-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathplace_bid.php
69 lines (66 loc) · 2.27 KB
/
place_bid.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
<?php include_once("header.php")?>
<?php include 'database.php'; ?>
<?php require("utilities.php")?>
<?php
$username = $_SESSION['username'];
if(isset($_POST["bid"])){
$bid = $_POST['bid'];
$item_id = $_POST["itemid"];
//check user exists and is buyer
if (isset($_SESSION['username']) != true){
echo "<script language= javascript>alert('Log in to view your bids');history.go(-1);</script>";
}
else if ($_SESSION['account_type'] != 'buyer'){
echo "<script language= javascript>alert('log into buyer sccount to view your bids');history.go(-1);</script>";
}
else {
//check auction exists and is running
$querryAuction = <<<QUERRYTEXT
SELECT
a.AuctionID,
a.ItemName,
a.StartingPrice,
MAX(b.BidPrice) AS 'bidPrice',
IF(
MAX(bidPrice) IS NULL,
a.StartingPrice,
MAX(bidPrice)
) AS 'CurrentPrice'
FROM
auctions a
LEFT JOIN bids b ON a.AuctionID = b.AuctionID
WHERE
a.AuctionID = {$item_id}
AND (a.EndingTime - CURRENT_TIMESTAMP) > 0
GROUP BY
a.AuctionID,
a.ItemName,
a.ItemDescription,
a.StartingPrice,
a.EndingTime
QUERRYTEXT;
$resultAuction = mysqli_query($connectionView,$querryAuction);
if ($resultAuction -> num_rows == 0){
echo "<script language= javascript>alert('This auction does not exist or ended');history.go(-1);</script>";
}
else {
$rowAuction = mysqli_fetch_array($resultAuction);
//Insert new bid
$query = "INSERT INTO bids (UserName, AuctionID, BidPrice, Bidtime) VALUES ('$username', $item_id, $bid, NOW())";
if ($rowAuction['CurrentPrice'] >= $bid){
echo "<script language= javascript>alert('Price below current bid');history.go(-1);</script>";
}
else if($result = mysqli_query($connectionAddBids,$query)){
echo "<script language= javascript>alert('Bid placed successfully');history.go(-1);</script>";
}
else {
echo "<script language= javascript>alert('Bid could not be placed');history.go(-1);</script>";
}
}
}
}
?>
<?php
header("refresh:2;url=listing.php?item_id=" . $item_id);
// could add navigation options later
?>