S
scott m
Guest
I hae an auction site that is set to open very soon.... It is a pay per bid auction site... all the programming is done except for a couple key things
1) The bids can only go up by 0.01 cents each time.. the user cannot enter thier own bid... they just click bid and it goes up a penny...
*well this wasnt added and I dont know were to change it or what to change??
2) I need to figure out how to program my page for this: when a user does click bid... it checks in the database first and verifies the user has "bids" remaining in thier account... if they do fine... if they dont it prompts them to purchase more bids...
3) I also need to implement a paypal check out that automatically updates that same data base with the amount of bids they have purchased.....
PLEASE HELP I AM NEW TO PROGRAMMING AND HAVE SPENT ALOT OF MONEY ON THIS CODE SO FAR AND CANT AFFORD ANYMORE
THIS IS A COPY OF MY BID.php file
<?php
include 'includes/config.inc.php';
include $include_path . 'datacheck.inc.php';
$NOW = time();
if (!isset($_SESSION['WEBID_LOGGED_IN'])) {
header('location: user_login.php');
exit;
}
$id = intval($_REQUEST['id']);
$bid = $_REQUEST['bid'];
$qty = (isset($_POST['qty'])) ? intval($_POST['qty']) : 1;
$bidder_id = $_SESSION['WEBID_LOGGED_IN'];
$bidding_ended = false;
if ($system->SETTINGS['usersauth'] == 'y' && $system->SETTINGS['https'] == 'y' && $_SERVER['HTTPS'] != 'on') {
$sslurl = str_replace('http://', 'https://', $system->SETTINGS['siteurl']);
header('Location: ' . $sslurl . 'bid.php?id=' . $id . '&bid=' . $bid . '&qty=' . $qty);
exit;
}
if ($id == 0) {
header('location: index.php');
exit;
}
// first check if valid auction ID passed
$query = "SELECT a.*, u.nick, u.email, u.id AS uId FROM " . $DBPrefix . "auctions a
LEFT JOIN " . $DBPrefix . "users u ON (a.user = u.id)
WHERE a.id = " . $id;
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
// such auction does not exist
if (mysql_num_rows($res) == 0) {
$errmsg = $ERR_606;
}
// check the bid is valid
if (!$system->CheckMoney($bid)) {
$errmsg = $ERR_058;
}
$Data = mysql_fetch_array($res);
$item_title = $Data['title'];
$item_id = $Data['id'];
$seller_name = $Data['nick'];
$seller_email = $Data['email'];
$atype = $Data['auction_type'];
$aquantity = $Data['quantity'];
$minimum_bid = $Data['minimum_bid'];
$customincrement = $Data['increment'];
$current_bid = $Data['current_bid'];
$pict_url_plain = $Data['pict_url'];
$c = $Data['ends'];
$cbid = ($current_bid == 0) ? $minimum_bid : $current_bid;
if ($Data['ends'] <= time() || $Data['closed'] == 1) {
$errmsg = $ERR_614;
}
$query = "SELECT bid, bidder FROM " . $DBPrefix . "bids WHERE auction = " . $id . " ORDER BY bid DESC, id DESC LIMIT 1";
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
if (mysql_num_rows($res) > 0) {
$high_bid = mysql_result ($res, 0, 'bid');
$WINNING_BIDDER = mysql_result ($res, 0, 'bidder');
$ARETHEREBIDS = ' | <a href="' . $system->SETTINGS['siteurl'] . 'item.php?id=' . $id . '&history=view#history">' . $MSG['105'] . '</a>';
} else {
$high_bid = $current_bid;
}
if ($customincrement > 0) {
$increment = $customincrement;
} else {
$query = "SELECT increment FROM " . $DBPrefix . "increments WHERE ((low <= " . $high_bid . " AND high >= " . $high_bid . ") OR (low < " . $high_bid . " AND high < " . $high_bid . ")) ORDER BY increment DESC";
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
$increment = mysql_result ($res, 0, 'increment');
}
if ($high_bid == 0 || $atype == 2) {
$next_bid = $minimum_bid;
} else {
$next_bid = $high_bid + $increment;
}
$tmpmsg = CheckBidData();
if ($tmpmsg != 0) {
$errmsg = ${'ERR_' . $tmpmsg};
}
if (isset($_POST['action']) && !isset($errmsg)) {
if ($system->SETTINGS['usersauth'] == 'y') {
if (strlen($_POST['password']) == 0)
$errmsg = $ERR_004;
$query = "SELECT * FROM " . $DBPrefix . "users WHERE id = " . $_SESSION['WEBID_LOGGED_IN'] . " AND password = '" . md5($MD5_PREFIX . $_POST['password']) . "'";
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
if (mysql_num_rows($res) == 0) {
$errmsg = $ERR_611;
}
}
// make the bid
if ($atype == 1 && !isset($errmsg)) { // normal auction
if ($WINNING_BIDDER == $bidder_id) {
$query = "SELECT bid FROM " . $DBPrefix . "proxybid p
LEFT JOIN " . $DBPrefix . "users u ON (p.userid = u.id)
WHERE userid = " . $_SESSION['WEBID_LOGGED_IN'] . " AND itemid = " . $id . " ORDER BY bid DESC";
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
if (mysql_num_rows($res) > 0) {
$WINNER_P
1) The bids can only go up by 0.01 cents each time.. the user cannot enter thier own bid... they just click bid and it goes up a penny...
*well this wasnt added and I dont know were to change it or what to change??
2) I need to figure out how to program my page for this: when a user does click bid... it checks in the database first and verifies the user has "bids" remaining in thier account... if they do fine... if they dont it prompts them to purchase more bids...
3) I also need to implement a paypal check out that automatically updates that same data base with the amount of bids they have purchased.....
PLEASE HELP I AM NEW TO PROGRAMMING AND HAVE SPENT ALOT OF MONEY ON THIS CODE SO FAR AND CANT AFFORD ANYMORE
THIS IS A COPY OF MY BID.php file
<?php
include 'includes/config.inc.php';
include $include_path . 'datacheck.inc.php';
$NOW = time();
if (!isset($_SESSION['WEBID_LOGGED_IN'])) {
header('location: user_login.php');
exit;
}
$id = intval($_REQUEST['id']);
$bid = $_REQUEST['bid'];
$qty = (isset($_POST['qty'])) ? intval($_POST['qty']) : 1;
$bidder_id = $_SESSION['WEBID_LOGGED_IN'];
$bidding_ended = false;
if ($system->SETTINGS['usersauth'] == 'y' && $system->SETTINGS['https'] == 'y' && $_SERVER['HTTPS'] != 'on') {
$sslurl = str_replace('http://', 'https://', $system->SETTINGS['siteurl']);
header('Location: ' . $sslurl . 'bid.php?id=' . $id . '&bid=' . $bid . '&qty=' . $qty);
exit;
}
if ($id == 0) {
header('location: index.php');
exit;
}
// first check if valid auction ID passed
$query = "SELECT a.*, u.nick, u.email, u.id AS uId FROM " . $DBPrefix . "auctions a
LEFT JOIN " . $DBPrefix . "users u ON (a.user = u.id)
WHERE a.id = " . $id;
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
// such auction does not exist
if (mysql_num_rows($res) == 0) {
$errmsg = $ERR_606;
}
// check the bid is valid
if (!$system->CheckMoney($bid)) {
$errmsg = $ERR_058;
}
$Data = mysql_fetch_array($res);
$item_title = $Data['title'];
$item_id = $Data['id'];
$seller_name = $Data['nick'];
$seller_email = $Data['email'];
$atype = $Data['auction_type'];
$aquantity = $Data['quantity'];
$minimum_bid = $Data['minimum_bid'];
$customincrement = $Data['increment'];
$current_bid = $Data['current_bid'];
$pict_url_plain = $Data['pict_url'];
$c = $Data['ends'];
$cbid = ($current_bid == 0) ? $minimum_bid : $current_bid;
if ($Data['ends'] <= time() || $Data['closed'] == 1) {
$errmsg = $ERR_614;
}
$query = "SELECT bid, bidder FROM " . $DBPrefix . "bids WHERE auction = " . $id . " ORDER BY bid DESC, id DESC LIMIT 1";
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
if (mysql_num_rows($res) > 0) {
$high_bid = mysql_result ($res, 0, 'bid');
$WINNING_BIDDER = mysql_result ($res, 0, 'bidder');
$ARETHEREBIDS = ' | <a href="' . $system->SETTINGS['siteurl'] . 'item.php?id=' . $id . '&history=view#history">' . $MSG['105'] . '</a>';
} else {
$high_bid = $current_bid;
}
if ($customincrement > 0) {
$increment = $customincrement;
} else {
$query = "SELECT increment FROM " . $DBPrefix . "increments WHERE ((low <= " . $high_bid . " AND high >= " . $high_bid . ") OR (low < " . $high_bid . " AND high < " . $high_bid . ")) ORDER BY increment DESC";
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
$increment = mysql_result ($res, 0, 'increment');
}
if ($high_bid == 0 || $atype == 2) {
$next_bid = $minimum_bid;
} else {
$next_bid = $high_bid + $increment;
}
$tmpmsg = CheckBidData();
if ($tmpmsg != 0) {
$errmsg = ${'ERR_' . $tmpmsg};
}
if (isset($_POST['action']) && !isset($errmsg)) {
if ($system->SETTINGS['usersauth'] == 'y') {
if (strlen($_POST['password']) == 0)
$errmsg = $ERR_004;
$query = "SELECT * FROM " . $DBPrefix . "users WHERE id = " . $_SESSION['WEBID_LOGGED_IN'] . " AND password = '" . md5($MD5_PREFIX . $_POST['password']) . "'";
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
if (mysql_num_rows($res) == 0) {
$errmsg = $ERR_611;
}
}
// make the bid
if ($atype == 1 && !isset($errmsg)) { // normal auction
if ($WINNING_BIDDER == $bidder_id) {
$query = "SELECT bid FROM " . $DBPrefix . "proxybid p
LEFT JOIN " . $DBPrefix . "users u ON (p.userid = u.id)
WHERE userid = " . $_SESSION['WEBID_LOGGED_IN'] . " AND itemid = " . $id . " ORDER BY bid DESC";
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
if (mysql_num_rows($res) > 0) {
$WINNER_P