if (ValidationOperator::hasEmtpyFields($feedback)) {
    // Create a session for all inputs so that they can be recovered after the page returns
    SessionOperator::setFormInput($feedback);
    // Redirect back
    HelperOperator::redirectTo($redirectUrl);
}
$auctionId = $_POST["auctionId"];
$creatorId = SessionOperator::getUser()->getUserId();
//get the id of receiver
$receiverUsername = $_POST["receiverUsername"];
/* @var DbUser $receiver */
$receiver = DbUser::withConditions("WHERE username = '******'")->first();
//check receiver exists AND there is no existing feedback (we only allow one)
if ($receiver == null or DbFeedback::withConditions("WHERE auctionId = " . $auctionId . " AND creatorId = " . $creatorId . " AND receiverId = " . $receiver->getId())->exists()) {
    HelperOperator::redirectTo($redirectUrl);
}
// Create Feedback
$now = new DateTime("now", new DateTimeZone(TIMEZONE));
$feedback = new DbFeedback(array("auctionId" => $_POST["auctionId"], "creatorId" => SessionOperator::getUser()->getUserId(), "receiverId" => $receiver->getId(), "score" => $_POST["score"], "comment" => $_POST["comment"], "time" => $now->format('Y-m-d H:i:s')));
$feedback->create();
// Notify receiver
$auction = DbAuction::find($auctionId);
$item = DbItem::find($auction->getField("itemId"));
$comment = "You received a feedback from \"" . SessionOperator::getUser()->getUserName() . "\" in your participation in \"";
$comment .= $item->getField("itemName") . " - " . $item->getField("itemBrand") . "\".";
QueryOperator::addNotification($receiver->getId(), $comment, QueryOperator::NOTIFICATION_FEEDBACK_RECEIVED);
// Set feedback session
SessionOperator::setNotification(SessionOperator::FEEDBACK_SENT);
// Return to page
HelperOperator::redirectTo($redirectUrl);
if (!is_numeric($auctionId)) {
    HelperOperator::redirectTo("../views/my_live_auctions_view.php");
}
/* @var User $user */
$user = SessionOperator::getUser();
$userId = $user->getUserId();
/* @var DbAuction $auction */
/* @var DbItem $item */
$auction = DbAuction::find($auctionId);
$item = DbItem::find($auction->getField("itemId"));
// User owns auction
if ($item->getField("userId") == $userId) {
    // Notifiy current highest bidder
    $highestBid = QueryOperator::getAuctionBids($auctionId, 1)[0];
    if (!empty($highestBid)) {
        $comment = "The auction \"" . $item->getField("itemName") . " " . $item->getField("itemBrand") . "\" with ";
        $comment .= "your current highest bid of " . $highestBid->getBidPrice() . " GSP was deleted by " . $user->getUsername() . ".";
        QueryOperator::addNotification($highestBid->getBidderId(), $comment, QueryOperator::NOTIFICATION_AUCTION_DELETED);
    }
    // Delete auction
    $auction->delete();
    if (!empty($imageName = $item->getField("image"))) {
        unlink(ROOT . $imageName);
    }
    // Delete auction event
    QueryOperator::dropAuctionEvent($auctionId);
    // Set feedback session
    SessionOperator::setNotification(SessionOperator::DELETED_AUCTION);
}
HelperOperator::redirectTo("../views/my_live_auctions_view.php");
<?php

require_once "../classes/class.helper_operator.php";
require_once "../config/config.php";
require_once "../classes/class.query_operator.php";
require_once "../classes/class.session_operator.php";
// Delete profile image from file system and image name from database
$user = SessionOperator::getUser();
unlink(ROOT . $user->getImage());
QueryOperator::uploadImage($user->getUserId(), null, "users");
// Update user session
$user = QueryOperator::getAccount(SessionOperator::getUser()->getUserId());
SessionOperator::updateUser(new User($user));
// Set feedback session
SessionOperator::setNotification(SessionOperator::DELETED_PROFILE_PHOTO);
HelperOperator::redirectTo("../views/profile_view.php");
<?php

