function getAvatarUrl($uid) { $uid = (int) $uid; $defaultAvatar = 'http://pkmnhelios.net/images/trainers/Darkmuj.png'; $query = mysql_query("SELECT `avatar` FROM `users` WHERE `id`='{$uid}'"); $userRow = mysql_fetch_assoc($query); $avatar = !filter_var($userRow['avatar'], FILTER_VALIDATE_URL) ? $defaultAvatar : cleanHtml($userRow['avatar']); return $avatar; }
function getModProfileList() { $query = mysql_query("SELECT `id`, `username` FROM `users` WHERE `mod`='1'"); $modLinks = array(); while ($row = mysql_fetch_assoc($query)) { $row = cleanHtml($row); $modLinks[] = '<a href="../profile.php?id=' . $row['id'] . '">' . $row['username'] . '</a>'; } return implode(' • ', $modLinks); }
function cleanHtml($input) { if (is_array($input)) { foreach ($input as $k => $v) { $output[$k] = cleanHtml($v); } } else { $output = (string) $input; $output = htmlentities($output, ENT_QUOTES, 'UTF-8'); } return $output; }
/** * Get Page Meta Description * * @since 2.0 * @uses $metad * @uses strip_decode * * @param bool $echo Optional, default is true. False will 'return' value * @return string Echos or returns based on param $echo */ function get_page_meta_desc($echo = true) { $metad = getPageGlobal('metad'); $desc = ''; if ($metad != '') { $desc = encode_quotes(strip_decode($metad)); } else { if (getDef('GSAUTOMETAD', true)) { // use content excerpt, NOT filtered $desc = strip_decode($content); if (getDef('GSCONTENTSTRIP', true)) { $desc = strip_content($desc); } $desc = cleanHtml($desc, array('style', 'script')); // remove unwanted elements that strip_tags fails to remove $desc = getExcerpt($desc, 160); // grab 160 chars $desc = strip_whitespace($desc); // remove newlines, tab chars $desc = encode_quotes($desc); $desc = trim($desc); } } $str = exec_filter('metad', $desc); // @filter metad (str) meta description in get_page_meta_desc return echoReturn($str, $echo); }
<th>Options</th> </tr> '; while ($pokemon = mysql_fetch_assoc($query)) { $query2 = mysql_query("SELECT * FROM `users` WHERE `id`='{$pokemon['uid']}'"); $urow = mysql_fetch_assoc($query2); echo ' <tr> <td>' . number_format($pokemon['id']) . '</td> <td><img src="images/pokemon/' . $pokemon['name'] . '.png" /><br /> ' . $pokemon['name'] . '</td> <td>' . number_format($pokemon['level']) . '</td> <td>' . number_format($pokemon['exp']) . '</td> <td> ' . $pokemon['move1'] . '<br /> ' . $pokemon['move2'] . '<br /> ' . $pokemon['move3'] . '<br /> ' . $pokemon['move4'] . ' </td> <td><a href="profile.php?id=' . $pokemon['uid'] . '">' . cleanHtml($urow['username']) . '</a></td> <td> <a href="?a=mao&id=' . $pokemon['id'] . '">Make an offer</a> </td> </tr> '; } echo ' </table> '; $pagination->echoPagination(); }
<tr> <td colspan="2"> <table border="1" style="margin-top: 20px; margin-bottom: 20px; border-collapse: collapse; margin-left: auto; margin-right: auto; text-align: center;"> <tr> <th colspan="3">' . cleanHtml($userRow['username']) . 's team!</th> </tr> ' . cellsToRows($teamCells, 3) . ' </table> </td> </tr> <tr> <td colspan="2"> <table border="1" style="margin-top: 20px; margin-bottom: 20px; border-collapse: collapse; margin-left: auto; margin-right: auto; text-align: center;"> <tr> <th colspan="4">' . cleanHtml($userRow['username']) . 's badges!</th> </tr> ' . cellsToRows($badgeCells, 3) . ' </table> </td> </tr> </table> '; } ?> <table width="100%" height="124" border="0" class="ranks"> <tbody><tr>
include '../_footer.php'; die; } $filename = '../images/pokemon/' . $name . '.png'; if (is_file($filename)) { echo '<img src="' . $filename . '" title="' . $name . '" alt="' . $name . '" />'; } echo ' <table class="pretty-table"> <tr> <th>Owner</th> <th>Name</th> <th>Level</th> <th>Gender</th> </tr> '; $genderArray = array('1' => 'Male', '2' => 'Female', '0' => 'Genderless'); while ($pokeArray = mysql_fetch_assoc($query)) { echo ' <tr> <td><a href="../profile.php?id=' . $pokeArray['uid'] . '">' . cleanHtml($pokeArray['username']) . '</td> <td><a href="../pinfo.php?id=' . $pokeArray['pid'] . '">' . $pokeArray['name'] . '</td> <td>' . number_format($pokeArray['level']) . '</td> <td>' . $genderArray[$pokeArray['gender']] . '</td> </tr> '; } echo ' </table> '; include '../_footer.php';
