function hiddenInputs($values)
{
foreach ($values as $key => $value) {
$key = htmlEscape($key);
$value = htmlEscape($value);
echo "<input name='{$key}' value='{$value}' type='hidden'/>\n";
}
}
function showMedia()
{
#----------------------------------------------------------------------
global $chosenType, $chosenStatus, $chosenRegionId, $chosenOrder;
#--- Prepare conditions.
$typeCondition = $chosenType ? "AND type='{$chosenType}'" : '';
$accepted = $chosenStatus == 'accepted';
$order = $accepted ? "ORDER BY timestampDecided DESC" : "ORDER BY timestampSubmitted DESC";
$orderCondition = $chosenOrder == 'date' ? "ORDER BY competition.year DESC,\n competition.month DESC,\n competition.day DESC" : $order;
$headerDate = $accepted ? "Insertion" : "Submission";
#--- Get data of the (matching) media items.
$media = dbQuery("\n SELECT media.*,\n competition.year, competition.month, competition.day,\n competition.endMonth, competition.endDay,\n competition.countryId, competition.cityName,\n cellName,\n country.name AS countryName\n FROM CompetitionsMedia media, Competitions competition, Countries country\n WHERE 1\n AND competition.id = competitionId\n AND country.id = countryId\n {$typeCondition}\n " . regionCondition('competition') . "\n AND status='{$chosenStatus}'\n {$orderCondition}, cellName\n ");
#--- Begin form and table.
echo "<form action='validate_media_ACTION.php' method='POST'>\n";
tableBegin('results', 7);
tableHeader(explode('|', $headerDate . ' Date|Competition Date|Competition|Country, City|Type|Link|'), array(5 => 'class="f"'));
#--- Print results.
foreach ($media as $data) {
extract($data);
$timestamp = $accepted ? $timestampDecided : $timestampSubmitted;
if ($chosenOrder == 'submission') {
$year = preg_replace('/-.*/', '', $timestamp);
}
if (isset($previousYear) && $year != $previousYear) {
tableRowEmpty();
}
$previousYear = $year;
$button = "<input type='submit' class='butt' value='Info' name='info{$id}' /> ";
$button .= "<input type='submit' class='butt' value='Edit' name='edit{$id}' /> ";
$button .= $accepted ? "<input type='submit' class='butt' value='Erase' name='refuse{$id}' />" : "<input type='submit' class='butt' value='Accept' name='accept{$id}' />\n <input type='submit' class='butt' value='Refuse' name='refuse{$id}' />";
tableRow(array(preg_replace('/ .*/', '', $timestamp), competitionDate($data), competitionLink($competitionId, $cellName), "<b>{$countryName}</b>, {$cityName}", $type, externalLink(htmlEscape($uri), htmlEscape($text)), $button));
}
#--- End form and table.
tableEnd();
echo "</form>";
}
echo htmlEscape($post['title']);
?>
</h2>
<div class="meta">
<?php
echo convertSqlDate($post['created_at']);
?>
(<?php
echo $post['comment_count'];
?>
comments)
</div>
<p>
<?php
echo htmlEscape($post['body']);
?>
</p>
<div class="post-controls">
<a
href="view-post.php?post_id=<?php
echo $post['id'];
?>
"
>Read more...</a>
<?php
if (isLoggedIn()) {
?>
|
<a
href="edit-post.php?post_id=<?php
}
// now create the JSON file
header("Content-type: application/json");
$data = array(
'markers' => array(),
'members' => 0,
'clusters' => array()
);
$num_users = 0;
// Iterate through the rows
foreach($sort_markers as $index => $marker) {
$m = array(
'user' => htmlEscape($marker['username']),
'userid' => htmlEscape($marker['userid']),
'lat' => $marker['x'],
'lon' => $marker['y'],
);
$id = $marker['userid'];
if(isset($min_zoom[$id])) {
$m['minzoom'] = $min_zoom[$id];
} else {
$m['minzoom'] = $max_marker_level+1;
}
$data['markers'][] = $m;
}
$data['members'] = sizeof($sort_markers);
echo htmlEscape($row['title']);
?>
</title>
<?php
require 'templates/head.php';
?>
</head>
<body>
<?php
require 'templates/title.php';
?>
<div class="post">
<h2>
<?php
echo htmlEscape($row['title']);
?>
</h2>
<div class="date">
<?php
echo convertSqlDate($row['created_at']);
?>
</div>
<?php
// This is already escaped, so doesn't need further escaping
?>
<?php
echo convertNewlinesToParagraphs($row['body']);
?>
<div class="top-menu">
<div class="menu-options">
<?php
if (isLoggedIn()) {
?>
<a href="index.php">Home</a>
|
<a href="list-posts.php">All posts</a>
|
<a href="edit-post.php">New post</a>
|
Hello <?php
echo htmlEscape(getAuthUser());
?>
.
