if ($viewerid === 0) {
echo '<p class="first_p">You need to login in order to view the visits log!</p>';
$site->dieAndEndPageNoBox();
}
// only allow looking when having the permission
if ($allow_view_user_visits === false) {
$site->dieAndEndPageNoBox('You (id=' . sqlSafeString($viewerid) . ') have no permissions to view the visits log!');
}
// form letting search for ip-address, host or name
// this form is considered not to be dangerous, thus no key checking at all and also using the get method
echo "\n" . '<form enctype="application/x-www-form-urlencoded" method="get" action="./" class="search_bar">' . "\n";
// input string
echo '<div style="display:inline" class="search_bar_text"><label for="visit_search_string">Search for:</label> ' . "\n";
echo '<span>';
if (isset($_GET['search'])) {
$site->write_self_closing_tag('input type="text" title="use * as wildcard" id="visit_search_string" name="search_string" value="' . $_GET['search_string'] . '"');
} else {
$site->write_self_closing_tag('input type="text" title="use * as wildcard" id="visit_search_string" name="search_string"');
}
echo '</span></div> ' . "\n";
// looking for either ip-address, host or name?
echo '<div style="display:inline"><label for="visit_search_type">result type:</label> ' . "\n";
echo '<span><select id="visit_search_type" name="search_type">';
// avoid to let the user enter a custom table column at all costs
// only let them switch between ip-address, host and name search
// search for ip-address by default
$search_type = '';
$search_ip = false;
$search_host = false;
$search_forwarded_for = false;
$search_name = false;
$pmComposer->setSubject("Invitation to team {$team_name}");
// TODO: do not assume that BBCode is enabled
$pmComposer->setContent("Congratulations, you were invited by {$player_name} to join team " . htmlent_decode($team_name) . "!\n\n[URL=\"" . basepath() . "Teams/?join={$invited_to_team}\"]Click here to accept the invitation.[/URL]\n\nYou must leave your current team before accepting an invitation to a new team.\n\nThe invitation will expire in 7 days.");
$pmComposer->setTimestamp(date('Y-m-d H:i:s'));
$pmComposer->addUserID($profile);
$pmComposer->send();
echo '<div class="static_page_box">' . "\n";
echo '<p>The player was invited successfully.</p>' . "\n";
// invitation and notification was sent
$site->dieAndEndPage('');
}
if ($allow_invite_in_any_team || $leader_of_team_with_id > 0) {
echo '<div class="static_page_box">' . "\n";
echo '<form enctype="application/x-www-form-urlencoded" method="post" action="?invite=' . htmlentities(urlencode($profile)) . '">' . "\n";
echo '<div>';
$site->write_self_closing_tag('input type="hidden" name="confirmed" value="1"');
echo '</div>' . "\n";
// display team picker in case the user can invite a player to any team
if ($allow_invite_in_any_team) {
// get a full list of teams, excluding deleted teams
// teams_overview.deleted: 0 new; 1 active; 2 deleted; 3 revived
$query = 'SELECT `teams`.`id`,`teams`.`name` FROM `teams`,`teams_overview`';
$query .= ' WHERE (`teams_overview`.`deleted`=' . "'" . sqlSafeString('0') . "'";
$query .= ' OR `teams_overview`.`deleted`=' . "'" . sqlSafeString('1') . "'";
$query .= ' OR `teams_overview`.`deleted`=' . "'" . sqlSafeString('3') . "'";
$query .= ') AND `teams`.`id`=`teams_overview`.`teamid`';
if (!($result = @$site->execute_query('teams', $query, $connection))) {
// query was bad, error message was already given in $site->execute_query(...)
$site->dieAndEndPage('');
}
$team_name_list = array();