{ // Since no 'pid' is in URL, then give warning that header/footer will not display properly $westHtml = renderPanel(" ", "<div style='padding:20px 15px;'><img src='".APP_PATH_IMAGES."exclamation.png' class='imgfix'> <b style='color:#800000;'>{$lang['bottom_54']}</b><br>{$lang['bottom_55']}</div>"); } /** * PAGE CONTENT */ ?> <table border=0 cellspacing=0 style="width:100%;"> <tr> <td valign="top" id="west" style="width:250px;"> <div id="west_inner" style="width:250px;"><?php echo $westHtml ?></div> </td> <td valign="top" id="westpad"> </td> <td valign="top" id="center"> <div id="center_inner"> <div id="subheader" class="notranslate"> <?php if ($display_project_logo_institution) { ?> <?php if (trim($headerlogo) != "") echo "<img src='$headerlogo' title='".cleanHtml($institution)."' alt='".cleanHtml($institution)."' style='max-width:700px; expression(this.width > 700 ? 700 : true);'>"; ?> <div id="subheaderDiv1"> <?php echo $institution . (($site_org_type == "") ? "" : "<br><span style='font-family:tahoma;font-size:13px;'>$site_org_type</span>") ?> </div> <?php } ?> <div id="subheaderDiv2" <?php if (!$display_project_logo_institution) echo 'style="border:0;padding-top:0;"'; ?>> <div style="max-width:700px;"><?php echo filter_tags($app_title) ?></div> </div> </div>
' . $pokemon['move3'] . '<br /> ' . $pokemon['move4'] . '<br /> </td> <td> '; if ($uid == $pokemon['sid']) { echo ' Brought from <br /> <strong><a href="profile.php?id=' . $pokemon['sid'] . '">' . cleanHtml($pokemon['username']) . '</a></strong><br /> for <br /> <strong>$' . number_format($pokemon['price']) . '</strong>. '; } else { echo ' Sold to <br /> <strong><a href="profile.php?id=' . $pokemon['sid'] . '">' . cleanHtml($pokemon['soldto']) . '</a></strong><br /> for <br /> <strong>$' . number_format($pokemon['price']) . '</strong>. '; } echo ' </td> </tr> '; } echo '</table>'; break; case 'clear_history': mysql_query("UPDATE `users` SET `newly_sold_pokes`='0' WHERE `id`='{$uid}'"); mysql_query("UPDATE `sale_history` SET `udeleted`='1' WHERE `uid`='{$uid}'") or die(mysql_error()); mysql_query("UPDATE `sale_history` SET `sdeleted`='1' WHERE `sid`='{$uid}'") or die(mysql_error());
<table style="margin: 20px auto; padding: 10px;"> <tr> <td> <div style="background-image: url('images/maps/map<?php echo $map; ?> .png'); width: 400px; height: 400px; position: relative;" id="map"> <img src="images/sprites/<?php echo $mySprite; ?> .png" id="mySprite" title="<?php echo cleanHtml($_SESSION['username']); ?> " style="position: absolute; top: <?php echo $startY * 16 - 4; ?> px; left: <?php echo $startX * 16; ?> px; z-index: 999;" /> </div> <div style="clear: both;"></div> </td>
$id = (int) $_GET['id']; $query = mysql_query("SELECT `username` FROM `users` WHERE `id`='{$id}'"); if (mysql_num_rows($query) == 1) { $row = mysql_fetch_assoc($query); $uni_username = $row['username']; } } $token = md5(rand(10000, 99999)); $_SESSION['send_money_token'] = $token; echo ' <center> <a href="send_money.php">Send Money</a> • <a href="send_money_history.php">View History</a><br /><br /> ' . $message . ' <table> <tr> <td colspan="2">You have $' . number_format($userMoney) . '</td></tr> <form action="" method="post"> <tr><th>Send To: </th><td><input type="text" name="username" value="' . cleanHtml($uni_username) . '" /><br /></td></tr> <tr><th>Amount:</th><td> <input type="text" name="amount" value="' . cleanHtml($amount) . '" /><br /></td></tr> <tr><td> </td><td><input type="hidden" name="token" value="' . $token . '" /><input type="submit" value="Send Money" id="button"/></td></tr></table> </form> </center> '; if (isset($_SESSION['message'])) { unset($_SESSION['message']); } include '_footer.php';
