From 0132af461145f714a7886f1c3d69a93fadc1168d Mon Sep 17 00:00:00 2001
From: iopietro <iopietro@hotmail.it>
Date: Sat, 7 Apr 2018 22:16:28 +0200
Subject: [PATCH] Fixed a lot bugs/security exploits

Profiles can't be hacked anymore, added some security control and
removed those malicious "hidden uid"
Errors now are now shown correctly while editing the profile
The level of the research you're doing in the Blacksmith/Armoury is now
displayed in the research queue
Hugely fixed the battle system, a big thanks to kirilloid for helping me
by providing his formulas :)!
Some general clean-up and bug fixing of little errors
Added some string constants to the language file (en.php)
---
 GameEngine/Automation.php        |   2 +-
 GameEngine/Battle.php            | 107 +++++++++++++++--------------
 GameEngine/Lang/en.php           |   4 +-
 GameEngine/Profile.php           | 112 ++++++++++++++-----------------
 Templates/Build/12_upgrades.tpl  |   1 +
 Templates/Build/13_upgrades.tpl  |   1 +
 Templates/Profile/account.tpl    |  19 +++---
 Templates/Profile/notfound.tpl   |   3 +-
 Templates/Profile/preference.tpl |   1 -
 Templates/Profile/profile.tpl    |   1 -
 Templates/Profile/vacation.tpl   |   1 -
 Templates/Simulator/def_3.tpl    |   2 +-
 12 files changed, 126 insertions(+), 128 deletions(-)

diff --git a/GameEngine/Automation.php b/GameEngine/Automation.php
index 371c753a..5904860a 100755
--- a/GameEngine/Automation.php
+++ b/GameEngine/Automation.php
@@ -1575,7 +1575,7 @@ class Automation {
                     $def_tribe = $targettribe;
                     $residence = 0;
                     $attpop = 0;
-                    $defpop = 100;
+                    $defpop = 500;
 
                     //type of attack
                     if($dataarray[$data_num]['attack_type'] == 1){
diff --git a/GameEngine/Battle.php b/GameEngine/Battle.php
index a96b6bee..0d3196db 100755
--- a/GameEngine/Battle.php
+++ b/GameEngine/Battle.php
@@ -133,8 +133,10 @@ class Battle {
 				        $attacker['u'.$i] = 0;
 				    }
 				    
-				    if($index <=8) {
+				    if($index <=8 && isset($post['f1_'.$index]) && !empty($post['f1_'.$index])) {
 				        ${'att_ab'.$index} = $post['f1_'.$index];
+				    }else{
+				        ${'att_ab'.$index} = 0;
 				    }
 				}
 
@@ -158,7 +160,7 @@ class Battle {
 				$deftribe = $post['tribe'];
 				$wall = 0;
 
-				if($post['kata'] == "") {
+				if(empty($post['kata'])) {
 						$post['kata'] = 0;
 				}
 
@@ -247,15 +249,24 @@ class Battle {
         global $bid34,$bid35,$database;
 
         // Define the array, with the units
-        $calvary = array(4,5,6,15,16,23,24,25,26,45,46);
-        $catapult = array(8,18,28,48);
-        $rams = array(7,17,27,47);
+        $calvary = [4, 5, 6, 15, 16, 23, 24, 25, 26, 45, 46];
+        $catapult = [8, 18, 28, 48];
+        $rams = [7, 17, 27, 47];
         $catp = $ram = 0;
+        
         // Array to return the result of the calculation back
-        $result = array();
+        $result = [];
         $involve = 0;
         $winner = false;
+        
         // at 0 all partial results
+        
+        //cap = Cavalry attack points
+        //ap = Infantry attack points
+        //cdp = Cavalry attack points
+        //dp = Infantry defense points
+        //rap = Result attack points
+        //rdp = Result defense points
         $cap = $ap = $dp = $cdp = $rap = $rdp = 0;
 
         $att_artefact = count($database->getOwnUniqueArtefactInfo2($AttackerID,3,3,0));
@@ -378,7 +389,7 @@ class Battle {
                     $j = $i-$start+1;
                     if($Attacker['u'.$i]>0 && ($i == 4 || $i == 14 || $i == 23 || $i == 44)){
                         if(${'att_ab'.$abcount} > 0) {
-                                $ap += (35 + (35 + 300 * ${'u'.$i}['pop'] / 7) * (pow(1.007, ${'att_ab'.$abcount}) - 1)) * $Attacker['u'.$i];// ^ ($Attacker['u'.$i]/100);
+                                $ap += round(35 + (35 + 300 * ${'u'.$i}['pop'] / 7) * (pow(1.007, ${'att_ab'.$abcount}) - 1), 4) * $Attacker['u'.$i];
                         }else{
                             $ap += $Attacker['u'.$i]*35;
                         }
@@ -406,9 +417,9 @@ class Battle {
                     $j = $i-$start+1;
                     if($abcount <= 8 && ${'att_ab'.$abcount} > 0) {
                         if(in_array($i,$calvary)) {
-                            $cap += (float) (${'u'.$i}['atk'] + (${'u'.$i}['atk'] + 300 * ${'u'.$i}['pop'] / 7) * (pow(1.007, ${'att_ab'.$abcount}) - 1)) * (int) $Attacker['u'.$i];
+                            $cap += round(${'u'.$i}['atk'] + (${'u'.$i}['atk'] + 300 * ${'u'.$i}['pop'] / 7) * (pow(1.007, ${'att_ab'.$abcount}) - 1), 4) * (int) $Attacker['u'.$i];
                         }else{
-                            $ap += (float) (${'u'.$i}['atk'] + (${'u'.$i}['atk'] + 300 * ${'u'.$i}['pop'] / 7) * (pow(1.007, ${'att_ab'.$abcount}) - 1)) * (int) $Attacker['u'.$i];
+                            $ap += round(${'u'.$i}['atk'] + (${'u'.$i}['atk'] + 300 * ${'u'.$i}['pop'] / 7) * (pow(1.007, ${'att_ab'.$abcount}) - 1), 4) * (int) $Attacker['u'.$i];
                         }
                     }else{
                         if(in_array($i,$calvary)) {
@@ -456,51 +467,54 @@ class Battle {
             // Factor = 1020 Wall Teuton
             // Factor = 1025 Wall Goul
             $factor = ($def_tribe == 1)? 1.030 : (($def_tribe == 2)? 1.020 : 1.025);
+            $wallMultiplier = round(pow($factor,$def_wall), 3);
             // Defense infantry = Infantry * Wall (%)
-            // Defense calvary calvary = * Wall (%)
-            if ($dp>0 || $cdp >0) {
+            // Defense calvary calvary = * Wall (%)          
+            if ($dp>0 || $cdp >0){
                 if($type==1) {
-                    $dp *=  pow($factor,$def_wall);
-                    $dp1 = 10 * pow($factor,$def_wall) * $def_wall;
-                    $dp +=$dp1;
-                }else{
-                    $dp *= pow($factor,$def_wall);
-                    $cdp *= pow($factor,$def_wall);
+                    $dp *=  $wallMultiplier;
+                    $dp += $dp1 + 10;
+                }else{                
+                    $dp *= $wallMultiplier;
+                    $cdp *= $wallMultiplier;
 
                     // Calculation of the Basic defense bonus "Residence"
-                    $dp += ((2*(pow($residence,2)))*(pow($factor,$def_wall)));
-                    $cdp += ((2*(pow($residence,2)))*(pow($factor,$def_wall)));
+                    $dp += (2*(pow($residence,2)) + 10) * $wallMultiplier;
+                    $cdp += (2*(pow($residence,2)) + 10) * $wallMultiplier;
                 }
-            } else {
-                $dp = 10 * pow($factor,$def_wall) * $def_wall;
+            }else{
+                $dp = 10 * $wallMultiplier * $def_wall;
                 // Defense calvary calvary = * Wall (%)
-                $cdp = 10 * pow($factor,$def_wall) * $def_wall;
-                if($type!=1) {
+                $cdp = 10 * $wallMultiplier * $def_wall;
+                if($type != 1){
                     // Calculation of the Basic defense bonus "Residence"
-                    $dp += ((2*(pow($residence,2)))*(pow($factor,$def_wall)));
-                    $cdp += ((2*(pow($residence,2)))*(pow($factor,$def_wall)));
-                }else $cdp=0;
+                    $dp += (2*(pow($residence,2)) + 10)*$wallMultiplier;
+                    $cdp += (2*(pow($residence,2)) + 10)*$wallMultiplier;
+                }else{
+                    $dp += 10;
+                    $cdp = 0;
+                }
             }
         }elseif($type!=1) {
             // Calculation of the Basic defense bonus "Residence"
-            $dp += (2*(pow($residence,2)));
-            $cdp += (2*(pow($residence,2)));
+            $dp += (2*(pow($residence,2)) + 10);
+            $cdp += (2*(pow($residence,2)) + 10);
         }
 
