Download & Extend
Ubercart Auction » Issues

Buy Now very broken

Posted by Garrett Albright on February 3, 2009 at 12:42am
Project:Ubercart Auction
Version:6.x-1.x-dev
Component:Code
Category:bug report
Priority:critical
Assigned:Garrett Albright
Status:active

Issue Summary

A tester on the site UC Auction is being developed for seemed to discover a rather nasty bug. When he placed a bid for a product and then used the Buy Now feature, he was only billed for the bid value, not the Buy Now value. With this bug, it's possible for people to "cheat" on auctions by effectively instantly winning it immediately after placing a bid.

Login or register to post comments

Comments

#1

Posted by Garrett Albright on February 3, 2009 at 5:03pm
Title:Bid, then Buy Now; only pay bid price» Buy Now very broken

Actually, it looks like Buy Now is currently allowing anyone to buy an item immediately at the current high bid value. Damn, has that always been the case?

#2

Posted by Garrett Albright on February 3, 2009 at 5:07pm

No, because the problem is some fairly recent code in uc_auction_cart_item() which isn't being implemented very well.

#3

Posted by Garrett Albright on February 3, 2009 at 7:40pm
Status:active» fixed

Fixed, I think.

#4

Posted by System Message on February 17, 2009 at 7:50pm
Status:fixed» closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

#5

Posted by gjerdery on March 9, 2009 at 4:24pm
Status:closed (fixed)» active

After installing the latest edition, from March 8, I still see the behavior described above.

#6

Posted by gjerdery on March 11, 2009 at 1:30pm

Just wanted to note that I believe I'm still seeing this bug after installing the CVS files from HEAD.

Before I applied the code, I had an item in my cart which was showing the BIN price incorrectly (Listed BIN was $10, highest bid amount was $2, and price in my cart was $2). After applying the code, it correctly displayed as $10. However, in testing of subsequent items, the old behavior of the highest previous bid being reported as the BIN price reemerged. Let me know if there is any way I can help troubleshoot.

#7

Posted by gjerdery on October 15, 2009 at 7:28pm

It has been a while since I've had time to work with our uc_auction installation, but it appears that the latest Sept. 26 release still allows a Buy it Now item to be purchased for the high bid price rather than the sent BIN price.

#8

Posted by manta007 on November 6, 2009 at 9:34am

I'm using Ubercart Auction 6.x-1.x-dev. Ifbuy now functionality is enable for a product, then the max bidder can not buy that product after expiring the auction. After auction expiration "Add to cart" button displays for the max bidder. But after clicking on "submit order" button, following message appears.
"Your order could not continue because one of the items you are trying to purchase using the “Buy Now” feature cannot be purchased because it has expired. Please remove the item from your cart to continue.". I don't know why that message appears. Anyone can help me?.......

#9

Posted by manujaasin on December 7, 2009 at 6:36am

Hi,
I also got the same error. When I select the enable buy now function option I got that error at the order review stage (“Your order could not continue because one of the items you are trying to purchase using the “Buy Now” feature cannot be purchased because it has expired. Please remove the item from your cart to continue. ”) Any one can fix this?...........

#10

Posted by arski on November 11, 2010 at 11:08am

There is one really big and *cough* silly bug in here that might be causing all this.. for me it sometimes resulted in the BIN price being taken in the cart even if the auction was actually completed without that function being called by anybody!

See function uc_auction_now_cart_item($op, &$item) { in uc_auction_now.module and replace
$info = db_fetch_array(db_query('SELECT ua.expiry FROM {uc_auction_now} uan INNER JOIN {uc_auction} ua ON uan.nid = ua.nid'));
with
$info = db_fetch_array(db_query('SELECT ua.expiry FROM {uc_auction_now} uan INNER JOIN {uc_auction} ua ON uan.nid = ua.nid WHERE ua.nid = %d', $item->nid));

That way it won't take some random expiry date from some auction, but actually the date for the current item :D

PS. This still isn't a full fix, as it might be possible that somebody does "buy now" in the last seconds of the auction.. and then when he adds the item to cart, the expiry time might pass already, so this function would not consider that as a buy now item and let the user checkout with the highest bid.. which is incorrect obviously.. that's for another day :)

Cheers

#11

Posted by winnie80 on November 23, 2010 at 12:31pm

this is a temporary solution which is removing part of function uc_auction_now_order
at least that is what i've done

try to remove the following lines: from 371 to 384

else {
      // Some of the things the user is trying to Buy Now are not allowed.
      $item_links = '<ul>';
      foreach ($ng as $item) {
        $item_links .= '<li>' . l($node->title, "node/{$node->nid}") . '</li>';
      }
      $item_links .= '</ul>';
      return array(
        array(
          'pass' => FALSE,
          'message' => format_plural(count($ng), 'Your order could not continue because one of the items you are trying to purchase using the &ldquo;Buy Now&rdquo; feature cannot be purchased because it has expired. Please remove the item from <a href="!cart">your cart</a> to continue. The item is:!items', 'Your order could not continue because some of the items you are trying to purchase using the &ldquo;Buy Now&rdquo; feature cannot be purchased because they have expired. Please remove the items from <a href="!cart">your cart</a> to continue. The items are:!items', array('!cart' => url('cart'), '!items' => $item_links)),
        ),
      );
    }

hope this will help you

#12

Posted by sbalmer on December 10, 2010 at 4:13pm

The patch provided by Arski solves the issue for me.

nobody click here