Bug fixes

bid.php

@@ -17,7 +17,8 @@
 
 $NOW = time();
 $id = intval($_REQUEST['id']);
-$bid = $_POST['bid'];
+// reformat bid to valid number
+$bid = round($system->input_money($_POST['bid']), 2);
 $qty = (isset($_POST['qty'])) ? intval($_POST['qty']) : 1;
 $bidder_id = $user->user_data['id'];
 $bidding_ended = false;
@@ -52,7 +53,7 @@
 
 function get_increment($val, $input_check = true)
 {
-	global $db, $DBPrefix;
+	global $db, $DBPrefix, $system;
 
 	if ($input_check)
 		$val = $system->input_money($val);
@@ -116,9 +117,6 @@ function extend_auction($id, $ends)
 	$errmsg = $ERR_058;
 }
 
-// reformat bid to valid number
-$bid = $system->input_money($bid);
-
 $Data = $db->result();
 $item_title = $system->uncleanvars($Data['title']);
 $item_id = $Data['id'];
@@ -291,7 +289,7 @@ function extend_auction($id, $ends)
 		}
 		if (!$bidding_ended && !isset($errmsg) && $system->SETTINGS['proxy_bidding'] == 'y')
 		{
-			$query = "SELECT * FROM " . $DBPrefix . "proxybid p, " . $DBPrefix . "users u WHERE itemid = :item_id AND p.userid = u.id and u.suspended = 0 ORDER by bid DESC";
+			$query = "SELECT p.userid, p.bid FROM " . $DBPrefix . "proxybid p, " . $DBPrefix . "users u WHERE itemid = :item_id AND p.userid = u.id and u.suspended = 0 ORDER by bid DESC LIMIT 1";
 			$params = array();
 			$params[] = array(':item_id', $id, 'int');
 			$db->query($query, $params);
@@ -328,8 +326,9 @@ function extend_auction($id, $ends)
 			}
 			else // This is not the first bid
 			{
-				$proxy_bidder_id = $db->result('userid');
-				$proxy_max_bid = $db->result('bid');
+				$proxy_bid_data = $db->result();
+				$proxy_bidder_id = $proxy_bid_data['userid'];
+				$proxy_max_bid = $proxy_bid_data['bid'];
 
 				if ($proxy_max_bid < $bid)
 				{
@@ -391,8 +390,9 @@ function extend_auction($id, $ends)
 					$params[] = array(':auc_id', $id, 'int');
 					$db->query($query, $params);
 				}
-				if ($proxy_max_bid == $bid)
+				elseif ($proxy_max_bid == $bid)
 				{
+					echo 0;
 					$cbid = $proxy_max_bid;
 					$errmsg = $MSG['701'];
 					// Update bids table
@@ -430,7 +430,7 @@ function extend_auction($id, $ends)
 					}
 					$next_bid = $cbid + $increment;
 				}
-				if ($proxy_max_bid > $bid)
+				elseif ($proxy_max_bid > $bid)
 				{
 					// Update bids table
 					$query = "INSERT INTO " . $DBPrefix . "bids VALUES (NULL, :auc_id, :bidder_id, :bid, :time, :qty)";

buy_now.php

@@ -172,6 +172,7 @@
 			// log auction BIN IP
 			$system->log('user', 'BIN on Item', $user->user_data['id'], $id);
 		}
+		echo $Auction['quantity'];
 		if ($Auction['quantity'] == 1)
 		{
 			$query = "UPDATE " . $DBPrefix . "auctions SET ends = :time, num_bids = num_bids + 1, current_bid = :buy_now WHERE id = :auc_id";
@@ -198,10 +199,11 @@
 			// force close if all items sold
 			if (($Auction['quantity'] - $qty) == 0)
 			{
-				$query = "UPDATE " . $DBPrefix . "auctions SET ends = :time WHERE id = :auc_id";
+				$query = "UPDATE " . $DBPrefix . "auctions SET ends = :time, current_bid = :current_bid, sold = 'y', num_bids = num_bids + 1, closed = 1 WHERE id = :auc_id";
 				$params = array();
 				$params[] = array(':time', $NOW, 'int');
 				$params[] = array(':auc_id', $id, 'int');
+				$params[] = array(':current_bid', $Auction['buy_now'], 'int');
 				$db->query($query, $params);
 			}
 			// do stuff that is important
@@ -310,8 +312,8 @@
 			}
 