function cleanValue($val) { if ($val == "") { return $val; } //Replace odd spaces with safe ones $val = str_replace(" ", " ", $val); $val = str_replace(chr(0xca), "", $val); //Encode any HTML to entities (including \n --> <br />) $val = cleanHtml($val); //Double-check special chars and remove carriage returns //For increased SQL security $val = preg_replace("/\\\$/", "\$", $val); $val = preg_replace("/\r/", "", $val); $val = str_replace("!", "!", $val); $val = str_replace("'", "'", $val); //Allow unicode (?) $val = preg_replace("/&#([0-9]+);/s", "&#\\1;", $val); //Add slashes for SQL //$val = $this->sql($val); //Swap user-inputted backslashes (?) $val = preg_replace("/\\\\(?!&#|\\?#)/", "\\", $val); return $val; }
require_once 'config.php'; require_once 'functions.php'; require_once 'bbcode.php'; if (!isLoggedIn()) { redirect('index.php'); } include '_header.php'; printHeader('Members Area'); $info = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE id = '{$uid}'")); $info['username'] = $ck; logs($uid, "{$ck} has accessed membersarea!"); $champUid = getConfigValue('champion_uid'); $query = mysql_query("SELECT * FROM `users` WHERE `id`='{$champUid}'"); $champRow = mysql_fetch_assoc($query); // stop xss $champRow = cleanHtml($champRow); $avatar = $champRow['avatar']; if (!filter_var($avatar, FILTER_VALIDATE_URL)) { $avatar = 'http://pkmnhelios.net/rpg/' . $avatar; if (!filter_var($avatar, FILTER_VALIDATE_URL) || empty($champRow['avatar'])) { $avatar = 'http://pkmnhelios.net/rpg/images/trainers/032.png'; } } $promoName = getConfigValue('promo_pokemon_name'); ?> <a href="https://twitter.com/PokemonHelios" class="twitter-follow-button" data-show-count="false">Follow @PokemonHelios</a> <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+'://platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document, 'script', 'twitter-wjs');</script> <?php /* <script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
} exit; break; } } //DATE Field if ($_GET['view'] == "date") { print "<div id='change_date' style='display:block;'>\n\t\t\t\t<b>" . DateTimeRC::format_ts_from_ymd($event_date) . " (" . DateTimeRC::getDay($event_date) . ")</b> "; // Dont' allow user to change date here if tied to an Event (need to change on Scheduling page where it might affect other scheduled dates) if ($row['event_id'] == "") { print "<a href='javascript:;' style='text-decoration:underline;font-size:11px;' onclick=\"\$('#change_date').css({'display':'none'});\$('#save_date').css({'display':'block'});\">{$lang['calendar_popup_ajax_03']}</a>"; } print "{$msg}\n\t\t\t</div>\n\t\t\t<div id='save_date' style='display:none;position:relative;'>\n\t\t\t\t<input type='text' id='newdate' name='newdate' onblur=\"redcap_validate(this,'','','hard','date_'+user_date_format_validation,1,1,user_date_format_delimiter);\" value='" . DateTimeRC::format_ts_from_ymd($event_date) . "' class='x-form-text x-form-field' style='width:70px;' maxlength='10'><span class='df'>(" . DateTimeRC::get_user_format_label() . ")</span>\n\t\t\t\t \n\t\t\t\t<input type='button' id='savebtndatecalpopup' style='font-size:11px;' value='" . cleanHtml($lang['calendar_popup_ajax_04']) . "' onclick='saveDateCalPopup({$_GET['cal_id']})'> \n\t\t\t\t<input type='button' style='font-size:11px;' value='" . cleanHtml($lang['global_53']) . "' onclick=\"\$('#change_date').css({'display':'block'});\$('#save_date').css({'display':'none'});\">\n\t\t\t</div>"; //TIME Field } elseif ($_GET['view'] == "time") { $time_field = "<input type='text' class='x-form-text x-form-field time' id='event_time' name='event_time' value='" . remBr(cleanHtml($_GET['event_time'])) . "' maxlength='5' style='width:50px;' onblur=\"redcap_validate(this,'','','soft_typed','time')\"> \n\t\t\t\t\t<span