diff --git a/functions.php b/functions.php
index 56b67a6..0004ba5 100644
--- a/functions.php
+++ b/functions.php
@@ -84,7 +84,51 @@ function getFirstAllMatches($tableName, $constraintCol, $constraint) {
return executeAllQuery($tableName, $constraintCol, $constraint)->fetch();
}
+function imageUpload($name) {
+ $imgDir = 'public/images/auctions/';
+ $file = $imgDir . $name;
+ $okFlag = true;
+ $fileType = strtolower($_FILES['auctionImg']['type']);
+ //check if file is actually an image
+ if(isset($_POST['submit'])) {
+ $sizeCheck = getimagesize($_FILES['auctionImg']['tmp_name']);
+ if (!$sizeCheck) {
+ $okFlag = false;
+ echo 'not an image';
+ }
+ }
+ //check if file exists
+ if(file_exists($file)) {
+ $okFlag = false;
+ echo 'already exists';
+ }
+ if($_FILES['auctionImg']['size'] > 10000000) {
+ $okFlag = false;
+ echo 'too big';
+ }
+
+ //check filetypes
+ $types = array('image/jpg','image/png','image/jpeg','image/gif');
+ if(!in_array($fileType, $types)) {
+ $okFlag = false;
+ echo 'wrong type';
+ }
+
+ if($okFlag) {
+ if (move_uploaded_file($_FILES['auctionImg']['tmp_name'], '../../'.$file)) {
+ return true;
+ }
+ else {
+ echo 'There was an error uploading your image
';
+ return false;
+ }
+ }
+ else {
+ echo 'There was an error uploading your image
';
+ return false;
+ }
+}
?>
\ No newline at end of file
diff --git a/public/account/addAuction.php b/public/account/addAuction.php
index 2c4f669..32568c7 100644
--- a/public/account/addAuction.php
+++ b/public/account/addAuction.php
@@ -10,31 +10,34 @@ if (!isset($_SESSION['loggedin'])) {
require_once '../../functions.php';
$pageContent = 'Add auction
-';
require '../../layout.php';
if (isset($_POST['submit'])) {
- $user = getFirstAllMatches('users', 'user_id', $_SESSION['loggedin']);
+ if(imageUpload($_POST['title'].$_POST['endDate'])) {
+ $user = getFirstAllMatches('users', 'user_id', $_SESSION['loggedin']);
- $pdo = startDB();
- $stmt = $pdo->prepare('INSERT INTO auction (title, description, endDate, categoryId, email)
- VALUES (:title, :description, :endDate, :categoryID, :email)');
- $values = [
- 'title' => $_POST['title'],
- 'description' => $_POST['description'],
- 'endDate' => $_POST['endDate'],
- 'categoryID' => intval($_POST['category']),
- 'email' => $user['email']
- ];
- $stmt->execute($values);
- echo 'Successful Post
';
+ $pdo = startDB();
+ $stmt = $pdo->prepare('INSERT INTO auction (title, description, endDate, categoryId, email, imgUrl)
+ VALUES (:title, :description, :endDate, :categoryID, :email, :imgUrl)');
+
+ $values = [
+ 'title' => $_POST['title'],
+ 'description' => $_POST['description'],
+ 'endDate' => $_POST['endDate'],
+ 'categoryID' => intval($_POST['category']),
+ 'email' => $user['email'],
+ 'imgUrl' => 'public/images/auctions/'.$_POST['title'].$_POST['endDate']
+ ];
+ $stmt->execute($values);
+ echo 'Successful Post
';
+ }
}
-
-
?>
\ No newline at end of file
diff --git a/public/account/editAuction.php b/public/account/editAuction.php
index f8de26d..0dbffc0 100644
--- a/public/account/editAuction.php
+++ b/public/account/editAuction.php
@@ -8,26 +8,31 @@ $pdo = startDB();
$listing = getListing();
$pageContent = 'Edit Auction
-';
require '../../layout.php';
if(isset($_POST['submit'])) {
- $stmt = $pdo->prepare('UPDATE auction SET title = :title, categoryId = :categoryId, endDate = :endDate, description = :description WHERE listing_id = :listing_id');
- $values = [
- 'title' => $_POST['title'],
- 'categoryId' => intval($_POST['category']),
- 'endDate' => $_POST['endDate'],
- 'description' => $_POST['description'],
- 'listing_id' => $listing['listing_id']
- ];
- $stmt->execute($values);
- echo '';
+ if(imageUpload($_POST['title'].$_POST['endDate'])) {
+
+ $stmt = $pdo->prepare('UPDATE auction SET title = :title, categoryId = :categoryId, endDate = :endDate, description = :description, imgUrl = :imgUrl WHERE listing_id = :listing_id');
+ $values = [
+ 'title' => $_POST['title'],
+ 'categoryId' => intval($_POST['category']),
+ 'endDate' => $_POST['endDate'],
+ 'description' => $_POST['description'],
+ 'listing_id' => $listing['listing_id'],
+ 'imgUrl' => 'public/images/auctions/'.$_POST['title'].$_POST['endDate']
+ ];
+ $stmt->execute($values);
+ echo '';
+ }
}
?>
\ No newline at end of file
diff --git a/public/admin/editCategory.php b/public/admin/editCategory.php
index 4b07bd1..1841c1f 100644
--- a/public/admin/editCategory.php
+++ b/public/admin/editCategory.php
@@ -3,10 +3,11 @@ session_start();
$pageTitle = '';
$stylesheet = '../assets/ibuy.css';
require_once '../../functions.php';
+$cat = getFirstAllMatches('category', 'category_id', $_GET['category_id']);
adminCheck();
$pageContent = ' Edit Category
';
require '../../layout.php';
diff --git a/public/images/auctions/asdasdasd2022-11-30 b/public/images/auctions/asdasdasd2022-11-30
new file mode 100644
index 0000000..d6fab76
Binary files /dev/null and b/public/images/auctions/asdasdasd2022-11-30 differ
diff --git a/public/index.php b/public/index.php
index 8e59a2d..997d4c5 100644
--- a/public/index.php
+++ b/public/index.php
@@ -24,6 +24,7 @@ function populateList($category) {
$stmt = $pdo->prepare('SELECT * FROM auction WHERE endDate > "'. date("Y-m-d H:i:s"). '" ORDER BY endDate ASC');
$stmt->execute();
$listings = $stmt->fetchAll();
+ $count = 10;
}
else {
$stmt = $pdo->prepare('SELECT * FROM auction WHERE categoryId = (SELECT category_id FROM category WHERE name = :listing_category)');
@@ -39,7 +40,7 @@ function populateList($category) {
$bid = getFirstMatch('bids','MAX(amount)', 'listing_id', $listing['listing_id']);
$output .= '
- 
+ 
'. $listing['title'] .'
'. $listing['categoryId'] .'
@@ -48,6 +49,14 @@ function populateList($category) {
More >>
';
+
+ if ($category === 'Latest Listings') {
+ $count -= 1;
+ if ($count <= 0) {
+ break;
+ }
+ }
+
}
return $output;
}
diff --git a/todo.txt b/todo.txt
new file mode 100644
index 0000000..8827b91
--- /dev/null
+++ b/todo.txt
@@ -0,0 +1,3 @@
+//TODO: upload images
+//TODO: Delete auction button on the editAuction page;
+//TODO: userReviews, addAdmin, manageAdmin, search
\ No newline at end of file