 			$query = "INSERT INTO " . $DBPrefix . "winners
-					(auction, seller, winner, bid, closingdate, feedback_win, feedback_sel, qty, paid, bf_paid, ff_paid, shipped)VALUES
-					(\:auc_id, :seller_id, :winner_id, :buy_now, :time, 0, 0, :quantity, 0, :bf_paid, :ff_paid, 0)";
+					(auction, seller, winner, bid, closingdate, feedback_win, feedback_sel, qty, paid, bf_paid, ff_paid, shipped) VALUES
+					(:auc_id, :seller_id, :winner_id, :buy_now, :time, 0, 0, :quantity, 0, :bf_paid, :ff_paid, 0)";
 			$params = array();
 			$params[] = array(':auc_id', $id, 'int');
 			$params[] = array(':seller_id', $Auction['user'], 'int');

docs/changes.txt

@@ -15,5 +15,6 @@
 - Added confirmation notices when you do an action in user control panel
 - Moved the add new news button in admin so its visable
 - Fixed buy it now not setting an auction to close if all item have been purchased
+- Cleaned up outstanding page
 
 for older changes check out http://www.webidsupport.com/wiki/Change_Log

language/EN/messages.inc.php

@@ -1176,6 +1176,8 @@
 $MSG['1151'] = "Auction fee";
 $MSG['1152'] = "Free";
 
+$MSG['1153'] = 'Print Invoice';
+
 $MSG['5003'] = "Site Settings";
 $MSG['5004'] = "Currencies Settings";
 $MSG['5005'] = "General Layout Settings";

order_print.php

@@ -70,7 +70,7 @@
 	$data = $db->result();
 
 	// do you have permission to view this?
-	if (!$fromadmin && $data['seller_id'] != $user->user_data['id'])
+	if (!$fromadmin && $data['seller_id'] != $user->user_data['id'] && $data['winner'] != $user->user_data['id'])
 	{
 		invalidinvoice();
 	}

outstanding.php

@@ -41,7 +41,7 @@
 $TOTALAUCTIONS = $db->result('COUNT');
 $PAGES = ($TOTALAUCTIONS == 0) ? 1 : ceil($TOTALAUCTIONS / $system->SETTINGS['perpage']);
 
-$query = "SELECT w.id, w.winner, a.title, a.shipping_cost, w.bid, w.qty, a.shipping_cost_additional, a.shipping FROM " . $DBPrefix . "winners w
+$query = "SELECT w.id, w.winner, a.title, a.shipping_cost, w.bid, w.qty, a.id As auc_id, a.shipping_cost_additional, a.shipping FROM " . $DBPrefix . "winners w
 		LEFT JOIN " . $DBPrefix . "auctions a ON (a.id = w.auction)
 		WHERE w.paid = 0 AND w.winner = :user_id
 		LIMIT :OFFSET, :per_page";
@@ -53,19 +53,23 @@
 
