diff --git a/admin/boards.php b/admin/boards.php index ec0cc5e3..133c3d72 100644 --- a/admin/boards.php +++ b/admin/boards.php @@ -25,20 +25,20 @@ { foreach ($_POST['delete'] as $k => $v) { - $v = intval($v); - $query = "DELETE FROM " . $DBPrefix . "community WHERE id = " . $v; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); - $query = "DELETE FROM " . $DBPrefix . "comm_messages WHERE boardid = " . $v; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + $query = "DELETE FROM " . $DBPrefix . "community WHERE id = :id"; + $params = array(array(':id', $v, 'int')); + $db->query($query, $params); + $query = "DELETE FROM " . $DBPrefix . "comm_messages WHERE boardid = :id"; + $params = array(array(':id', $v, 'int')); + $db->query($query, $params); } $ERR = $MSG['5044']; } // get list of boards $query = "SELECT * FROM " . $DBPrefix . "community ORDER BY name"; -$res = mysql_query($query); -$system->check_mysql($res, $query, __LINE__, __FILE__); -while ($row = mysql_fetch_array($res)) +$db->direct_query($query); +while ($row = $db->result()) { $template->assign_block_vars('boards', array( 'ID' => $row['id'], diff --git a/admin/buyitnow.php b/admin/buyitnow.php index a4159709..cfcde854 100644 --- a/admin/buyitnow.php +++ b/admin/buyitnow.php @@ -27,14 +27,19 @@ if ($bn_only_percent > $system->SETTINGS['bn_only_percent']) { $query = "UPDATE " . $DBPrefix . "users SET bn_only = 'y' WHERE id = bn_only = 'n'"; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + $db->direct_query($query); } $query = "UPDATE " . $DBPrefix . "settings SET - buy_now = " . intval($_POST['buy_now']) . ", - bn_only = '" . $_POST['bn_only'] . "', - bn_only_disable = '" . $_POST['bn_only_disable'] . "', - bn_only_percent = " . $bn_only_percent; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + buy_now = :buy_now, + bn_only = :bn_only, + bn_only_disable = :disable, + bn_only_percent = :percent"; + $params = array(); + $params[] = array(':buy_now', $_POST['buy_now'], 'int'); + $params[] = array(':bn_only', $_POST['bn_only'], 'str'); + $params[] = array(':disable', $_POST['bn_only_disable'], 'str'); + $params[] = array(':percent', $bn_only_percent, 'str'); + $db->query($query, $params); $system->SETTINGS['buy_now'] = $_POST['buy_now']; $system->SETTINGS['bn_only'] = $_POST['bn_only']; $system->SETTINGS['bn_only_disable'] = $_POST['bn_only_disable']; diff --git a/admin/viewaccessstats.php b/admin/viewaccessstats.php index b0ef0ebd..b11228e6 100644 --- a/admin/viewaccessstats.php +++ b/admin/viewaccessstats.php @@ -47,7 +47,7 @@ } else { - $month = date('m'); + $month = date('n'); $year = date('Y'); $query = "SELECT * FROM " . $DBPrefix . "currentaccesses WHERE month = :month AND year = :year ORDER BY LENGTH(day), day ASC"; $params[] = array(':month', $month, 'int'); diff --git a/admin/viewbrowserstats.php b/admin/viewbrowserstats.php index 44c1a5e8..61da31c1 100644 --- a/admin/viewbrowserstats.php +++ b/admin/viewbrowserstats.php @@ -28,7 +28,7 @@ $MAX = 0; $TOTAL = 0; $BROWSERS = array(); -while ($row = fetch()) +while ($row = $db->fetch()) { $BROWSERS[$row['browser']] = $row['counter']; $TOTAL = $TOTAL + $row['counter']; diff --git a/browse.php b/browse.php index 1e51d72b..194200d1 100644 --- a/browse.php +++ b/browse.php @@ -72,8 +72,8 @@ else { // Retrieve the translated category name - $par_id = $category['parent_id']; - $current_cat_name = $category_names[$par_id]; + $cat_id = $category['cat_id']; + $current_cat_name = $category_names[$cat_id]; $TPL_categories_string = ''; $crumbs = $catscontrol->get_bread_crumbs($category['left_id'], $category['right_id']); for ($i = 0; $i < count($crumbs); $i++) diff --git a/buy_now.php b/buy_now.php index d83bb2d0..80dad002 100644 --- a/buy_now.php +++ b/buy_now.php @@ -151,7 +151,7 @@ { $ERR = $ERR_711; } - // check qty + // check auction still has items left to buy if (isset($qty) && $qty > $Auction['quantity']) { $ERR = $ERR_608; diff --git a/cron.php b/cron.php index f2c44e1d..8d01e6da 100644 --- a/cron.php +++ b/cron.php @@ -108,6 +108,7 @@ // send email to seller - to notify him // create a "report" to seller depending of what kind auction is $atype = intval($Auction['auction_type']); + // Standard auction if ($atype == 1) { if ($num_bids > 0 && ($Auction['current_bid'] >= $Auction['reserve_price'] || $Auction['sold'] == 's')) @@ -118,7 +119,6 @@ $winner_present = true; } - // Standard auction if ($winner_present) { $report_text = $Winner['nick'] . "\n"; @@ -139,8 +139,9 @@ } // Add winner's data to "winners" table - $query = "INSERT INTO " . $DBPrefix . "winners VALUES - (NULL, :auc_id, :seller_id, :winner_id, :current_bid, :time, 0, 0, 1, 0, :bf_paid, :ff_paid)"; + $query = "INSERT INTO " . $DBPrefix . "winners + (auction, seller, winner, bid, closingdate, feedback_win, feedback_sel, qty, paid, bf_paid, ff_paid, shipped) VALUES + (:auc_id, :seller_id, :winner_id, :current_bid, :time, 0, 0, 1, 0, :bf_paid, :ff_paid, 0)"; $params = array(); $params[] = array(':auc_id', $Auction['id'], 'int'); $params[] = array(':seller_id', $Seller['id'], 'int'); @@ -156,9 +157,9 @@ $report_text = $MSG['429']; } } - else + // Dutch Auction + elseif ($atype == 2) { - // Dutch Auction // find out winners sorted by bid $query = "SELECT *, MAX(bid) AS maxbid FROM " . $DBPrefix . "bids WHERE auction = :auc_id GROUP BY bidder @@ -220,8 +221,9 @@ } // Add winner's data to "winners" table - $query = "INSERT INTO " . $DBPrefix . "winners VALUES - (NULL, :auc_id, :seller_id, :winner_id, :current_bid, :time, 0, 0, :items_got, 0, :bf_paid, :ff_paid)"; + $query = "INSERT INTO " . $DBPrefix . "winners + (auction, seller, winner, bid, closingdate, feedback_win, feedback_sel, qty, paid, bf_paid, ff_paid, shipped) VALUES + (:auc_id, :seller_id, :winner_id, :current_bid, :time, 0, 0, :items_got, 0, :bf_paid, :ff_paid, 0)"; $params = array(); $params[] = array(':auc_id', $Auction['id'], 'int'); $params[] = array(':seller_id', $Seller['id'], 'int'); diff --git a/docs/changes.txt b/docs/changes.txt index 68ccc041..145eed44 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -10,5 +10,10 @@ - Fixed shipping fee not being added to cost of item (Bug #454) - Fixed link in pay.php to contact seller (Bug #445) (Thanks pani100) - Fixed admin invoices view +- Fixed browse categories header name +- Added admin warnings for if fees are not set up correctly +- Added confirmation notices when you do an action in user control panel +- Moved the add new news button in admin so its visable +- Fixed buy it now not setting an auction to close if all item have been purchased for older changes check out http://www.webidsupport.com/wiki/Change_Log \ No newline at end of file diff --git a/inc/captcha/securimage.php b/inc/captcha/securimage.php index 6a9bfa62..9860bd89 100644 --- a/inc/captcha/securimage.php +++ b/inc/captcha/securimage.php @@ -86,7 +86,7 @@ class Securimage { * * @var int */ - var $image_width = 175; + var $image_width = 250; /** * The desired width of the CAPTCHA image. diff --git a/includes/class_MPTTcategories.php b/includes/class_MPTTcategories.php index 1cb47cc2..8c9e1143 100644 --- a/includes/class_MPTTcategories.php +++ b/includes/class_MPTTcategories.php @@ -484,7 +484,7 @@ function build_sql($data) } else { - $data[$k] = '`' . $k . '` = \'' . mysql_real_escape_string($v) . '\''; + $data[$k] = '`' . $k . '` = \'' . $v . '\''; } } return implode(', ', $data); diff --git a/includes/class_fees.php b/includes/class_fees.php index 2c2ceada..8cd319fd 100644 --- a/includes/class_fees.php +++ b/includes/class_fees.php @@ -28,12 +28,11 @@ function fees() function get_fee_types() { - global $system, $DBPrefix; + global $system, $DBPrefix, $db; $query = "SELECT type FROM " . $DBPrefix . "fees GROUP BY type"; - $res = mysql_query($query); - $system->check_mysql($res, $query, __LINE__, __FILE__); + $db->direct_query($query); $fee_types = array(); - while ($row = mysql_fetch_assoc($res)) + while ($row = $db->result()) { $fee_types[] = $row; } @@ -42,12 +41,19 @@ function get_fee_types() function add_to_account($text, $type, $amount) { - global $system, $DBPrefix, $user; + global $system, $DBPrefix, $user, $db; $date_values = date('z|W|m|Y'); $date_values = explode('|', $date_values); - $query = "INSERT INTO " . $DBPrefix . "accounts VALUES (NULL, '" . $user->user_data['nick'] . "', '" . $user->user_data['name'] . "', '" . $text . "', '" . $type . "', " . time() . ", '" . $amount . "', " . $date_values[0] . ", " . $date_values[1] . ", " . $date_values[2] . ", " . $date_values[3] . ")"; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + $query = "INSERT INTO " . $DBPrefix . "accounts VALUES (NULL, :user_nick, :user_name, :user_text, :user_type, :user_time, :user_amount, " . $date_values[0] . ", " . $date_values[1] . ", " . $date_values[2] . ", " . $date_values[3] . ")"; + $params = array(); + $params[] = array(':user_nick', $user->user_data['nick'], 'str'); + $params[] = array(':user_name', $user->user_data['name'], 'str'); + $params[] = array(':user_text', $text, 'str'); + $params[] = array(':user_type', $type, 'str'); + $params[] = array(':user_time', time(), 'int'); + $params[] = array(':user_amount', $amount, 'int'); + $db->query($query, $params); } function hmac($key, $data) @@ -75,7 +81,8 @@ function paypal_validate() { global $system; - $sandbox = false; // set to true to enabled sandbox mode + $sandbox = ($system->SETTINGS['paypal_sandbox'] == 'y') ? true : false; + $https = ($system->SETTINGS['https'] == 'y') ? true : false; // we ensure that the txn_id (transaction ID) contains only ASCII chars... $pos = strspn($this->data['txn_id'], $this->ASCII_RANGE); $len = strlen($this->data['txn_id']); @@ -114,7 +121,7 @@ function paypal_validate() if (!$sandbox) { - if (!empty($system->SETTINGS['https_url'])) + if ($https == true) { // connect via SSL $fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30); @@ -127,7 +134,7 @@ function paypal_validate() } else { - if (!empty($system->SETTINGS['https_url'])) + if ($https == true) { // connect via SSL $fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30); @@ -170,6 +177,9 @@ function paypal_validate() else if (strcmp ($resl, 'INVALID') == 0) { // payment failed + $redirect_url = $system->SETTINGS['siteurl'] . 'validate.php?fail'; + header('location: '. $redirect_url); + exit; } } fclose ($fp); @@ -220,7 +230,7 @@ function worldpay_validate() exit; } - function moneybookers_validate() + function moneybookers_validate() // now called skrill { global $system; @@ -266,7 +276,7 @@ function toocheckout_validate() function callback_process($custom_id, $fee_type, $payment_amount, $currency = NULL) { - global $system, $DBPrefix; + global $system, $DBPrefix, $db; switch ($fee_type) { @@ -274,57 +284,86 @@ function callback_process($custom_id, $fee_type, $payment_amount, $currency = NU $addquery = ''; if ($system->SETTINGS['fee_disable_acc'] == 'y') { - $query = "SELECT suspended, balance FROM " . $DBPrefix . "users WHERE id = " . $custom_id; - $res = mysql_query($query); - $system->check_mysql($res, $query, __LINE__, __FILE__); - $data = mysql_fetch_assoc($res); + $query = "SELECT suspended, balance FROM " . $DBPrefix . "users WHERE id = :custom_id"; + $params = array(); + $params[] = array(':custom_id', $custom_id, 'int'); + $db->query($query, $params); + $data = $db->result(); // reable user account if it was disabled if ($data['suspended'] == 7 && ($data['balance'] + $payment_amount) >= 0) { $addquery = ', suspended = 0 '; } } - $query = "UPDATE " . $DBPrefix . "users SET balance = balance + " . $payment_amount . $addquery . " WHERE id = " . $custom_id; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + $query = "UPDATE " . $DBPrefix . "users SET balance = balance + :payment" . $addquery . " WHERE id = :user_id"; + $params[] = array(':payment', $payment_amount, 'float'); + $params[] = array(':user_id', $custom_id, 'int'); + $db->query($query, $params); // add invoice $query = "INSERT INTO " . $DBPrefix . "useraccounts (user_id, date, balance, total, paid) VALUES - (" . $custom_id . ", " . time() . ", " . $payment_amount . ", " . $payment_amount . ", 1)"; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + (:user_id, :time_stamp, :payment, :extra_payment, 1)"; + $params = array(); + $params[] = array(':user_id', $custom_id, 'int'); + $params[] = array(':time_stamp', time(), 'int'); + $params[] = array(':payment', $payment_amount, 'float'); + $params[] = array(':extra_payment', $payment_amount, 'float'); + $db->query($query, $params); break; case 2: // pay for an item - $query = "UPDATE " . $DBPrefix . "winners SET paid = 1 WHERE id = " . $custom_id; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + $query = "UPDATE " . $DBPrefix . "winners SET paid = 1 WHERE id = :custom_id"; + $params = array(); + $params[] = array(':custom_id', $custom_id, 'int'); + $db->query($query, $params); break; case 3: // pay signup fee (live mode) - $query = "UPDATE " . $DBPrefix . "users SET suspended = 0 WHERE id = " . $custom_id; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + $query = "UPDATE " . $DBPrefix . "users SET suspended = 0 WHERE id = :custom_id"; + $params = array(); + $params[] = array(':custom_id', $custom_id, 'int'); + $db->query($query, $params); // add invoice $query = "INSERT