WeBid Bug Tracking

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000347WeBidBiddingpublic2011-10-27 15:172012-12-10 20:59
Reporterismith 
Assigned To 
PriorityimmediateSeverityminorReproducibilityhave not tried
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version1.0.3 
Target VersionFixed in Version1.1.0 
Summary0000347: Bug Report - Users Maximum bid visible to all bidders
DescriptionNot sure if this has been reported before..., couldn't find it in a search.



If a user visits their "YourBids.php" page, in addition to their bids, they see the high bidders maximum proxy bid. So now any user who has been outbid, knows exactly how much they need to rebid to be top bidder on the auction.



My solution was to simply comment out the line in YourBids.php that makes this info visible.



'PROXYBID' => (isset($row['proxybid']) && $row['proxybid'] > $row['bid']) ? $system->print_money($row['proxybid'], true, false, false) : ''



You may be able to modify the line so that the bidder only sees their own proxy bids.
TagsNo tags attached.
import_id351
Thread
Attached Files

- Relationships

-  Notes
(0000984)
shaav (viewer)
2012-10-15 23:46
edited on: 2012-10-16 00:01

Can confirm in 1.0.4 and I think it deserves a higher priority as it really compromises proxy bidding confidentiality.

If Bidder1 entered a bid of $100 and Bidder2 entered a bid of $50; on Bidder2's list of active actions, the auction will be highlighted as "outbid" and Bidder2 will show $50/$100 i.e. Bidder2's proxybid over Bidder1's proxybid.

The problematic code is the first sql query right at the top of yourbids.php:

[PHP]// get active bids for this user
$query = "SELECT a.current_bid, a.id, a.title, a.ends, b.bid, b.quantity, p.bid As proxybid FROM " . $DBPrefix . "bids b
        LEFT JOIN " . $DBPrefix . "auctions a ON (a.id = b.auction)
        LEFT JOIN " . $DBPrefix . "proxybid p ON (p.itemid = a.id)
        WHERE a.closed = 0 AND b.bidder = " . $user->user_data['id'] . "
        AND a.bn_only = 'n' ORDER BY a.ends ASC, b.bidwhen DESC";[/PHP]

This merely pulls the highest proxybid for the item, regardless of userid. !!

My solution was to add an IF statment to the SELECT:
[PHP]// get active bids for this user
$query = "SELECT a.current_bid, a.id, a.title, a.ends, b.bid, b.quantity, IF(p.userid=b.bidder,p.bid,'') As proxybid FROM " . $DBPrefix . "bids b
        LEFT JOIN " . $DBPrefix . "auctions a ON (a.id = b.auction)
        LEFT JOIN " . $DBPrefix . "proxybid p ON (p.itemid = a.id)
        WHERE a.closed = 0 AND b.bidder = " . $user->user_data['id'] . "
        AND a.bn_only = 'n' ORDER BY a.ends ASC, b.bidwhen DESC";[/PHP]

This allows the user to see their highest/current bid on the auctions they are currently winning.
(0000985)
nay27uk (reporter)
2012-10-16 13:12
edited on: 2012-10-16 13:15

This is not realy a bug lads so is being moved to the general suport forum. a bug is only a bug when it has been discused in the forums and proven to be a bug.

Ok I dont seem to be able to move it to the general support forum so please repost this in the general support forums so as it can be confirmed a bug.

Thanks
(0000986)
pani100 (reporter)
2012-10-16 22:22
edited on: 1970-01-01 00:00

Duplicate unsolved and ongoing issue as per thishttp://www.webidsupport.com/forums/project.php?issueid=275" [^" title="]]http://www.webidsupport.com/forums/project.php?issueid=275[/URL] [^]
Lets bump this up (won't change anything anyway) and have a closer look at what is causing us to see other bidders highest proxy bids and then go and under cut them the last minute.
(0001005)
renlok (administrator)
2012-12-10 17:36
edited on: 1970-01-01 00:00

not sure why I did that easiest fix is just remove the line from the template, anyway fixed for next release
(0001006)
nay27uk (reporter)
2012-12-10 20:59
edited on: 1970-01-01 00:00

Ha ha you keep beating me ren fixed also in SP1

- Issue History
Date Modified Username Field Change
2015-04-01 13:17 renlok New Issue
2015-04-01 13:17 renlok import_id => 351
2015-04-01 13:17 renlok Date Submitted 2015-04-01 13:17 => 2011-10-27 15:17
2015-04-01 13:17 renlok Last Update 2015-04-01 13:17 => 2012-12-10 20:59


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker