set('HTML.Allowed', 'p, b, u, s, ol, li, ul, i, em, strong');
$purifier = new HTMLPurifier($config);
if (isset($_GET['name'])) {
$name = $mysqli->real_escape_string($_GET['name']);
$a = $mysqli->query('SELECT * FROM accounts INNER JOIN '.$prefix.'profile ON accounts.id = '.$prefix.'profile.accountid WHERE '.$prefix."profile.name = '".$name."'")->fetch_assoc();
if (empty($a)) {
// TODO: flash message
redirect('?base=main&page=members');
}
if ($a['loggedin'] == '0') {
$status = 'Offline';
} else {
$status = 'Online';
}
$gp = $mysqli->query('SELECT * FROM `'.$prefix."profile` WHERE `name`='".$name."'") or exit();
$p = $gp->fetch_assoc();
$mc = $p['mainchar'];
$gmc = $mysqli->query("SELECT * FROM `characters` WHERE `id`='".$mc."'") or exit();
$m = $gmc->fetch_assoc();
$clean_html = $purifier->purify($p['text']);
if (empty($p['realname'])) {
$p['realname'] = '';
} else {
$p['realname'] = '('.$p['realname'].')';
}
echo '
'.$name.' '.htmlspecialchars($p['realname'], ENT_QUOTES, 'UTF-8').' '.$status.'
';
if (!empty($m['name'])) {
echo 'Main Character: '.htmlspecialchars($m['name'], ENT_QUOTES, 'UTF-8').'
';
}
if (!empty($p['country'])) {
echo 'Country: '.htmlspecialchars($p['country'], ENT_QUOTES, 'UTF-8').'
';
}
if (!empty($p['motto'])) {
echo 'Motto: '.htmlspecialchars($p['motto'], ENT_QUOTES, 'UTF-8').'
';
}
if (!empty($p['age'])) {
echo 'Age: '.htmlspecialchars($p['age'], ENT_QUOTES, 'UTF-8').'
';
}
if (!empty($p['favjob'])) {
echo 'Favorite Job: '.htmlspecialchars($p['favjob'], ENT_QUOTES, 'UTF-8').'
';
}
if (!empty($p['text'])) {
echo '
About Me:
'.$clean_html.'
';
}
if (isset($_SESSION['pname']) && $_GET['name'] == $_SESSION['pname']) {
echo '
Edit Profile »
';
}
} elseif (isset($_GET['action']) && $_GET['action'] == 'search' && isset($_POST['search'])) {
$name = $mysqli->real_escape_string($_POST['name']);
$gs = $mysqli->query('SELECT * FROM `'.$prefix."profile` WHERE `name` LIKE '%".$name."%' ORDER BY `name` ASC") or exit();
echo '
Search Results:
';
} else {
echo "
Members List
Here's the full list of the members of the ".$servername.' community.
You can select one to visit their profile or you can search for an user.
';
$gp = $mysqli->query('SELECT * FROM `'.$prefix."profile` WHERE `name` != 'NULL' ORDER BY `name` ASC") or exit();
echo '';
}