INTO " . $DBPrefix . "useraccounts (user_id, date, signup, total, paid) VALUES - (" . $custom_id . ", " . time() . ", " . $payment_amount . ", " . $payment_amount . ", 1)"; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + (:get_id, :time_stamp, :payment, :extra_payment, 1)"; + $params = array(); + $params[] = array(':get_id', $custom_id, 'int'); + $params[] = array(':time_stamp', time(), 'int'); + $params[] = array(':payment', $payment_amount, 'float'); + $params[] = array(':extra_payment', $payment_amount, 'float'); + $db->query($query, $params); break; case 4: // pay auction fee (live mode) global $user, $MSG; $catscontrol = new MPTTcategories(); - $query = "SELECT auc_id FROM " . $DBPrefix . "useraccounts WHERE useracc_id = " . $custom_id; - $res = mysql_query($query); - $system->check_mysql($res, $query, __LINE__, __FILE__); - $auc_id = mysql_result($res, 0, 'auc_id'); - $query = "UPDATE " . $DBPrefix . "auctions SET suspended = 0 WHERE id = " . $auc_id; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); - $query = "UPDATE " . $DBPrefix . "useraccounts SET paid = 1 WHERE auc_id = " . $auc_id . " AND setup > 0"; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + $query = "SELECT auc_id FROM " . $DBPrefix . "useraccounts WHERE useracc_id = :useracc_id"; + $params = array(); + $params[] = array(':useracc_id', $custom_id, 'int'); + $db->query($query, $params); + $auc_id = $db->result('auc_id'); + + $query = "UPDATE " . $DBPrefix . "auctions SET suspended = 0 WHERE id = :auc_id"; + $params = array(); + $params[] = array(':auc_id', $auc_id, 'int'); + $db->query($query, $params); + + $query = "UPDATE " . $DBPrefix . "useraccounts SET paid = 1 WHERE auc_id = :auc_id AND setup > 0"; + $params = array(); + $params[] = array(':auc_id', $auc_id, 'int'); + $db->query($query, $params); + $query = "UPDATE " . $DBPrefix . "counters SET auctions = auctions + 1"; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); - $query = "UPDATE " . $DBPrefix . "useraccounts SET paid = 1 WHERE useracc_id = " . $custom_id; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + $db->direct_query($query); + + $query = "UPDATE " . $DBPrefix . "useraccounts SET paid = 1 WHERE useracc_id = :custom_id"; + $params = array(); + $params[] = array(':custom_id', $custom_id, 'int'); + $db->query($query, $params); $query = "SELECT category, title, minimum_bid, pict_url, buy_now, reserve_price, auction_type, ends - FROM " . $DBPrefix . "auctions WHERE id = " . $auc_id; - $res = mysql_query($query); - $system->check_mysql($res, $query, __LINE__, __FILE__); - $auc_data = mysql_fetch_assoc($res); + FROM " . $DBPrefix . "auctions WHERE id = :auc_id"; + $params = array(); + $params[] = array(':auc_id', $auc_id, 'int'); + $db->query($query, $params); + $auc_data = $db->result(); // auction data $auction_id = $auc_id; @@ -342,45 +381,82 @@ function callback_process($custom_id, $fee_type, $payment_amount, $currency = NU } // update recursive categories - $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = " . $auc_data['category']; - $res = mysql_query($query); - $system->check_mysql($res, $query, __LINE__, __FILE__); - $parent_node = mysql_fetch_assoc($res); + $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = :cat_id"; + $params = array(); + $params[] = array(':cat_id', $auc_data['category'], 'int'); + $db->query($query, $params); + $parent_node = $db->result(); $crumbs = $catscontrol->get_bread_crumbs($parent_node['left_id'], $parent_node['right_id']); for ($i = 0; $i < count($crumbs); $i++) { - $query = "UPDATE " . $DBPrefix . "categories SET sub_counter = sub_counter + 1 WHERE cat_id = " . $crumbs[$i]['cat_id']; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + $query = "UPDATE " . $DBPrefix . "categories SET sub_counter = sub_counter + 1 WHERE cat_id = :cat_id"; + $params = array(); + $params[] = array(':cat_id', $crumbs[$i]['cat_id'], 'int'); + $db->query($query, $params); } break; case 5: // pay relist fee (live mode) - $query = "UPDATE " . $DBPrefix . "auctions SET suspended = 0 WHERE id = " . $custom_id; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + $query = "UPDATE " . $DBPrefix . "auctions SET suspended = 0 WHERE id = :custom_id"; + $params = array(); + $params[] = array(':custom_id', $custom_id, 'int'); + $db->query($query, $params); // add invoice $query = "INSERT INTO " . $DBPrefix . "useraccounts (user_id, auc_id, date, relist, total, paid) VALUES - (" . $custom_id . ", " . $custom_id . ", " . time() . ", " . $payment_amount . ", " . $payment_amount . ", 1)"; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + (:user_id, :auc_id, :date, :relist, :total, 1)"; + $params = array(); + $params[] = array(':user_id', $custom_id, 'int'); + $params[] = array(':auc_id', $custom_id, 'int'); + $params[] = array(':date', time(), 'int'); + $params[] = array(':relist', $payment_amount, 'float'); + $params[] = array(':total', $payment_amount, 'float'); + $db->query($query, $params); break; case 6: // pay buyer fee (live mode) - $query = "UPDATE " . $DBPrefix . "winners SET bf_paid = 1 WHERE bf_paid = 0 AND auction = " . $custom_id . " AND winner = " . $user->user_data['id']; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); - $query = "UPDATE " . $DBPrefix . "users SET suspended = 0 WHERE id = " . $user->user_data['id']; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + $query = "UPDATE " . $DBPrefix . "winners SET bf_paid = 1 WHERE bf_paid = 0 AND auction = :auction_id AND winner = :winner_id"; + $params = array(); + $params[] = array(':auction_id', $custom_id, 'int'); + $params[] = array(':winner_id', $user->user_data['id'], 'int'); + $db->query($query, $params); + + $query = "UPDATE " . $DBPrefix . "users SET suspended = 0 WHERE id = :user_id"; + $params = array(); + $params[] = array(':user_id', $user->user_data['id'], 'int'); + $db->query($query, $params); + // add invoice $query = "INSERT INTO " . $DBPrefix . "useraccounts (user_id, auc_id, date, buyer, total, paid) VALUES - (" . $user->user_data['id'] . ", " . $custom_id . ", " . time() . ", " . $payment_amount . ", " . $payment_amount . ", 1)"; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + (:user_id, :auc_id, :time_stamp, :buyer, :total, 1)"; + $params = array(); + $params[] = array(':user_id', $user->user_data['id'], 'int'); + $params[] = array(':auc_id', $custom_id, 'int'); + $params[] = array(':time_stamp', time(), 'int'); + $params[] = array(':buyer', $payment_amount, 'float'); + $params[] = array(':total', $payment_amount, 'float'); + $db->query($query, $params); break; case 7: // pay final value fee (live mode) - $query = "UPDATE " . $DBPrefix . "winners SET ff_paid = 1 WHERE ff_paid = 0 AND auction = " . $custom_id . " AND seller = " . $user->user_data['id']; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); - $query = "UPDATE " . $DBPrefix . "users SET suspended = 0 WHERE id = " . $user->user_data['id']; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + $query = "UPDATE " . $DBPrefix . "winners SET ff_paid = 1 WHERE ff_paid = 0 AND auction = :auction_id AND seller = :user_id"; + $params = array(); + $params[] = array(':auction_id', $custom_id, 'int'); + $params[] = array(':user_id', $user->user_data['id'], 'int'); + $db->query($query, $params); + + $query = "UPDATE " . $DBPrefix . "users SET suspended = 0 WHERE id = :user_id"; + $params = array(); + $params[] = array(':user_id', $user->user_data['id'], 'int'); + $db->query($query, $params); + // add invoice $query = "INSERT INTO " . $DBPrefix . "useraccounts (user_id, auc_id, date, finalval, total, paid) VALUES - (" . $user->user_data['id'] . ", " . $custom_id . ", " . time() . ", " . $payment_amount . ", " . $payment_amount . ", 1)"; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + (:user_id, :auc_id, :time_stamp, :finalval, :total, 1)"; + $params = array(); + $params[] = array(':user_id', $user->user_data['id'], 'int'); + $params[] = array(':auc_id', $custom_id, 'int'); + $params[] = array(':time_stamp', $system->ctime, 'int'); + $params[] = array(':finalval', $payment_amount, 'float'); + $params[] = array(':total', $payment_amount, 'float'); + $db->query($query, $params); break; } diff --git a/language/EN/messages.inc.php b/language/EN/messages.inc.php index 433a30d2..46f1c27e 100644 --- a/language/EN/messages.inc.php +++ b/language/EN/messages.inc.php @@ -166,7 +166,7 @@ $ERR_5002 = "You must select at least one statistic type (accesses, browsers & platforms, by country)"; $ERR_5014 = "Subject or message missing"; $ERR_5045 = "The reserve price cannot be less than the minimum bid"; -$ERR_5046 = "The buy now price cannot be less than the minimum bid and/or the reserve price"; +$ERR_5046 = "The buy now price must be greater than the minimum bid and/or the reserve price"; $ERR_25_0001 = "Please choose a sub-category"; $ERR_25_0002 = "

