function getAvatarUrl($uid)
{
$uid = (int) $uid;
$defaultAvatar = 'http://pkmnhelios.net/images/trainers/Darkmuj.png';
$query = mysql_query("SELECT `avatar` FROM `users` WHERE `id`='{$uid}'");
$userRow = mysql_fetch_assoc($query);
$avatar = !filter_var($userRow['avatar'], FILTER_VALIDATE_URL) ? $defaultAvatar : cleanHtml($userRow['avatar']);
return $avatar;
}
function getModProfileList()
{
$query = mysql_query("SELECT `id`, `username` FROM `users` WHERE `mod`='1'");
$modLinks = array();
while ($row = mysql_fetch_assoc($query)) {
$row = cleanHtml($row);
$modLinks[] = '<a href="../profile.php?id=' . $row['id'] . '">' . $row['username'] . '</a>';
}
return implode(' • ', $modLinks);
}
function cleanHtml($input)
{
if (is_array($input)) {
foreach ($input as $k => $v) {
$output[$k] = cleanHtml($v);
}
} else {
$output = (string) $input;
$output = htmlentities($output, ENT_QUOTES, 'UTF-8');
}
return $output;
}
/**
* Get Page Meta Description
*
* @since 2.0
* @uses $metad
* @uses strip_decode
*
* @param bool $echo Optional, default is true. False will 'return' value
* @return string Echos or returns based on param $echo
*/
function get_page_meta_desc($echo = true)
{
$metad = getPageGlobal('metad');
$desc = '';
if ($metad != '') {
$desc = encode_quotes(strip_decode($metad));
} else {
if (getDef('GSAUTOMETAD', true)) {
// use content excerpt, NOT filtered
$desc = strip_decode($content);
if (getDef('GSCONTENTSTRIP', true)) {
$desc = strip_content($desc);
}
$desc = cleanHtml($desc, array('style', 'script'));
// remove unwanted elements that strip_tags fails to remove
$desc = getExcerpt($desc, 160);
// grab 160 chars
$desc = strip_whitespace($desc);
// remove newlines, tab chars
$desc = encode_quotes($desc);
$desc = trim($desc);
}
}
$str = exec_filter('metad', $desc);
// @filter metad (str) meta description in get_page_meta_desc
return echoReturn($str, $echo);
}
<th>Options</th>
</tr>
';
while ($pokemon = mysql_fetch_assoc($query)) {
$query2 = mysql_query("SELECT * FROM `users` WHERE `id`='{$pokemon['uid']}'");
$urow = mysql_fetch_assoc($query2);
echo '
<tr>
<td>' . number_format($pokemon['id']) . '</td>
<td><img src="images/pokemon/' . $pokemon['name'] . '.png" /><br />
' . $pokemon['name'] . '</td>
<td>' . number_format($pokemon['level']) . '</td>
<td>' . number_format($pokemon['exp']) . '</td>
<td>
' . $pokemon['move1'] . '<br />
' . $pokemon['move2'] . '<br />
' . $pokemon['move3'] . '<br />
' . $pokemon['move4'] . '
</td>
<td><a href="profile.php?id=' . $pokemon['uid'] . '">' . cleanHtml($urow['username']) . '</a></td>
<td>
<a href="?a=mao&id=' . $pokemon['id'] . '">Make an offer</a>
</td>
</tr>
';
}
echo '
</table>
';
$pagination->echoPagination();
}
<tr> <td colspan="2"> <table border="1" style="margin-top: 20px; margin-bottom: 20px; border-collapse: collapse; margin-left: auto; margin-right: auto; text-align: center;"> <tr> <th colspan="3">' . cleanHtml($userRow['username']) . 's team!</th> </tr> ' . cellsToRows($teamCells, 3) . ' </table> </td> </tr> <tr> <td colspan="2"> <table border="1" style="margin-top: 20px; margin-bottom: 20px; border-collapse: collapse; margin-left: auto; margin-right: auto; text-align: center;"> <tr> <th colspan="4">' . cleanHtml($userRow['username']) . 's badges!</th> </tr> ' . cellsToRows($badgeCells, 3) . ' </table> </td> </tr> </table> '; } ?> <table width="100%" height="124" border="0" class="ranks"> <tbody><tr>
include '../_footer.php';
die;
}
$filename = '../images/pokemon/' . $name . '.png';
if (is_file($filename)) {
echo '<img src="' . $filename . '" title="' . $name . '" alt="' . $name . '" />';
}
echo '
<table class="pretty-table">
<tr>
<th>Owner</th>
<th>Name</th>
<th>Level</th>
<th>Gender</th>
</tr>
';
$genderArray = array('1' => 'Male', '2' => 'Female', '0' => 'Genderless');
while ($pokeArray = mysql_fetch_assoc($query)) {
echo '
<tr>
<td><a href="../profile.php?id=' . $pokeArray['uid'] . '">' . cleanHtml($pokeArray['username']) . '</td>
<td><a href="../pinfo.php?id=' . $pokeArray['pid'] . '">' . $pokeArray['name'] . '</td>
<td>' . number_format($pokeArray['level']) . '</td>
<td>' . $genderArray[$pokeArray['gender']] . '</td>
</tr>
';
}
echo '
</table>
';
include '../_footer.php';
{