<a href="logout.php">Log out</a>
<?php
} else {
?>
<a href="login.php">Log in</a>
<?php
}
?>
</div>
</div>
function showUnfinishedPersons () {
#----------------------------------------------------------------------
global $personsFromPersons, $personsFromResultsWithoutId, $birthdates;
#--- Pre-compute the candidate tuples: (id, name, countryId, romanName, romanNameSimilarityPlaceHolder, countryIdSimilarityPlaceHolder)
$candidates = array();
foreach( $personsFromPersons as $person ){
list( $id, $name, $countryId ) = $person;
$candidates[] = array( $id, $name, $countryId, extractRomanName($name), 0, 0 );
}
#--- Begin the form and table.
echo "<form action='persons_finish_unfinished_ACTION.php' method='post'>";
tableBegin( 'results', 8 );
tableHeader( explode( '|', '|personName|countryId|personId|birthdate|personName|countryId|personSemiId' ),
array( 6=>'class="6"' ) );
#--- Walk over all persons from the Results table.
$caseNr = 0;
foreach( $personsFromResultsWithoutId as $person ){
list( $name, $countryId, $firstYear ) = $person;
#--- Try to compute the semi-id.
$quarterId = removeUglyAccentsAndStuff( extractRomanName( $name ));
$quarterId = preg_replace( '/[^a-zA-Z ]/', '', $quarterId );
$quarterId = strtoupper( substr( preg_replace( '/(.*)\s(.*)/', '$2$1', $quarterId ), 0, 4 ));
if ( strlen ( $quarterId ) == 0 ) {
// if the name comes empty, invent a quarterId
$quarterId = 'XXXX';
} else if ( strlen( $quarterId ) < 4 ) {
// make sure the quarterId is 4-letter long
while ( strlen( $quarterId ) < 4 ) {
$quarterId .= $quarterId;
}
$quarterId = substr( $quarterId, 0, 4 );
}
$semiId = $firstYear . $quarterId;
#--- Html-ify name and country.
$nameHtml = htmlEscape( $name );
$countryIdHtml = htmlEscape( $countryId );
#--- Hidden field describing the case.
$caseNr++;
tableRowFull( " <input type='hidden' name='oldNameAndCountry$caseNr' value='$nameHtml|$countryIdHtml' />" );
#--- Show the person.
# Note that we set this input to checked, but if there's a better match
# lower on, then it will take precendence.
tableRowStyled( 'font-weight:bold', array(
"<input type='radio' name='action$caseNr' value='new' checked='checked' />",
visualize( $name ),
visualize( $countryId ),
peekLink( $name, $countryId ),
'mm/dd/yyyy',
"<input type='text' name='name$caseNr' value='$nameHtml' size='20' />",
"<input type='text' name='country$caseNr' value='$countryIdHtml' size='20' />",
"<input type='text' name='semiId$caseNr' value='$semiId' size='10' maxlength='8' />",
));
#--- Show most similar persons.
$similarsCtr = 0;
foreach( getMostSimilarPersonsMax( extractRomanName($name), $countryId, $candidates, 10 ) as $similarPerson ){
list( $other_id, $other_name, $other_countryId ) = $similarPerson;
#--- If name and country match the unfinished persons, pre-select it.
$checked = ($other_name==$name && $other_countryId==$countryId)
? "checked='checked'" : '';
#--- Skip the unfinished person itself.
if( $checked && !$other_id )
continue;
#--- Html-ify.
$nameHtml = htmlEscape( $other_name );
$countryHtml = htmlEscape( $other_countryId );
$idHtml = htmlEscape( $other_id );
#--- Use "name|country|id" as action.
$action = "$nameHtml|$countryHtml|$idHtml";
#--- Show the other person.
tableRow( array(
"<input type='radio' name='action$caseNr' value='$action' $checked />",
# ($other_id ? personLink( $other_id, $other_name ) : $other_name),
visualize( $other_name ),
visualize( $other_countryId ),
($other_id ? "<a class='p' href='../p.php?i=$other_id' target='_blank'>$other_id</a>" : peekLink( $other_name, $other_countryId )),
$birthdates[ $other_id ],
'', #sprintf( "%.2f", $similarity ),
'',
'',
));
#--- Stop after five similar persons.
if( ++$similarsCtr == 5 )
break;
}
#--- Offer an explicit skip.
tableRow( array(
"<input type='radio' name='action$caseNr' value='skip' />",
'I\'m not sure yet', '', '', '', '', '', ''
));
#--- Don't show more than 20 unfinished persons.
if( $caseNr == 20 )
break;
}
#--- Show 'Update' button, finish table and form.
tableRowEmpty();
tableRowFull( "<input type='submit' value='Update' />" );
tableEnd();
echo "</form>";
}
<a href="<?= $upload->URL() ?>"
<? if($upload->filtered()) { ?>
onMouseOver='changesrc("th<?= $upload->id()?>","<?= $upload->thumbURL() ?>")'
onMouseOut='changesrc("th<?= $upload->id() ?>","/offensive/graphics/th-filtered.gif")'
<? } ?>
><img name="th<?= $upload->id()?>"
src="<?= $upload->filtered()
? "/offensive/graphics/th-filtered.gif"
: $upload->thumbURL() ?>"
border=0 align=left hspace=20 title="<?= byte_format(filesize($filepath)); ?>" /></a>
<?
?><a name="im<?= $upload->id() ?>"></a>
<!-- voting goes here -->
<span class="filetitle"></span>
<span class="postername"><?= htmlEscape($upload->uploader()->username()) ?></span>
<?= date("m/d/y(D)H:i:s", $time) ?>
<span></span>
<span id="nothread<?= $upload->id() ?>">
<a href="<?= Link::upload($upload) ?>" class="quotejs">No.<?= $upload->id() ?></a>
[<a href="<?= Link::thread($upload) ?>">Reply</a>]
</span><br />
<!--<blockquote>So ur with ur honey and yur making out wen the phone rigns. U anser it n the vioce is "wut r u doing wit my daughter?" U tell ur girl n she say "my dad is ded". THEN WHO WAS PHONE?