URL file-access is disabled on your server so WeBid is unable to run the version check

"; @@ -1164,6 +1164,17 @@ $MSG['1143'] = "Here you setup which payment gateways you want to allow users to use"; $MSG['1144'] = "Before you can set fees you need to of set up at least one method of payment. You can do this via payment gateways."; +// yourauctions pages +$MSG['1145'] = "

You have successfully deleted %s auction(s)

"; +$MSG['1146'] = "

You have successfully re-listed %s auction(s)

"; +$MSG['1147'] = "

You have successfully sold %s auction(s)

"; +$MSG['1148'] = "

A charge of %s has been made to your account

"; +$MSG['1149'] = "

You have successfully closed %s auction(s)

"; +$MSG['1150'] = "

You have successfully started %s auction(s)

"; + +// sell item page +$MSG['1151'] = "Auction fee"; + $MSG['5003'] = "Site Settings"; $MSG['5004'] = "Currencies Settings"; $MSG['5005'] = "General Layout Settings"; diff --git a/sell.php b/sell.php index 5511c07d..4b435862 100644 --- a/sell.php +++ b/sell.php @@ -684,8 +684,8 @@ 'MINTEXT' => ($atype == 2) ? $MSG['038'] : $MSG['020'], 'FEE_JS' => $fee_javascript, // auction details - 'AUC_TITLE' => htmlentities($title, ENT_COMPAT, $CHARSET), - 'AUC_SUBTITLE' => htmlentities($subtitle, ENT_COMPAT, $CHARSET), + 'AUC_TITLE' => $title, + 'AUC_SUBTITLE' => $subtitle, 'AUC_DESCRIPTION' => $CKEditor->editor('description', stripslashes($description)), 'ITEMQTY' => $iquantity, 'MIN_BID' => $system->print_money_nosymbol($minimum_bid, false), diff --git a/themes/admin/news.tpl b/themes/admin/news.tpl index 7aca5970..960dd4c1 100644 --- a/themes/admin/news.tpl +++ b/themes/admin/news.tpl @@ -10,7 +10,7 @@
{ERROR}
-
{NEWS_COUNT}{L_517} {L_518}
+
{NEWS_COUNT}{L_517}
@@ -28,6 +28,7 @@
{L_314}
+
{L_518}
diff --git a/themes/default/sell.tpl b/themes/default/sell.tpl index 682a0ed6..e7b04007 100644 --- a/themes/default/sell.tpl +++ b/themes/default/sell.tpl @@ -499,7 +499,7 @@ $(document).ready(function(){ - + diff --git a/themes/default/style.css b/themes/default/style.css index f24a755b..3466ed8f 100644 --- a/themes/default/style.css +++ b/themes/default/style.css @@ -68,7 +68,7 @@ td { } .padding { - margin: 15px; + margin: 15px 15px 15px 30px; } .padtb { @@ -278,6 +278,12 @@ a:hover { background: #FFF6BF url(img/error.png) no-repeat 3px; } +.success-box { + color: #62B548; + border-bottom: 1px solid #D0F1A6; + background: #E5F8CE url(images/accept.png) no-repeat 3px; +} + .info-box, .error-box, .warning-box, .success-box { padding: 4px 0 4px 22px; margin: 3px 0; @@ -297,4 +303,8 @@ a:hover { .grayfont { color: #dcdcdc; +} + +.content { + margin-bottom:25px; } \ No newline at end of file diff --git a/themes/default/user_login.tpl b/themes/default/user_login.tpl index 8e3fffc7..89225c32 100644 --- a/themes/default/user_login.tpl +++ b/themes/default/user_login.tpl @@ -9,7 +9,7 @@
-
diff --git a/themes/admin/style.css b/themes/admin/style.css index a798f137..0b926cc3 100644 --- a/themes/admin/style.css +++ b/themes/admin/style.css @@ -157,7 +157,7 @@ img { border:none; } -input, textarea, select { +input, textarea, select, .button { border: 2px solid #CCCCCC; padding: 4px; background: #F7F7F7; @@ -246,6 +246,7 @@ ul.menu li { .plain-box { background-color: #FFFFFF; border-bottom: 1px solid #F4F4F4; + margin-left: 15px; } .info-box { @@ -276,4 +277,9 @@ ul.menu li { padding: 4px 0 4px 22px; margin: 3px 0; font-size: 1.1em; +} + +.button { + display: inline-block; + height: 20px; } \ No newline at end of file diff --git a/themes/default/invoices.tpl b/themes/default/invoices.tpl index 1f4ff69f..16665fd6 100644 --- a/themes/default/invoices.tpl +++ b/themes/default/invoices.tpl @@ -16,7 +16,7 @@ {topay.INFO} {topay.TOTAL} - {L_898}
{L_1058} + {L_898}
{L_1058}
- {L_263} + {L_1151} @@ -619,7 +619,7 @@ $(document).ready(function(){
{L_263} {L_1151} {FEE}
+