// Since no 'pid' is in URL, then give warning that header/footer will not display properly
$westHtml = renderPanel(" ", "<div style='padding:20px 15px;'><img src='".APP_PATH_IMAGES."exclamation.png' class='imgfix'> <b style='color:#800000;'>{$lang['bottom_54']}</b><br>{$lang['bottom_55']}</div>");
}
/**
* PAGE CONTENT
*/
?>
<table border=0 cellspacing=0 style="width:100%;">
<tr>
<td valign="top" id="west" style="width:250px;">
<div id="west_inner" style="width:250px;"><?php echo $westHtml ?></div>
</td>
<td valign="top" id="westpad"> </td>
<td valign="top" id="center">
<div id="center_inner">
<div id="subheader" class="notranslate">
<?php if ($display_project_logo_institution) { ?>
<?php if (trim($headerlogo) != "") echo "<img src='$headerlogo' title='".cleanHtml($institution)."' alt='".cleanHtml($institution)."' style='max-width:700px; expression(this.width > 700 ? 700 : true);'>"; ?>
<div id="subheaderDiv1">
<?php echo $institution . (($site_org_type == "") ? "" : "<br><span style='font-family:tahoma;font-size:13px;'>$site_org_type</span>") ?>
</div>
<?php } ?>
<div id="subheaderDiv2" <?php if (!$display_project_logo_institution) echo 'style="border:0;padding-top:0;"'; ?>>
<div style="max-width:700px;"><?php echo filter_tags($app_title) ?></div>
</div>
</div>
' . $pokemon['move3'] . '<br />
' . $pokemon['move4'] . '<br />
</td>
<td>
';
if ($uid == $pokemon['sid']) {
echo '
Brought from <br />
<strong><a href="profile.php?id=' . $pokemon['sid'] . '">' . cleanHtml($pokemon['username']) . '</a></strong><br />
for <br />
<strong>$' . number_format($pokemon['price']) . '</strong>.
';
} else {
echo '
Sold to <br />
<strong><a href="profile.php?id=' . $pokemon['sid'] . '">' . cleanHtml($pokemon['soldto']) . '</a></strong><br />
for <br />
<strong>$' . number_format($pokemon['price']) . '</strong>.
';
}
echo '
</td>
</tr>
';
}
echo '</table>';
break;
case 'clear_history':
mysql_query("UPDATE `users` SET `newly_sold_pokes`='0' WHERE `id`='{$uid}'");
mysql_query("UPDATE `sale_history` SET `udeleted`='1' WHERE `uid`='{$uid}'") or die(mysql_error());
mysql_query("UPDATE `sale_history` SET `sdeleted`='1' WHERE `sid`='{$uid}'") or die(mysql_error());
<table style="margin: 20px auto; padding: 10px;">
<tr>
<td>
<div style="background-image: url('images/maps/map<?php
echo $map;
?>
.png'); width: 400px; height: 400px; position: relative;" id="map">
<img src="images/sprites/<?php
echo $mySprite;
?>
.png" id="mySprite" title="<?php
echo cleanHtml($_SESSION['username']);
?>
" style="position: absolute; top: <?php
echo $startY * 16 - 4;
?>
px; left: <?php
echo $startX * 16;
?>
px; z-index: 999;" />
</div>
<div style="clear: both;"></div>
</td>
$id = (int) $_GET['id'];
$query = mysql_query("SELECT `username` FROM `users` WHERE `id`='{$id}'");
if (mysql_num_rows($query) == 1) {
$row = mysql_fetch_assoc($query);
$uni_username = $row['username'];
}
}
$token = md5(rand(10000, 99999));
$_SESSION['send_money_token'] = $token;
echo '
<center>
<a href="send_money.php">Send Money</a> •
<a href="send_money_history.php">View History</a><br /><br />
' . $message . '
<table>
<tr>
<td colspan="2">You have $' . number_format($userMoney) . '</td></tr>
<form action="" method="post">
<tr><th>Send To: </th><td><input type="text" name="username" value="' . cleanHtml($uni_username) . '" /><br /></td></tr>
<tr><th>Amount:</th><td> <input type="text" name="amount" value="' . cleanHtml($amount) . '" /><br /></td></tr>
<tr><td> </td><td><input type="hidden" name="token" value="' . $token . '" /><input type="submit" value="Send Money" id="button"/></td></tr></table>
</form>
</center>
';
if (isset($_SESSION['message'])) {
unset($_SESSION['message']);
}
include '_footer.php';
function cleanValue($val)
{
if ($val == "") {
return $val;
}
//Replace odd spaces with safe ones
$val = str_replace(" ", " ", $val);
$val = str_replace(chr(0xca), "", $val);
//Encode any HTML to entities (including \n --> <br />)
$val = cleanHtml($val);
//Double-check special chars and remove carriage returns
//For increased SQL security
$val = preg_replace("/\\\$/", "\$", $val);
$val = preg_replace("/\r/", "", $val);
$val = str_replace("!", "!", $val);
$val = str_replace("'", "'", $val);
//Allow unicode (?)
