diff --git a/admin/boards.php b/admin/boards.php index ec0cc5e3..133c3d72 100644 --- a/admin/boards.php +++ b/admin/boards.php @@ -25,20 +25,20 @@ { foreach ($_POST['delete'] as $k => $v) { - $v = intval($v); - $query = "DELETE FROM " . $DBPrefix . "community WHERE id = " . $v; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); - $query = "DELETE FROM " . $DBPrefix . "comm_messages WHERE boardid = " . $v; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + $query = "DELETE FROM " . $DBPrefix . "community WHERE id = :id"; + $params = array(array(':id', $v, 'int')); + $db->query($query, $params); + $query = "DELETE FROM " . $DBPrefix . "comm_messages WHERE boardid = :id"; + $params = array(array(':id', $v, 'int')); + $db->query($query, $params); } $ERR = $MSG['5044']; } // get list of boards $query = "SELECT * FROM " . $DBPrefix . "community ORDER BY name"; -$res = mysql_query($query); -$system->check_mysql($res, $query, __LINE__, __FILE__); -while ($row = mysql_fetch_array($res)) +$db->direct_query($query); +while ($row = $db->result()) { $template->assign_block_vars('boards', array( 'ID' => $row['id'], diff --git a/admin/buyitnow.php b/admin/buyitnow.php index a4159709..cfcde854 100644 --- a/admin/buyitnow.php +++ b/admin/buyitnow.php @@ -27,14 +27,19 @@ if ($bn_only_percent > $system->SETTINGS['bn_only_percent']) { $query = "UPDATE " . $DBPrefix . "users SET bn_only = 'y' WHERE id = bn_only = 'n'"; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + $db->direct_query($query); } $query = "UPDATE " . $DBPrefix . "settings SET - buy_now = " . intval($_POST['buy_now']) . ", - bn_only = '" . $_POST['bn_only'] . "', - bn_only_disable = '" . $_POST['bn_only_disable'] . "', - bn_only_percent = " . $bn_only_percent; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + buy_now = :buy_now, + bn_only = :bn_only, + bn_only_disable = :disable, + bn_only_percent = :percent"; + $params = array(); + $params[] = array(':buy_now', $_POST['buy_now'], 'int'); + $params[] = array(':bn_only', $_POST['bn_only'], 'str'); + $params[] = array(':disable', $_POST['bn_only_disable'], 'str'); + $params[] = array(':percent', $bn_only_percent, 'str'); + $db->query($query, $params); $system->SETTINGS['buy_now'] = $_POST['buy_now']; $system->SETTINGS['bn_only'] = $_POST['bn_only']; $system->SETTINGS['bn_only_disable'] = $_POST['bn_only_disable']; diff --git a/admin/viewaccessstats.php b/admin/viewaccessstats.php index b0ef0ebd..b11228e6 100644 --- a/admin/viewaccessstats.php +++ b/admin/viewaccessstats.php @@ -47,7 +47,7 @@ } else { - $month = date('m'); + $month = date('n'); $year = date('Y'); $query = "SELECT * FROM " . $DBPrefix . "currentaccesses WHERE month = :month AND year = :year ORDER BY LENGTH(day), day ASC"; $params[] = array(':month', $month, 'int'); diff --git a/admin/viewbrowserstats.php b/admin/viewbrowserstats.php index 44c1a5e8..61da31c1 100644 --- a/admin/viewbrowserstats.php +++ b/admin/viewbrowserstats.php @@ -28,7 +28,7 @@ $MAX = 0; $TOTAL = 0; $BROWSERS = array(); -while ($row = fetch()) +while ($row = $db->fetch()) { $BROWSERS[$row['browser']] = $row['counter']; $TOTAL = $TOTAL + $row['counter']; diff --git a/browse.php b/browse.php index 1e51d72b..194200d1 100644 --- a/browse.php +++ b/browse.php @@ -72,8 +72,8 @@ else { // Retrieve the translated category name - $par_id = $category['parent_id']; - $current_cat_name = $category_names[$par_id]; + $cat_id = $category['cat_id']; + $current_cat_name = $category_names[$cat_id]; $TPL_categories_string = ''; $crumbs = $catscontrol->get_bread_crumbs($category['left_id'], $category['right_id']); for ($i = 0; $i < count($crumbs); $i++) diff --git a/buy_now.php b/buy_now.php index d83bb2d0..80dad002 100644 --- a/buy_now.php +++ b/buy_now.php @@ -151,7 +151,7 @@ { $ERR = $ERR_711; } - // check qty + // check auction still has items left to buy if (isset($qty) && $qty > $Auction['quantity']) { $ERR = $ERR_608; diff --git a/cron.php b/cron.php index f2c44e1d..8d01e6da 100644 --- a/cron.php +++ b/cron.php @@ -108,6 +108,7 @@ // send email to seller - to notify him // create a "report" to seller depending of what kind auction is $atype = intval($Auction['auction_type']); + // Standard auction if ($atype == 1) { if ($num_bids > 0 && ($Auction['current_bid'] >= $Auction['reserve_price'] || $Auction['sold'] == 's')) @@ -118,7 +119,6 @@ $winner_present = true; } - // Standard auction if ($winner_present) { $report_text = $Winner['nick'] . "\n"; @@ -139,8 +139,9 @@ } // Add winner's data to "winners" table - $query = "INSERT INTO " . $DBPrefix . "winners VALUES - (NULL, :auc_id, :seller_id, :winner_id, :current_bid, :time, 0, 0, 1, 0, :bf_paid, :ff_paid)"; + $query = "INSERT INTO " . $DBPrefix . "winners + (auction, seller, winner, bid, closingdate, feedback_win, feedback_sel, qty, paid, bf_paid, ff_paid, shipped) VALUES + (:auc_id, :seller_id, :winner_id, :current_bid, :time, 0, 0, 1, 0, :bf_paid, :ff_paid, 0)"; $params = array(); $params[] = array(':auc_id', $Auction['id'], 'int'); $params[] = array(':seller_id', $Seller['id'], 'int'); @@ -156,9 +157,9 @@ $report_text = $MSG['429']; } } - else + // Dutch Auction + elseif ($atype == 2) { - // Dutch Auction // find out winners sorted by bid $query = "SELECT *, MAX(bid) AS maxbid FROM " . $DBPrefix . "bids WHERE auction = :auc_id GROUP BY bidder @@ -220,8 +221,9 @@ } // Add winner's data to "winners" table - $query = "INSERT INTO " . $DBPrefix . "winners VALUES - (NULL, :auc_id, :seller_id, :winner_id, :current_bid, :time, 0, 0, :items_got, 0, :bf_paid, :ff_paid)"; + $query = "INSERT INTO " . $DBPrefix . "winners + (auction, seller, winner, bid, closingdate, feedback_win, feedback_sel, qty, paid, bf_paid, ff_paid, shipped) VALUES + (:auc_id, :seller_id, :winner_id, :current_bid, :time, 0, 0, :items_got, 0, :bf_paid, :ff_paid, 0)"; $params = array(); $params[] = array(':auc_id', $Auction['id'], 'int'); $params[] = array(':seller_id', $Seller['id'], 'int'); diff --git a/docs/changes.txt b/docs/changes.txt index 68ccc041..145eed44 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -10,5 +10,10 @@ - Fixed shipping fee not being added to cost of item (Bug #454) - Fixed link in pay.php to contact seller (Bug #445) (Thanks pani100) - Fixed admin invoices view +- Fixed browse categories header name +- Added admin warnings for if fees are not set up correctly +- Added confirmation notices when you do an action in user control panel +- Moved the add new news button in admin so its visable +- Fixed buy it now not setting an auction to close if all item have been purchased for older changes check out http://www.webidsupport.com/wiki/Change_Log \ No newline at end of file diff --git a/inc/captcha/securimage.php b/inc/captcha/securimage.php index 6a9bfa62..9860bd89 100644 --- a/inc/captcha/securimage.php +++ b/inc/captcha/securimage.php @@ -86,7 +86,7 @@ class Securimage { * * @var int */ - var $image_width = 175; + var $image_width = 250; /** * The desired width of the CAPTCHA image. diff --git a/includes/class_MPTTcategories.php b/includes/class_MPTTcategories.php index 1cb47cc2..8c9e1143 100644 --- a/includes/class_MPTTcategories.php +++ b/includes/class_MPTTcategories.php @@ -484,7 +484,7 @@ function build_sql($data) } else { - $data[$k] = '`' . $k . '` = \'' . mysql_real_escape_string($v) . '\''; + $data[$k] = '`' . $k . '` = \'' . $v . '\''; } } return implode(', ', $data); diff --git a/includes/class_fees.php b/includes/class_fees.php index 2c2ceada..8cd319fd 100644 --- a/includes/class_fees.php +++ b/includes/class_fees.php @@ -28,12 +28,11 @@ function fees() function get_fee_types() { - global $system, $DBPrefix; + global $system, $DBPrefix, $db; $query = "SELECT type FROM " . $DBPrefix . "fees GROUP BY type"; - $res = mysql_query($query); - $system->check_mysql($res, $query, __LINE__, __FILE__); + $db->direct_query($query); $fee_types = array(); - while ($row = mysql_fetch_assoc($res)) + while ($row = $db->result()) { $fee_types[] = $row; } @@ -42,12 +41,19 @@ function get_fee_types() function add_to_account($text, $type, $amount) { - global $system, $DBPrefix, $user; + global $system, $DBPrefix, $user, $db; $date_values = date('z|W|m|Y'); $date_values = explode('|', $date_values); - $query = "INSERT INTO " . $DBPrefix . "accounts VALUES (NULL, '" . $user->user_data['nick'] . "', '" . $user->user_data['name'] . "', '" . $text . "', '" . $type . "', " . time() . ", '" . $amount . "', " . $date_values[0] . ", " . $date_values[1] . ", " . $date_values[2] . ", " . $date_values[3] . ")"; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + $query = "INSERT INTO " . $DBPrefix . "accounts VALUES (NULL, :user_nick, :user_name, :user_text, :user_type, :user_time, :user_amount, " . $date_values[0] . ", " . $date_values[1] . ", " . $date_values[2] . ", " . $date_values[3] . ")"; + $params = array(); + $params[] = array(':user_nick', $user->user_data['nick'], 'str'); + $params[] = array(':user_name', $user->user_data['name'], 'str'); + $params[] = array(':user_text', $text, 'str'); + $params[] = array(':user_type', $type, 'str'); + $params[] = array(':user_time', time(), 'int'); + $params[] = array(':user_amount', $amount, 'int'); + $db->query($query, $params); } function hmac($key, $data) @@ -75,7 +81,8 @@ function paypal_validate() { global $system; - $sandbox = false; // set to true to enabled sandbox mode + $sandbox = ($system->SETTINGS['paypal_sandbox'] == 'y') ? true : false; + $https = ($system->SETTINGS['https'] == 'y') ? true : false; // we ensure that the txn_id (transaction ID) contains only ASCII chars... $pos = strspn($this->data['txn_id'], $this->ASCII_RANGE); $len = strlen($this->data['txn_id']); @@ -114,7 +121,7 @@ function paypal_validate() if (!$sandbox) { - if (!empty($system->SETTINGS['https_url'])) + if ($https == true) { // connect via SSL $fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30); @@ -127,7 +134,7 @@ function paypal_validate() } else { - if (!empty($system->SETTINGS['https_url'])) + if ($https == true) { // connect via SSL $fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30); @@ -170,6 +177,9 @@ function paypal_validate() else if (strcmp ($resl, 'INVALID') == 0) { // payment failed + $redirect_url = $system->SETTINGS['siteurl'] . 