if ($viewerid === 0) { echo '<p class="first_p">You need to login in order to view the visits log!</p>'; $site->dieAndEndPageNoBox(); } // only allow looking when having the permission if ($allow_view_user_visits === false) { $site->dieAndEndPageNoBox('You (id=' . sqlSafeString($viewerid) . ') have no permissions to view the visits log!'); } // form letting search for ip-address, host or name // this form is considered not to be dangerous, thus no key checking at all and also using the get method echo "\n" . '<form enctype="application/x-www-form-urlencoded" method="get" action="./" class="search_bar">' . "\n"; // input string echo '<div style="display:inline" class="search_bar_text"><label for="visit_search_string">Search for:</label> ' . "\n"; echo '<span>'; if (isset($_GET['search'])) { $site->write_self_closing_tag('input type="text" title="use * as wildcard" id="visit_search_string" name="search_string" value="' . $_GET['search_string'] . '"'); } else { $site->write_self_closing_tag('input type="text" title="use * as wildcard" id="visit_search_string" name="search_string"'); } echo '</span></div> ' . "\n"; // looking for either ip-address, host or name? echo '<div style="display:inline"><label for="visit_search_type">result type:</label> ' . "\n"; echo '<span><select id="visit_search_type" name="search_type">'; // avoid to let the user enter a custom table column at all costs // only let them switch between ip-address, host and name search // search for ip-address by default $search_type = ''; $search_ip = false; $search_host = false; $search_forwarded_for = false; $search_name = false;
$pmComposer->setSubject("Invitation to team {$team_name}"); // TODO: do not assume that BBCode is enabled $pmComposer->setContent("Congratulations, you were invited by {$player_name} to join team " . htmlent_decode($team_name) . "!\n\n[URL=\"" . basepath() . "Teams/?join={$invited_to_team}\"]Click here to accept the invitation.[/URL]\n\nYou must leave your current team before accepting an invitation to a new team.\n\nThe invitation will expire in 7 days."); $pmComposer->setTimestamp(date('Y-m-d H:i:s')); $pmComposer->addUserID($profile); $pmComposer->send(); echo '<div class="static_page_box">' . "\n"; echo '<p>The player was invited successfully.</p>' . "\n"; // invitation and notification was sent $site->dieAndEndPage(''); } if ($allow_invite_in_any_team || $leader_of_team_with_id > 0) { echo '<div class="static_page_box">' . "\n"; echo '<form enctype="application/x-www-form-urlencoded" method="post" action="?invite=' . htmlentities(urlencode($profile)) . '">' . "\n"; echo '<div>'; $site->write_self_closing_tag('input type="hidden" name="confirmed" value="1"'); echo '</div>' . "\n"; // display team picker in case the user can invite a player to any team if ($allow_invite_in_any_team) { // get a full list of teams, excluding deleted teams // teams_overview.deleted: 0 new; 1 active; 2 deleted; 3 revived $query = 'SELECT `teams`.`id`,`teams`.`name` FROM `teams`,`teams_overview`'; $query .= ' WHERE (`teams_overview`.`deleted`=' . "'" . sqlSafeString('0') . "'"; $query .= ' OR `teams_overview`.`deleted`=' . "'" . sqlSafeString('1') . "'"; $query .= ' OR `teams_overview`.`deleted`=' . "'" . sqlSafeString('3') . "'"; $query .= ') AND `teams`.`id`=`teams_overview`.`teamid`'; if (!($result = @$site->execute_query('teams', $query, $connection))) { // query was bad, error message was already given in $site->execute_query(...) $site->dieAndEndPage(''); } $team_name_list = array();