Skip to content
This repository has been archived by the owner on Sep 25, 2021. It is now read-only.

Commit

Permalink
Bug fixes + PDO
Browse files Browse the repository at this point in the history
  • Loading branch information
Chris Dickenson committed Jun 30, 2015
1 parent 061c2ba commit 732b8fb
Show file tree
Hide file tree
Showing 9 changed files with 108 additions and 67 deletions.
42 changes: 27 additions & 15 deletions admin/categories.php
View file
Expand Up @@ -35,11 +35,11 @@ function search_cats($parent_id, $level)

function rebuild_cat_file()
{
global $system, $main_path, $DBPrefix;
global $system, $main_path, $DBPrefix, $db;
$query = "SELECT cat_id, cat_name, parent_id FROM " . $DBPrefix . "categories ORDER BY cat_name";
$result = mysql_query($query);
$db->direct_query($query);
$cats = array();
while ($catarr = mysql_fetch_array($result))
while ($catarr = $db->result())
{
$cats[$catarr['cat_id']] = $catarr['cat_name'];
$allcats[] = $catarr;
Expand Down Expand Up @@ -84,10 +84,17 @@ function rebuild_cat_file()
{
if (!isset($_POST['delete'][$k]))
{
$query = "UPDATE " . $DBPrefix . "categories SET cat_name = '" . $system->cleanvars($_POST['categories'][$k]) . "',
cat_colour = '" . mysql_real_escape_string($_POST['colour'][$k]) . "', cat_image = '" . mysql_real_escape_string($_POST['image'][$k]) . "'
WHERE cat_id = " . intval($k);
$system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
$query = "UPDATE " . $DBPrefix . "categories SET
cat_name = :name,
cat_colour = :colour,
cat_image = :image
WHERE cat_id = :cat_id";
$params = array();
$params[] = array(':name', $system->cleanvars($_POST['categories'][$k]), 'str');
$params[] = array(':colour', $_POST['colour'][$k], 'str');
$params[] = array(':image', $_POST['image'][$k], 'str');
$params[] = array(':cat_id', $k, 'int');
$db->query($query, $params);
}
}
}
Expand Down Expand Up @@ -120,8 +127,8 @@ function rebuild_cat_file()
LEFT JOIN " . $DBPrefix . "auctions a ON ( a.category = c.cat_id )
WHERE c.cat_id IN (" . implode(',', $_POST['delete']) . ")
GROUP BY c.cat_id ORDER BY cat_name";
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
$db->direct_query($query);

$message = $MSG['843'] . '<table cellpadding="0" cellspacing="0">';
$names = array();
$counter = 0;
Expand Down Expand Up @@ -187,8 +194,11 @@ function rebuild_cat_file()
$catscontrol->move($k, $_POST['moveid'][$k]);
// remove the parent and raise the children up a level
$catscontrol->delete($k, true);
$query = "UPDATE " . $DBPrefix . "auctions SET category = " . $_POST['moveid'][$k] . " WHERE category = " . $k;
$system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
$query = "UPDATE " . $DBPrefix . "auctions SET category = :cat_new WHERE category = :cat_old";
$params = array();
$params[] = array(':cat_new', $_POST['moveid'][$k], 'str');
$params[] = array(':cat_old', $k, 'int');
$db->query($query, $params);
}
else
{
Expand All @@ -206,15 +216,17 @@ function rebuild_cat_file()
if (!isset($_GET['parent']))
{
$query = "SELECT left_id, right_id, level, cat_id FROM " . $DBPrefix . "categories WHERE parent_id = -1";
$params = array();
}
else
{
$parent = intval($_GET['parent']);
$query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = " . intval($_GET['parent']);
$query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = = :parent_id";
$params = array();
$params[] = array(':parent_id', $parent, 'int');
}
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
$parent_node = mysql_fetch_assoc($res);
$db->query($query, $params);
$parent_node = $db->result();

if (!isset($_GET['parent']))
{
Expand Down
22 changes: 13 additions & 9 deletions admin/currency.php
View file
Expand Up @@ -23,11 +23,10 @@