{L_862}

diff --git a/themes/default/yourauctions.tpl b/themes/default/yourauctions.tpl index 33d5e6c4..90bb2d6e 100644 --- a/themes/default/yourauctions.tpl +++ b/themes/default/yourauctions.tpl @@ -23,20 +23,17 @@ $(document).ready(function() { }); }); + +
{USER_MESSAGE}
+
- - - - -
-
-
{L_25_0115}
-
{L_204}
-
{L_2__0056}
-
{L_25_0119}
-
-
+
+
{L_25_0115}
+
{L_204}
+
{L_2__0056}
+
{L_25_0119}
+
diff --git a/themes/default/yourauctions_c.tpl b/themes/default/yourauctions_c.tpl index 2da68ae7..36b927cc 100644 --- a/themes/default/yourauctions_c.tpl +++ b/themes/default/yourauctions_c.tpl @@ -34,26 +34,20 @@ $(document).ready(function() { }); }); - - - - - - - -
-
-
{L_25_0115}
-
{L_619}
-
{L_2__0056}
-
{L_25_0119}
-
- 		+ +
{USER_MESSAGE}
+ - {L_437}: {RELIST_FEE} - {L_189}: 0.00 +
{L_437}: {RELIST_FEE} - {L_189}: 0.00
-
- + + +
+
{L_25_0115}
+
{L_619}
+
{L_2__0056}
+
{L_25_0119}
+
diff --git a/themes/default/yourauctions_p.tpl b/themes/default/yourauctions_p.tpl index 2d07cb19..57448628 100644 --- a/themes/default/yourauctions_p.tpl +++ b/themes/default/yourauctions_p.tpl @@ -23,21 +23,18 @@ $(document).ready(function() { }); }); + +
{USER_MESSAGE}
+ - - - - -
-
-
{L_619}
-
{L_204}
-
{L_2__0056}
-
{L_25_0119}
-
-
- +
+
{L_619}
+
{L_204}
+
{L_2__0056}
+
{L_25_0119}
+
+
{L_624} diff --git a/themes/default/yourauctions_s.tpl b/themes/default/yourauctions_s.tpl index 752169b9..4afbadc3 100644 --- a/themes/default/yourauctions_s.tpl +++ b/themes/default/yourauctions_s.tpl @@ -17,20 +17,17 @@ $(document).ready(function() { }); }); + +
{USER_MESSAGE}
+ - - - - -
-
-
{L_25_0115}
-
{L_619}
-
{L_204}
-
{L_25_0119}
-
-
+
+
{L_25_0115}
+
{L_619}
+
{L_204}
+
{L_25_0119}
+
diff --git a/themes/default/yourauctions_sold.tpl b/themes/default/yourauctions_sold.tpl index e671d588..a6cfee58 100644 --- a/themes/default/yourauctions_sold.tpl +++ b/themes/default/yourauctions_sold.tpl @@ -19,18 +19,15 @@ $(document).ready(function() { }); - - - - -
-
-
{L_25_0115}
-
{L_619}
-
{L_204}
-
{L_2__0056}
-
-
+ +
{USER_MESSAGE}
+ +
+
{L_25_0115}
+
{L_619}
+
{L_204}
+
{L_2__0056}
+
diff --git a/yourauctions.php b/yourauctions.php index b8eeaa83..2dfafdd5 100644 --- a/yourauctions.php +++ b/yourauctions.php @@ -24,6 +24,8 @@ $NOW = time(); $NOWB = date('Ymd'); +$user_message = ''; + // DELETE OR CLOSE OPEN AUCTIONS if (isset($_POST['action']) && $_POST['action'] == 'delopenauctions') { @@ -65,9 +67,10 @@ $params = array(); $params[] = array(':removed', $removed, 'int'); $db->query($query, $params); + $user_message .= sprintf($MSG['1145'], count($_POST['O_delete'])); } - if (is_array($_POST['closenow'])) + if (is_array($_POST['closenow']) && count($_POST['closenow']) > 0) { foreach ($_POST['closenow'] as $k => $v) { @@ -79,6 +82,7 @@ $db->query($query, $params); } include 'cron.php'; + $user_message .= sprintf($MSG['1149'], count($_POST['closenow'])); } } // Retrieve active auctions from the database @@ -208,6 +212,7 @@ 'ORDERCOL' => $_SESSION['oa_ord'], 'ORDERNEXT' => $_SESSION['oa_nexttype'], 'ORDERTYPEIMG' => $_SESSION['oa_type_img'], + 'USER_MESSAGE' => $user_message, 'PREV' => ($PAGES > 1 && $PAGE > 1) ? '' . $MSG['5119'] . '  ' : '', 'NEXT' => ($PAGE < $PAGES) ? '' . $MSG['5120'] . '' : '', diff --git a/yourauctions_c.php b/yourauctions_c.php index 6950125e..d9cc06cc 100644 --- a/yourauctions_c.php +++ b/yourauctions_c.php @@ -26,6 +26,7 @@ $NOW = time(); $NOWB = date('Ymd'); $catscontrol = new MPTTcategories(); +$user_message = ''; $query = "SELECT value FROM " . $DBPrefix . "fees WHERE type = 'relist_fee'"; $db->direct_query($query); @@ -35,7 +36,7 @@ if (isset($_POST['action']) && $_POST['action'] == 'update') { // Delete auction - if (is_array($_POST['delete'])) + if (is_array($_POST['delete']) && count($_POST['delete']) > 0) { foreach ($_POST['delete'] as $k => $v) { @@ -77,8 +78,9 @@ $params[] = array(':auc_id', $v, 'int'); $db->query($query, $params); } + $user_message .