<br /><span class="abbr">Comment too long. Click <a href="res/60550329.html#60550329">here</a> to view the full text.</span></blockquote>-->
<!-- if(replies) -->
<?
$sql = "SELECT offensive_comments.*, offensive_comments.id as commentid, offensive_comments.timestamp AS comment_timestamp, users.*
FROM offensive_uploads, offensive_comments, users
WHERE users.userid = offensive_comments.userid
function htmlEscape($s)
{
if (!is_array($s)) {
return htmlspecialchars($s, ENT_QUOTES, 'UTF-8');
} else {
if (defined('DONT_ESCAPE') && count($s) === 2 && isset($s[0]) && $s[0] === DONT_ESCAPE) {
return $s[1];
} else {
foreach ($s as &$s1) {
$s1 = htmlEscape($s1);
}
unset($s1);
return $s;
}
}
}
<h3><?php
echo $commentCount;
?>
comments</h3>
<?php
foreach (getCommentsForPost($pdo, $postId) as $comment) {
?>
<div class="comment">
<div class="comment-meta">
Comment from
<?php
echo htmlEscape($comment['name']);
?>
on
<?php
echo convertSqlDate($comment['created_at']);
?>
<?php
if (isLoggedIn()) {
?>
<input
type="submit"
name="delete-comment[<?php
echo $comment['id'];
-->
<br />
<?php if($upload->is_nsfw() || $upload->is_tmbo()) { ?>
<span class="warning_tags">
<?
if($upload->is_nsfw()) { ?>
<a href="<?= Link::setPref("hide_nsfw", (me()->getPref("hide_nsfw") == 1 ? "" : "1")) ?>" title="<?= me()->getPref("hide_nsfw") == 1 ? "show" : "hide" ?> images that are not safe for work">[nsfw]</a><?
}
if($upload->is_tmbo()) { ?>
<a href="<?= Link::setPref("hide_tmbo", (me()->getPref("hide_tmbo") == 1 ? "" : "1")) ?>" title="<?= me()->getPref("hide_tmbo") == 1 ? "show" : "hide" ?> images that might be offensive">[tmbo]</a><?
}
?>
</span>
<? }
echo "<a href=\"".$upload->URL()."\" target=\"_blank\">" . htmlEscape($upload->filename()) . "</a>";
?>
<span id="dimensions" class="info"><?
if($upload->file() != "")
echo getFileSize($upload->file());
?></span>
<br/>
<!--
username/time block
-->
<span id="upload_info" class="info">
uploaded by <?= $upload->uploader()->htmlUsername() ?> @ <?= $upload->timestamp() ?>
</span>
<br/><br/>
/**
@fn param($name, $defVal?, $col?=$_REQUEST)
@param $col: key-value collection
获取名为$name的参数。
$name中可以指定类型,返回值根据类型确定。如果该参数未定义或是空串,直接返回缺省值$defVal。
$name中指定类型的方式如下:
- 名为"id", 或以"Id"或"/i"结尾: int
- 以"/b"结尾: bool
- 以"/dt"或"/tm"结尾: datetime
- 以"/n"结尾: numeric/double
- 以"/s"结尾(缺省): string
- 复杂类型:以"/i+"结尾: int array
- 复杂类型:以"/js"结尾: json object
- 复杂类型:List类型(以","分隔行,以":"分隔列),类型定义如"/i:n:b:dt:tm" (列只支持简单类型,不可为复杂类型)
示例:
$id = param("id");
$svcId = param("svcId/i", 99);
$wantArray = param("wantArray/b", false);
$startTm = param("startTm/dt", time());
List类型示例。参数"items"类型在文档中定义为list(id/Integer, qty/Double, dscr/String),可用param("items/i:n:s")获取, 值如
items=100:1:洗车,101:1:打蜡
返回
[ [ 100, 1.0, "洗车"], [101, 1.0, "打蜡"] ]
如果某列可缺省,用"?"表示,如param("items/i:n?:s?")可获取值:
items=100:1,101::打蜡
返回
[ [ 100, 1.0, null], [101, null, "打蜡"] ]
TODO: 直接支持 param("items/(id,qty?/n,dscr?)"), 添加param_objarr函数,去掉parseList函数。上例将返回
[
[ "id"=>100, "qty"=>1.0, dscr=>null],
[ "id"=>101, "qty"=>null, dscr=>"打蜡"]
]
*/
function param($name, $defVal = null, $col = null)
{
if (!isset($col)) {
$col = $_REQUEST;
}
assert(is_array($col));
$ret = $defVal;
$type = parseType_($name);
if (isset($col[$name])) {
$ret = $col[$name];
} else {
global $ALLOW_LCASE_PARAM;
if ($ALLOW_LCASE_PARAM) {
$name1 = strtolower($name);
if (isset($col[$name1])) {
$ret = $col[$name1];
}
}
}
if ($ret === "") {
return $defVal;
}
# check type
if (isset($ret) && is_string($ret)) {
// avoid XSS attack
if (!startsWith($name, "cond")) {
$ret = htmlEscape($ret);
}
if ($type === "s") {
} elseif ($type === "i") {
if (!is_numeric($ret)) {
throw new MyException(E_PARAM, "Bad Request - integer param `{$name}`=`{$ret}`.");
}
$ret = intval($ret);
} elseif ($type === "n") {
if (!is_numeric($ret)) {
throw new MyException(E_PARAM, "Bad Request - numeric param `{$name}`=`{$ret}`.");
}
$ret = doubleval($ret);
} elseif ($type === "b") {