$val = preg_replace("/&#([0-9]+);/s", "&#\\1;", $val);
//Add slashes for SQL
//$val = $this->sql($val);
//Swap user-inputted backslashes (?)
$val = preg_replace("/\\\\(?!&#|\\?#)/", "\\", $val);
return $val;
}
require_once 'config.php';
require_once 'functions.php';
require_once 'bbcode.php';
if (!isLoggedIn()) {
redirect('index.php');
}
include '_header.php';
printHeader('Members Area');
$info = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE id = '{$uid}'"));
$info['username'] = $ck;
logs($uid, "{$ck} has accessed membersarea!");
$champUid = getConfigValue('champion_uid');
$query = mysql_query("SELECT * FROM `users` WHERE `id`='{$champUid}'");
$champRow = mysql_fetch_assoc($query);
// stop xss
$champRow = cleanHtml($champRow);
$avatar = $champRow['avatar'];
if (!filter_var($avatar, FILTER_VALIDATE_URL)) {
$avatar = 'http://pkmnhelios.net/rpg/' . $avatar;
if (!filter_var($avatar, FILTER_VALIDATE_URL) || empty($champRow['avatar'])) {
$avatar = 'http://pkmnhelios.net/rpg/images/trainers/032.png';
}
}
$promoName = getConfigValue('promo_pokemon_name');
?>
<a href="https://twitter.com/PokemonHelios" class="twitter-follow-button" data-show-count="false">Follow @PokemonHelios</a>
<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+'://platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document, 'script', 'twitter-wjs');</script>
<?php
/*
<script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
}
exit;
break;
}
}
//DATE Field
if ($_GET['view'] == "date") {
print "<div id='change_date' style='display:block;'>\n\t\t\t\t<b>" . DateTimeRC::format_ts_from_ymd($event_date) . " (" . DateTimeRC::getDay($event_date) . ")</b> ";
// Dont' allow user to change date here if tied to an Event (need to change on Scheduling page where it might affect other scheduled dates)
if ($row['event_id'] == "") {
print "<a href='javascript:;' style='text-decoration:underline;font-size:11px;' onclick=\"\$('#change_date').css({'display':'none'});\$('#save_date').css({'display':'block'});\">{$lang['calendar_popup_ajax_03']}</a>";
}
print "{$msg}\n\t\t\t</div>\n\t\t\t<div id='save_date' style='display:none;position:relative;'>\n\t\t\t\t<input type='text' id='newdate' name='newdate' onblur=\"redcap_validate(this,'','','hard','date_'+user_date_format_validation,1,1,user_date_format_delimiter);\" value='" . DateTimeRC::format_ts_from_ymd($event_date) . "' class='x-form-text x-form-field' style='width:70px;' maxlength='10'><span class='df'>(" . DateTimeRC::get_user_format_label() . ")</span>\n\t\t\t\t \n\t\t\t\t<input type='button' id='savebtndatecalpopup' style='font-size:11px;' value='" . cleanHtml($lang['calendar_popup_ajax_04']) . "' onclick='saveDateCalPopup({$_GET['cal_id']})'> \n\t\t\t\t<input type='button' style='font-size:11px;' value='" . cleanHtml($lang['global_53']) . "' onclick=\"\$('#change_date').css({'display':'block'});\$('#save_date').css({'display':'none'});\">\n\t\t\t</div>";
//TIME Field
} elseif ($_GET['view'] == "time") {
$time_field = "<input type='text' class='x-form-text x-form-field time' id='event_time' name='event_time' value='" . remBr(cleanHtml($_GET['event_time'])) . "' maxlength='5' style='width:50px;' onblur=\"redcap_validate(this,'','','soft_typed','time')\"> \n\t\t\t\t\t<span style='font-size:10px;color:#777;font-family:tahoma;'>HH:MM</span> \n\t\t\t\t\t<input type='button' id='savebtntimecalpopup' style='font-size:11px;' value='{$lang['calendar_popup_ajax_06']}' onclick='saveTimeCalPopup({$_GET['cal_id']})'>";
//Visit Time
if ($_GET['event_time'] == "") {
$visible = $time_field;
$hidden = "";
} else {
$visible = "<b>" . DateTimeRC::format_ts_from_ymd($_GET['event_time']) . "</b> \n\t\t\t\t\t<a href='javascript:;' style='text-decoration:underline;font-size:11px;' onclick=\"\$('#change_time').css({'display':'none'});\$('#save_time').css({'display':'block'});\">{$lang['calendar_popup_ajax_07']}</a>";