= sprintf($MSG['1145'], count($_POST['delete'])); } - if (is_array($_POST['sell'])) + if (is_array($_POST['sell']) && count($_POST['sell']) > 0) { foreach ($_POST['sell'] as $v) { @@ -88,9 +90,10 @@ $db->query($query, $params); } include 'cron.php'; + $user_message .= sprintf($MSG['1147'], count($_POST['sell'])); } // Re-list auctions - if (is_array($_POST['relist'])) + if (is_array($_POST['relist']) && count($_POST['relist']) > 0) { foreach ($_POST['relist'] as $k) { @@ -183,6 +186,11 @@ exit; } } + $user_message .= sprintf($MSG['1146'], count($_POST['relist'])); + if ($relist_fee > 0) + { + $user_message .= sprintf($MSG['1148'], $system->print_money((count($_POST['relist']) * $relist_fee), true, false)); + } } } @@ -318,6 +326,7 @@ 'ORDERTYPEIMG' => $_SESSION['ca_type_img'], 'RELIST_FEE' => $system->print_money($relist_fee), 'RELIST_FEE_NO' => $system->print_money_nosymbol($relist_fee), + 'USER_MESSAGE' => $user_message, 'PREV' => ($PAGES > 1 && $PAGE > 1) ? '' . $MSG['5119'] . '  ' : '', 'NEXT' => ($PAGE < $PAGES) ? '' . $MSG['5120'] . '' : '', diff --git a/yourauctions_p.php b/yourauctions_p.php index ef1b347a..6edec689 100644 --- a/yourauctions_p.php +++ b/yourauctions_p.php @@ -25,6 +25,8 @@ exit; } +$user_message = ''; + // DELETE OR CLOSE OPEN AUCTIONS if (isset($_POST['action']) && $_POST['action'] == 'delopenauctions') { @@ -64,9 +66,10 @@ $params = array(); $params[] = array(':removed', $removed, 'int'); $db->query($query, $params); + $user_message .= sprintf($MSG['1145'], count($_POST['O_delete'])); } - if (is_array($_POST['startnow'])) + if (is_array($_POST['startnow']) && count($_POST['startnow']) > 0) { foreach ($_POST['startnow'] as $k => $v) { @@ -87,6 +90,7 @@ $params[] = array(':auc_id', $v, 'int'); $db->query($query, $params); } + $user_message .= sprintf($MSG['1150'], count($_POST['closenow'])); } } // Retrieve active auctions from the database @@ -188,6 +192,7 @@ 'ORDERCOL' => $_SESSION['pa_ord'], 'ORDERNEXT' => $_SESSION['pa_nexttype'], 'ORDERTYPEIMG' => $_SESSION['pa_type_img'], + 'USER_MESSAGE' => $user_message, 'PREV' => ($PAGES > 1 && $PAGE > 1) ? '' . $MSG['5119'] . '  ' : '', 'NEXT' => ($PAGE < $PAGES) ? '' . $MSG['5120'] . '' : '', diff --git a/yourauctions_s.php b/yourauctions_s.php index 0aba007c..8707feaf 100644 --- a/yourauctions_s.php +++ b/yourauctions_s.php @@ -16,6 +16,7 @@ $NOW = time(); $NOWB = date('Ymd'); +$user_message = ''; // If user is not logged in redirect to login page if (!$user->is_logged_in()) @@ -60,6 +61,7 @@ $params = array(); $params[] = array(':removed', $removed, 'int'); $db->query($query, $params); + $user_message .= sprintf($MSG['1145'], count($_POST['O_delete'])); } } @@ -164,6 +166,7 @@ 'ORDERCOL' => $_SESSION['sa_ord'], 'ORDERNEXT' => $_SESSION['sa_nexttype'], 'ORDERTYPEIMG' => $_SESSION['sa_type_img'], + 'USER_MESSAGE' => $user_message, 'PREV' => ($PAGES > 1 && $PAGE > 1) ? '' . $MSG['5119'] . '  ' : '', 'NEXT' => ($PAGE < $PAGES) ? '' . $MSG['5120'] . '' : '', diff --git a/yourauctions_sold.php b/yourauctions_sold.php index 5fa06537..8a1239e2 100644 --- a/yourauctions_sold.php +++ b/yourauctions_sold.php @@ -24,6 +24,7 @@ $NOW = time(); $NOWB = date('Ymd'); +$user_message = ''; $query = "SELECT value FROM " . $DBPrefix . "fees WHERE type = 'relist_fee'"; $db->direct_query($query); @@ -126,6 +127,11 @@ exit; } } + $user_message .= sprintf($MSG['1146'], count($_POST['relist'])); + if ($relist_fee > 0) + { + $user_message .= sprintf($MSG['1148'], $system->print_money((count($_POST['relist']) * $relist_fee), true, false)); + } } } @@ -236,6 +242,7 @@ 'ORDERCOL' => $_SESSION['solda_ord'], 'ORDERNEXT' => $_SESSION['solda_nexttype'], 'ORDERTYPEIMG' => $_SESSION['solda_type_img'], + 'USER_MESSAGE' => $user_message, 'PREV' => ($PAGES > 1 && $PAGE > 1) ? '' . $MSG['5119'] . '  ' : '', 'NEXT' => ($PAGE < $PAGES) ? '' . $MSG['5120'] . '' : '',