         // Formula for calculating points attackers (Infantry & Cavalry)
 
         if($AttackerWref != 0){
-            $rap = ($ap+$cap)+(($ap+$cap)/100*(isset($bid35[$this->getTypeLevel(35,$AttackerWref)]) ? $bid35[$this->getTypeLevel(35,$AttackerWref)]['attri'] : 0));
+            $rap = round(($ap+$cap)+(($ap+$cap)/100*(isset($bid35[$this->getTypeLevel(35,$AttackerWref)]) ? $bid35[$this->getTypeLevel(35,$AttackerWref)]['attri'] : 0)));
         }else{
-            $rap = $ap+$cap;
+            $rap = round($ap+$cap);
         }
 
         // Formula for calculating Defensive Points
 
         if ($rap==0)
-            $rdp = ($dp) + ($cdp) + 10;
+            $rdp = round(($dp) + ($cdp));
         else
-            $rdp = ($dp * ($ap/$rap)) + ($cdp * ($cap/$rap)) + 10;
+            $rdp = round(round($cap/$rap, 4)*($cdp) + round($ap/$rap, 4)*($dp));
 
 
         // The Winner is....:
@@ -510,25 +524,17 @@ class Battle {
 
         // Formula for calculating the Moral
         if($attpop > $defpop) {
-            if ($rap < $rdp) {
-                $moralbonus = min(1.5, pow(($defpop > 0 ? $attpop / $defpop : 0), (0.2*($rap/$rdp))));
-            }else{
-                if($defpop==0){
-                    $moralbonus = min(1.5, pow($attpop, 0.2));
-                }else{
-                    $moralbonus = min(1.5, pow(($defpop > 0 ? $attpop / $defpop : 0), 0.2));
-                }
-            }
+            $moralbonus = 1 / round(max(0.667, pow($defpop / $attpop, 0.2 * min(1, $rap / $rdp))), 3);  
         }else{
             $moralbonus = 1.0;
         }
 
         if($involve >= 1000 && $type != 1) {
-            $Mfactor = round(2*(1.8592-pow($involve,0.015)),4);
+            $Mfactor = 2*round((1.8592-pow($involve,0.015)),4);
         }else{
             $Mfactor = 1.5;
         }
-        if ($Mfactor < 1.25778){$Mfactor=1.25778;}elseif ($Mfactor > 1.5){$Mfactor=1.5;}
+        if ($Mfactor < 1.2578){$Mfactor=1.2578;}elseif ($Mfactor > 1.5){$Mfactor=1.5;}
             // Formula for calculating lost drives
             // $type = 1 scout, 2?
             // $type = 3 Normal, 4 Raid
@@ -557,12 +563,12 @@ class Battle {
         }else if($type == 3){
             // Attacker
 
-            $result[1] = ($winner)? round(pow((($rdp*$moralbonus)/$rap),$Mfactor),8) : 1;
+            $result[1] = ($winner)? pow((($rdp*$moralbonus)/$rap),$Mfactor) : 1;
             if ($result[1]>1) {$result[1]=1;$winner=false;$result['Winner'] = "defender";}
 
             // Defender
-            $result[2] = (!$winner)? round(pow(($rap/($rdp*$moralbonus)),$Mfactor),8) : 1;
-            if ($result[1]==1) {$result[2]=round(pow(($rap/($rdp*$moralbonus)),$Mfactor),8);}
+            $result[2] = (!$winner)? pow(($rap/($rdp*$moralbonus)),$Mfactor) : 1;
+            if ($result[1]==1) {$result[2]=pow(($rap/($rdp*$moralbonus)),$Mfactor);}
             if ($result[2]>1) {$result[2]=1;$result['Winner'] = "attacker";$winner=true;}
             // If attacked with "Hero"
             $ku = ($att_tribe-1)*10+9;
@@ -672,7 +678,7 @@ class Battle {
         $total_att_units = count($units['Att_unit']);
         $start = intval(($att_tribe-1)*10+1);
         $end = intval(($att_tribe*10));
-
+        
         for($i=$start;$i <= $end;$i++){
             $y = $i-(($att_tribe-1)*10);
             $result['casualties_attacker'][$y] = round($result[1]*$units['Att_unit'][$i]);
@@ -775,7 +781,7 @@ class Battle {
                 global ${'u'.$y};
 
                 if($defenders['u'.$y]>0 && $def_ab[$y] > 0) {
-                    $dp += (20 + (20 + 300 * ${'u'.$y}['pop'] / 7) * (pow(1.007, $def_ab[$y]) - 1)) * $defenders['u'.$y] * $defender_artefact;
+                    $dp += round(20 + (20 + 300 * ${'u'.$y}['pop'] / 7) * (pow(1.007, $def_ab[$y]) - 1), 4) * $defenders['u'.$y] * $defender_artefact;
 
