$retstring .= " title = \"" . filterAccess($row, $loginId, 'title') . "\"";
$retstring .= " nationality = \"" . filterAccess($row, $loginId, 'nationality') . "\"";
$retstring .= " picture = \"" . filterAccess($row, $loginId, 'picture') . "\"";
$retstring .= " invitedby = \"" . filterAccess($row, $loginId, 'invitedby') . "\"";
$retstring .= " url = \"" . filterAccess($row, $loginId, 'url') . "\"";
$retstring .= " interests = \"" . filterAccess($row, $loginId, 'interests') . "\"";
$retstring .= " profile = \"" . filterAccess($row, $loginId, 'profile') . "\"";
$retstring .= " emailid= \"" . filterAccess($row, $loginId, 'emailid') . "\"";
$retstring .= " loggedin = \"{$row['loggedin']}\"";
$retstring .= " location = \"" . filterAccess($row, $loginId, 'location') . "\"";
$retstring .= " grandscore = \"{$row['grandscore']}\"";
$retstring .= " jointime = \"{$row['jointime']}\"";
$retstring .= " timesvisited = \"{$row['timesvisited']}\"";
$retstring .= " lastvisit = \"{$row['lastvisit']}\"";
$retstring .= " lastaccessed = \"{$row['lastaccessed']}\"";
$retstring .= " competences=\"" . filterAccess($row, $loginId, 'competences') . "\"/>";
}
// load the video nodes
$rs = mysql_query("SELECT * FROM videonodes ORDER BY name");
while ($row = mysql_fetch_array($rs)) {
$tagg = '';
$rs1 = mysql_query("Select * from edges where fromID='{$row['id']}' and name='Has tags' ");
while ($row1 = mysql_fetch_array($rs1)) {
$rs2 = mysql_query("Select * from tagnodes where id='{$row1['toID']}' ");
$row2 = mysql_fetch_array($rs2);
$tagg = $tagg . $row2['name'] . ",";
}
if ($row['parentvideo'] != '' and !$isAdmin) {
$parvid = mysql_query("SELECT submittedby, video_py FROM videonodes WHERE id='{$row['parentvideo']}'");
$arr = mysql_fetch_array($parvid);
if ($arr['submittedby'] != $loginId) {
$res .= "<picture>{$row['picture']}</picture>";
$res .= "<video_py>{$row['video_py']}</video_py>";
$res .= "<comments>{$row['comments']}</comments>";
$res .= "</video>";
}
}
}
}
$res .= "</videos>";
$rs3 = mysql_query("SELECT u.action, p.id, p.name, p.name_py, p.alias, u.logs_py,\n\t\t\t\t DATE_FORMAT(u.Datetime, '%d/%m/%Y - %r') AS dt FROM useractions u, peoplenodes p, (SELECT MAX(t.dt) AS lastlogin\n\t\t\t\t FROM (SELECT datetime AS dt FROM useractions u WHERE takenby='{$loginId}'\n\t\t\t\t AND action='Login') t) l WHERE u.Datetime > l.lastlogin AND p.id=u.TakenBy");
$res .= "<acts>";
while ($row = mysql_fetch_array($rs3)) {
$res .= "<act>";
$res .= "<action>{$row['action']}</action>";
//$res .= "<name>$row[name]</name>";
$res .= "<name>" . filterAccess($row, $loginId, 'name') . "</name>";
//$res .= "<name_py>$row[name_py]</name_py>";
$res .= "<dt>{$row['dt']}</dt>";
//$res .= "<logs_py>$row[logs_py]</logs_py>";
$res .= "</act>";
}
$res .= "</acts>";
$res .= '<status>true</status>';
die($res . '</rsp>');
mysql_close($conn);
?>
<?php
function filterAccess($row, $uid, $prop)
{
global $loginId;