$hidden = $time_field . " \n\t\t\t\t\t<input type='button' style='font-size:11px;' value='{$lang['global_53']}' onclick=\"\$('#change_time').css({'display':'block'});\$('#save_time').css({'display':'none'});\">";
}
print "<div id='change_time' style='display:block;'>\n\t\t\t\t{$visible}\n\t\t\t\t{$msg}\n\t\t\t</div>\n\t\t\t<div id='save_time' style='display:none;'>\n\t\t\t\t{$hidden}\n\t\t\t</div>";
//STATUS Field
} elseif ($_GET['view'] == "status") {
//Set display text for visit status
switch ($_GET['event_status']) {
case 0:
$status = "<img src='" . APP_PATH_IMAGES . "star_empty.png' style='position:relative;top:1px;'> <b style='color:#777;'>{$lang['calendar_popup_ajax_08']}</b>";
$newPasswordSql = !empty($passwordNew) ? " `password`='" . sha1($passwordNew) . "', " : '';
}
$sqlAvatar = cleanSql($avatar);
$sqlEmail = cleanSql($email);
$sqlSig = cleanSql($signature);
$sprite = (int) $sprite;
$query = mysql_query("UPDATE `users` SET {$newPasswordSql} `email`='{$sqlEmail}', `avatar`='{$sqlAvatar}', `map_sprite`='{$sprite}', `signature`='{$sqlSig}' WHERE `id`='{$uid}'");
if ($query) {
$message = '<div class="notice">Your profile has been edited.</div>';
} else {
$message = '<div class="error">Something went wrong.</div>';
}
}
}
$query = mysql_query("SELECT * FROM `users` WHERE `id`='{$uid}'");
$userRow = cleanHtml(mysql_fetch_assoc($query));
$cells = array();
for ($i = 1; $i <= 10; $i++) {
$attr = $userRow['map_sprite'] == $i ? ' checked="checked" ' : '';
$cells[] = '
<img src="images/sprites/' . $i . '.png" /><br />
<input type="radio" name="sprite" value="' . $i . '" ' . $attr . ' />
';
}
echo '
<h2 class="text-center">Edit Profile</h2>
' . $message . '
<form action="" method="post">
<table class="edit-profile-table">
<tr>
<td class="text-right">Current Password <span class="small">(needed)</span>: </td>
/**
* Get Page Header HTML
*
* This will return header html for a particular page. This will include the
* meta desriptions & keywords, canonical and title tags
*
* @since 1.0
* @uses exec_action
* @uses get_page_url
* @uses strip_quotes
* @uses get_page_meta_desc
* @uses get_page_meta_keywords
* @uses $metad
* @uses $title
* @uses $content
* @uses $site_full_name from configuration.php
* @uses GSADMININCPATH
*
* @return string HTML for template header
*/
function get_header($full = true)
{
global $metad;
global $title;
global $content;
include GSADMININCPATH . 'configuration.php';
// meta description
if ($metad != '') {
$desc = get_page_meta_desc(FALSE);
} else {
if (getDef('GSAUTOMETAD', true)) {
// use content excerpt, NOT filtered
$desc = strip_decode($content);
if (getDef('GSCONTENTSTRIP', true)) {
$desc = strip_content($desc);
}
$desc = cleanHtml($desc, array('style', 'script'));
// remove unwanted elements that strip_tags fails to remove
$desc = getExcerpt($desc, 160);
// grab 160 chars
$desc = strip_whitespace($desc);
// remove newlines, tab chars
$desc = encode_quotes($desc);
$desc = trim($desc);
}
}
if (!empty($desc)) {
echo '<meta name="description" content="' . $desc . '" />' . "\n";
}
// meta keywords
$keywords = get_page_meta_keywords(FALSE);
if ($keywords != '') {
echo '<meta name="keywords" content="' . $keywords . '" />' . "\n";
}
if ($full) {
echo '<link rel="canonical" href="' . get_page_url(true) . '" />' . "\n";
}
// script queue
get_scripts_frontend();
exec_action('theme-header');
}
$uid = (int) $_SESSION['userid'];
include '_header.php';
echo '
<center>
<a href="send_money.php">Send Money</a> •
<a href="send_money_history.php?clear">Clear History</a><br /><br />
</center>
';
mysql_query("UPDATE `send_money_history` SET `seen_by_recipient`='1' WHERE `recipient_uid`='{$uid}'");
if (isset($_GET['clear'])) {