style='font-size:10px;color:#777;font-family:tahoma;'>HH:MM</span> \n\t\t\t\t\t<input type='button' id='savebtntimecalpopup' style='font-size:11px;' value='{$lang['calendar_popup_ajax_06']}' onclick='saveTimeCalPopup({$_GET['cal_id']})'>"; //Visit Time if ($_GET['event_time'] == "") { $visible = $time_field; $hidden = ""; } else { $visible = "<b>" . DateTimeRC::format_ts_from_ymd($_GET['event_time']) . "</b> \n\t\t\t\t\t<a href='javascript:;' style='text-decoration:underline;font-size:11px;' onclick=\"\$('#change_time').css({'display':'none'});\$('#save_time').css({'display':'block'});\">{$lang['calendar_popup_ajax_07']}</a>"; $hidden = $time_field . " \n\t\t\t\t\t<input type='button' style='font-size:11px;' value='{$lang['global_53']}' onclick=\"\$('#change_time').css({'display':'block'});\$('#save_time').css({'display':'none'});\">"; } print "<div id='change_time' style='display:block;'>\n\t\t\t\t{$visible}\n\t\t\t\t{$msg}\n\t\t\t</div>\n\t\t\t<div id='save_time' style='display:none;'>\n\t\t\t\t{$hidden}\n\t\t\t</div>"; //STATUS Field } elseif ($_GET['view'] == "status") { //Set display text for visit status switch ($_GET['event_status']) { case 0: $status = "<img src='" . APP_PATH_IMAGES . "star_empty.png' style='position:relative;top:1px;'> <b style='color:#777;'>{$lang['calendar_popup_ajax_08']}</b>";
$newPasswordSql = !empty($passwordNew) ? " `password`='" . sha1($passwordNew) . "', " : ''; } $sqlAvatar = cleanSql($avatar); $sqlEmail = cleanSql($email); $sqlSig = cleanSql($signature); $sprite = (int) $sprite; $query = mysql_query("UPDATE `users` SET {$newPasswordSql} `email`='{$sqlEmail}', `avatar`='{$sqlAvatar}', `map_sprite`='{$sprite}', `signature`='{$sqlSig}' WHERE `id`='{$uid}'"); if ($query) { $message = '<div class="notice">Your profile has been edited.</div>'; } else { $message = '<div class="error">Something went wrong.</div>'; } } } $query = mysql_query("SELECT * FROM `users` WHERE `id`='{$uid}'"); $userRow = cleanHtml(mysql_fetch_assoc($query)); $cells = array(); for ($i = 1; $i <= 10; $i++) { $attr = $userRow['map_sprite'] == $i ? ' checked="checked" ' : ''; $cells[] = ' <img src="images/sprites/' . $i . '.png" /><br /> <input type="radio" name="sprite" value="' . $i . '" ' . $attr . ' /> '; } echo ' <h2 class="text-center">Edit Profile</h2> ' . $message . ' <form action="" method="post"> <table class="edit-profile-table"> <tr> <td class="text-right">Current Password <span class="small">(needed)</span>: </td>
/** * Get Page Header HTML * * This will return header html for a particular page. This will include the * meta desriptions & keywords, canonical and title tags * * @since 1.0 * @uses exec_action * @uses get_page_url * @uses strip_quotes * @uses get_page_meta_desc * @uses get_page_meta_keywords * @uses $metad * @uses $title * @uses $content * @uses $site_full_name from configuration.php * @uses GSADMININCPATH * * @return string HTML for template header */ function get_header($full = true) { global $metad; global $title; global $content; include GSADMININCPATH . 'configuration.php'; // meta description if ($metad != '') { $desc = get_page_meta_desc(FALSE); } else { if (getDef('GSAUTOMETAD', true)) { // use content excerpt, NOT filtered $desc = strip_decode($content); if (getDef('GSCONTENTSTRIP', true)) { $desc = strip_content($desc); } $desc = cleanHtml($desc, array('style', 'script')); // remove unwanted elements that strip_tags fails to remove $desc = getExcerpt($desc, 160); // grab 160 chars $desc = strip_whitespace($desc); // remove newlines, tab chars $desc = encode_quotes($desc); $desc = trim($desc); } } if (!empty($desc)) { echo '<meta name="description" content="' . $desc . '" />' . "\n"; } // meta keywords $keywords = get_page_meta_keywords(FALSE); if ($keywords != '') { echo '<meta name="keywords" content="' . $keywords . '" />' . "\n"; } if ($full) { echo '<link rel="canonical" href="' . get_page_url(true) . '" />' . "\n"; } // script queue get_scripts_frontend(); exec_action('theme-header'); }
