From 9f9c8f8caa6efd5017babcaa33cdc233f8a61375 Mon Sep 17 00:00:00 2001
From: Chris Dickenson <admin@webidsupport.com>
Date: Sat, 20 Jun 2015 15:45:52 +0100
Subject: [PATCH] Panis fix for sellsimilar

---
 sellsimilar.php | 160 ++++++++++++++++++++++++++++--------------------
 1 file changed, 92 insertions(+), 68 deletions(-)

diff --git a/sellsimilar.php b/sellsimilar.php
index 9f79da07..7c53ccb4 100644
--- a/sellsimilar.php
+++ b/sellsimilar.php
@@ -23,89 +23,106 @@
 
 if (!isset($_POST['action']))
 {
-	$id = intval($_GET['id']);
+	$auc_id = intval($_GET['id']);
 	// Get Closed auctions data
 	unset($_SESSION['UPLOADED_PICTURES']);
 	unset($_SESSION['UPLOADED_PICTURES_SIZE']);
+	// Clear session folder and start afresh
+	$files = glob($uploaded_path . session_id() . '/*'); // get all file names
+	foreach($files as $file) // iterate files
+	{ 
+		if(is_file($file))
+			unlink($file); // delete file
+	}
+
 	$query = "SELECT * FROM " . $DBPrefix . "auctions WHERE id = :auc_id AND user = :user_id";
 	$params = array();
-	$params[] = array(':auc_id', $id, 'int');
+	$params[] = array(':auc_id', $auc_id, 'int');
 	$params[] = array(':user_id', $user->user_data['id'], 'int');
 	$db->query($query, $params);
-	$RELISTEDAUCTION = $db->result();
+	// check if the auction exists
+	if ($db->numrows() > 0)
+	{
+		$RELISTEDAUCTION = $db->result();
+		$_SESSION['SELL_starts']		= '';
+		$_SESSION['SELL_start_now'] 	= '1';
+		$_SESSION['SELL_title']			= $system->uncleanvars($RELISTEDAUCTION['title']);
+		$_SESSION['SELL_subtitle']		= $system->uncleanvars($RELISTEDAUCTION['subtitle']);
+		$_SESSION['SELL_description']	= $RELISTEDAUCTION['description'];
+		$_SESSION['SELL_atype']			= $RELISTEDAUCTION['auction_type'];
+		$_SESSION['SELL_iquantity']		= $RELISTEDAUCTION['quantity'];
+		$_SESSION['SELL_shipping_cost']	= $system->print_money_nosymbol($RELISTEDAUCTION['shipping_cost']);
+		$_SESSION['SELL_additional_shipping_cost']	= $system->print_money_nosymbol($RELISTEDAUCTION['shipping_cost_additional']);
+		$_SESSION['SELL_minimum_bid']	= $system->print_money_nosymbol($RELISTEDAUCTION['minimum_bid']);
+		$_SESSION['SELL_sellcat1']		= $RELISTEDAUCTION['category'];
+		$_SESSION['SELL_sellcat2']		= $RELISTEDAUCTION['secondcat'];
+		$_SESSION['SELL_duration']		= $RELISTEDAUCTION['duration'];
+		$_SESSION['SELL_relist']		= $RELISTEDAUCTION['relist'];
+		$_SESSION['SELL_shipping']		= $RELISTEDAUCTION['shipping'];
+		$_SESSION['SELL_payment']		= explode(', ', $RELISTEDAUCTION['payment']);
+		$_SESSION['SELL_international']	= $RELISTEDAUCTION['international'];
+		$_SESSION['SELL_file_uploaded']	= $RELISTEDAUCTION['photo_uploaded'];
+		$_SESSION['SELL_pict_url']		= '';
+		$_SESSION['SELL_shipping_terms'] = $system->uncleanvars($RELISTEDAUCTION['shipping_terms']);
+		$_SESSION['SELL_is_bold']			= $RELISTEDAUCTION['bold'];
+		$_SESSION['SELL_is_highlighted']	= $RELISTEDAUCTION['highlighted'];
+		$_SESSION['SELL_is_featured']		= $RELISTEDAUCTION['featured'];
+		$_SESSION['SELL_is_taxed']			= $RELISTEDAUCTION['tax'];
+		$_SESSION['SELL_tax_included']		= $RELISTEDAUCTION['taxinc'];
 