mysql_query("UPDATE `send_money_history` SET `deleted_by_recipient`='1' WHERE `recipient_uid`='{$uid}'");
mysql_query("UPDATE `send_money_history` SET `deleted_by_sender`='1' WHERE `sender_uid`='{$uid}'");
mysql_query("DELETE FROM `send_money_history` WHERE `deleted_by_sender`='1' AND `deleted_by_recipient`='1'");
}
$query = mysql_query("SELECT * FROM `send_money_history` WHERE (`sender_uid`='{$uid}' AND `deleted_by_sender`='0') OR (`recipient_uid`='{$uid}' AND `deleted_by_recipient`='0') ORDER BY `timestamp` DESC");
if (mysql_num_rows($query) == 0) {
echo '<div class="info">You have no history!</div>';
} else {
while ($row = mysql_fetch_assoc($query)) {
if ($row['sender_uid'] == $uid) {
echo '<table><tr><td>You sent $' . number_format($row['amount']) . ' to ' . cleanHtml($row['recipient']) . '.<br /></td></tr></table>';
} else {
echo '<table><tr><td>You got $' . number_format($row['amount']) . ' from ' . cleanHtml($row['sender']) . '.<br /></td></tr></table>';
}
}
}
echo '
</div>
</div>
';
include '_footer.php';
/**
* Get String Excerpt
*
* @since 3.3.2
*
* @uses strIsMultibyte
* @uses cleanHtml
* @uses preg_replace PCRE compiled with "--enable-unicode-properties"
*
* @param string $n Optional, default is 200.
* @param bool $striphtml Optional, default true, true will strip html from $content
* @param string $ellipsis
* @param bool $break break words, default: do not break words find whitespace and puntuation
* @param bool $cleanhtml attempt to clean up html IF strip tags is false, default: true
* @return string
*/
function getExcerpt($str, $len = 200, $striphtml = true, $ellipsis = '...', $break = false, $cleanhtml = true)
{
$str = $striphtml ? trim(strip_tags($str)) : $str;
$len = $len++;
// zero index bump
// setup multibyte function names
$prefix = strIsMultibyte($str) ? 'mb_' : '';
list($substr, $strlen, $strrpos) = array($prefix . 'substr', $prefix . 'strlen', $prefix . 'strrpos');
// string is shorter than truncate length, return
if ($strlen($str) < $len) {
return $str;
}
// if not break, find last word boundary before truncate to avoid splitting last word
// solves for unicode whitespace and punctuation and a 1 character lookahead
// hack, replaces punc with space and handles it all the same for obtaining boundary index
// REQUIRES that PCRE is compiled with "--enable-unicode-properties, @todo detect or supress ?
if (!$break) {
$excerpt = preg_replace('/\\n|\\p{Z}|\\p{P}+$/u', ' ', $substr($str, 0, $len + 1));
}
$lastWordBoundaryIndex = !$break ? $strrpos($excerpt, ' ') : $len;
$str = $substr($str, 0, $lastWordBoundaryIndex);
if (!$striphtml && $cleanhtml) {
return trim(cleanHtml($str)) . $ellipsis;
}
return trim($str) . $ellipsis;
}
}
}
$cell .= '
<tr>
<td>' . $i . '</td>
<td>
<b>
<img src="' . $medalImage . '" alt="X"> <a href="profile.php?id=' . $row['id'] . '" style="color: ' . $color . '">' . htmlspecialchars($row['username']) . '</a>
</b>
</td>
<td>' . $imgHtml . '</td>
<td>
<b>
<a href="pinfo.php?id=' . $row['pid'] . '" style="color: ' . $color . '">
' . cleanHtml($row['name']) . '
</a>
</b>
</td>
<td>' . number_format($row['poke_level']) . '</td>
<td>' . number_format($row['poke_exp']) . '</td>
</tr>
';
$i++;
}
$cell .= '</table><br /><br /><br />';
$cells[] = $cell;
}
redirect('view_box.php');
}
$boxUsername = mysql_fetch_assoc($query);
$boxUsername = $boxUsername['username'];
include '_header.php';
$headerText = isset($_GET['id']) ? $boxUsername . 's Pokemon' : 'Your Pokemon';
printHeader($headerText);
$sorts = array(1 => ' ORDER BY `name` ASC', 2 => ' ORDER BY `name` DESC', 3 => ' ORDER BY `exp` ASC', 4 => ' ORDER BY `exp` DESC');
$search = isset($_GET['search']) ? $_GET['search'] : '';
$sort = $_GET['sort'];
$sortKey = isset($sort) && in_array($sort, array_keys($sorts)) ? $sort : 1;
$orderSql = $sorts[$sortKey];