// Create currencies array
$query = "SELECT id, valuta, symbol, ime FROM " . $DBPrefix . "rates ORDER BY ime";
$res_ = mysql_query($query);
$system->check_mysql($res_, $query, __LINE__, __FILE__);
if (mysql_num_rows($res_) > 0)
$db->direct_query($query);
if ($db->numrows() > 0)
{
while ($row = mysql_fetch_array($res_))
while ($row = $db->result())
{
$CURRENCIES[$row['id']] = $row['symbol'] . '&nbsp;' . $row['ime'] . '&nbsp;(' . $row['valuta'] . ')';
$CURRENCIES_SYMBOLS[$row['id']] = $row['symbol'];
Expand All @@ -49,11 +48,16 @@
{
// Update database
$query = "UPDATE " . $DBPrefix . "settings SET
currency = '" . $system->cleanvars($CURRENCIES_SYMBOLS[$_POST['currency']]) . "',
moneyformat = " . intval($_POST['moneyformat']) . ",
moneydecimals = " . intval($_POST['moneydecimals']) . ",
moneysymbol = " . intval($_POST['moneysymbol']);
$system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
currency = :currency,
moneyformat = :moneyformat,
moneydecimals = :moneydecimals,
moneysymbol = :moneysymbol";
$params = array();
$params[] = array(':currency', $system->cleanvars($CURRENCIES_SYMBOLS[$_POST['currency']]), 'str');
$params[] = array(':moneyformat', $_POST['moneyformat'], 'int');
$params[] = array(':moneydecimals', $_POST['moneydecimals'], 'int');
$params[] = array(':moneysymbol', $_POST['moneysymbol'], 'int');

$system->SETTINGS['currency'] = $CURRENCIES_SYMBOLS[$_POST['currency']];
$system->SETTINGS['moneyformat'] = $_POST['moneyformat'];
$system->SETTINGS['moneydecimals'] = $_POST['moneydecimals'];
Expand Down
80 changes: 48 additions & 32 deletions admin/editauction.php
View file
Expand Up @@ -80,10 +80,11 @@ function load_gallery($uploaded_path, $auc_id)
else
{
// Retrieve auction data
$query = "SELECT * from " . $DBPrefix . "auctions WHERE id = " . intval($_POST['id']);
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
$AUCTION = mysql_fetch_array($res);
$query = "SELECT * from " . $DBPrefix . "auctions WHERE id = :auc_id";
$params = array();
$params[] = array(':auc_id', $_POST['id'], 'int');
$db->query($query, $params);
$AUCTION = $db->result();

$a_start = $AUCTION['starts'];
$a_ends = $a_start + ($_POST['duration'] * 24 * 60 * 60);
Expand All @@ -92,89 +93,104 @@ function load_gallery($uploaded_path, $auc_id)
{
// and increase new category counters
$ct = intval($_POST['category']);
$query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = " . $ct;
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
$parent_node = mysql_fetch_assoc($res);
$query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = :cat_id";
$params = array();
$params[] = array(':cat_id', $ct, 'int');
$db->query($query, $params);
$parent_node = $db->result();

$crumbs = $catscontrol->get_bread_crumbs($parent_node['left_id'], $parent_node['right_id']);

for ($i = 0; $i < count($crumbs); $i++)
{
if ($crumbs[$i]['cat_id'] == $ct)
{
$query = "UPDATE " . $DBPrefix . "categories SET counter = counter + 1, sub_counter = sub_counter + 1 WHERE cat_id = " . $crumbs[$i]['cat_id'];
$query = "UPDATE " . $DBPrefix . "categories SET counter = counter + 1, sub_counter = sub_counter + 1 WHERE cat_id = :cat_id";
}
else
{
$query = "UPDATE " . $DBPrefix . "categories SET sub_counter = sub_counter + 1 WHERE cat_id = " . $crumbs[$i]['cat_id'];
$query = "UPDATE " . $DBPrefix . "categories SET sub_counter = sub_counter + 1 WHERE cat_id = :cat_id";
}
$system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
$params = array();
$params[] = array(':cat_id', $crumbs[$i]['cat_id'], 'int');
$db->query($query, $params);
}

// and decrease old category counters
$cta = intval($AUCTION['category']);
$query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = " . $cta;
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
$parent_node = mysql_fetch_assoc($res);
$query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = :cat_id";
$params = array();
$params[] = array(':cat_id', $cta, 'int');
$db->query($query, $params);
$parent_node = $db->result();
$crumbs = $catscontrol->get_bread_crumbs($parent_node['left_id'], $parent_node['right_id']);

for ($i = 0; $i < count($crumbs); $i++)
{
if ($crumbs[$i]['cat_id'] == $cta)
{
$query = "UPDATE " . $DBPrefix . "categories SET counter = counter - 1, sub_counter = sub_counter - 1 WHERE cat_id = " . $crumbs[$i]['cat_id'];
$query = "UPDATE " . $DBPrefix . "categories SET counter = counter - 1, sub_counter = sub_counter - 1 WHERE cat_id = :cat_id";
}
else
{
$query = "UPDATE " . $DBPrefix . "categories SET sub_counter = sub_counter - 1 WHERE cat_id = " . $crumbs[$i]['cat_id'];
$query = "UPDATE " . $DBPrefix . "categories SET sub_counter = sub_counter - 1 WHERE cat_id = :cat_id";
}
$system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
$params = array();
$params[] = array(':cat_id', $crumbs[$i]['cat_id'], 'int');
$db->query($query, $params);
}
}

if ($AUCTION['secondcat'] != $_POST['secondcat'])
{
// and increase new category counters
$ct = intval($_POST['secondcat']);
$query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = " . $ct;
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
$parent_node = mysql_fetch_assoc($res);
$query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = :cat_id";
$params = array();
$params[] = array(':cat_id', $ct, 'int');
$db->query($query, $params);
$parent_node = $db->result();

