My review of PHPAuction (the paid version)

The following is my personal experiences with phpauction XL (paid version).

The following will contain issues, coding faults, security issues, bugs, copied code, problems and more. Remember this is my personal experience with phpauction so yours may vary.

The short version:
Phpauction was released in 1999, but 5 years on it still contains much of the original code, bugs and problems. The server side code is weak and poorly written, the client side (html) is html 2 if not older and wouldn't validate to any standards even if the validator were on its last legs. I would not recommend anyone pay the money for this over priced script, but at the end of the day it's your money, do as you wish with it.

The long version:
The phpauction XL script is made up of bad html, messy php, sloppy mysql and cut and pasted inserts from places like php.net.
The source code version of phpauction (XL) is $875 US (I paid $640 US). What's it really worth? You decide.
I started out helping on the unofficial phpauction forum, called auctioncode, run by a guy named Jay. I just helped out answering peopleís problems and pointing out the many faults of the script, offering a few fixes and addons for the versions. This forum doesn't get much input from the people at phpauction.org but to be fair they do pop in every now and then. If you want/need to contact them the best way is via a support ticket, then email, then the forum. But ask at the forums and you may get an answer from someone else that has had a similar problem.
They wonít help on the GPL version and claim top of the line customer support (we'll see some of this later) on the paid versions. One thing they stuck me about their support was they would give one on one support for paid customers (which is a good thing) but wouldn't give anyone else the fix even if it was a general problem.
One of the biggest faults of this script is the bad coding. From what I gather they pay coders to create new bits and they add to the final version. Problem is most of these 'additions' are just thrown on top of whatís there. There are a few pages where certain parts of the code is doubled up, contradicts other bits and some that does nothing at all (I'll get to some examples in a second).

Lets go back to the start for a second, to help you understand why I have placed my review for the world to see.

I purchased the XL version after emailing phpauction.org with several questions - as you do. To their credit the emails were promptly replied to and were friendly as they should be. Once purchased the support went out the window. Take a look at auctioncode.com and see how many people have problems getting replies from phpauction.org. Their excuses range from "we get a lot of emails everyday" to "it must have slipped through the system".

When I purchased the XL version a new release of it was promised by November, then Christmas, then February and I believe it was finally released around Feburary (not 100% sure on that one).
I uploaded and preceded to install the script, I wont bother you with the install problems as they can be seen on auctioncode.com. I will say the lack of folders was a concern; several errors as no folders were set up, I had to manually create them, but to the Joe blogs with no PHP experience this could be daunting. The main problem I had is with trying to run the admin folder. You see most hosts offer some sort of control panel, be it ensiem, cpanel or whatever and most already use a folder called 'admin'. The script conflicted with my host so I was unable to use the default folder, no problem rename it, rename a few paths and bingo, all should work. Well in theory but there is an update option in the admin section where it connects to the phpauction.org site and retrieves updates for the version you have. The problem is it needs to check and download into the admin folder; you can't change the paths as the paths come from their site. So I had this overpriced script to which I could never update.
Another problem is this script uses a key to validate the script. The key must be changed if you rename the folders. Getting this new key took more than one email.

The phpauction site also offers a memberís section on their site. If you pay for the source version you have the option to download the coded version (why, I have no idea). Which reminds me, the year I had the script, even though I brought and paid for the source code version the update feature would only give me the coded versions of any update, so if you had a modified script it would over write what had with a coded version of which you could not change. Now you may be thinking if I couldn't run the admin folder how did I get the updates? Well with a little tinkering I removed the key, removed the security checks and downloaded the files onto my home computer.

So the customer support was really slack, I think at one stage the owner (Gian) actually went away on holiday and then later moved house without leaving anyone in charge. As English is not Gian first language some communication can be a little awkward but this happens. I should also note that since English is not his first language there are many typos and grammar errors throughout the phpauction script. (If you have the coded version these cannot be changed unless requested).

