Hi. These pages are filled with updates for PHPauction GPL script versions and news about scripts in general. If you have anything to contribute, send it to phpauction@johnrayfield.com All submissions are subject to my personal discretion regarding whether they should be edited or displayed here. This website comes with no warranty, yada yada yada. Enjoy! ;) The PHPAuction GPL 2.51 Enhanced script is available here.

Possible SQL injection vulnerability in GPL 2.51 Apparently some of the php files do not sanitize the database input properly. More info is available from Google. If anybody has a patch, send it to phpauction@johnrayfield.com Patch available for PHPAuction 2.51 GPL Enhanced There has been a major security bug in PHPAuction, this is the official patch that allows one to run the script with "register_globals" turned off. Any PHPAuction 2.51 script downloaded from this site before 08-22-08 needs to have the patch applied. The PHPAuction 2.51 download available from this website has the patch applied, and should be good to go. Please report any bugs in the forum or contact the administrator via email. Download the PHPAuction GPL 2.51 Enhanced Patch Paths problem. Q: I have followed steps in 1read_me...txt then have i run auction/admin/install.php In install4.php (2 errors - can't find config.inc.php + password.inc.php) i have tryed to set up it, but nothing has worked for me. -=-=- A: Sounds like you have your paths set wrong. PHPauction works best in a folder right off your webroot called /auction/ Check your config files and make sure the paths match the paths on your server. Script showing $0.00 bids problem (version 2.51) There is a problem with double quotes in 2.51 that causes some bids to show as $0.00 even when they are higher. The problem is on line number 22 in the file bid.php. Change the following code: $query = "select bid from PHPAUCTION_bids where auction=\"$id\""; should be $query = "select bid from PHPAUCTION_bids where auction='$id' "; How can I require users to log in before viewing the auctions? (version 2.51) If you would like to require users to log in before viewing your auctions, insert the following code into index.php at the appropriate place: #// Force user login if(!isset($_SESSION["PHPAUCTION_LOGGED_IN"])) { $_SESSION["REDIRECT_AFTER_LOGIN"]= "index.php"; Header("Location: user_login.php"); exit; } Install problems and register_globals (version 2.51) If you try to install and get the following error message followed by some line numbers: "Warning fopen(config.inc.tmp) [function.fopen] failed to open stream. No such file or directory in /home/thatsmy1/public_html/austion/admin/install4.php" make sure that "register_globals" is set to ON in php.ini. Sometimes you can add the line register_globals=on to your .htaccess file and alter the setting yourself, otherwise you may need to contact your host. Pages 1

PHPauction GPL Enhanced 2.51 Updates

Free download of a PHP auction script.