time()) || !$bid['end_date']) $bid['end_show'] = 1;
if($bid['start_show'] && $bid['end_show']) {
//verify or delete given hash
if(!(strpos($_SERVER['REQUEST_URI'],'hash=') === false)) {
if(isset($_GET['hash'])) {
$bid['get_hash'] = $_GET['hash'];
} else {
list($bid['part1'], $bid['get_hash']) = explode('hash=', trim($_SERVER['REQUEST_URI']));
}
$bid['do'] = strtolower(substr($bid['get_hash'], 0, 1));
$bid['get_hash'] = substr($bid['get_hash'], 1);
if($bid['do'] == 'v') {
//verify bid
$bid['sql'] = "UPDATE ".DB_PREPEND."phpwcms_bid SET ";
$bid['sql'] .= "bid_verified='1' WHERE bid_hash='".aporeplace($bid['get_hash']);
$bid['sql'] .= "' AND bid_verified=0 LIMIT 1;";
$bid['form'] = $bid['verified'];
}
if($bid['do'] == 'd') {
//delete bid
$bid['sql'] = "DELETE FROM ".DB_PREPEND."phpwcms_bid ";
$bid['sql'] .= "WHERE bid_hash='".aporeplace($bid['get_hash'])."' LIMIT 1;";
$bid['form'] = $bid['notverified'];
}
mysql_query($bid['sql'], $db);
}
$CNT_TMP .= headline($crow["acontent_title"], $crow["acontent_subtitle"], $template_default["article"]);
$CNT_TMP .= $bid['before'];
if($bid['start_date']) {
$bid['text'] = preg_replace('/###BID_START:(.*?)###/e', "date('$1',\$bid['start_date'])", $bid['text']);
} else {
$bid['text'] = preg_replace('/###BID_START:(.*?)###/', '∞', $bid['text']);
}
if($bid['end_date']) {
$bid['text'] = preg_replace('/###BID_END:(.*?)###/e', "date('$1',\$bid['end_date'])", $bid['text']);
} else {
$bid['text'] = preg_replace('/###BID_END:(.*?)###/', '∞', $bid['text']);
}
//bid form start values
$bid['post_email'] = '';
$bid['post_amount'] = $bid['startbid'];
$bid['post_error'] = 0;
$bid['amount'] = $bid['startbid'];
// first check for all available related bid entries
$bid['sql'] = "SELECT * FROM ".DB_PREPEND."phpwcms_bid WHERE bid_cid=";
$bid['sql'] .= $crow["acontent_id"]." AND bid_verified=1 AND bid_trashed=0 ORDER BY bid_amount DESC LIMIT 1";
if($bid['result'] = mysql_query($bid['sql'], $db)) {
if($bid['row'] = mysql_fetch_assoc($bid['result'])) {
if($bid['post_amount'] < $bid['row']['bid_amount']) $bid['post_amount'] = $bid['row']['bid_amount'];
$bid['amount'] = $bid['row']['bid_amount'];
}
if(!$bid['amount']) $bid['amount'] = $bid['startbid'];
mysql_free_result($bid['result']);
}
if(isset($_POST['bid_email']) && isset($_POST['bid_amount'])) {
$bid['post_email'] = clean_slweg(remove_unsecure_rptags($_POST['bid_email']));
$bid['post_amount'] = clean_slweg(remove_unsecure_rptags($_POST['bid_amount']));
$bid['post_amount'] = str_replace('.', '', $bid['post_amount']);
$bid['post_amount'] = str_replace(',', '.', $bid['post_amount']);
$bid['post_amount'] = floatval($bid['post_amount']);
if(!is_valid_email($bid['post_email']) || !$bid['post_email']) $bid['post_error'] = 1;
if(!$bid['post_amount']) $bid['post_error'] = 1;
if(!$bid['post_error']) {
$bid['hash'] = md5($bid['post_email'].time());
$bid['sql'] = "INSERT INTO ".DB_PREPEND."phpwcms_bid SET ";
$bid['sql'] .= "bid_cid='".$crow["acontent_id"]."', ";
$bid['sql'] .= "bid_email='".aporeplace($bid['post_email'])."', ";
$bid['sql'] .= "bid_hash='".$bid['hash']."', ";
$bid['sql'] .= "bid_amount='".$bid['post_amount']."';";
//if(mysql_query($bid['sql'], $db) OR die(''.$bid['sql'].'
