Newbe problem with auction code

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
kolathon
Forum Newbie
Posts: 1
Joined: Tue May 27, 2008 4:58 am

Newbe problem with auction code

Post by kolathon »

Hello,

I currently have a problem with a small auction site that I am trying to build. As I'm new i've taken to using some script and layout that I got in a textbook as it seemed to be the easier way around it....oh how wrong was I!! Anyhow I have got most of it working with the slight exception of 2 major things.

Firstly, In my newitem.php script I have this so far:

Code: Select all

<?php
 
session_start();
 
require("config.php");
require("functions.php");
 
$db = mysql_connect($dbhost, $dbuser, $dbpassword);
mysql_select_db($dbdatabase, $db);
 
if(isset($_SESSION['USERNAME']) == FALSE) {
    header("Location: " . $config_basedir . "/login.php?ref=newitem");
}
 
if($_POST['submit']) {
    $validdate = checkdate($_POST['month'], $_POST['day'], $_POST['year']);
 
    if($validdate == TRUE) {
        $concatdate = $_POST['year']
            . "-" . sprintf("%02d", $_POST['day'])
            . "-" . sprintf("%02d", $_POST['month'])
            . " " . $_POST['hour']
            . ":" . $_POST['minute']
            . ":00";
 
            $itemsql = "INSERT INTO thompson_items(user_id, cat_id, name, starting_price, description, dateends) VALUES("
            . $_SESSION['USERID']
            . ", " . $_POST['cat']
            . ", '" . addslashes($_POST['name'])
            . "', " . addslashes($_POST['price'])
            . ", '" . addslashes($_POST['description'])
            . "', " . addslashes($_POST['dateends'])
            . "');";
    
        mysql_query($itemsql);
        $itemid = mysql_insert_id();
    
        header("Location: " . $config_basedir . "/addimages.php?id=" . $itemid);
    }
    else {
        header("Location: " . $config_basedir . "/newitem.php?error=date");     
    }
}
else {
    require("header.php");
?>
<h1>Add a new item</h1>
    <strong>Step 1</strong> - Add your item details.
    <p>
    <?php
        switch($_GET['error']) {
            case "date":
                echo "<strong>Invalid date - please choose another!</strong>";
            break;
        }
    ?>
    </p>    
    <form action="<?php echo pf_script_with_get($SCRIPT_NAME); ?>" method="post">
    <table>
    <?php
        $catsql = "SELECT * FROM thompson_categories ORDER BY category;";
        $catresult = mysql_query($catsql);
    ?>
        <tr>
            <td>Category</td>
            <td>
            <select name="cat">
            <?php
            while($catrow = mysql_fetch_assoc($catresult)) {
                echo "<option value='" . $catrow['id'] . "'>" . $catrow['category'] . "</option>";
            }
            ?>
            </select>
            </td>
        </tr>
    <tr>
        <td>Item name</td>
        <td><input type="text" name="name"></td>
    </tr>
    <tr>
        <td>Item description</td>
        <td><textarea name="description" rows="10" cols="50"></textarea></td>
    </tr>
    <tr>
        <td>Ending date</td>
        <td>
        <table>
            <tr>
                <td>Day</td>
                <td>Month</td>
                <td>Year</td>
                <td>Hour</td>
                <td>Minute</td>
            </tr>
            <tr>
                <td>
                <select name="day">
                <?php
                    for($i=1;$i<=31;$i++) {
                        echo "<option>" . $i . "</option>";
                    }
                ?>
                </select>
                </td>
                <td>
                <select name="month">
                <?php
                    for($i=1;$i<=12;$i++) {
                        echo "<option>" . $i . "</option>";
                    }
                ?>
                </select>
                </td>
                <td>
                <select name="year">
                <?php
                    for($i=2005;$i<=2008;$i++) {
                        echo "<option>" . $i . "</option>";
                    }
                ?>
                </select>
                </td>
                <td>
                <select name="hour">
                <?php
                    for($i=0;$i<=23;$i++) {
                        echo "<option>" . sprintf("%02d",$i) . "</option>";
                    }
                ?>
                </select>
                </td>
                <td>
                <select name="minute">
                <?php
                    for($i=0;$i<=60;$i++) {
                        echo "<option>" . sprintf("%02d",$i)  . "</option>";
                    }
                ?>
                </select>
                </td>
            </tr>
        </table>        
        </td>
    </tr>
    <tr>
        <td>Price</td>
        <td><?php echo $config_currency; ?><input type="text" name="price"></td>
    </tr>
    <tr>
        <td></td>
        <td><input type="submit" name="submit" value="Post!"></td>
    </tr>
    </table>
    </form>
 