'validate.php?fail'; + header('location: '. $redirect_url); + exit; } } fclose ($fp); @@ -220,7 +230,7 @@ function worldpay_validate() exit; } - function moneybookers_validate() + function moneybookers_validate() // now called skrill { global $system; @@ -266,7 +276,7 @@ function toocheckout_validate() function callback_process($custom_id, $fee_type, $payment_amount, $currency = NULL) { - global $system, $DBPrefix; + global $system, $DBPrefix, $db; switch ($fee_type) { @@ -274,57 +284,86 @@ function callback_process($custom_id, $fee_type, $payment_amount, $currency = NU $addquery = ''; if ($system->SETTINGS['fee_disable_acc'] == 'y') { - $query = "SELECT suspended, balance FROM " . $DBPrefix . "users WHERE id = " . $custom_id; - $res = mysql_query($query); - $system->check_mysql($res, $query, __LINE__, __FILE__); - $data = mysql_fetch_assoc($res); + $query = "SELECT suspended, balance FROM " . $DBPrefix . "users WHERE id = :custom_id"; + $params = array(); + $params[] = array(':custom_id', $custom_id, 'int'); + $db->query($query, $params); + $data = $db->result(); // reable user account if it was disabled if ($data['suspended'] == 7 && ($data['balance'] + $payment_amount) >= 0) { $addquery = ', suspended = 0 '; } } - $query = "UPDATE " . $DBPrefix . "users SET balance = balance + " . $payment_amount . $addquery . " WHERE id = " . $custom_id; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + $query = "UPDATE " . $DBPrefix . "users SET balance = balance + :payment" . $addquery . " WHERE id = :user_id"; + $params[] = array(':payment', $payment_amount, 'float'); + $params[] = array(':user_id', $custom_id, 'int'); + $db->query($query, $params); // add invoice $query = "INSERT INTO " . $DBPrefix . "useraccounts (user_id, date, balance, total, paid) VALUES - (" . $custom_id . ", " . time() . ", " . $payment_amount . ", " . $payment_amount . ", 1)"; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + (:user_id, :time_stamp, :payment, :extra_payment, 1)"; + $params = array(); + $params[] = array(':user_id', $custom_id, 'int'); + $params[] = array(':time_stamp', time(), 'int'); + $params[] = array(':payment', $payment_amount, 'float'); + $params[] = array(':extra_payment', $payment_amount, 'float'); + $db->query($query, $params); break; case 2: // pay for an item - $query = "UPDATE " . $DBPrefix . "winners SET paid = 1 WHERE id = " . $custom_id; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + $query = "UPDATE " . $DBPrefix . "winners SET paid = 1 WHERE id = :custom_id"; + $params = array(); + $params[] = array(':custom_id', $custom_id, 'int'); + $db->query($query, $params); break; case 3: // pay signup fee (live mode) - $query = "UPDATE " . $DBPrefix . "users SET suspended = 0 WHERE id = " . $custom_id; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + $query = "UPDATE " . $DBPrefix . "users SET suspended = 0 WHERE id = :custom_id"; + $params = array(); + $params[] = array(':custom_id', $custom_id, 'int'); + $db->query($query, $params); // add invoice $query = "INSERT INTO " . $DBPrefix . "useraccounts (user_id, date, signup, total, paid) VALUES - (" . $custom_id . ", " . time() . ", " . $payment_amount . ", " . $payment_amount . ", 1)"; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + (:get_id, :time_stamp, :payment, :extra_payment, 1)"; + $params = array(); + $params[] = array(':get_id', $custom_id, 'int'); + $params[] = array(':time_stamp', time(), 'int'); + $params[] = array(':payment', $payment_amount, 'float'); + $params[] = array(':extra_payment', $payment_amount, 'float'); + $db->query($query, $params); break; case 4: // pay auction fee (live mode) global $user, $MSG; $catscontrol = new MPTTcategories(); - $query = "SELECT auc_id FROM " . $DBPrefix . "useraccounts WHERE useracc_id = " . $custom_id; - $res = mysql_query($query); - $system->check_mysql($res, $query, __LINE__, __FILE__); - $auc_id = mysql_result($res, 0, 'auc_id'); - $query = "UPDATE " . $DBPrefix . "auctions SET suspended = 0 WHERE id = " . $auc_id; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); - $query = "UPDATE " . $DBPrefix . "useraccounts SET paid = 1 WHERE auc_id = " . $auc_id . " AND setup > 0"; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + $query = "SELECT auc_id FROM " . $DBPrefix . "useraccounts WHERE useracc_id = :useracc_id"; + $params = array(); + $params[] = array(':useracc_id', $custom_id, 'int'); + $db->query($query, $params); + $auc_id = $db->result('auc_id'); + + $query = "UPDATE " . $DBPrefix . "auctions SET suspended = 0 WHERE id = :auc_id"; + $params = array(); + $params[] = array(':auc_id', $auc_id, 'int'); + $db->query($query, $params); + + $query = "UPDATE " . $DBPrefix . "useraccounts SET paid = 1 WHERE auc_id = :auc_id AND setup > 0"; + $params = array(); + $params[] = array(':auc_id', $auc_id, 'int'); + $db->query($query, $params); + $query = "UPDATE " . $DBPrefix . "counters SET auctions = auctions + 1"; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); - $query = "UPDATE " . $DBPrefix . "useraccounts SET paid = 1 WHERE useracc_id = " . $custom_id; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + $db->direct_query($query); + + $query = "UPDATE " . $DBPrefix . "useraccounts SET paid = 1 WHERE useracc_id = :custom_id"; + $params = array(); + $params[] = array(':custom_id', $custom_id, 'int'); + $db->query($query, $params); $query = "SELECT category, title, minimum_bid, pict_url, buy_now, reserve_price, auction_type, ends - FROM " . $DBPrefix . "auctions WHERE id = " . $auc_id; - $res = mysql_query($query); - $system->check_mysql($res, $query, __LINE__, __FILE__); - $auc_data = mysql_fetch_assoc($res); + FROM " . $DBPrefix . "auctions WHERE id = :auc_id"; + $params = array(); + $params[] = array(':auc_id', $auc_id, 'int'); + $db->query($query, $params); + $auc_data = $db->result(); // auction data $auction_id = $auc_id; @@ -342,45 +381,82 @@ function callback_process($custom_id, $fee_type, $payment_amount, $currency = NU } // update recursive categories - $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = " . $auc_data['category']; - $res = mysql_query($query); - $system->check_mysql($res, $query, __LINE__, __FILE__); - $parent_node = mysql_fetch_assoc($res); + $query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = :cat_id"; + $params = array(); + $params[] = array(':cat_id', $auc_data['category'], 'int'); + $db->query($query, $params); + $parent_node = $db->result(); $crumbs = $catscontrol->get_bread_crumbs($parent_node['left_id'], $parent_node['right_id']); for ($i = 0; $i < count($crumbs); $i++) { - $query = "UPDATE " . $DBPrefix . "categories SET sub_counter = sub_counter + 1 WHERE cat_id = " . $crumbs[$i]['cat_id']; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + $query = "UPDATE " . $DBPrefix . "categories SET sub_counter = sub_counter + 1 WHERE cat_id = :cat_id"; + $params = array(); + $params[] = array(':cat_id', $crumbs[$i]['cat_id'], 'int'); + $db->query($query, $params); } break; case 5: // pay relist fee (live mode) - $query = "UPDATE " . $DBPrefix . "auctions SET suspended = 0 WHERE id = " . $custom_id; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + $query = "UPDATE " . $DBPrefix . "auctions SET suspended = 0 WHERE id = :custom_id"; + $params = array(); + $params[] = array(':custom_id', $custom_id, 'int'); + $db->query($query, $params); // add invoice $query = "INSERT INTO " . $DBPrefix . "useraccounts (user_id, auc_id, date, relist, total, paid) VALUES - (" . $custom_id . ", " . $custom_id . ", " . time() . ", " . $payment_amount . ", " . $payment_amount . ", 1)"; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + (:user_id, :auc_id, :date, :relist, :total, 