function __construct() { global $config; session_init(); $loginUrl = './?page=login'; if (empty($config['session name'])) { $config['session name'] = 'WebAuctionPlus User'; } // check logged in if (isset($_SESSION[$config['session name']])) { $this->doValidate($_SESSION[$config['session name']]); } // not logged in (and is required) if (SettingsClass::getBoolean('Require Login')) { if (!$this->isOk() && $config['page'] != 'login') { ForwardTo($loginUrl, 0); exit; } } }
public static function BuyFixed($auctionId, $qty) { global $config, $user; // validate args $auctionId = (int) $auctionId; $qty = (int) $qty; if ($auctionId < 1) { $_SESSION['error'][] = 'Invalid auction id!'; return FALSE; } if ($qty < 1) { $_SESSION['error'][] = 'Invalid qty!'; return FALSE; } // has canBuy permissions if (!$user->hasPerms('canBuy')) { $_SESSION['error'][] = 'You don\'t have permission to buy.'; return FALSE; } // query auction $auction = QueryAuctions::QuerySingle($auctionId); if (!$auction) { $_SESSION['error'][] = 'Auction not found!'; return FALSE; } $Item = $auction->getItemCopy(); // // is item allowed // if (!itemAllowed($item->name, $item->damage)){ // $_SESSION['error'][] = $item->fullname.' is not allowed to be sold.'; // header("Location: ../myauctions.php"); // } // buying validation if ($auction->getSellerId() == $user->getId()) { $_SESSION['error'][] = 'Can\'t buy from yourself!'; return FALSE; } if ($qty > $Item->getItemQty()) { $_SESSION['error'][] = 'Not that many for sale!'; return FALSE; } $maxSellPrice = SettingsClass::getDouble('Max Sell Price'); $sellPrice = $auction->getPrice(); $priceTotal = $sellPrice * (double) $qty; if ($maxSellPrice > 0.0 && $sellPrice > $maxSellPrice) { $_SESSION['error'][] = 'Over max sell price of ' . SettingsClass::getBoolean('Currency Prefix') . $maxSellPrice . SettingsClass::getBoolean('Currency Prefix') . ' !'; return FALSE; } if ($priceTotal > $user->getMoney()) { $_SESSION['error'][] = 'You don\'t have enough money!'; return FALSE; } // make payment from buyer to seller UserClass::MakePayment($user->getName(), $user->getUUID(), $auction->getSeller(), $auction->getSellerUUID(), $priceTotal, 'Bought auction ' . (int) $auction->getTableRowId() . ' ' . $Item->getItemTitle() . ' x' . (int) $Item->getItemQty()); // remove auction if (!self::RemoveAuction($auctionId, $qty < $Item->getItemQty() ? $qty : -1)) { echo '<p style="color: red;">Error removing/updating auction!</p>'; exit; } // add to inventory $Item->setItemQty($qty); $tableRowId = ItemFuncs::AddCreateItem($user->getId(), $Item); if (!$tableRowId) { echo '<p style="color: red;">Error adding item to your inventory!</p>'; exit; } // add sale log LogSales::addLog(LogSales::LOG_SALE, LogSales::SALE_BUYNOW, $auction->getSellerId(), $user->getId(), $Item, $sellPrice, FALSE, '', TRUE); return TRUE; }
public static function isEnabled() { return SettingsClass::getBoolean('CSRF Protection'); }