require_once "../classes/class.helper_operator.php";
require_once "../classes/class.session_operator.php";
require_once "../classes/class.validation_operator.php";
require_once "../classes/class.query_operator.php";
require_once "../classes/class.db_auction_watch.php";
/* @var User $user*/
$user = SessionOperator::getUser();
$auctionId = $_GET["liveAuction"];
if (!is_numeric($auctionId)) {
    HelperOperator::redirectTo("../views/open_live_auction_view.php?" . $_SERVER['QUERY_STRING']);
}
// Check user hasn't already watched
$alreadyWatching = DbAuctionWatch::withConditions("WHERE userId = " . $user->getUserId() . " AND auctionId =" . $auctionId)->exists() ? true : false;
if ($alreadyWatching) {
    HelperOperator::redirectTo("../views/open_live_auction_view.php?" . $_SERVER['QUERY_STRING']);
}
// Create an auction_watch
$watch = new DbAuctionWatch(array("userId" => $user->getUserId(), "auctionId" => $auctionId));
// Add to watch list
$watch->create();
// Set feedback session
SessionOperator::setNotification(SessionOperator::CREATED_WATCH);
HelperOperator::redirectTo("../views/open_live_auction_view.php?" . $_SERVER['QUERY_STRING']);
</p>
                        </div>

                        <div class="col-xs-5">
                            <div class="col-xs-8"><p class="p-info bid-price" style="margin-top: 0">£
                                    <?php 
$bid = null;
if (empty($bids)) {
    $bid = $auction->getStartPrice();
    if (!$isMyAuction) {
        $bid .= "<br><small>Enter £" . $auction->getStartPrice() . " or more</small>";
    }
} else {
    $bid = $bids[0]->getBidPrice();
    if (!$isMyAuction) {
        $bid .= "<br><small>Enter £ " . ($bid + HelperOperator::getIncrement($bid)) . " or more</small>";
    }
}
echo $bid;
?>
</p>
                            </div>
                            <div class="col-xs-4">
                                <p class="p-info text-info" style="padding-top:4px;"><?php 
echo count($bids);
?>
 bids</p>
                            </div>
                            <?php 
if (!$isMyAuction) {
    ?>
<?php

require_once "../classes/class.session_operator.php";
require_once "../classes/class.helper_operator.php";
if (!SessionOperator::isLoggedIn()) {
    HelperOperator::redirectTo("../index.php");
}
示例#7
0
    $bidPrice = $_GET["bidPrice"];
    $auction = QueryOperator::getLiveAuction($auctionId);
    $user = SessionOperator::getUser();
    $userId = (int) $user->getUserId();
    // Incorrect inputs
    if (ValidationOperator::hasEmtpyFields($_GET) || !ValidationOperator::isPositiveNumber($bidPrice, "bidPrice") || !ValidationOperator::checkBidPrice($bidPrice, $auctionId)) {
        // Create a session for bid price so that it can be recovered after the page returns
        SessionOperator::setFormInput(["bidPrice" => $bidPrice]);
    } else {
        // Notify outbid user (only if it is not the same user)
        $highestBidderId = $auction->getHighestBidderId();
        if (!is_null($highestBidderId) && $highestBidderId != $userId) {
            $comment = "You were outbid on the auction \"" . $auction->getItemName() . " " . $auction->getItemBrand() . "\" by ";
            $comment .= "by \"" . $user->getUserName() . "\". The new highest bid is " . $bidPrice . " GSP.";
            QueryOperator::addNotification($highestBidderId, $comment, QueryOperator::NOTIFICATION_OUTBID);
        }
        $comment = "You received a new bid on the auction \"" . $auction->getItemName() . " " . $auction->getItemBrand() . "\" by ";
        $comment .= "by \"" . $user->getUserName() . "\". The new highest bid is " . $bidPrice . " GSP.";
        QueryOperator::addNotification($auction->getSellerId(), $comment, QueryOperator::NOTIFICATION_NEW_BID);
        // Place bid
        QueryOperator::placeBid($auctionId, $userId, $bidPrice);
        $dbAuction = DbAuction::find($auctionId);
        $dbAuction->setField("highestBidderId", $userId);
        $dbAuction->save();
        // Set feedback session
        SessionOperator::setNotification(SessionOperator::PLACED_BID);
    }
}
// Return back to page
HelperOperator::redirectTo("../views/open_live_auction_view.php?liveAuction=" . $auctionId . "&s=1");
        </li>
        <!-- account end-->