The only problem I have with this is the auction date doesn't seem to make it into the database and I end up with no entry in the date. As I am relatively new I can't see why its not going over and, after looking over it for about 3 days :banghead:, I've decided I could do with some slight push into the right way!

I've also got an issue with the registration form which is starting to get me down also!! Ive got the following form which works as in it inserts into the database, the only problem is the verification email never makes it to the email address that is supplied.

Code: Select all

<?php
 
session_start();
 
require("config.php");
 
$db = mysql_connect($dbhost, $dbuser, $dbpassword);
mysql_select_db($dbdatabase, $db);
 
if($_POST['submit']) {
    if($_POST['password1'] == $_POST['password2']) {
        $checksql = "SELECT * FROM thompson_users WHERE username = '" . $_POST['username'] . "';";
        $checkresult = mysql_query($checksql);
        $checknumrows = mysql_num_rows($checkresult);
        
        if($checknumrows == 1) {
            header("Location: " . $config_basedir . "register.php?error=taken");    
        }
        else {
            for($i = 0; $i < 16; $i++) {
                $randomstring .= chr(mt_rand(32,126));
            }
 
            $verifyurl = "http://www.csesalford.com/ssp07/php/assignment/verify.php";
            $verifystring = urlencode($randomstring);
            $verifyemail = urlencode($_POST['email']);
            $validusername = $_POST['username'];
 
            $sql = "INSERT INTO thompson_users(username, password, email, verifystring, active) VALUES('"
                . $_POST['username']
                . "', '" . $_POST['password1']
                . "', '" . $_POST['email']
                . "', '" . addslashes($randomstring)
                . "', 0);";
            echo $sql;
            mysql_query($sql);
                                                
$mail_body=<<<_MAIL_
 
Hi $validusername,
 
Please click on the following link to verify you new account:
 
$verifyurl?email=$verifyemail&verify=$verifystring
 
_MAIL_;
            
            mail($_POST['email'], $config_forumsname . " User verification", $mail_body);
 
            require("header.php");
            echo "A link has been emailed to the address you entered. Please follow the link in the email to validate your account.";           
        }
    }
    else {
        header("Location: " . $config_basedir . "register.php?error=pass");
    }
}
else {
    require("header.php");
    
    switch($_GET['error']) {
        case "pass":
            echo "Passwords do not match!";
        break;
 
        case "taken":
            echo "Username taken, please use another.";
        break;
 
        case "no":
            echo "Incorrect login details!";
        break;
 
    }
?>
    <h2>Register</h2>
    To register on the <?php echo $config_forumsname; ?> site, fill in the form below.
    <form action="<?php echo $SCRIPT_NAME ?>" method="POST">
    <table>
    <tr>
        <td>Username</td>
        <td><input type="text" name="username"></td>
    </tr>
    <tr>
        <td>Password</td>
        <td><input type="password" name="password1"></td>
    </tr>
    <tr>
        <td>Password (again)</td>
        <td><input type="password" name="password2"></td>
    </tr>
    <tr>
        <td>Email</td>
        <td><input type="text" name="email"></td>
    </tr>
    <tr>
        <td></td>
        <td><input type="submit" name="submit" value="Register!"></td>
    </tr>
    </table>
    </form>
 
<?php
}
 
require("footer.php");
 
?>
Like i said before everything is entered into the database including the verify string, but no email makes it to the users account (I have tried it with 3 different email addresses!) If anyone could give me any help or any general push in the right direction, I would forever be in your debt!!

Cheers.
Post Reply