$ret = tobool($ret);
} elseif ($type == "i+") {
$arr = [];
foreach (explode(',', $ret) as $e) {
if (!ctype_digit($e)) {
throw new MyException(E_PARAM, "Bad Request - int array param `{$name}` contains `{$e}`.");
}
$arr[] = intval($e);
}
if (count($arr) == 0) {
throw new MyException(E_PARAM, "Bad Request - int array param `{$name}` is empty.");
}
$ret = $arr;
} elseif ($type === "dt" || $type === "tm") {
$ret1 = strtotime($ret);
if ($ret1 === false) {
throw new MyException(E_PARAM, "Bad Request - invalid datetime param `{$name}`=`{$ret}`.");
}
$ret = $ret1;
} elseif ($type === "js" || $type === "tbl") {
$ret1 = json_decode($ret, true);
if ($ret1 === null) {
throw new MyException(E_PARAM, "Bad Request - invalid json param `{$name}`=`{$ret}`.");
}
if ($type === "tbl") {
$ret1 = table2objarr($ret1);
if ($ret1 === false) {
throw new MyException(E_PARAM, "Bad Request - invalid table param `{$name}`=`{$ret}`.");
}
}
$ret = $ret1;
} else {
if (strpos($type, ":") > 0) {
$ret = param_varr($ret, $type, $name);
} else {
throw new MyException(E_SERVER, "unknown type `{$type}` for param `{$name}`");
}
}
}
# $name1 = strtoupper("HTTP_$name");
# if (isset($_SERVER[$name1]))
# return $_SERVER[$name1];
return $ret;
}
private function parseRestfulUrl($pathInfo)
{
$method = $_SERVER["REQUEST_METHOD"];
$ac = htmlEscape(substr($pathInfo, 1));
// POST /login (小写开头)
// GET/POST /Store.add (含.)
if (ctype_lower($ac[0]) || strpos($ac, '.') !== false) {
if ($method !== 'GET' && $method !== 'POST') {
throw new MyException(E_PARAM, "bad verb '{$method}'. use 'GET' or 'POST'");
}
return $ac;
}
// {obj}/{id}
@(list($obj, $id) = explode('/', $ac, 2));
if ($id === "") {
$id = null;
}
if (isset($id)) {
if (!ctype_digit($id)) {
throw new MyException(E_PARAM, "bad id: {$id}");
}
setParam('id', $id);
}
switch ($method) {
// GET /Store/123
// GET /Store
case 'GET':
if (isset($id)) {
$ac = 'get';
} else {
$ac = 'query';
}
break;
// POST /Store
// POST /Store
case 'POST':
if (isset($id)) {
throw new MyException(E_PARAM, "bad verb '{$method}' on id: {$id}");
}
$ac = 'add';
break;
// PATCH /Store/123
// PATCH /Store/123
case 'PATCH':
if (!isset($id)) {
throw new MyException(E_PARAM, "missing id");
}
$ac = 'set';
break;
// DELETE /Store/123
// DELETE /Store/123
case 'DELETE':
if (!isset($id)) {
throw new MyException(E_PARAM, "missing id");
}
$ac = 'del';
break;
default:
throw new MyException(E_PARAM, "bad verb '{$method}'");
}
return "{$obj}.{$ac}";
}
function importLocalNames () {
#----------------------------------------------------------------------
global $chosenUpload, $chosenConfirm, $chosenNamesFile, $chosenFilename;
$oneBad = false;
$oneGood = false;
if( $chosenUpload ){
$upload_path = '../upload/';
if( $chosenFilename == '' )
$chosenFilename = 'tmp' . rand();
if( ! $chosenConfirm )
move_uploaded_file( $_FILES['namesFile']['tmp_name'], $upload_path . $chosenFilename . '.txt' );
$nameLines = file( $upload_path . $chosenFilename . '.txt', FILE_SKIP_EMPTY_LINES );
foreach( $nameLines as $nameLine ){
$nameLine = rtrim( $nameLine );
if( count( explode( ',', $nameLine )) != 2 ){
echo "<span style='color:#F00'>Wrong line syntax: <br /> " . htmlEscape( $nameLine ) . "</span><br />\n";
$oneBad = true;
continue;
}
list( $wcaId, $localName ) = explode( ',', $nameLine );
$wcaId = utf8_decode( $wcaId );
$persons = dbQuery( "SELECT name personName FROM Persons WHERE id='$wcaId' AND subId=1" );
if( count( $persons ) == 0 ){
echo "<span style='color:#DB0'>Unknown WCA id " . htmlEscape( $wcaId ) . "</span><br />\n";
$oneBad = true;
continue;
}
$person = array_shift( $persons );
extract( $person );
if( $chosenConfirm ){
$localName = mysql_real_escape_string( $localName );
$name = mysql_real_escape_string( extractRomanName( $personName )) . ' (' . $localName . ')';
$personName = mysql_real_escape_string( $personName );
dbCommand( "UPDATE Persons SET name='$name' WHERE id='$wcaId' AND subId=1" );
