else {
SessionOperator::setFormInput($passwordFields);
}
HelperOperator::redirectTo("../views/account_view.php");
}
}
}
require_once "../classes/class.helper_operator.php";
require_once "../classes/class.session_operator.php";
require_once "../classes/class.validation_operator.php";
require_once "../classes/class.query_operator.php";
// Only process when sign up button was clicked
if (!isset($_POST["signUp"])) {
HelperOperator::redirectTo("../index.php");
}
// Store POST values
$registration = ["username" => $_POST["username"], "email" => $_POST["email"], "firstName" => $_POST["firstName"], "lastName" => $_POST["lastName"], "address" => $_POST["address"], "postcode" => $_POST["postcode"], "city" => $_POST["city"], "country" => $_POST["country"], "password1" => $_POST["password1"], "password2" => $_POST["password2"]];
// Add empty string for default country
if ($registration["country"] == "Country") {
$registration["country"] = "";
}
// Check inputs
if (ValidationOperator::hasEmtpyFields($registration) || ValidationOperator::isTaken($registration["username"], $registration["email"]) || !ValidationOperator::validPasswords($registration["password1"], $registration["password2"])) {
// Create a session for all inputs so that they can be recovered after the page returns
SessionOperator::setFormInput($registration);
} else {
// Create new user
$registration["country"] = QueryOperator::getCountryId($registration["country"]);
$encryptedPassword = password_hash($registration["password1"], PASSWORD_BCRYPT);
$confirmCode = QueryOperator::addAccount(array($registration["username"], $registration["email"], $registration["firstName"], $registration["lastName"], $registration["address"], $registration["postcode"], $registration["city"], $registration["country"], $encryptedPassword));
// Create a session for the successfully submitted registration (account not verified yet)
SessionOperator::setNotification(SessionOperator::SUBMITTED_REGISTRATION);
// Email a verification link to the user - must be verified before accessing the new account
require_once "../classes/class.email.php";
$mail = new Email($registration["email"], $registration["firstName"], $registration["lastName"]);
$mail->prepareVerificationEmail($confirmCode);
$mail->sentEmail();
}
require_once "../classes/class.query_operator.php";
// Only process when start auction button was clicked
if (!isset($_POST["startAuction"])) {
HelperOperator::redirectTo("../views/create_auction_view.php");
}
// Store POST values
$new_auction = ["item" => $_POST["item"], "itemName" => $_POST["itemName"], "itemBrand" => $_POST["itemBrand"], "itemCategory" => $_POST["itemCategory"], "itemCondition" => $_POST["itemCondition"], "itemDescription" => $_POST["itemDescription"], "quantity" => $_POST["quantity"], "startPrice" => $_POST["startPrice"], "reservePrice" => $_POST["reservePrice"], "startTime" => $_POST["startTime"], "endTime" => $_POST["endTime"]];
// Add empty string for default selects
if ($new_auction["itemCategory"] == "Select") {
$new_auction["itemCategory"] = "";
}
if ($new_auction["itemCondition"] == "Select") {
$new_auction["itemCondition"] = "";
}
// Check inputs
if (ValidationOperator::hasEmtpyFields($new_auction) || ($upload = ValidationOperator::checkImage()) == null || !ValidationOperator::checkPrizes($new_auction["startPrice"], $new_auction["reservePrice"])) {
// Create a session for all inputs so that they can be recovered after the page returns
SessionOperator::setFormInput($new_auction);
// Redirect back
HelperOperator::redirectTo("../views/create_auction_view.php");
} else {
// Create random image name
$newImageName = UPLOAD_ITEM_IMAGE . uniqid("", true) . "." . $upload["imageExtension"];
// Cannot upload image to file system, otherwise, image uploaded
if (!move_uploaded_file($upload["image"], ROOT . $newImageName)) {
$error["upload"] = "Image cannot be uploaded ";
SessionOperator::setInputErrors($error);
HelperOperator::redirectTo("../views/create_auction_view.php");
}
// Get item category and condition id
$ids = QueryOperator::getItemRelatedIds(addslashes($new_auction["itemCategory"]), $new_auction["itemCondition"]);