$uid = (int) $_SESSION['userid']; include '_header.php'; echo ' <center> <a href="send_money.php">Send Money</a> • <a href="send_money_history.php?clear">Clear History</a><br /><br /> </center> '; mysql_query("UPDATE `send_money_history` SET `seen_by_recipient`='1' WHERE `recipient_uid`='{$uid}'"); if (isset($_GET['clear'])) { mysql_query("UPDATE `send_money_history` SET `deleted_by_recipient`='1' WHERE `recipient_uid`='{$uid}'"); mysql_query("UPDATE `send_money_history` SET `deleted_by_sender`='1' WHERE `sender_uid`='{$uid}'"); mysql_query("DELETE FROM `send_money_history` WHERE `deleted_by_sender`='1' AND `deleted_by_recipient`='1'"); } $query = mysql_query("SELECT * FROM `send_money_history` WHERE (`sender_uid`='{$uid}' AND `deleted_by_sender`='0') OR (`recipient_uid`='{$uid}' AND `deleted_by_recipient`='0') ORDER BY `timestamp` DESC"); if (mysql_num_rows($query) == 0) { echo '<div class="info">You have no history!</div>'; } else { while ($row = mysql_fetch_assoc($query)) { if ($row['sender_uid'] == $uid) { echo '<table><tr><td>You sent $' . number_format($row['amount']) . ' to ' . cleanHtml($row['recipient']) . '.<br /></td></tr></table>'; } else { echo '<table><tr><td>You got $' . number_format($row['amount']) . ' from ' . cleanHtml($row['sender']) . '.<br /></td></tr></table>'; } } } echo ' </div> </div> '; include '_footer.php';
/** * Get String Excerpt * * @since 3.3.2 * * @uses strIsMultibyte * @uses cleanHtml * @uses preg_replace PCRE compiled with "--enable-unicode-properties" * * @param string $n Optional, default is 200. * @param bool $striphtml Optional, default true, true will strip html from $content * @param string $ellipsis * @param bool $break break words, default: do not break words find whitespace and puntuation * @param bool $cleanhtml attempt to clean up html IF strip tags is false, default: true * @return string */ function getExcerpt($str, $len = 200, $striphtml = true, $ellipsis = '...', $break = false, $cleanhtml = true) { $str = $striphtml ? trim(strip_tags($str)) : $str; $len = $len++; // zero index bump // setup multibyte function names $prefix = strIsMultibyte($str) ? 'mb_' : ''; list($substr, $strlen, $strrpos) = array($prefix . 'substr', $prefix . 'strlen', $prefix . 'strrpos'); // string is shorter than truncate length, return if ($strlen($str) < $len) { return $str; } // if not break, find last word boundary before truncate to avoid splitting last word // solves for unicode whitespace and punctuation and a 1 character lookahead // hack, replaces punc with space and handles it all the same for obtaining boundary index // REQUIRES that PCRE is compiled with "--enable-unicode-properties, @todo detect or supress ? if (!$break) { $excerpt = preg_replace('/\\n|\\p{Z}|\\p{P}+$/u', ' ', $substr($str, 0, $len + 1)); } $lastWordBoundaryIndex = !$break ? $strrpos($excerpt, ' ') : $len; $str = $substr($str, 0, $lastWordBoundaryIndex); if (!$striphtml && $cleanhtml) { return trim(cleanHtml($str)) . $ellipsis; } return trim($str) . $ellipsis; }
} } $cell .= ' <tr> <td>' . $i . '</td> <td> <b> <img src="' . $medalImage . '" alt="X"> <a href="profile.php?id=' . $row['id'] . '" style="color: ' . $color . '">' . htmlspecialchars($row['username']) . '</a> </b> </td> <td>' . $imgHtml . '</td> <td> <b> <a href="pinfo.php?id=' . $row['pid'] . '" style="color: ' . $color . '"> ' . cleanHtml($row['name']) . ' </a> </b> </td> <td>' . number_format($row['poke_level']) . '</td> <td>' . number_format($row['poke_exp']) . '</td> </tr> '; $i++; } $cell .= '</table><br /><br /><br />'; $cells[] = $cell; }