$searchSql = '';
if (!empty($search)) {
$searchSqlSafe = cleanSql($search);
$searchHtmlSafe = cleanHtml($search);
$searchSql = " AND `name` LIKE '%{$searchSqlSafe}%' ";
}
$countQuery = mysql_query("SELECT `id` FROM `user_pokemon` WHERE `uid`='{$gid}' {$searchSql}");
$numRows = mysql_num_rows($countQuery);
$pagination = new Pagination($numRows);
if (!empty($search)) {
$pagination->addQueryStringVar('search', $search);
}
if (isset($_GET['id'])) {
$pagination->addQueryStringVar('id', (int) $_GET['id']);
}
if ($sortKey != 1) {
$pagination->addQueryStringVar('sort', $sortKey);
}
$query = mysql_query("SELECT * FROM `user_pokemon` WHERE `uid`='{$gid}' {$searchSql} {$orderSql} LIMIT {$pagination->itemsPerPage} OFFSET {$pagination->startItem}");
?>
&id=' + idval + addGoogTrans();
},200);
}
});
});
</script>
<?php
//Using double data entry and auto-numbering for records at the same time can mess up how REDCap saves each record.
//Give warning to turn one of these features off if they are both turned on.
if ($double_data_entry && $auto_inc_set) {
print "<div class='red' style='margin-top:20px;'><b>{$lang['global_48']}</b><br>{$lang['data_entry_56']}</div>";
}
// If multiple Arms exist, use javascript to pop in the drop-down listing the Arm names to choose from for new records
if ($arm_dropdown_choices != "" && (!$auto_inc_set && $user_rights['record_create'] || $auto_inc_set && $num_records > $maxNumRecordsHideDropdowns)) {
print "<script type='text/javascript'>\n\t\t\t\t\$(function(){\n\t\t\t\t\t\$('#inputString').before('" . cleanHtml("<select id='arm_name_newid' onchange=\"if (!\$('select#arm_name').length){ window.location.href=window.location.href+'&arm='+this.value; return; } editAutoComp(autoCompObj,this.value);\" class='x-form-text x-form-field' style='margin-right:20px;'>{$arm_dropdown_choices}</select>") . "');\n\t\t\t\t});\n\t\t\t\t</script>";
}
//If project is a prototype, display notice for users telling them that no real data should be entered yet.
if ($status < 1) {
print "<br>\n\t\t\t\t<div class='yellow' style='width:90%;max-width:600px;'>\n\t\t\t\t\t<img src='" . APP_PATH_IMAGES . "exclamation_orange.png'>\n\t\t\t\t\t<b style='font-size:14px;'>{$lang['global_03']}:</b><br>\n\t\t\t\t\t{$lang['data_entry_28']}\n\t\t\t\t</div>";
}
}
// Render JavaScript for record selecting auto-complete/auto-suggest
?>
<script type="text/javascript">
var autoCompObj;
$(function(){
if ($('#inputString').length) {
autoCompObj = $('#inputString').autocomplete({
source: app_path_webroot+'DataEntry/auto_complete.php?pid='+pid+'&arm='+($('#arm_name_newid').length ? $('#arm_name_newid').val() : '<?php
echo $arm;
if (mysql_num_rows($query) == 0) {
$errors[] = 'Invalid poster.';
}
if (count($errors) >= 1) {
echo '<div class="error">' . implode('</div><div class="error">', $errors) . '</div>';
} else {
echo '<div class="notice">The news has been edited!</div>';
$sqlTitle = cleanSql($title);
$sqlContent = cleanSql($content);
$time = time();
mysql_query("UPDATE `news` SET `title`='{$sqlTitle}', `news`='{$sqlContent}', `bywho`='{$sqlPoster}', `date`='{$time}' WHERE `id`='5033'");
}
}
$query = mysql_query("SELECT * FROM `news` ORDER BY `id` DESC LIMIT 1");
$row = mysql_fetch_assoc($query);
$row = cleanHtml($row);
echo '
<form method="post">
<table class="pretty-table center">
<tr>
<th colspan="2">Edit News</th>
</tr>
<tr>
<td>Title:</td>
<td><input type="text" name="title" size="50" value="' . $row['title'] . '" /></td>
</tr>
<tr>
<td>Content:</td>
<td><textarea name="content" rows="15" cols="50">' . $row['news'] . '</textarea></td>
</tr>
<tr>
</td>
<td>
<span title="Exp: ' . number_format($auctionRow['exp']) . '">
' . number_format($auctionRow['level']) . '
</span>
</td>
<td>