dbCommand( "UPDATE Results SET personName='$name' WHERE personId='$wcaId' AND personName='$personName'" );
$oneGood = true;
}
else{
$personLocalName = extractLocalName( $personName );
if( $localName == ''){
if( $personLocalName == '' ){}
else{
echo "<span style='color:#3C3'>I will remove name ".htmlEscape( $personLocalName )." from ".htmlEscape( $personName )."($wcaId)</span><br />\n";
}
}
else{
if( $personLocalName == '' ){
echo "<span style='color:#3C3'>I will add name ".htmlEscape( $localName )." to ".htmlEscape( $personName )."($wcaId)</span><br />\n";
}
else{
echo "<span style='color:#3C3'>I will change name ".htmlEscape( $personLocalName )." to ".htmlEscape( $localName )." for ".htmlEscape( $personName )."($wcaId)</span><br />\n";
}
}
}
}
if( $chosenConfirm ){
if(( $oneGood ) and ( ! $oneBad ))
noticeBox3( 1, "Complete. All names were updated." );
if(( $oneGood ) and ( $oneBad ))
noticeBox3( 0, "Complete. However, some lines were skipped." );
if(( ! $oneGood ) and ( $oneBad ))
noticeBox3( -1, "Cound't update anything." );
if(( ! $oneGood ) and ( ! $oneBad ))
noticeBox3( 0, "I found an empty text !?" );
$chosenUpload = false;
unlink( $upload_path . $chosenFilename . '.txt' );
}
else{
echo "<form method='POST'>\n";
echo "<input type='hidden' id='namesFile' name='namesFile' value='".htmlEscape($chosenNamesFile)."' />\n";
echo "<input type='hidden' id='upload' name='upload' value='$chosenUpload' />\n";
echo "<input type='hidden' id='filename' name='filename' value='".htmlEscape($chosenFilename)."' />\n";
echo "<input type='submit' id='confirm' name='confirm' value='Confirm' /></form>\n";
}
}
if( ! $chosenUpload ){
adminHeadline( 'Add local names' );
echo "<p>You can add or modify local names here, by upload a file containing the names. The file must be a plain text file encoded in UTF-8. Each line must contain: the WCA id, a comma (',') and the name you would like to add. If you want to remove a name from the database, just leave the name part blank.</p>\n";
echo "<p>Example: <br /><br />2009WANG20,王超<br />2009WANG62,王宇欣<br />2009WANG13,王宇轩<br />etc.</p>\n";
echo "<hr>\n";
echo "<table class='prereg'>\n";
echo " <form method='POST' enctype='multipart/form-data'>\n";
echo " <tr><td width='30%'><label for='namesFile'>Upload file: </label></td>\n";
echo " <td><input type='file' id='namesFile' name='namesFile' /></td>\n";
echo " <td><input type='submit' id='upload' name='upload' value='Upload' /></td></tr></form>\n";
echo "</table>\n";
}
}
Website: </label> <input type="text" id="comment-website" name="comment-website" value="<?php echo htmlEscape($commentData['website']); ?> " /> </div> <div> <label for="comment-text"> Comment: </label> <textarea id="comment-text" name="comment-text" rows="8" cols="70" ><?php echo htmlEscape($commentData['text']); ?> </textarea> </div> <div> <input type="submit" value="Submit comment" /> </div> </form>
function showUnfinishedPersons()
{
#----------------------------------------------------------------------
global $personsFromPersons, $personsFromResultsWithoutId, $birthdates;
#--- Pre-compute the candidate tuples: (id, name, countryId, romanName, romanNameSimilarityPlaceHolder, countryIdSimilarityPlaceHolder)
$candidates = array();
foreach ($personsFromPersons as $person) {
list($id, $name, $countryId) = $person;
$candidates[] = array($id, $name, $countryId, extractRomanName($name), 0, 0);
}
#--- Begin the form and table.
echo "<form action='persons_finish_unfinished_ACTION.php' method='post'>";
tableBegin('results', 8);
tableHeader(explode('|', '|personName|countryId|personId|birthdate|personName|countryId|personSemiId'), array(6 => 'class="6"'));
#--- Walk over all persons from the Results table.
$caseNr = 0;
$availableSpots = array();
// array of semiIds in progress
foreach ($personsFromResultsWithoutId as $person) {
list($name, $countryId, $firstYear) = $person;
#--- Try to compute the semi-id.
$paddingLetter = 'U';
$neatName = strtoupper(preg_replace('/[^a-zA-Z ]/', '', removeUglyAccentsAndStuff(extractRomanName($name))));
$nameParts = explode(' ', $neatName);
$lastName = $nameParts[count($nameParts) - 1];
$restOfName = implode(array_slice($nameParts, 0, count($nameParts) - 1));
// follows a simple trick that prevents us from empty or too short restOfNames and provides the appropriate padding
$restOfName = str_pad($restOfName, 4, $paddingLetter);
$lettersToShift = max(0, 4 - strlen($lastName));
$cleared = false;
while (!$cleared && $lettersToShift <= 4) {
$quarterId = substr($lastName, 0, 4 - $lettersToShift) . substr($restOfName, 0, $lettersToShift);
$semiId = $firstYear . $quarterId;
// update array of persons in progress
if (!array_key_exists($semiId, $availableSpots)) {
$lastIdTaken = dbQuery("SELECT id FROM Persons WHERE id LIKE '{$semiId}__' ORDER BY id DESC LIMIT 1");
if (!count($lastIdTaken)) {
$counter = 0;
} else {
$counter = intval(substr($lastIdTaken[0]['id'], 8, 2), 10);
}
$availableSpots[$semiId] = 99 - $counter;
}
// is there a spot available?
if ($availableSpots[$semiId]) {
$availableSpots[$semiId]--;
$cleared = true;
} else {
$lettersToShift++;
}
}
/* The script has tried all the possibilities and none of them was valid.
* If we reach here with $cleared set to false (something that is not going to happen in centuries) then
* the person posting will receive an error in persons_finish_unfinished_ACTION.php and the software team
* of the future will have work to do.
*/
if (!$cleared) {
// if we didn't clear a spot we stick with the first combination
$lettersToShift = max(0, 4 - strlen($lastName));
$semiId = $firstYear . substr($lastName, 0, 4 - $lettersToShift) . substr($restOfName, 0, $lettersToShift);
$availableSpots[$semiId] = 0;
}
#--- Html-ify name and country.
$nameHtml = htmlEscape($name);
$countryIdHtml = htmlEscape($countryId);
#--- Hidden field describing the case.
$caseNr++;
tableRowFull(" <input type='hidden' name='oldNameAndCountry{$caseNr}' value='{$nameHtml}|{$countryIdHtml}' />");
#--- Show the person.
# Note that we set this input to checked, but if there's a better match
# lower on, then it will take precendence.
tableRowStyled('font-weight:bold', array("<input type='radio' name='action{$caseNr}' value='new' checked='checked' />", visualize($name), visualize($countryId), peekLink($name, $countryId), 'mm/dd/yyyy', "<input type='text' name='name{$caseNr}' value='{$nameHtml}' size='20' />", "<input type='text' name='country{$caseNr}' value='{$countryIdHtml}' size='20' />", "<input type='text' name='semiId{$caseNr}' value='{$semiId}' size='10' maxlength='8' />"));
#--- Show most similar persons.
$similarsCtr = 0;
foreach (getMostSimilarPersonsMax(extractRomanName($name), $countryId, $candidates, 10) as $similarPerson) {
list($other_id, $other_name, $other_countryId) = $similarPerson;
#--- If name and country match the unfinished persons, pre-select it.
$checked = $other_name == $name && $other_countryId == $countryId ? "checked='checked'" : '';
#--- Skip the unfinished person itself.
if ($checked && !$other_id) {
continue;
}
#--- Html-ify.
$nameHtml = htmlEscape($other_name);
$countryHtml = htmlEscape($other_countryId);
$idHtml = htmlEscape($other_id);
#--- Use "name|country|id" as action.
$action = "{$nameHtml}|{$countryHtml}|{$idHtml}";
#--- Show the other person.
tableRow(array("<input type='radio' name='action{$caseNr}' value='{$action}' {$checked} />", visualize($other_name), visualize($other_countryId), $other_id ? "<a class='p' href='../p.php?i={$other_id}' target='_blank'>{$other_id}</a>" : peekLink($other_name, $other_countryId), $birthdates[$other_id], '', '', ''));
#--- Stop after five similar persons.
if (++$similarsCtr == 5) {
break;
}
}
#--- Offer an explicit skip.
tableRow(array("<input type='radio' name='action{$caseNr}' value='skip' />", 'I\'m not sure yet', '', '', '', '', '', ''));
#--- Don't show more than 20 unfinished persons.
if ($caseNr == 20) {
break;
}
}
#--- Show 'Update' button, finish table and form.
tableRowEmpty();
tableRowFull("<input type='submit' value='Update' />");
tableEnd();
echo "</form>";
}
<form method="post" class="user-form" > <div> <label for="username"> Username: </label> <input type="text" id="username" name="username" value="<?php echo htmlEscape($username); ?> " /> </div> <div> <label for="password"> Password: </label> <input type="password" id="password" name="password" /> </div> <input type="submit" name="submit" value="Login" />
posts.