redirect('view_box.php'); } $boxUsername = mysql_fetch_assoc($query); $boxUsername = $boxUsername['username']; include '_header.php'; $headerText = isset($_GET['id']) ? $boxUsername . 's Pokemon' : 'Your Pokemon'; printHeader($headerText); $sorts = array(1 => ' ORDER BY `name` ASC', 2 => ' ORDER BY `name` DESC', 3 => ' ORDER BY `exp` ASC', 4 => ' ORDER BY `exp` DESC'); $search = isset($_GET['search']) ? $_GET['search'] : ''; $sort = $_GET['sort']; $sortKey = isset($sort) && in_array($sort, array_keys($sorts)) ? $sort : 1; $orderSql = $sorts[$sortKey]; $searchSql = ''; if (!empty($search)) { $searchSqlSafe = cleanSql($search); $searchHtmlSafe = cleanHtml($search); $searchSql = " AND `name` LIKE '%{$searchSqlSafe}%' "; } $countQuery = mysql_query("SELECT `id` FROM `user_pokemon` WHERE `uid`='{$gid}' {$searchSql}"); $numRows = mysql_num_rows($countQuery); $pagination = new Pagination($numRows); if (!empty($search)) { $pagination->addQueryStringVar('search', $search); } if (isset($_GET['id'])) { $pagination->addQueryStringVar('id', (int) $_GET['id']); } if ($sortKey != 1) { $pagination->addQueryStringVar('sort', $sortKey); } $query = mysql_query("SELECT * FROM `user_pokemon` WHERE `uid`='{$gid}' {$searchSql} {$orderSql} LIMIT {$pagination->itemsPerPage} OFFSET {$pagination->startItem}");
?> &id=' + idval + addGoogTrans(); },200); } }); }); </script> <?php //Using double data entry and auto-numbering for records at the same time can mess up how REDCap saves each record. //Give warning to turn one of these features off if they are both turned on. if ($double_data_entry && $auto_inc_set) { print "<div class='red' style='margin-top:20px;'><b>{$lang['global_48']}</b><br>{$lang['data_entry_56']}</div>"; } // If multiple Arms exist, use javascript to pop in the drop-down listing the Arm names to choose from for new records if ($arm_dropdown_choices != "" && (!$auto_inc_set && $user_rights['record_create'] || $auto_inc_set && $num_records > $maxNumRecordsHideDropdowns)) { print "<script type='text/javascript'>\n\t\t\t\t\$(function(){\n\t\t\t\t\t\$('#inputString').before('" . cleanHtml("<select id='arm_name_newid' onchange=\"if (!\$('select#arm_name').length){ window.location.href=window.location.href+'&arm='+this.value; return; } editAutoComp(autoCompObj,this.value);\" class='x-form-text x-form-field' style='margin-right:20px;'>{$arm_dropdown_choices}</select>") . "');\n\t\t\t\t});\n\t\t\t\t</script>"; } //If project is a prototype, display notice for users telling them that no real data should be entered yet. if ($status < 1) { print "<br>\n\t\t\t\t<div class='yellow' style='width:90%;max-width:600px;'>\n\t\t\t\t\t<img src='" . APP_PATH_IMAGES . "exclamation_orange.png'>\n\t\t\t\t\t<b style='font-size:14px;'>{$lang['global_03']}:</b><br>\n\t\t\t\t\t{$lang['data_entry_28']}\n\t\t\t\t</div>"; } } // Render JavaScript for record selecting auto-complete/auto-suggest ?> <script type="text/javascript"> var autoCompObj; $(function(){ if ($('#inputString').length) { autoCompObj = $('#inputString').autocomplete({ source: app_path_webroot+'DataEntry/auto_complete.php?pid='+pid+'&arm='+($('#arm_name_newid').length ? $('#arm_name_newid').val() : '<?php echo $arm;
if (mysql_num_rows($query) == 0) { $errors[] = 'Invalid poster.'; } if (count($errors) >= 1) { echo '<div class="error">' . implode('</div><div class="error">', $errors) . '</div>'; } else { echo '<div class="notice">The news has been edited!</div>'; $sqlTitle = cleanSql($title); $sqlContent = cleanSql($content); $time = time(); mysql_query("UPDATE `news` SET `title`='{$sqlTitle}', `news`='{$sqlContent}', `bywho`='{$sqlPoster}', `date`='{$time}' WHERE `id`='5033'"); } } $query = mysql_query("SELECT * FROM `news` ORDER BY `id` DESC LIMIT 1"); $row = mysql_fetch_assoc($query); $row = cleanHtml($row); echo ' <form method="post"> <table class="pretty-table center"> <tr> <th colspan="2">Edit News</th> </tr> <tr> <td>Title:</td> <td><input type="text" name="title" size="50" value="' . $row['title'] . '" /></td> </tr> <tr> <td>Content:</td> <td><textarea name="content" rows="15" cols="50">' . $row['news'] . '</textarea></td> </tr> <tr>