<a href="profile.php?id=' . $auctionRow['owner_id'] . '">' . cleanHtml($auctionRow['owner_username']) . '</a>
</td>
<td>
' . secsToRoughTime(time() - $auctionRow['finish_time']) . ' ago
</td>
<td>
';
if ($auctionRow['winner_id'] == 0) {
echo 'No one!<br />';
} else {
echo '
<a href="profile.php?id=' . $auctionRow['winner_id'] . '">' . cleanHtml($auctionRow['winner_username']) . '</a><br />
for $' . number_format($auctionRow['winning_bid']) . '
';
}
echo '
</td>
</tr>
';
}
echo '
</table>
';
include '_footer.php';
?>
';
var langChooseOtherfield = '<?php
print cleanHtml($lang['report_builder_103']);
?>
';
var langError = '<?php
print cleanHtml($lang['global_01']);
?>
';
var langReportFailed = '<?php
print cleanHtml($lang['report_builder_128']);
?>
';
var langExportFailed = '<?php
print cleanHtml($lang['report_builder_129']);
?>
';
// Add CSRF token as javascript variable and add to every form on page
// init_functions.php createCsrfToken() does not work on pages with defined('PLUGIN')
// CSRF token is required for call to advanced logic checking in
// Surveys/automated_invitations_check_logic.php from LongitudinalReports.js function saveReport()
var redcap_csrf_token = '<?php
echo getCsrfToken();
?>
';
$(function(){ appendCsrfTokenToForm(); });
</script>
<?php
<?php
echo $msg;
?>
<form method="POST" action="">
<div class="title">Reset Password</div>
<label>Username:</label>
<input type="text" name="username" readonly="readonly" value="<?php
echo cleanHtml($username_1);
?>
">
<label>Code from e-mail:</label>
<input type="text" name="key" readonly="readonly" value="<?php
echo cleanHtml($key);
?>
">
<label>New password:</label>
<input type="password" name="password">
<label>Re-type password:</label>
<input type="password" name="re_password">
<input type="submit" name="submit" value="RESET" class="btn">
</form>
</div>
<?php
include '_footer.php';
?>
echo '
<form action="messages.php?p=new" method="post" style="width: 600px; margin: 20px auto;">
<input type="hidden" name="token" value="' . $token . '" />
<table class="pretty-table">
<tr>
<td class="text-right">To:</td>
<td class="text-left"><input type="text" name="username" size="30" value="' . cleanHtml($username) . '" /></td>
</tr>
<tr>
<td class="text-right">Subject:</td>
<td class="text-left"><input type="text" name="subject" size="50" value="' . cleanHtml($subject) . '" /></td>
</tr>
<tr>
<td valign="top" class="text-right">Message:</td>
<td class="text-left">
<textarea name="message" cols="50" rows="5">' . cleanHtml($message) . '</textarea>
</td>
</tr>
<tr>
<td> </td>
<td><input type="checkbox" name="saveOutbox" /> Save in outbox?</td>
</tr>
<tr>
<td> </td>
<td><input type="submit" value="Send Message" /></td>
</tr>
</table>
</form>
';
break;
case 'delete':
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
$cookie_file = "taobao";
$login_action = "http://login.taobao.com/member/login.jhtml";
$data = array("actionForStable" => "enable_post_user_action", "action" => "Authenticator", "TPL_username" => "xxx", "TPL_password" => "xxx", "loginType" => "3", "CtrlVersion" => "1,0,0,7", "tid" => "tid", "support" => "000001", "mi_uid" => "", "mcheck" => "", "TPL_redirect_url" => "www.taobao.com", "event_submit_do_login" => "anything", "_oooo_" => "");
getHtml($login_action, $data, null, $cookie_file);
$url = "http://item.taobao.com/auction/item_detail.htm?xid=0db2&item_num_id=2255050794&cm_cat=50015927&pm2=1&source=dou";
$item_page = getHtml($url, null, null, $cookie_file);
$xml = XmlParse::html2Xml("../xslt/taobao.xsl", $item_page, false);
$sxml = simplexml_load_string($xml);
$favorite_pop = getHtml($sxml, null, null, $cookie_file);
//$strSrc=array(" ","°","’","©",'á','é','í','ó','ú','ñ');
//$strDes=array(" ","","'","","a","e","i","o","u","n");
$html = cleanHtml($favorite_pop, true);
$html = "<body>" . $html . "</body>";