1)"; + $params = array(); + $params[] = array(':user_id', $custom_id, 'int'); + $params[] = array(':auc_id', $custom_id, 'int'); + $params[] = array(':date', time(), 'int'); + $params[] = array(':relist', $payment_amount, 'float'); + $params[] = array(':total', $payment_amount, 'float'); + $db->query($query, $params); break; case 6: // pay buyer fee (live mode) - $query = "UPDATE " . $DBPrefix . "winners SET bf_paid = 1 WHERE bf_paid = 0 AND auction = " . $custom_id . " AND winner = " . $user->user_data['id']; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); - $query = "UPDATE " . $DBPrefix . "users SET suspended = 0 WHERE id = " . $user->user_data['id']; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + $query = "UPDATE " . $DBPrefix . "winners SET bf_paid = 1 WHERE bf_paid = 0 AND auction = :auction_id AND winner = :winner_id"; + $params = array(); + $params[] = array(':auction_id', $custom_id, 'int'); + $params[] = array(':winner_id', $user->user_data['id'], 'int'); + $db->query($query, $params); + + $query = "UPDATE " . $DBPrefix . "users SET suspended = 0 WHERE id = :user_id"; + $params = array(); + $params[] = array(':user_id', $user->user_data['id'], 'int'); + $db->query($query, $params); + // add invoice $query = "INSERT INTO " . $DBPrefix . "useraccounts (user_id, auc_id, date, buyer, total, paid) VALUES - (" . $user->user_data['id'] . ", " . $custom_id . ", " . time() . ", " . $payment_amount . ", " . $payment_amount . ", 1)"; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + (:user_id, :auc_id, :time_stamp, :buyer, :total, 1)"; + $params = array(); + $params[] = array(':user_id', $user->user_data['id'], 'int'); + $params[] = array(':auc_id', $custom_id, 'int'); + $params[] = array(':time_stamp', time(), 'int'); + $params[] = array(':buyer', $payment_amount, 'float'); + $params[] = array(':total', $payment_amount, 'float'); + $db->query($query, $params); break; case 7: // pay final value fee (live mode) - $query = "UPDATE " . $DBPrefix . "winners SET ff_paid = 1 WHERE ff_paid = 0 AND auction = " . $custom_id . " AND seller = " . $user->user_data['id']; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); - $query = "UPDATE " . $DBPrefix . "users SET suspended = 0 WHERE id = " . $user->user_data['id']; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + $query = "UPDATE " . $DBPrefix . "winners SET ff_paid = 1 WHERE ff_paid = 0 AND auction = :auction_id AND seller = :user_id"; + $params = array(); + $params[] = array(':auction_id', $custom_id, 'int'); + $params[] = array(':user_id', $user->user_data['id'], 'int'); + $db->query($query, $params); + + $query = "UPDATE " . $DBPrefix . "users SET suspended = 0 WHERE id = :user_id"; + $params = array(); + $params[] = array(':user_id', $user->user_data['id'], 'int'); + $db->query($query, $params); + // add invoice $query = "INSERT INTO " . $DBPrefix . "useraccounts (user_id, auc_id, date, finalval, total, paid) VALUES - (" . $user->user_data['id'] . ", " . $custom_id . ", " . time() . ", " . $payment_amount . ", " . $payment_amount . ", 1)"; - $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); + (:user_id, :auc_id, :time_stamp, :finalval, :total, 1)"; + $params = array(); + $params[] = array(':user_id', $user->user_data['id'], 'int'); + $params[] = array(':auc_id', $custom_id, 'int'); + $params[] = array(':time_stamp', $system->ctime, 'int'); + $params[] = array(':finalval', $payment_amount, 'float'); + $params[] = array(':total', $payment_amount, 'float'); + $db->query($query, $params); break; } diff --git a/language/EN/messages.inc.php