</td> <td> <span title="Exp: ' . number_format($auctionRow['exp']) . '"> ' . number_format($auctionRow['level']) . ' </span> </td> <td> <a href="profile.php?id=' . $auctionRow['owner_id'] . '">' . cleanHtml($auctionRow['owner_username']) . '</a> </td> <td> ' . secsToRoughTime(time() - $auctionRow['finish_time']) . ' ago </td> <td> '; if ($auctionRow['winner_id'] == 0) { echo 'No one!<br />'; } else { echo ' <a href="profile.php?id=' . $auctionRow['winner_id'] . '">' . cleanHtml($auctionRow['winner_username']) . '</a><br /> for $' . number_format($auctionRow['winning_bid']) . ' '; } echo ' </td> </tr> '; } echo ' </table> '; include '_footer.php';
?> '; var langChooseOtherfield = '<?php print cleanHtml($lang['report_builder_103']); ?> '; var langError = '<?php print cleanHtml($lang['global_01']); ?> '; var langReportFailed = '<?php print cleanHtml($lang['report_builder_128']); ?> '; var langExportFailed = '<?php print cleanHtml($lang['report_builder_129']); ?> '; // Add CSRF token as javascript variable and add to every form on page // init_functions.php createCsrfToken() does not work on pages with defined('PLUGIN') // CSRF token is required for call to advanced logic checking in // Surveys/automated_invitations_check_logic.php from LongitudinalReports.js function saveReport() var redcap_csrf_token = '<?php echo getCsrfToken(); ?> '; $(function(){ appendCsrfTokenToForm(); }); </script> <?php
<?php echo $msg; ?> <form method="POST" action=""> <div class="title">Reset Password</div> <label>Username:</label> <input type="text" name="username" readonly="readonly" value="<?php echo cleanHtml($username_1); ?> "> <label>Code from e-mail:</label> <input type="text" name="key" readonly="readonly" value="<?php echo cleanHtml($key); ?> "> <label>New password:</label> <input type="password" name="password"> <label>Re-type password:</label> <input type="password" name="re_password"> <input type="submit" name="submit" value="RESET" class="btn"> </form> </div> <?php include '_footer.php'; ?>
echo ' <form action="messages.php?p=new" method="post" style="width: 600px; margin: 20px auto;"> <input type="hidden" name="token" value="' . $token . '" /> <table class="pretty-table"> <tr> <td class="text-right">To:</td> <td class="text-left"><input type="text" name="username" size="30" value="' . cleanHtml($username) . '" /></td> </tr> <tr> <td class="text-right">Subject:</td> <td class="text-left"><input type="text" name="subject" size="50" value="' . cleanHtml($subject) . '" /></td> </tr> <tr> <td valign="top" class="text-right">Message:</td> <td class="text-left"> <textarea name="message" cols="50" rows="5">' . cleanHtml($message) . '</textarea> </td> </tr> <tr> <td> </td> <td><input type="checkbox" name="saveOutbox" /> Save in outbox?</td> </tr> <tr> <td> </td> <td><input type="submit" value="Send Message" /></td> </tr> </table> </form> '; break; case 'delete':
/* * To change this template, choose Tools | Templates * and open the template in the editor. */ $cookie_file = "taobao"; $login_action = "http://login.taobao.com/member/login.jhtml"; $data = array("actionForStable" => "enable_post_user_action", "action" => "Authenticator", "TPL_username" => "xxx", "TPL_password" => "xxx", "loginType" => "3", "CtrlVersion" => "1,0,0,7", "tid" => "tid", "support" => "000001", "mi_uid" => "", "mcheck" => "", "TPL_redirect_url" => "www.taobao.com", "event_submit_do_login" => "anything", "_oooo_" => ""); getHtml($login_action, $data, null, $cookie_file); $url = "http://item.taobao.com/auction/item_detail.htm?xid=0db2&item_num_id=2255050794&cm_cat=50015927&pm2=1&source=dou"; $item_page = getHtml($url, null, null, $cookie_file); $xml = XmlParse::html2Xml("../xslt/taobao.xsl", $item_page, false); $sxml = simplexml_load_string($xml); $favorite_pop = getHtml($sxml, null, null, $cookie_file); //$strSrc=array(" ","°","’","©",'á','é','í','ó','ú','ñ'); //$strDes=array(" ","","'","","a","e","i","o","u","n"); $html = cleanHtml($favorite_pop, true); $html = "<body>" . $html . "</body>"; $xml = new DOMDocument(); $xml->loadHTML($html); $sxml = simplexml_import_dom($xml); $entry = $sxml->xpath("//form[@id='PopupFavorForm']/script[2]/@src"); $hide_input1 = getHtml($entry[0]->src, null, null, $cookie_file); $input1 = split("document.write", $hide_input1); $add_param = array("tags" => "psp", "isShared" => true, "shopIncluded" => false); foreach ($input1 as $input) { $strSrc = array("('<input", ">');"); $strDes = array("", ""); $input = str_replace($strSrc, $strDes, $input); $params = explode(' ', $input); foreach ($params as $param) { $key_value = explode('=', $param);
<div class="whathapen"> <?php $query = mysql_query("SELECT DISTINCT(`message`), `image` FROM `activity` ORDER BY `id` DESC LIMIT 10"); $activityArr = array(); while ($activity = mysql_fetch_assoc($query)) { $activityArr[] = cleanHtml($activity); } ?> <p id="me" style="zoom: 1;"></p> <p id="me" style="zoom: 1;"> Whats Happening </p> <script type="text/javascript"> var element = document.getElementById('me'); var duration = 1000; /* 1000 millisecond fade = 1 sec */ var steps = 20; /* number of opacity intervals */ var delay = 2000; /* 5 sec delay before fading out */ var activity = <?php echo json_encode($activityArr); ?> ; var cKey = 0; /* set the opacity of the element (between 0.0 and 1.0) */ function setOpacity(level) { element.style.opacity = level; element.style.MozOpacity = level; element.style.KhtmlOpacity = level;
<?php $uid = (int) $_SESSION['userid']; // username, money, tokens etc $query = mysql_query("SELECT * FROM `users` WHERE `id`='{$uid}' LIMIT 1"); $userRow = mysql_fetch_assoc($query); $username = cleanHtml($userRow['username']); $money = $userRow['money']; $tokens = $userRow['token']; $totalMessages = $userRow['total_messages']; $totalUnreadMessages = $userRow['unread_messages']; $totalSalePoke = $userRow['total_sale_pokes']; $newSales = $userRow['newly_sold_pokes']; // total messages //$query = mysql_query("SELECT * FROM `messages` WHERE `recipient_uid`='{$uid}' AND `deleted_by_recipient`='0'"); //$totalMessages = mysql_num_rows($query); // total unread messages //$query = mysql_query("SELECT * FROM `messages` WHERE `recipient_uid`='{$uid}' AND `read`='0' AND `deleted_by_recipient`='0'"); //$totalUnreadMessages = mysql_num_rows($query); // total pokemon for sale // $query = mysql_query("SELECT * FROM `sale_pokemon` WHERE `uid`='{$uid}'"); // $totalSalePoke = mysql_num_rows($query); // new sales // $query = mysql_query("SELECT * FROM `sale_history` WHERE `uid`='{$uid}' AND `seen`='0'"); // $newSales = mysql_num_rows($query); // total trade offers $query = mysql_query("SELECT `id` FROM `trade_pokemon` WHERE `uid`='{$uid}'"); $tradeIds = array(); while ($tradeId = mysql_fetch_assoc($query)) { $tradeIds[] = $tradeId['id']; }
<?php require_once 'functions.php'; require_once 'config.php'; include '_header.php'; if (isLoggedIn()) { redirect('index.php'); } if ($_POST['submit']) { $username = (string) $_POST['username']; $email = (string) $_POST['email']; $sqlUsername = cleanSql($username); $htmlUsername = cleanHtml($username); $sqlEmail = cleanSql($email); $htmlEmail = cleanHtml($email); if ($username && $email) { $passwordlenth = 25; $charset = 'abcdefghijklmnoprstovwxy1234567890'; for ($x = 1; $x <= $passwordlenth; $x++) { $rand = rand() % strlen($charset); $temp = substr($charset, $rand, 1); $key .= $temp; } //$key_sha1 = sha1($key); $query = mysql_query("\n\t\t\tSELECT * \n\t\t\tFROM `users`\n\t\t\tWHERE `username` = '{$sqlUsername}'\n\t\t\tAND `email` = '{$sqlEmail}'\n\t\t") or die(mysql_error()); $row = mysql_num_rows($query); if ($row != 0) { $update = mysql_query("\n\t\t\t\tUPDATE `users`\n\t\t\t\tSET `reset_key` = '{$key}'\n\t\t\t\tWHERE `email` = '{$sqlEmail}'\n\t\t\t"); //Send e-mail $to = $email; $subject = 'Reset Password';