$xml = new DOMDocument();
$xml->loadHTML($html);
$sxml = simplexml_import_dom($xml);
$entry = $sxml->xpath("//form[@id='PopupFavorForm']/script[2]/@src");
$hide_input1 = getHtml($entry[0]->src, null, null, $cookie_file);
$input1 = split("document.write", $hide_input1);
$add_param = array("tags" => "psp", "isShared" => true, "shopIncluded" => false);
foreach ($input1 as $input) {
$strSrc = array("('<input", ">');");
$strDes = array("", "");
$input = str_replace($strSrc, $strDes, $input);
$params = explode(' ', $input);
foreach ($params as $param) {
$key_value = explode('=', $param);
<div class="whathapen">
<?php
$query = mysql_query("SELECT DISTINCT(`message`), `image` FROM `activity` ORDER BY `id` DESC LIMIT 10");
$activityArr = array();
while ($activity = mysql_fetch_assoc($query)) {
$activityArr[] = cleanHtml($activity);
}
?>
<p id="me" style="zoom: 1;"></p>
<p id="me" style="zoom: 1;">
Whats Happening
</p>
<script type="text/javascript">
var element = document.getElementById('me');
var duration = 1000; /* 1000 millisecond fade = 1 sec */
var steps = 20; /* number of opacity intervals */
var delay = 2000; /* 5 sec delay before fading out */
var activity = <?php
echo json_encode($activityArr);
?>
;
var cKey = 0;
/* set the opacity of the element (between 0.0 and 1.0) */
function setOpacity(level) {
element.style.opacity = level;
element.style.MozOpacity = level;
element.style.KhtmlOpacity = level;
<?php
$uid = (int) $_SESSION['userid'];
// username, money, tokens etc
$query = mysql_query("SELECT * FROM `users` WHERE `id`='{$uid}' LIMIT 1");
$userRow = mysql_fetch_assoc($query);
$username = cleanHtml($userRow['username']);
$money = $userRow['money'];
$tokens = $userRow['token'];
$totalMessages = $userRow['total_messages'];
$totalUnreadMessages = $userRow['unread_messages'];
$totalSalePoke = $userRow['total_sale_pokes'];
$newSales = $userRow['newly_sold_pokes'];
// total messages
//$query = mysql_query("SELECT * FROM `messages` WHERE `recipient_uid`='{$uid}' AND `deleted_by_recipient`='0'");
//$totalMessages = mysql_num_rows($query);
// total unread messages
//$query = mysql_query("SELECT * FROM `messages` WHERE `recipient_uid`='{$uid}' AND `read`='0' AND `deleted_by_recipient`='0'");
//$totalUnreadMessages = mysql_num_rows($query);
// total pokemon for sale
// $query = mysql_query("SELECT * FROM `sale_pokemon` WHERE `uid`='{$uid}'");
// $totalSalePoke = mysql_num_rows($query);
// new sales
// $query = mysql_query("SELECT * FROM `sale_history` WHERE `uid`='{$uid}' AND `seen`='0'");
// $newSales = mysql_num_rows($query);
// total trade offers
$query = mysql_query("SELECT `id` FROM `trade_pokemon` WHERE `uid`='{$uid}'");
$tradeIds = array();
while ($tradeId = mysql_fetch_assoc($query)) {
$tradeIds[] = $tradeId['id'];
}
<?php
require_once 'functions.php';
require_once 'config.php';
include '_header.php';
if (isLoggedIn()) {
redirect('index.php');
}
if ($_POST['submit']) {
$username = (string) $_POST['username'];
$email = (string) $_POST['email'];
$sqlUsername = cleanSql($username);
$htmlUsername = cleanHtml($username);
$sqlEmail = cleanSql($email);
$htmlEmail = cleanHtml($email);
if ($username && $email) {
$passwordlenth = 25;
$charset = 'abcdefghijklmnoprstovwxy1234567890';
for ($x = 1; $x <= $passwordlenth; $x++) {
$rand = rand() % strlen($charset);
$temp = substr($charset, $rand, 1);
$key .= $temp;
}
//$key_sha1 = sha1($key);
$query = mysql_query("\n\t\t\tSELECT * \n\t\t\tFROM `users`\n\t\t\tWHERE `username` = '{$sqlUsername}'\n\t\t\tAND `email` = '{$sqlEmail}'\n\t\t") or die(mysql_error());
$row = mysql_num_rows($query);
if ($row != 0) {
$update = mysql_query("\n\t\t\t\tUPDATE `users`\n\t\t\t\tSET `reset_key` = '{$key}'\n\t\t\t\tWHERE `email` = '{$sqlEmail}'\n\t\t\t");
//Send e-mail
$to = $email;
$subject = 'Reset Password';