 while ($row = $db->fetch())
 {
+	$shipping_cost = ($row['shipping'] == 1) ? $row['shipping_cost'] : 0;
+	$additional_shipping_cost = $row['additional_shipping_cost'] * ($row['qty'] - 1);
 	$template->assign_block_vars('to_pay', array(
-			'URL' => $system->SETTINGS['siteurl'] . 'item.php?id=' . $row['id'],
+			'URL' => $system->SETTINGS['siteurl'] . 'item.php?id=' . $row['auc_id'],
 			'TITLE' => $system->uncleanvars($row['title']),
 			'PAY_SHIPPING' => ($row['shipping'] == 1),
-			'SHIPPING' => ($row['shipping'] == 1) ? $system->print_money($row['shipping_cost']) : $system->print_money(0),
-			'ADDITIONAL_SHIPPING_COST' => $system->print_money($row['additional_shipping_cost'] * ($row['qty'] - 1)),
+			'SHIPPING' => $system->print_money($shipping_cost),
+			'ADDITIONAL_SHIPPING_COST' => $system->print_money($additional_shipping_cost),
+			'TOTAL_SHIPPING_COST' => $system->print_money($shipping_cost + $additional_shipping_cost),
 			'ADDITIONAL_SHIPPING' => $system->print_money($row['additional_shipping_cost']),
+			'ADDITIONAL_SHIPPING_PLAIN' => $row['additional_shipping_cost'],
 			'ADDITIONAL_SHIPPING_QUANTITYS' => $row['qty'] - 1,
 			'QUANTITY' => $row['qty'],
 			'BID' => $system->print_money($row['bid'] * $row['qty']),
 			'TOTAL' => $system->print_money($row['shipping_cost'] + ($row['bid'] * $row['qty']) + ($row['additional_shipping_cost'] * ($row['qty'] - 1))),
-			'ID' => $row['id'],
-			'WINID'=> $row['winner'],
+			'AUC_ID' => $row['auc_id'],
+			'WINID'=> $row['id'],
 
 			'B_NOTITLE' => (empty($row['title']))
 			));

pay.php

@@ -48,7 +48,7 @@
 				FROM " . $DBPrefix . "auctions a
 				LEFT JOIN " . $DBPrefix . "winners w ON (a.id = w.auction)
 				LEFT JOIN " . $DBPrefix . "users u ON (u.id = w.seller)
-				WHERE WHERE w.id = :pfval AND w.winner = :user_id";
+				WHERE w.id = :pfval AND w.winner = :user_id";
 		$params = array();
 		$params[] = array(':pfval', $_POST['pfval'], 'int');
 		$params[] = array(':user_id', $user->user_data['id'], 'int');

themes/default/item.tpl

@@ -27,7 +27,7 @@ $(document).ready(function() {
 <!-- ENDIF -->
 <div class="content">
 	<div class="tableContent2">
-	 <br><b>{L_041}:</b> {TOPCATSPATH}<br><br>
+	 <div class="padding"><b>{L_041}:</b> {TOPCATSPATH}</div>
 	 <div class="titTable2 rounded-top rounded-bottom">
 	  <table width="100%" border="0" cellpadding="0" cellspacing="0">
 		<tr>

themes/default/outstanding.tpl

@@ -21,7 +21,7 @@
 	<td style="width: 10%; text-align: center;">{L_284}</td>
     <td style="width: 10%; text-align: center;">{L_319}</td>
     <td style="width: 10%; text-align: center;">{L_189}</td>
-    <td style="text-align: center;">&nbsp;</td>
+    <td style="text-align: center;" colspan="2">&nbsp;</td>
 </tr>
 <!-- BEGIN to_pay -->
 <tr>
@@ -34,15 +34,12 @@
     </td>
     <td style="text-align: center;">{to_pay.BID}</td>
 	<td style="text-align: center;">{to_pay.QUANTITY}</td>
-    <td style="text-align: center;">{to_pay.SHIPPING}</td>
-	<td style="text-align: center;">
-	<!-- IF to_pay.PAY_SHIPPING -->
-		{to_pay.SHIPPING} X 1 =<br>{to_pay.SHIPPING}
-		<br><br><b>{L_350_1009}</b><br>{to_pay.ADDITIONAL_SHIPPING} X {to_pay.ADDITIONAL_SHIPPING_QUANTITYS} =<br>{to_pay.ADDITIONAL_SHIPPING_COST}
-    <!-- ELSE -->
-		{to_pay.SHIPPING}
+    <td style="text-align: center;">
+		{to_pay.TOTAL_SHIPPING_COST}
+	<!-- IF to_pay.PAY_SHIPPING and to_pay.ADDITIONAL_SHIPPING_QUANTITYS ne 0 and to_pay.ADDITIONAL_SHIPPING_PLAIN ne 0 -->
+		<span class="smallspan">({to_pay.SHIPPING} X 1) + ({to_pay.ADDITIONAL_SHIPPING} X {to_pay.ADDITIONAL_SHIPPING_QUANTITYS})</span>
     <!-- ENDIF -->
-	</td> 
+	</td>
 	<td style="text-align: center;">{to_pay.TOTAL}</td>
     <td style="text-align: center; background-color: #FFFFaa;">
     	<form name="" method="post" action="{SITEURL}pay.php?a=2" id="fees">
@@ -52,11 +49,10 @@
         </form>
     </td>
     <td style="text-align: center; background-color: #FFFFaa;">
-    <form name="" method="post" action="{SITEURL}order_print.php" id="fees" title="Print Invoice" target="_blank">
+    <form name="" method="post" action="{SITEURL}order_print.php" id="fees" title="{L_1153}" target="_blank">
         <input type="hidden" name="csrftoken" value="{_CSRFTOKEN}">
-    	<input type="hidden" name="pfval" value="{to_pay.ID}">
+    	<input type="hidden" name="pfval" value="{to_pay.AUC_ID}">
 		<input type="hidden" name="pfwon" value="{to_pay.WINID}">
-		<input type="hidden" name="user_id" value="{ID}">
         <input type="submit" type="button" value="{L_1058}">
         </form>
 </td>