<form method="post">
<table id="post-list">
<tbody>
<?php
foreach ($posts as $post) {
?>
<tr>
<td>
<a
href="view-post.php?post_id=<?php
echo $post['id'];
?>
"
><?php
echo htmlEscape($post['title']);
?>
</a>
</td>
<td>
<?php
echo convertSqlDate($post['created_at']);
?>
</td>
<td>
<?php
echo $post['comment_count'];
?>
</td>
<td>
function core_print_r($o, $txt = False)
{
ob_start();
print "core_print_r {$txt}: ";
print_r($o);
$txt = ob_get_contents();
ob_end_clean();
print x('div align=left', x('pre', preg_replace("/((Array|Object)[\r\n](\\s+)?\\(|[\r\n](\\s+)?\\)[\r\n])/", "", htmlEscape($txt))));
}
<?php
// For now, we'll use a horizontal rule-off to split it up a bit
?>
<hr />
<div class="comment">
<div class="comment-meta">
Comment from
<?php
echo htmlEscape($comment['name']);
?>
on
<?php
echo convertSqlDate($comment['created_at']);
?>
</div>
<div class="comment-body">
<?php
echo htmlEscape($comment['text']);
?>
</div>
</div>
<?php
}
?>
<?php
require 'templates/comment-form.php';
?>
</body>
</html>
}
}
$fields = array('Title', 'Date Original', 'Date Range', 'Thumbnail', 'Image', 'Image Gallery', 'Description', 'Language', 'Object Type', 'Object Associator', 'Creditline');
$order6[] = array('field' => 'Date Original', 'direction' => SORT_ASC);
$order6[] = array('field' => 'Title', 'direction' => SORT_ASC);
$sort = array('fields' => array('Date Original', 'Title'), 'direction' => SORT_ASC, 'byProject' => false);
if (isset($_GET['language'])) {
$language = $_GET['language'];
$language = htmlEscape(str_replace("'", "%", $language));
$query = new KORA_Clause("Language", "IN", $language);
} else {
if (isset($_GET['archive'])) {
$subject = str_replace(' ', '%', $_GET['archive']);
//if(strstr($subject, "sngal")) $subject = str_replace('sngal' , '%', $subject);
//if(strstr($subject, "asantehenes")) $subject = str_replace('asantehenes' , '%', $subject);
$subject = htmlEscape(str_replace("'", "%", $subject));
$query = new KORA_Clause("Archive", "IN", $subject);
} else {
$query = new KORA_Clause("KID", "!=", "");
}
}
//do not include "Preset" data from KORA
$query2 = new KORA_Clause('Title', 'NOT LIKE', '%preset%');
$query3 = joinKORAClauses(array($query, $query2), "AND");
$query4 = new KORA_Clause("KID", "!=", "");
//searching only for BABAs
$obj = KORA_Search(token, $projID, $objID, $query3, $fields, $sort);
//get record associator from essays in baba
$assoc = KORA_Search(token, $projID, $essayID, $query4, 'Object Associator', array());
$objassoc = array();
//get all record assocciated but no duplicated.
function showPreregForm()
{
#----------------------------------------------------------------------
global $chosenCompetitionId, $competition, $persons;
$chosenCountry = $competition['countryId'];
if (getBooleanParam('search')) {
$chosenPattern = getMysqlParam('name');
$chosenName = getHtmlParam('name');
$nameCondition = '';
foreach (explode(' ', $chosenPattern) as $namePart) {
$nameCondition .= " AND name like '%{$namePart}%'";
}
$persons = dbQuery("SELECT name, id FROM Persons WHERE 1 {$nameCondition} AND subId='1' ORDER BY name");
$matchingNumber = count($persons);
} else {
if (getBooleanParam('confirm')) {
$chosenPersonId = getNormalParam('namelist');
$chosenPerson = dbQuery("SELECT * FROM Persons WHERE id='{$chosenPersonId}' AND subId='1'");
$chosenPerson = $chosenPerson[0];
$chosenName = htmlEscape($chosenPerson['name']);
$chosenCountry = $chosenPerson['countryId'];
$chosenGender = $chosenPerson['gender'];
$chosenYear = $chosenPerson['year'];
$chosenMonth = $chosenPerson['month'];
$chosenDay = $chosenPerson['day'];
$chosenEmail = '';
$chosenGuests = '';
$chosenComments = '';
$dontPrintDoB = $chosenYear != 0;
} else {
if (getBooleanParam('submit')) {
$saveSucceeded = savePreregForm();
$chosenPersonId = getHtmlParam('personId');
$chosenName = getHtmlParam('name');
$chosenCountry = getHtmlParam('countryId');
$chosenGender = getHtmlParam('gender');
$chosenYear = getHtmlParam('birthYear');
$chosenMonth = getHtmlParam('birthMonth');
$chosenDay = getHtmlParam('birthDay');
$chosenEmail = getHtmlParam('email');
$chosenGuests = getHtmlParam('guests');
$chosenComments = getHtmlParam('comments');
$dontPrintDoB = $chosenYear == '';
}
}
}
echo "<h1>Registration form</h1>";
echo "<p style='width:90%;margin:1em auto 1em auto;'>Please note that the purpose of the preregistration is not only to reserve you a spot in the competition, but also very importantly to give the organizers a good estimation of the number of people they have to expect. Please don't wait until the very last minute to preregister, otherwise the organizers might not be able to offer enough room, food, etc.</p>";
echo "<p style='width:90%;margin:1em auto 1em auto;'>If you already have participated in an official competition, you can use the search function which will fill the information stored in the database. You can then fill the rest.</p>";
echo "<form method='POST'>";
showField("competitionId hidden {$chosenCompetitionId}");
showField("form hidden 1");