    </ul>
    <!-- top menu end -->

</nav>
<!-- header end -->


<!-- side menu start -->
<div class="navbar-default sidebar" role="navigation">
    <div class="sidebar-nav navbar-collapse">
        <ul class="nav" id="side-menu">
            <li <?php 
echo HelperOperator::isActive();
?>
 >
                <a href="#"><i class="fa fa-gavel fa-fw"></i> My Auctions<span class="fa arrow"></span></a>
                <ul class="nav nav-second-level">
                    <li>
                        <a href="../views/my_live_auctions_view.php"><i class="fa fa-clock-o fa-fw"></i> Live Auctions</a>
                    </li>
                    <li>
                        <a href="../views/my_sold_auctions_view.php"><i class="fa fa-history fa-fw"></i> Sold Auctions</a>
                    </li>
                    <li>
                        <a href="../views/my_unsold_auctions_view.php"><i class="fa fa-minus-circle fa-fw"></i> Unsold Auctions</a>
                    </li>
                </ul>
            </li>
 public static function checkBidPrice($input, $auctionId)
 {
     $currentHighestBid = QueryOperator::getAuctionBids($auctionId, 1);
     // There exists a highest bid
     if (!empty($currentHighestBid)) {
         $currentHighestBid = $currentHighestBid[0]->getBidPrice();
         $currentHighestBid += HelperOperator::getIncrement($currentHighestBid);
     } else {
         $currentHighestBid = -1;
     }
     // Invalid bid price
     if ($input < $currentHighestBid) {
         SessionOperator::setInputErrors(["bidPrice" => self::PRICES[self::INVALID_BID] . $currentHighestBid]);
         return false;
     }
     // No error
     return true;
 }
<?php