themes/default/selling.tpl

@@ -25,11 +25,11 @@
 		<td width="33%">
 			<a href="{SITEURL}profile.php?user_id={a.WINNERID}&auction_id={a.AUCTIONID}">{a.NICK}</a> {a.FB}
 		</td>
-		<td width="17%" align="right">
-			{a.w.BIDF}
+		<td width="17%" align="center">
+			{a.BIDF}
 		</td>
-		<td width="10%">
-			{a.w.QTY}
+		<td width="10%" align="center">
+			{a.QTY}
 		</td>
 		<td width="10%" nowrap="nowrap">
 	<!-- IF a.B_PAID -->

themes/default/style.css

@@ -17,6 +17,7 @@
 p	{ margin: 0px 0px 5px 0px; }
 dl.tabs	{ margin: 0 0 0 5px; padding: 0; width: 100%; font-size: 13px; }
 dl.tabs dd	{ margin: 1px; padding: 5px; float: left; background: transparent url(img/bot_deg.gif) repeat; border-top: 1px solid #AEACAC; border-right: 1px solid #AEACAC; border-bottom: 0px; border-left: 1px solid #AEACAC; }
+dl.tabs dd.active { background: transparent url(img/bot_rev.gif) repeat !important; }
 li	{ padding-bottom: 5px; }
 table.container	{ float: none; }
 th	{ color: #787878; font-size: 12px; background-color: #c2e5ff; font-weight: bold; text-transform: capitalize; padding: 0.3ex; }

themes/default/yourauctions.tpl

@@ -29,6 +29,7 @@ $(document).ready(function() {
 <form name="auctions" method="post" action="" id="processdel">
 <input type="hidden" name="csrftoken" value="{_CSRFTOKEN}">
 <dl class="tabs">
+	<dd class="active"><a href="yourauctions.php">{L_619}</a></dd>
 	<dd><a href="yourauctions_p.php">{L_25_0115}</a></dd>
 	<dd><a href="yourauctions_c.php">{L_204}</a></dd>
 	<dd><a href="yourauctions_s.php">{L_2__0056}</a></dd>

themes/default/yourauctions_c.tpl

@@ -43,8 +43,9 @@ $(document).ready(function() {
 <form name="closed" method="post" action="" id="processdel">
 <input type="hidden" name="csrftoken" value="{_CSRFTOKEN}">
 <dl class="tabs">
-	<dd><a href="yourauctions_p.php">{L_25_0115}</a></dd>
 	<dd><a href="yourauctions.php">{L_619}</a></dd>
+	<dd><a href="yourauctions_p.php">{L_25_0115}</a></dd>
+	<dd class="active"><a href="yourauctions_c.php">{L_204}</a></dd>
 	<dd><a href="yourauctions_s.php">{L_2__0056}</a></dd>
 	<dd><a href="yourauctions_sold.php">{L_25_0119}</a></dd>
 </dl>