echo "<table class='prereg'>";
if (isset($chosenPersonId)) {
showField("personId readonly {$chosenPersonId} 11 <b>WCA Id</b>");
}
if (!isset($chosenName)) {
$chosenName = "";
}
if (getBooleanParam('new')) {
showField("name text {$chosenName} 50 <b>Name</b>");
echo "<tr><td> </td><td>Enter your name <b>correctly</b>, for example \"<span style='color:#393;font-weight:bold'>Stefan Pochmann</span>\". Not sloppily like \"<span style='color:#c00;font-weight:bold'>s pochman</span>\".</td></tr>";
} else {
showField("name name 50 <b>Name</b> {$chosenName}");
}
if (getBooleanParam('search')) {
showField("namelist namelist <b>{$matchingNumber} names matching</b>");
echo "<tr><td></td><td><input type='submit' id='new' name='new' value='I am new !' /></td></tr> ";
} else {
if (getBooleanParam('submit') && !$saveSucceeded || getBooleanParam('confirm') || getBooleanParam('new')) {
showField("countryId country <b>Citizen of</b> {$chosenCountry}");
showField("gender gender {$chosenGender} <b>Gender</b>");
if (!$dontPrintDoB) {
showField("birth date {$chosenDay} {$chosenMonth} {$chosenYear} <b>Date of birth</b>");
}
showField("email text {$chosenEmail} 50 <b>E-mail</b> address");
showField("guests area 50 3 Names of the <b>guests</b> accompanying you {$chosenGuests}");
?>
<tr><td><b>Events</b><br /><br />Check the events you want to participate in.</td>
<td>
<?php
$eventSpecs = readEventSpecs($competition['eventSpecs']);
foreach ($eventSpecs as $eventId => $eventSpec) {
extract($eventSpec);
if (!$personLimit) {
$personLimit = "0";
}
$chosenE = getBooleanParam("E{$eventId}");
showField("E{$eventId} event {$personLimit} {$timeLimit} {$timeFormat} {$chosenE}");
}
echo "</td></tr>";
showField("comments area 50 5 Room for <b>extra information</b> {$chosenComments}");
showField("ip hidden " . $_SERVER["REMOTE_ADDR"]);
echo "<tr><td> </td><td style='text-align:center'>";
echo "<input type='submit' id='submit' name='submit' value='Preregister me!' style='background-color:#9F3;font-weight:bold' /> ";
echo "<input type='reset' value='Empty form' style='background-color:#F63;font-weight:bold' />";
echo "</td></tr>";
} else {
echo "<tr><td></td><td><input type='submit' id='new' name='new' value='I am new !' /></td></tr> ";
}
}
echo "</table>";
echo "</form>";
}
id="post-title" name="post-title" type="text" value="<?php echo htmlEscape($title); ?> " /> </div> <div> <label for="post-body"> Body:</label> <textarea id="post-body" name="post-body" rows="12" cols="70" ><?php echo htmlEscape($body); ?> </textarea> </div> <div> <input type="submit" value="Save post" /> <a href="index.php">Cancel</a> </div> </form> </body> </html>
function _linkWithClass($href, $text, $class)
{
return "<a class='link-{$class} {$class}' href='{$href}' title='{$class} link'>" . htmlEscape($text) . "</a>";
}
function editMedium()
{
#----------------------------------------------------------------------
global $mediumId;
$infos = dbQuery("\n SELECT *\n FROM CompetitionsMedia\n WHERE id = '{$mediumId}'\n ");
extract($infos[0]);
echo "<form method='POST'>\n";
echo "<table border='0' cellspacing='0' cellpadding='2' width='100%'>\n";
echo "<tr><td>Competition</td>";
$optionsComp = "<td><select class='drop' id='competitionId' name='competitionId'>\n";
foreach (getAllCompetitions() as $competition) {
$optionId = $competition['id'];
$optionName = $competition['cellName'];
if ($optionId == $competitionId) {
$optionsComp .= "<option value='{$optionId}' selected='selected'>{$optionName}</option>\n";
} else {
$optionsComp .= "<option value='{$optionId}'>{$optionName}</option>\n";
}
}
$optionsComp .= "</select></td></tr>";
echo $optionsComp;
echo "<tr><td>Type</td>";
echo "<td><select class='drop' id='type' name='type'>\n";
foreach (array('article', 'report', 'multimedia') as $typeString) {
if ($type == $typeString) {
echo "<option value='{$typeString}' selected='selected'>{$typeString}</option>";
} else {
echo "<option value='{$typeString}'>{$typeString}</option>";
}
}
$fieldList = array(array('Text', 'text', htmlEscape($text)), array('Link', 'link', htmlEscape($uri)), array('Submitter Name', 'submitterName', htmlEscape($submitterName)), array('Submitter Email', 'submitterEmail', htmlEscape($submitterEmail)), array('Submitter Comment', 'submitterComment', htmlEscape($submitterComment)));
foreach ($fieldList as $field) {
list($title, $name, $value) = $field;
echo "<tr><td>{$title}</td><td><input type='text' name='{$name}' value='{$value}' /></td></tr>\n";
}
echo "</table>";
echo "<input type='submit' class='butt' value='Save' name='save{$id}' /> ";
echo "<input type='submit' class='butt' value='Erase' name='refuse{$id}' />";
echo "</form>";
}
<?php
}
?>
<?php
}
?>
<?php
// Report the new password
?>
The new '<?php
echo htmlEscape($username);
?>
' password is
<span class="install-password"><?php
echo htmlEscape($password);
?>
</span>
(copy it to clipboard if you wish).
</div>
<p>
<a href="index.php">View the blog</a>,
or <a href="install.php">install again</a>.
</p>
<?php
}
?>
<?php
} else {