One of the questions I asked before I purchased this script was [quote]With the code using a site key, is it possible to modify the templates/layout etc offline on PC[/quote] Now the phpauction.org websites at the time stated they do not give support for windows. Their answer was [quote]I am not sure whet you do mean by "off line". You will in any case to have Apache/MySQL/PHP running on your local PC. If you'll need a key for your local development environment you can have it for free (if it's localhost or a non-public IP address).[/quote] This answered my question very well with some added information. I proceeded to install it on my windows PC (running Apache/MySQL and PHP) and ran into all sorts of problems. I queried Gian about these problems [quote]I've tried to install the script on my spare pc (win98) and also my servers host and every time I get the same errors (missing folders) and after I create those get the same blank pages.[/quote] and after several days of tooing and fro'ing he comes back and says this script isn't supported on windows. Now this got to me as there is/was even a sentence on their web site stating a method to run the cron on windows machines. So once he got sick of me or didn't want to help anymore, the reply was no support for windows and after I threw up a stink they even changed their website to state no windows support. To think I was responsible for them rewording their site. I can laugh about that now.

So after making some changes to the script and finding bug after bug, problem after problem I put the script aside. I gave up on it. I wanted to make some big layout changes anyway so I picked up the free GPL version (which has even more bugs) and started to recode the entire script. It took me a few months to recode the script but I can proudly say it is all recoded and valid XHTML/CSS, I can also say it's all mine as I ended up dumping just about everything that was there. An example, the XL 2.5 bid page is 785 lines, I wrote my own version and added some security, features and more options and came in at 502 lines.

Lets look at some issues. The bid page for example is very big, the first four lines of code are includes, the next is a database query, I don't want to place to much code on here as to invite hack attempts on any phpauction sites, but lets just say anyone could bring down a site without little effort.

I'll continue this soon

Update:
I have now been banned from auctioncode, no reason given so my guess is because Jay, the owner/operator is an affiliate of phpauction.org selling the code and the truth about the code could be hurting sales. Who really knows.
I know of two sites using the XL script that have been hacked and the members database taken, one was by another auction site, the other email harvestors at a guess as they just spammed the members addresses. Be safe.

I got a newsletter from phpauction.org the other day, quite funny really after all this time, what is even funnier is they are still apologising for bad customer service, well help desk delays to be exact. Check out the forums and you'll see this has been going on for over a year, same ole poop, just different excuses.

Thanks to everyone who has contacted me, sorry if I have not replied, the numbers of emails I am getting from unhappy customers is amazing.
I must also repeat, I will NOT show/tell anyone how to bring down a site running this script, nor will I show/tell how to hack user accounts, so please don't ask.
I have had several requests for fixes and add-ons for this script, Sorry but I don't have the time to fix all those problems, you're better off using another script or hiring a programmer (will be expensive) to fix the many problems. I used to help fix faults at auctioncode forum but have now been banned, so you're on your own.
This script will run without major problems until your member numbers get to 10,000 or so (maybe not even that). The code will and does fail under load. I will not show anyone how I found this, so again, don't ask.

I often get asked for decent auction/classified scripts, but as I ended up writing my own it's hard to recommend any to anyone.
After a quick search, I found these links phpprobid, iauctionsoftware and rainworx. Remember I have never used any of these scripts so are unsure how they work etc. My advise ask questions to people using the software, most software leaves a tracking method so find it and search it out. Good luck

Update Update:
The latest
I now have been unbanned from auctioncode (probably a mistake), but I'm not interested in going back there.
I had a quick peek on the forums and guess what, version 3 is out and the many bugs continue. A lot of the bugs are still from the GPL version. It would be nice if Gian would actually rewrite the POS instead of just copy and paste bits to it.
Oh and notice they changed their URL from .org to .net

No more updates to this, phpauction is not worth the bandwidth, the code is weak and outdated, the support is casual (unless you enquire about buying it), so my advice; Stay away from phpauction unless you like to waste your money and have many hours spare to edit errors, faults and get the code up to todays standards.