themes/default/yourauctions_p.tpl

@@ -30,6 +30,7 @@ $(document).ready(function() {
 <input type="hidden" name="csrftoken" value="{_CSRFTOKEN}">
 <dl class="tabs">
 	<dd><a href="yourauctions.php">{L_619}</a></dd>
+	<dd class="active"><a href="yourauctions_p.php">{L_25_0115}</a></dd>
 	<dd><a href="yourauctions_c.php">{L_204}</a></dd>
 	<dd><a href="yourauctions_s.php">{L_2__0056}</a></dd>
 	<dd><a href="yourauctions_sold.php">{L_25_0119}</a></dd>

themes/default/yourauctions_s.tpl

@@ -23,9 +23,10 @@ $(document).ready(function() {
 <form name="open" method="post" action="" id="processdel">
 <input type="hidden" name="csrftoken" value="{_CSRFTOKEN}">
 <dl class="tabs">
-	<dd><a href="yourauctions_p.php">{L_25_0115}</a></dd>
 	<dd><a href="yourauctions.php">{L_619}</a></dd>
+	<dd><a href="yourauctions_p.php">{L_25_0115}</a></dd>
 	<dd><a href="yourauctions_c.php">{L_204}</a></dd>
+	<dd class="active"><a href="yourauctions_s.php">{L_2__0056}</a></dd>
 	<dd><a href="yourauctions_sold.php">{L_25_0119}</a></dd>
 </dl>
 <table width="100%" border="0" cellspacing="1" cellpadding="4" align="center">

themes/default/yourauctions_sold.tpl

@@ -23,10 +23,11 @@ $(document).ready(function() {
 <div class="success-box">{USER_MESSAGE}</div>
 <!-- ENDIF -->
 <dl class="tabs">
-	<dd><a href="yourauctions_p.php">{L_25_0115}</a></dd>
 	<dd><a href="yourauctions.php">{L_619}</a></dd>
+	<dd><a href="yourauctions_p.php">{L_25_0115}</a></dd>
 	<dd><a href="yourauctions_c.php">{L_204}</a></dd>
 	<dd><a href="yourauctions_s.php">{L_2__0056}</a></dd>
+	<dd class="active"><a href="yourauctions_sold.php">{L_25_0119}</a></dd>
 </dl>
 <table width="100%" border="0" cellspacing="1" cellpadding="4" align="center">
 	<tr>

yourauctions_c.php

@@ -130,7 +130,6 @@
 				  ends = :ends,
 				  closed = 0,
 				  num_bids = 0,
-				  quantity = :quantity,
 				  relisted = relisted + 1,
 				  current_bid = 0,
 				  sold = 'n',
@@ -139,7 +138,6 @@
 			$params = array();
 			$params[] = array(':starts', $NOW, 'int');
 			$params[] = array(':ends', $WILLEND, 'int');
-			$params[] = array(':quantity', $AUCTION['quantity'], 'int');
 			$params[] = array(':suspended', $suspend, 'int');
 			$params[] = array(':auc_id', $k, 'int');
 			$db->query($query, $params);

yourauctions_sold.php

@@ -141,7 +141,7 @@
 $params = array();
 $params[] = array(':user_id', $user->user_data['id'], 'int');
 $db->query($query, $params);
-$TOTALAUCTIONS = $db->result();
+$TOTALAUCTIONS = $db->result('COUNT');
 
 if (!isset($_GET['PAGE']) || $_GET['PAGE'] < 0 || empty($_GET['PAGE']))
 {
@@ -190,11 +190,11 @@
 	$_SESSION['solda_type_img'] = '<img src="images/arrow_down.gif" align="center" hspace="2" border="0" alt="down"/>';
 }
 
-$query = "SELECT a.* FROM " . $DBPrefix . "auctions, " . $DBPrefix . "winners w
+$query = "SELECT a.* FROM " . $DBPrefix . "auctions a
+	LEFT JOIN " . $DBPrefix . "winners w ON (a.id = w.auction)
 	WHERE a.user = :user_id
 	AND a.closed = 1
 	AND a.suspended = 0
-	AND a.id = w.auction
 	GROUP BY w.auction
 	ORDER BY " . $_SESSION['solda_ord'] . " " . $_SESSION['solda_type'] . " LIMIT :offset, :perpage";
 $params = array();