b/language/EN/messages.inc.php index 433a30d2..46f1c27e 100644 --- a/language/EN/messages.inc.php +++ b/language/EN/messages.inc.php @@ -166,7 +166,7 @@ $ERR_5002 = "You must select at least one statistic type (accesses, browsers & platforms, by country)"; $ERR_5014 = "Subject or message missing"; $ERR_5045 = "The reserve price cannot be less than the minimum bid"; -$ERR_5046 = "The buy now price cannot be less than the minimum bid and/or the reserve price"; +$ERR_5046 = "The buy now price must be greater than the minimum bid and/or the reserve price"; $ERR_25_0001 = "Please choose a sub-category"; $ERR_25_0002 = "
URL file-access is disabled on your server so WeBid is unable to run the version check
"; @@ -1164,6 +1164,17 @@ $MSG['1143'] = "Here you setup which payment gateways you want to allow users to use"; $MSG['1144'] = "Before you can set fees you need to of set up at least one method of payment. You can do this via payment gateways."; +// yourauctions pages +$MSG['1145'] = "You have successfully deleted %s auction(s)
"; +$MSG['1146'] = "You have successfully re-listed %s auction(s)
"; +$MSG['1147'] = "You have successfully sold %s auction(s)
"; +$MSG['1148'] = "A charge of %s has been made to your account
"; +$MSG['1149'] = "You have successfully closed %s auction(s)
"; +$MSG['1150'] = "You have successfully started %s auction(s)
"; + +// sell item page +$MSG['1151'] = "Auction fee"; + $MSG['5003'] = "Site Settings"; $MSG['5004'] = "Currencies Settings"; $MSG['5005'] = "General Layout Settings"; diff --git a/sell.php b/sell.php index 5511c07d..4b435862 100644 --- a/sell.php +++ b/sell.php @@ -684,8 +684,8 @@ 'MINTEXT' => ($atype == 2) ? $MSG['038'] : $MSG['020'], 'FEE_JS' => $fee_javascript, // auction details - 'AUC_TITLE' => htmlentities($title, ENT_COMPAT, $CHARSET), - 'AUC_SUBTITLE' => htmlentities($subtitle, ENT_COMPAT, $CHARSET), + 'AUC_TITLE' => $title, + 'AUC_SUBTITLE' => $subtitle, 'AUC_DESCRIPTION' => $CKEditor->editor('description', stripslashes($description)), 'ITEMQTY' => $iquantity, 'MIN_BID' => $system->print_money_nosymbol($minimum_bid, false), diff --git a/themes/admin/news.tpl b/themes/admin/news.tpl index 7aca5970..960dd4c1 100644 --- a/themes/admin/news.tpl +++ b/themes/admin/news.tpl @@ -10,7 +10,7 @@{L_314} | @@ -28,6 +28,7 @@
---|
diff --git a/themes/admin/style.css b/themes/admin/style.css index a798f137..0b926cc3 100644 --- a/themes/admin/style.css +++ b/themes/admin/style.css @@ -157,7 +157,7 @@ img { border:none; } -input, textarea, select { +input, textarea, select, .button { border: 2px solid #CCCCCC; padding: 4px; background: #F7F7F7; @@ -246,6 +246,7 @@ ul.menu li { .plain-box { background-color: #FFFFFF; border-bottom: 1px solid #F4F4F4; + margin-left: 15px; } .info-box { @@ -276,4 +277,9 @@ ul.menu li { padding: 4px 0 4px 22px; margin: 3px 0; font-size: 1.1em; +} + +.button { + display: inline-block; + height: 20px; } \ No newline at end of file diff --git a/themes/default/invoices.tpl b/themes/default/invoices.tpl index 1f4ff69f..16665fd6 100644 --- a/themes/default/invoices.tpl +++ b/themes/default/invoices.tpl @@ -16,7 +16,7 @@ | {topay.INFO} | {topay.TOTAL} |
- {L_898} {L_1058} + {L_898} {L_1058} |
- {L_263} + {L_1151} | @@ -619,7 +619,7 @@ $(document).ready(function(){ | ||
{L_263} | +{L_1151} | {FEE} |
{L_862}diff --git a/themes/default/yourauctions.tpl b/themes/default/yourauctions.tpl index 33d5e6c4..90bb2d6e 100644 --- a/themes/default/yourauctions.tpl +++ b/themes/default/yourauctions.tpl @@ -23,20 +23,17 @@ $(document).ready(function() { }); }); + +{USER_MESSAGE}
+
|