-	$_SESSION['SELL_starts']		= '';
-	$_SESSION['SELL_start_now'] 	= '1';
-	$_SESSION['SELL_title']			= $system->uncleanvars($RELISTEDAUCTION['title']);
-	$_SESSION['SELL_subtitle']		= $system->uncleanvars($RELISTEDAUCTION['subtitle']);
-	$_SESSION['SELL_description']	= $RELISTEDAUCTION['description'];
-	$_SESSION['SELL_atype']			= $RELISTEDAUCTION['auction_type'];
-	$_SESSION['SELL_iquantity']		= $RELISTEDAUCTION['quantity'];
-	$_SESSION['SELL_shipping_cost']	= $system->print_money_nosymbol($RELISTEDAUCTION['shipping_cost']);
-	$_SESSION['SELL_additional_shipping_cost']	= $system->print_money_nosymbol($RELISTEDAUCTION['shipping_cost_additional']);
-	$_SESSION['SELL_minimum_bid']	= $system->print_money_nosymbol($RELISTEDAUCTION['minimum_bid']);
-	$_SESSION['SELL_sellcat1']		= $RELISTEDAUCTION['category'];
-	$_SESSION['SELL_sellcat2']		= $RELISTEDAUCTION['secondcat'];
-	$_SESSION['SELL_duration']		= $RELISTEDAUCTION['duration'];
-	$_SESSION['SELL_relist']		= $RELISTEDAUCTION['relist'];
-	$_SESSION['SELL_shipping']		= $RELISTEDAUCTION['shipping'];
-	$_SESSION['SELL_payment']		= explode(', ', $RELISTEDAUCTION['payment']);
-	$_SESSION['SELL_international']	= $RELISTEDAUCTION['international'];
-	$_SESSION['SELL_imgtype']		= $RELISTEDAUCTION['imgtype'];
-	$_SESSION['SELL_file_uploaded']	= $RELISTEDAUCTION['photo_uploaded'];
-	$_SESSION['SELL_pict_url']		= '';
-	$_SESSION['SELL_shipping_terms'] = $system->uncleanvars($RELISTEDAUCTION['shipping_terms']);
-	$_SESSION['SELL_is_bold']			= $RELISTEDAUCTION['bold'];
-	$_SESSION['SELL_is_highlighted']	= $RELISTEDAUCTION['highlighted'];
-	$_SESSION['SELL_is_featured']		= $RELISTEDAUCTION['featured'];
-	$_SESSION['SELL_is_taxed']			= $RELISTEDAUCTION['tax'];
-	$_SESSION['SELL_tax_included']		= $RELISTEDAUCTION['taxinc'];
+		if (floatval($RELISTEDAUCTION['reserve_price']) > 0)
+		{
+			$_SESSION['SELL_reserve_price'] = $system->print_money_nosymbol($RELISTEDAUCTION['reserve_price']);
+			$_SESSION['SELL_with_reserve']  = 'yes';
+		}
+		else
+		{
+			$_SESSION['SELL_reserve_price'] = '';
+			$_SESSION['SELL_with_reserve']  = 'no';
+		}
 
-	if (floatval($RELISTEDAUCTION['reserve_price']) > 0)
-	{
-		$_SESSION['SELL_reserve_price'] = $system->print_money_nosymbol($RELISTEDAUCTION['reserve_price']);
-		$_SESSION['SELL_with_reserve']  = 'yes';
-	}
-	else
-	{
-		$_SESSION['SELL_reserve_price'] = '';
-		$_SESSION['SELL_with_reserve']  = 'no';
-	}
+		if (floatval($RELISTEDAUCTION['buy_now']) > 0)
+		{
+			$_SESSION['SELL_buy_now_price'] = $system->print_money_nosymbol($RELISTEDAUCTION['buy_now']);
+			$_SESSION['SELL_with_buy_now']  = 'yes';
+		}
+		else
+		{
+			$_SESSION['SELL_buy_now_price'] = '';
+			$_SESSION['SELL_with_buy_now']  = 'no';
+		}
 