$crumbs = $catscontrol->get_bread_crumbs($parent_node['left_id'], $parent_node['right_id']);

for ($i = 0; $i < count($crumbs); $i++)
{
if ($crumbs[$i]['cat_id'] == $ct)
{
$query = "UPDATE " . $DBPrefix . "categories SET counter = counter + 1, sub_counter = sub_counter + 1 WHERE cat_id = " . $crumbs[$i]['cat_id'];
$query = "UPDATE " . $DBPrefix . "categories SET counter = counter + 1, sub_counter = sub_counter + 1 WHERE cat_id = :cat_id";
}
else
{
$query = "UPDATE " . $DBPrefix . "categories SET sub_counter = sub_counter + 1 WHERE cat_id = " . $crumbs[$i]['cat_id'];
$query = "UPDATE " . $DBPrefix . "categories SET sub_counter = sub_counter + 1 WHERE cat_id = :cat_id";
}
$system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
$params = array();
$params[] = array(':cat_id', $crumbs[$i]['cat_id'], 'int');
$db->query($query, $params);
}

// and decrease old category counters
$cta = intval($AUCTION['secondcat']);
$query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = " . $cta;
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
$parent_node = mysql_fetch_assoc($res);
$query = "SELECT left_id, right_id, level FROM " . $DBPrefix . "categories WHERE cat_id = :cat_id";
$params = array();
$params[] = array(':cat_id', $cta, 'int');
$db->query($query, $params);
$parent_node = $db->result();

$crumbs = $catscontrol->get_bread_crumbs($parent_node['left_id'], $parent_node['right_id']);

for ($i = 0; $i < count($crumbs); $i++)
{
if ($crumbs[$i]['cat_id'] == $cta)
{
$query = "UPDATE " . $DBPrefix . "categories SET counter = counter - 1, sub_counter = sub_counter - 1 WHERE cat_id = " . $crumbs[$i]['cat_id'];
$query = "UPDATE " . $DBPrefix . "categories SET counter = counter - 1, sub_counter = sub_counter - 1 WHERE cat_id = :cat_id";
}
else
{
$query = "UPDATE " . $DBPrefix . "categories SET sub_counter = sub_counter - 1 WHERE cat_id = " . $crumbs[$i]['cat_id'];
$query = "UPDATE " . $DBPrefix . "categories SET sub_counter = sub_counter - 1 WHERE cat_id = :cat_id";
}
$system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
$params = array();
$params[] = array(':cat_id', $crumbs[$i]['cat_id'], 'int');
$db->query($query, $params);
}
}

Expand Down
11 changes: 7 additions & 4 deletions admin/time.php
View file
Expand Up @@ -23,10 +23,13 @@
if (isset($_POST['action']) && $_POST['action'] == 'update')
{
// Update database
$query = "UPDATE " . $DBPrefix . "settings set
timecorrection = " . floatval($_POST['timecorrection']) . ",
datesformat = '" . $_POST['datesformat'] . "'";
$system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
$query = "UPDATE " . $DBPrefix . "settings SET
timecorrection = :timecorrection,
datesformat = :datesformat";
$params = array();
$params[] = array(':timecorrection', $_POST['timecorrection'], 'int');
$params[] = array(':datesformat', $_POST['datesformating'], 'str');
$db->query($query, $params);
$system->SETTINGS['timecorrection'] = floatval($_POST['timecorrection']);
$system->SETTINGS['datesformat'] = $_POST['datesformat'];
$ERR = $MSG['347'];
Expand Down
8 changes: 5 additions & 3 deletions buy_now.php
View file
Expand Up @@ -59,6 +59,7 @@
$db->query($query, $params);

$Auction = $db->result();

// such auction does not exist
if ($db->numrows() == 0)
{
Expand Down Expand Up @@ -308,8 +309,9 @@
}
}