require_once "../classes/class.helper_operator.php";
require_once "../classes/class.session_operator.php";
require_once "../classes/class.validation_operator.php";
require_once "../classes/class.query_operator.php";
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/class.db_auction.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/class.db_auction_watch.php';
$watchId = $_GET["id"];
// Prevent sql injection
if (!is_numeric($watchId)) {
    HelperOperator::redirectTo("../views/my_watch_list_view.php");
}
/* @var User $user */
$userId = SessionOperator::getUser()->getUserId();
/* @var DbAuctionWatch $auction */
$watch = DbAuctionWatch::find($watchId);
// User owns watch
if ($watch->getField("userId") == $userId) {
    // Delete watch
    $watch->delete();
    // Set feedback session
    SessionOperator::setNotification(SessionOperator::DELETED_WATCH);
}
HelperOperator::redirectTo("../views/my_watch_list_view.php");
示例#11
0
}
$cats = getCatIdAndType($searchCategory);
// Set up pagination object
$total = QueryOperator::countFoundAuctions(buildQuery($searchString, $cats, null));
$page = isset($_GET["page"]) ? $_GET["page"] : 1;
$page = $page <= $total ? $page : 1;
$per_page = 15;
$pagination = new Pagination($page, $per_page, $total);
// Get paginated search results
$catsAndAuctions = QueryOperator::searchAuctions(buildQuery($searchString, $cats, $sort, $per_page, $pagination->offset()));
// Update search sessions
$updated_session = array_merge([SessionOperator::SEARCH_RESULT => $catsAndAuctions], $updated_session);
$updated_session = array_merge([SessionOperator::SEARCH_PAGINATION => $pagination], $updated_session);
SessionOperator::setSearch($updated_session);
// Return back to search page
HelperOperator::redirectTo("../views/search_view.php");
function buildQuery($searchString, $searchCategory, $sortOption, $limit = null, $offset = null)
{
    $query = null;
    // Prepare count query
    if (is_null($limit) && is_null($offset)) {
        $query = "SELECT COUNT(*) ";
    } else {
        $query = "SELECT auctions.auctionId, quantity, startPrice, reservePrice, startTime,\n            endTime, itemName, itemBrand, itemDescription, items.image, auctions.views,\n            item_categories.categoryName as subCategoryName, superCategoryName,\n            item_categories.superCategoryId, item_categories.categoryId,\n            conditionName, countryName, COUNT(DISTINCT (bids.bidId)) AS numBids,\n            COUNT(DISTINCT (auction_watches.watchId)) AS numWatches,\n            MAX(bids.bidPrice) AS highestBid,\n            case\n                when MAX(bids.bidPrice)is not null THEN MAX(bids.bidPrice)\n                else startPrice\n            end AS currentPrice ";
    }
    $query .= "FROM auctions\n            LEFT OUTER JOIN bids ON bids.auctionId = auctions.auctionId\n            LEFT OUTER JOIN auction_watches ON auction_watches.auctionId = auctions.auctionId\n            JOIN items ON items.itemId = auctions.itemId\n            JOIN users ON items.userId = users.userId\n            JOIN item_categories ON items.categoryId = item_categories.categoryId\n            JOIN super_item_categories ON  item_categories.superCategoryId = super_item_categories.superCategoryId\n            JOIN item_conditions ON items.conditionId = item_conditions.conditionId\n            JOIN countries ON users.countryId = countries.countryId\n\n        WHERE auctions.startTime < now() AND auctions.endTime > now() AND\n            items.itemName LIKE \"%__ss__%\" __cc__\n        GROUP BY auctions.auctionId ";
    $query = str_replace("__ss__", $searchString, $query);
    if ($searchCategory != null) {
        if ($searchCategory["type"] == "super") {
            $query = str_replace("__cc__", "AND super_item_categories.superCategoryId = " . $searchCategory["id"], $query);
        } else {
示例#12
0
            SessionOperator::setNotification(SessionOperator::CHANGED_PASSWORD);
            // Send a password changed confirmation email to the user
            $mail = new Email($email, $userDetails["firstName"], $userDetails["lastName"]);
            $mail->preparePasswordConfirmEmail();
            $mail->sentEmail();
            HelperOperator::redirectTo("../index.php");
        } else {
            SessionOperator::setFormInput($passwordFields);
        }
        HelperOperator::redirectTo("../views/change_password_view.php?email=" . $email);
    } else {
        if (isset($_POST["changePasswordSignedIn"])) {
            // Retrieve Passwords
            $passwordFields = ["currentPassword" => $_POST["currentPassword"], "password1" => $_POST["password1"], "password2" => $_POST["password2"]];
            // Get current user session
            $user = SessionOperator::getUser();
            // Current password is correct and both new passwords are valid and match
            if (!ValidationOperator::hasEmtpyFields($passwordFields) && ValidationOperator::isCurrentPassword($passwordFields["currentPassword"]) && ValidationOperator::validPasswords($passwordFields["password1"], $passwordFields["password2"])) {
                QueryOperator::updatePassword($user->getEmail(), $passwordFields["password2"]);
                SessionOperator::setNotification(SessionOperator::CHANGED_PASSWORD);
                // Send a password changed confirmation email to the user
                $mail = new Email($user->getEmail(), $user->getFirstName(), $user->getLastName());
                $mail->preparePasswordConfirmEmail();
                $mail->sentEmail();
            } else {
                SessionOperator::setFormInput($passwordFields);
            }
            HelperOperator::redirectTo("../views/account_view.php");
        }
    }
}