-	if (floatval($RELISTEDAUCTION['buy_now']) > 0)
-	{
-		$_SESSION['SELL_buy_now_price'] = $system->print_money_nosymbol($RELISTEDAUCTION['buy_now']);
-		$_SESSION['SELL_with_buy_now']  = 'yes';
-	}
-	else
-	{
-		$_SESSION['SELL_buy_now_price'] = '';
-		$_SESSION['SELL_with_buy_now']  = 'no';
-	}
+		if (floatval($RELISTEDAUCTION['increment']) > 0)
+		{
+			$_SESSION['SELL_increment']			= 2;
+			$_SESSION['SELL_customincrement']	= $system->print_money_nosymbol($RELISTEDAUCTION['increment']);
+		}
+		else
+		{
+			$_SESSION['SELL_increment']			= 1;
+			$_SESSION['SELL_customincrement']	= 0;
+		}
+		if (isset($_GET['relist']))
+		{
+			$_SESSION['SELL_auction_id']	= $auc_id;
+			$_SESSION['SELL_action']		= 'relist';
+		}
+		else
+		{
+			$_SESSION['SELL_auction_id']    = '';
+			$_SESSION['SELL_action']    = '';
+			$_SESSION['action']        = '';
+		}
 
-	if (floatval($RELISTEDAUCTION['increment']) > 0)
-	{
-		$_SESSION['SELL_increment']			= 2;
-		$_SESSION['SELL_customincrement']	= $system->print_money_nosymbol($RELISTEDAUCTION['increment']);
-	}
-	else
-	{
-		$_SESSION['SELL_increment']			= 1;
-		$_SESSION['SELL_customincrement']	= 0;
-	}
-	if (isset($_GET['relist']))
-	{
-		$_SESSION['SELL_auction_id']	= $id;
-		$_SESSION['SELL_action']		= 'relist';
-		$_SESSION['SELL_pict_url']		= $RELISTEDAUCTION['pict_url'];
+		$_SESSION['SELL_pict_url']		= $system->uncleanvars($RELISTEDAUCTION['pict_url']);
 		$_SESSION['SELL_pict_url_temp']	= str_replace('thumb-', '', $RELISTEDAUCTION['pict_url']);
 
 		// get gallery images
 		$UPLOADED_PICTURES = array();
 		$file_types = array('gif', 'jpg', 'jpeg', 'png');
-		if (is_dir($upload_path . intval($_GET['id'])))
+		if (is_dir($upload_path . $auc_id))
 		{
-			$dir = opendir($upload_path . intval($_GET['id']));
+			$dir = opendir($upload_path . $auc_id);
 			while (($myfile = readdir($dir)) !== false)
 			{
 				if ($myfile != '.' && $myfile != '..' && !is_file($myfile))
@@ -130,14 +147,21 @@
 			}
 			foreach ($UPLOADED_PICTURES as $k => $v)
 			{
-				$system->move_file($uploaded_path . intval($_GET['id']) . '/' . $v, $uploaded_path . session_id() . '/' . $v, false);
+				$system->move_file($uploaded_path . $auc_id . '/' . $v, $uploaded_path . session_id() . '/' . $v, false);
 			}
 			if (!empty($RELISTEDAUCTION['pict_url']))
 			{
-				$system->move_file($uploaded_path . intval($_GET['id']) . '/' . $RELISTEDAUCTION['pict_url'], $uploaded_path . session_id() . '/' . $RELISTEDAUCTION['pict_url'], false);
+				$system->move_file($uploaded_path . $auc_id . '/' . $RELISTEDAUCTION['pict_url'], $uploaded_path . session_id() . '/' . $RELISTEDAUCTION['pict_url'], false);
 			}
 		}
 	}
+	else
+	{
+		// if no auction exists send to the category selection
+		unset($_SESSION['SELL_sellcat1']); // not necessary but just in case
+		header('location: select_category.php');
+		exit();
+	}
 
 	header('location: sell.php?mode=recall');
 }