Location: PHPKode > projects > PHPauction > request.php
<?#//v.2.51 Web2035 Auctions
/*

Copyright (c), 1999, 2003 - phpauction.org

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation (version 2 or later).

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

*/
#// Exit if not called by item.php
if(!strstr(basename($HTTP_REFERER),"item.php") && !strstr(basename($HTTP_REFERER),"bidhistory.php")) {
	exit;
}

/* Include messages file & Connect to sql server & inizialize configuration variables */

require('./includes/config.inc.php');
require('./includes/auction_types.inc.php');

require("header.php");
$TIME = mktime(date("H")+$SETTINGS['timecorrection'],date("i"),date("s"),date("m"), date("d"),date("Y"));
$NOW = date("YmdHis",$TIME);
$reqdate = $NOW;
mysql_query ("INSERT INTO PHPAUCTION_request
             (req_auction, req_user, req_text, req_date) values
             ('$reqauction', '$requser', '".strip_tags($reqtext)."','$reqdate')");

$num = mysql_affected_rows();

if ($num > 0) {
	print "<TABLE bgcolor=\"#FFFFFF\"BORDER=0 height=\"140\" WIDTH=\"100%\">
	<TR>
	<TD  ALIGN=Center>
	<A HREF=\"item.php?id=$id\">$MSG_138</A><br><br>
	$std_font
	<B>Message posted</B></FONT></TD>
	</TR>
	</TABLE>
	<br>";
	
	if (!isset($_POST['auction_id']) && !isset($_GET['auction_id'])) {
		$auction_id = $_SESSION["CURRENT_ITEM"];
	} else {
		$_SESSION["CURRENT_ITEM"]=$auction_id;
	}
	
	
	//--Get item description
	
	$query = "select user,title from PHPAUCTION_auctions where id='".AddSlashes($auction_id)."'";
	$result = mysql_query($query);
	if(!$result) {
		MySQLError($query);
		exit;
	}
	
	$seller_id = stripslashes(mysql_result($result,0,"user"));
	$item_title = stripslashes(mysql_result($result,0,"title"));
	
	//--Get seller data
	
	$query = "select nick,email from PHPAUCTION_users where id='".AddSlashes($seller_id)."'";
	$result = mysql_query($query);
	if(!$result) {
		MySQLError($query);
		exit;
	}
	
	$seller_nick = stripslashes(mysql_result($result,0,"nick"));
	$seller_email = stripslashes(mysql_result($result,0,"email"));
	
	
	$query = "select nick,email from PHPAUCTION_users where id='".AddSlashes($requser)."'";
	$result = mysql_query($query);
	if(!$result) {
		MySQLError($query);
		exit;
	}
	$sender_name= stripslashes(mysql_result($result,0,"nick"));
	$sender_email = stripslashes(mysql_result($result,0,"email"));
	$TPL_auction_id = $auction_id;
	
	$TPL_seller_nick_value = $seller_nick;
	$TPL_seller_email_value = $seller_email;
	$sender_name = 	$sender_name;
	$TPL_sender_email_value = $sender_email;
	$TPL_item_title = $item_title;
	$TPL_sender_question = $req_text;
	
	//-- Send e-mail message
	if($_SESSION[PHPAUCTION_LOGGED_IN]<>$seller_id) {
		#// Retrieve user's prefered language
		$USERLANG = @mysql_result(@mysql_query("SELECT language FROM PHPAUCTION_userslanguage WHERE user='".$seller_id."'"),0,"language");
		if(!isset($USERLANG)) $USERLANG = $SETTINGS['defaultlanguage'];		
		include "includes/comment_confirmation.".$USERLANG.".inc.php";
		mail($TO,$SUBJECT,$MESSAGE,$FROM);
	}
} else
print "verification error";

require("footer.php");
?>
Return current item: PHPauction