$query = "INSERT INTO " . $DBPrefix . "winners VALUES
(NULL, :auc_id, :seller_id, :winner_id, :buy_now, :time, 0, 0, :quantity, 0, :bf_paid, :ff_paid)";
$query = "INSERT INTO " . $DBPrefix . "winners
(auction, seller, winner, bid, closingdate, feedback_win, feedback_sel, qty, paid, bf_paid, ff_paid, shipped)VALUES
(\:auc_id, :seller_id, :winner_id, :buy_now, :time, 0, 0, :quantity, 0, :bf_paid, :ff_paid, 0)";
$params = array();
$params[] = array(':auc_id', $id, 'int');
$params[] = array(':seller_id', $Auction['user'], 'int');
Expand All @@ -320,6 +322,7 @@
$params[] = array(':bf_paid', $bf_paid, 'float');
$params[] = array(':ff_paid', $ff_paid, 'float');
$db->query($query, $params);
$winner_id = $db->lastInsertId();

// get end string
$month = date('m', $Auction['ends'] + $system->tdiff);
Expand All @@ -338,7 +341,6 @@
$buy_done = 1;
}
}
$winner_id = $db->lastInsertId();

$additional_shipping = $Auction['shipping_cost_additional'] * ($qty - 1);
$shipping_cost = ($Auction['shipping'] == 1) ? ($Auction['shipping_cost'] + $additional_shipping) : 0;
Expand Down
5 changes: 3 additions & 2 deletions item.php
View file
Expand Up @@ -515,7 +515,7 @@
'SUBTITLE' => $system->uncleanvars($auction_data['subtitle']),
'AUCTION_DESCRIPTION' => $auction_data['description'],
'PIC_URL' => $uploaded_path . $id . '/' . $auction_data['pict_url'],
'SHIPPING_COST' => $system->print_money($auction_data['shipping_cost']),
'SHIPPING_COST' => ($auction_data['shipping_cost'] > 0) ? $system->print_money($auction_data['shipping_cost']) : $MSG['1152'],
'ADDITIONAL_SHIPPING_COST' => $system->print_money($auction_data['shipping_cost_additional']),
'COUNTRY' => $auction_data['country'],
'ZIP' => $auction_data['zip'],
Expand Down Expand Up @@ -581,7 +581,8 @@
'B_COUNTDOWN' => ($system->SETTINGS['hours_countdown'] > (($ends - time()) / 3600)),
'B_HAS_QUESTIONS' => ($num_questions > 0),
'B_CAN_BUY' => $user->can_buy && !($start > time()),
'B_SHOWENDTIME' => $showendtime
'B_SHOWENDTIME' => $showendtime,
'B_SHOW_ADDITIONAL_SHIPPING_COST' => ($auction_data['shipping_cost_additional'] > 0)
));

include 'header.php';
Expand Down
1 change: 1 addition & 0 deletions language/EN/messages.inc.php
View file
Expand Up @@ -1174,6 +1174,7 @@

// sell item page
$MSG['1151'] = "Auction fee";
$MSG['1152'] = "Free";

$MSG['5003'] = "Site Settings";
$MSG['5004'] = "Currencies Settings";
Expand Down
2 changes: 1 addition & 1 deletion themes/default/item.tpl
View file
Expand Up @@ -163,7 +163,7 @@ $(document).ready(function() {
<td width="50%" align="left">{L_023}: </td>
<td align="left">{SHIPPING_COST}</td>
</tr>
<!-- IF B_ADDITIONAL_SHIPPING_COST or B_BUY_NOW_ONLY-->
<!-- IF (B_ADDITIONAL_SHIPPING_COST or B_BUY_NOW_ONLY) and B_SHOW_ADDITIONAL_SHIPPING_COST -->
<tr>
<td width="50%" align="left">{L_350_1008}: </td>
<td align="left">{ADDITIONAL_SHIPPING_COST}</td>
Expand Down
4 changes: 3 additions & 1 deletion yourauctions_c.php
View file
Expand Up @@ -98,7 +98,7 @@
foreach ($_POST['relist'] as $k)
{
$k = intval($k);
$query = "SELECT duration, category FROM " . $DBPrefix . "auctions WHERE id = :auc_id";
$query = "SELECT duration, category, quantity FROM " . $DBPrefix . "auctions WHERE id = :auc_id";
$params = array();
$params[] = array(':auc_id', $k, 'int');
$db->query($query, $params);
Expand Down Expand Up @@ -130,6 +130,7 @@
ends = :ends,
closed = 0,
num_bids = 0,
quantity = :quantity,
relisted = relisted + 1,
current_bid = 0,
sold = 'n',
Expand All @@ -138,6 +139,7 @@
$params = array();
$params[] = array(':starts', $NOW, 'int');
$params[] = array(':ends', $WILLEND, 'int');
$params[] = array(':quantity', $AUCTION['quantity'], 'int');
$params[] = array(':suspended', $suspend, 'int');
$params[] = array(':auc_id', $k, 'int');
$db->query($query, $params);
Expand Down

0 comments on commit 732b8fb

Please sign in to comment.