'));
mysql_query($bid['sql'], $db);
//send validation
include_once('include/inc_ext/phpmailer/class.phpmailer.php');
$bid_mailer = new PHPMailer();
$bid_mailer->SetLanguage('en', 'include/inc_ext/phpmailer/language/');
$bid_mailer->Mailer = $phpwcms['SMTP_MAILER'];
$bid_mailer->From = $bid['emailfrom'];
$bid_mailer->FromName = $bid['emailfromname'];
$bid_mailer->AddAddress($bid['post_email']);
$bid_mailer->CharSet = $phpwcms["charset"];
$bid_mailer->Subject = ($crow["acontent_title"]) ? $crow["acontent_title"] : 'bid validation';
list($bid["uri"], $bid["query"]) = explode('?', $_SERVER['REQUEST_URI']);
$bid['url'] = preg_replace('/\/$/', '', $phpwcms['site']);
//$bid['url'] .= ($phpwcms["root"]) ? "/".$phpwcms["root"] : '';
$bid['url'] = preg_replace('/\/$/', '', $bid['url']).$bid["uri"];
$bid["delurl"] = '';
if($bid["query"]) $bid["delurl"] = $bid["query"].'&';
$bid["delurl"] = $bid['url'].'?'.$bid["delurl"].'hash=D'.$bid['hash'];
$bid["verifyurl"] = '';
if($bid["query"]) $bid["verifyurl"] = $bid["query"].'&';
$bid["verifyurl"] = $bid['url'].'?'.$bid["verifyurl"].'hash=V'.$bid['hash'];
if($bid["query"]) $bid['url'].'?'.$bid["query"];
$bid["emailmsg"] = str_replace('###BID_URL###', $bid['url'], $bid["emailmsg"]);
$bid["emailmsg"] = str_replace('###VERIFY_LINK###', $bid["verifyurl"], $bid["emailmsg"]);
$bid["emailmsg"] = str_replace('###DELETE_LINK###', $bid["delurl"], $bid["emailmsg"]);
$bid["emailmsg"] = str_replace('###EMAIL###', $bid['post_email'], $bid["emailmsg"]);
$bid["emailmsg"] = str_replace('###BID###', number_format($bid['post_amount'], 2, ',', '.'), $bid["emailmsg"]);
$bid["emailmsg"] = str_replace('###START_BID###', number_format($bid['startbid'], 2, ',', '.'), $bid["emailmsg"]);
if($bid['start_date']) {
$bid["emailmsg"] = preg_replace('/###BID_START:(.*?)###/e', "date('$1',\$bid['start_date'])", $bid["emailmsg"]);
} else {
$bid["emailmsg"] = preg_replace('/###BID_START:(.*?)###/', '-', $bid["emailmsg"]);
}
if($bid['end_date']) {
$bid["emailmsg"] = preg_replace('/###BID_END:(.*?)###/e', "date('$1',\$bid['end_date'])", $bid["emailmsg"]);
} else {
$bid["emailmsg"] = preg_replace('/###BID_END:(.*?)###/', '-', $bid["emailmsg"]);
}
$bid_mailer->Body = $bid["emailmsg"];
if(strtolower($phpwcms['SMTP_MAILER']) == 'smtp') {
$bid_mailer->Port = (!$phpwcms['SMTP_PORT']) ? 25 : $phpwcms['SMTP_PORT'];
$bid_mailer->Host = $phpwcms['SMTP_HOST'];
$bid_mailer->SMTPAuth = $phpwcms['SMTP_AUTH'];
$bid_mailer->Username = $phpwcms['SMTP_USER'];
$bid_mailer->Password = $phpwcms['SMTP_PASS'];
}
if(!$bid_mailer->Send()) {
$bid['form'] = 'Mail-Error: '.html_specialchars($bid['post_email'].' ('.$bid_mailer->ErrorInfo).')
';
} else {
$bid['form'] = $bid["sent"];
}
unset($bid_mailer);
}
}
$bid['text'] = str_replace('###BID_CURRENT###', number_format($bid['amount'], 2, ',', '.'), $bid['text']);
$bid['text'] = str_replace('###START_BID###', number_format($bid['startbid'], 2, ',', '.'), $bid['text']);
if($bid['image_cname']) {
$bid['image_cname'] = '
';
if($bid['image_zoom']) {
$open_popup_link = 'image_zoom.php?'.getClickZoomImageParameter($bid['image_prev']);
$bid['image_cname'] = '".$bid['image_cname'].'';
}
preg_match('/###BID_IMG:(.*)###/U', $bid['text'], $match);
if(isset($match[1]) && $match[1]) {
$match[1] = strtolower(trim($match[1]));
if($match[1] == 'center') {
$bid['image_cname'] = str_replace('###ALIGN###', '',$bid['image_cname']);
$bid['image_cname'] = ''.$bid['image_cname'].'
';
} else {
$bid['image_cname'] = str_replace('###ALIGN###', ' align="'.$match[1].'"',$bid['image_cname']);
}
} else {
$bid['image_cname'] = str_replace('###ALIGN###', '',$bid['image_cname']);
}
}
$bid['text'] = preg_replace('/###BID_IMG:(.*)###/U', $bid['image_cname'], $bid['text']);
if(!$bid['post_error']) {
// remove post form error part
$bid['form'] = preg_replace("/(.*?)/si", '', $bid['form']);
} else {
$bid['form'] = preg_replace("/(.*?)/si", '$1', $bid['form']);
}
$bid['form'] = str_replace('name="###BID_EMAIL###"', 'name="bid_email"', $bid['form']);
$bid['form'] = str_replace('value="###BID_EMAIL###"', 'value="'.html_specialchars($bid['post_email']).'"', $bid['form']);
$bid['form'] = str_replace('name="###BID_AMOUNT###"', 'name="bid_amount"', $bid['form']);
if(!isset($_POST['bid_email']) || !isset($_POST['bid_amount'])) $bid['post_amount'] += $bid['nextbidadd'];
$bid['form'] = str_replace('value="###BID_AMOUNT###"', 'value="'.html_specialchars(number_format($bid['post_amount'],2,',','.')).'"', $bid['form']);
$bid['form'] = '';
$bid['text'] = str_replace('###BID_FORM###', $bid['form'], $bid['text']);
$CNT_TMP .= $bid['text'];
$CNT_TMP .= $bid['after'];
}
unset($bid);
?>