W pierwszym postąpieniu, skrypt akceptuje nizsza cene niz w ofercie, nastepnie juz tylko wieksze. Dlaczego?



[PHP] pobierz, plaintext 
  1.  
  2.  
  3. <?php
  4.  
  5. session_start();
  6.  
  7. include("config.php");
  8. include("functions.php");
  9.  
  10. $db = mysql_connect($dbhost, $dbuser, $dbpassword);
  11. mysql_select_db($dbdatabase, $db);
  12.  
  13. $validid = pf_validate_number($_GET['id'], "redirect", $config_basedir);
  14.  
  15. if($_POST['submit']) {
  16.  
  17. 	if(is_numeric($_POST['bid']) == FALSE) {
  18. 		header("Location: " . $config_basedir . "itemdetails.php?id=" . $validid . "&error=letter");
  19. 	}
  20.  
  21. 	$theitemsql = "SELECT * FROM items WHERE id = " . $validid . ";";
  22. 	$theitemresult = mysql_query($theitemsql);
  23. 	$theitemrow = mysql_fetch_assoc($theitemresult);
  24.  
  25. 	$checkbidsql = "SELECT item_id, max(amount) AS highestbid, count(id) AS number_of_bids FROM bids WHERE item_id=" . $validid . " GROUP BY item_id;";
  26. 	$checkbidresult = mysql_query($checkbidsql);
  27. 	$checkbidnumrows = mysql_num_rows($checkbidresult);
  28.  
  29. 	if($checkbidnumrows == 0) {
  30. 		if($theitemrow['startingprice'] > $_POST['bid']) {
  31. 			header("Location: " . $config_basedir . "itemdetails.php?id=" . $validid . "&error=lowprice#bidbox");
  32. 		}
  33. 	}
  34. 	else {
  35. 		$checkbidrow = mysql_fetch_assoc($checkbidresult);
  36.  
  37. 		if($checkbidrow['highestbid'] > $_POST['bid']) {
  38. 			header("Location: " . $config_basedir . "itemdetails.php?id=" . $validid . "&error=lowprice#bidbox");
  39. 		}
  40. 	}
  41.  
  42. 	$inssql = "INSERT INTO bids(item_id, amount, user_id) VALUES("
  43. 		. $validid
  44. 		. ", " . $_POST['bid']
  45. 		. ", " . $_SESSION['USERID']
  46. 		. ");";
  47. 	mysql_query($inssql);
  48.  
  49. 	header("Location: " . $config_basedir . "itemdetails.php?id=" . $validid);
  50. }
  51. else {
  52.  
  53. 	require("header.php");
  54.  
  55. 	$itemsql = "SELECT UNIX_TIMESTAMP(dateends) AS dateepoch, items.* FROM items WHERE id = " . $validid . ";";
  56. 	$itemresult = mysql_query($itemsql);
  57.  
  58. 	$itemrow = mysql_fetch_assoc($itemresult);
  59.  
  60. 	$nowepoch = mktime();
  61. 	$rowepoch = $itemrow['dateepoch'];
  62.  
  63. 	if($rowepoch > $nowepoch) {
  64. 		$VALIDAUCTION = 1;
  65. 	}
  66.  
  67. 	echo "<h1>" . $itemrow['name'] . "</h1>";
  68.  
  69. 	$imagesql = "SELECT * FROM images WHERE item_id = " . $validid . ";";
  70. 	$imageresult = mysql_query($imagesql);
  71. 	$imagenumrows = mysql_num_rows($imageresult);
  72.  
  73. 	$bidsql = "SELECT item_id, MAX(amount) AS highestbid, COUNT(id) AS number_of_bids FROM bids WHERE item_id=" . $validid . " GROUP BY item_id;";
  74. 	$bidresult = mysql_query($bidsql);
  75. 	$bidnumrows = mysql_num_rows($bidresult);
  76.  
  77. 	echo "<p>";
  78.  
  79. 	if($bidnumrows == 0) {
  80. 		echo "<strong>This item has had no bids</strong> - <strong>Starting Price</strong>: " . $config_currency . sprintf('%.2f', $itemrow['startingprice']);
  81. 	}
  82. 	else {
  83. 		$bidrow = mysql_fetch_assoc($bidresult);
  84. 		echo "<strong>Number Of Bids</strong>: " . $bidrow['number_of_bids'] . " - <strong>Current Price</strong>: " . $config_currency . sprintf('%.2f', $bidrow['highestbid']);
  85. 	}
  86.  
  87. 	echo " - <strong>Auction ends</strong>: " . date("D jS F Y g iA", $rowepoch);
  88.  
  89. 	echo "</p>";
  90.  
  91. 	if($imagenumrows == 0) {
  92. 		echo "No images.";
  93. 	}
  94. 	else {
  95. 		while($imagerow = mysql_fetch_assoc($imageresult)) {
  96. 			echo "<img src='./images/" . $imagerow['name'] ."' width='200'>";
  97. 		}
  98. 	}
  99.  
  100. 	echo "<p>" . nl2br($itemrow['description']) . "</p>";
  101.  
  102. 	echo "<a name='bidbox'></a>";
  103. 	echo "<h2>Bid for this item</h2>";
  104.  
  105. 	if(isset($_SESSION['USERNAME']) == FALSE) {
  106. 		echo "To bid, you need to log in. Login <a href='login.php?id=" . $validid . "&ref=addbid'>here</a>.";
  107. 	}
  108. 	else {
  109. 		if($VALIDAUCTION == 1) {
  110. 			echo "Enter the bid amount into the box below.";
  111. 			echo "<p>";
  112.  
  113. 			switch($_GET['error']) {
  114. 				case "lowprice":
  115. 					echo "The bid entered is too low. Please enter another price.";
  116. 				break;
  117.  
  118. 				case "letter":
  119. 					echo "The value entered is not a number.";
  120. 				break;
  121. 			}
  122.  
  123. ?>
  124.  
  125. 			<form action="<?php echo pf_script_with_get($SCRIPT_NAME); ?>" method="post">
  126. 			<table>
  127. 			<tr>
  128. 				<td><input type="text" name="bid"></td>
  129. 				<td><input type="submit" name="submit" value="Bid!"></td>
  130. 			</tr>
  131. 			</table>
  132. 			</form>
  133.  
  134. <?php
  135. 		}
  136. 		else {
  137. 			echo "This auction has now ended.";
  138. 		}
  139.  
  140. 		$historysql = "SELECT bids.amount, users.username FROM bids, users WHERE bids.user_id = users.id AND item_id = " . $validid . " ORDER BY amount DESC";
  141. 		$historyresult = mysql_query($historysql);
  142. 		$historynumrows = mysql_num_rows($historyresult);
  143.  
  144. 		if($historynumrows >= 1) {
  145. 			echo "<h2>Bid History</h2>";
  146. 			echo "<ul>";
  147.  
  148. 			while($historyrow = mysql_fetch_assoc($historyresult)) {
  149. 				echo "<li>" . $historyrow['username'] . " - " . $config_currency . sprintf('%.2f', $historyrow['amount']) . "</li>";
  150. 			}
  151.  
  152. 		echo "</ul>";
  153. 		}
  154. 	}
  155. }
  156.  
  157. require("footer.php");
  158.  
  159. ?>
  160.  
  161.  
  162.  
  163.  
[PHP] pobierz, plaintext