                     $def_foolartefact = $database->getFoolArtefactInfo(3,$AttackerWref,$AttackerID);
                     if(count($def_foolartefact) > 0){
@@ -822,8 +828,8 @@ class Battle {
                     $def_ab[$y] = 0;
                 }
                 if ($def_ab[$y]>0) {
-                    $dp +=  (${'u'.$y}['di'] + (${'u'.$y}['di'] + 300 * ${'u'.$y}['pop'] / 7) * (pow(1.007, $def_ab[$y]) - 1)) * $defenders['u'.$y];
-                    $cdp += (${'u'.$y}['dc'] + (${'u'.$y}['dc'] + 300 * ${'u'.$y}['pop'] / 7) * (pow(1.007, $def_ab[$y]) - 1)) * $defenders['u'.$y];
+                    $dp +=  round(${'u'.$y}['di'] + (${'u'.$y}['di'] + 300 * ${'u'.$y}['pop'] / 7) * (pow(1.007, $def_ab[$y]) - 1), 4) * $defenders['u'.$y];
+                    $cdp += round(${'u'.$y}['dc'] + (${'u'.$y}['dc'] + 300 * ${'u'.$y}['pop'] / 7) * (pow(1.007, $def_ab[$y]) - 1), 4) * $defenders['u'.$y];
                 }else{
                     $dp += $defenders['u'.$y]*${'u'.$y}['di'];
                     $cdp += $defenders['u'.$y]*${'u'.$y}['dc'];
@@ -836,7 +842,6 @@ class Battle {
         $datadef['dp']=$dp;
         $datadef['cdp']=$cdp;
         $datadef['involve']=$invol;
-
         return $datadef;
 
     }
diff --git a/GameEngine/Lang/en.php b/GameEngine/Lang/en.php
index d4f2486c..0cd25810 100755
--- a/GameEngine/Lang/en.php
+++ b/GameEngine/Lang/en.php
@@ -63,7 +63,7 @@ define("LOGIN_PASS_EMPTY","Enter password.");
 define("EMAIL_ERROR","Email does not match existing");
 define("PASS_MISMATCH","Passwords do not match");
 define("ALLI_OWNER","Please appoint an alliance owner before deleting");
-define("SIT_ERROR","Sitter already set");
+define("SIT_ERROR","Sitter already set or player inexistent");
 define("USR_NT_FOUND","Name does not exist.");
 define("LOGIN_PW_ERROR","The password is wrong.");
 define("WEL_TOPIC","Useful tips & information ");
@@ -79,6 +79,7 @@ define("ID_NO_EXIST","There is no user with the id ");
 define("SAME_NAME","You can't invite yourself");
 define("ALREADY_INVITED"," already invited");
 define("ALREADY_IN_ALLY"," already in this alliance");
+define("VAC_MODE_WRONG_DAYS","You've inserted a wrong number of days");
 
 //COPYRIGHT
 define("TRAVIAN_COPYRIGHT","TravianZ 100% Open Source Travian Clone.");
@@ -112,6 +113,7 @@ define("GO2MY_VILLAGE","Go to my village");
 define("VILLAGE_CENTER","Village centre");
 define("FINISH_GOLD","Finish all construction and research orders in this village immediately for 2 Gold?");
 define("WAITING_LOOP","(waiting loop)");
+define("CROP_NEGATIVE","Your crop production is negative, you'll neaver reach the amount of requested resources.");
 define("HRS","(hrs.)");
 define("DONE_AT","done at");
 define("CANCEL","cancel");
diff --git a/GameEngine/Profile.php b/GameEngine/Profile.php
index 3568d18f..7db90856 100755
--- a/GameEngine/Profile.php
+++ b/GameEngine/Profile.php
@@ -93,13 +93,13 @@ class Profile {
 		global $database, $session;
 		$birthday = $post['jahr'].'-'.$post['monat'].'-'.$post['tag'];
 		$database->submitProfile($session->uid,$database->RemoveXSS($post['mw']),$database->RemoveXSS($post['ort']),$database->RemoveXSS($birthday),$database->RemoveXSS($post['be2']),$database->RemoveXSS($post['be1']));
-		$varray = $database->getProfileVillages($post['uid']);
+		$varray = $database->getProfileVillages($session->uid);
 			for($i=0;$i<=count($varray)-1;$i++) {
 				$k = trim($post['dname'.$i]);
 				$name = preg_replace("/[^a-zA-Z0-9_\-\s'\"]/", "", $k);
 				$database->setVillageName($varray[$i]['wref'],$database->RemoveXSS($name));
 		}  
-		header("Location: spieler.php?uid=".$post['uid']);
+		header("Location: spieler.php?uid=".$session->uid);
 		exit;
 	}
 
@@ -116,27 +116,23 @@ class Profile {
 		********************************************************/
 
 	private function setvactionmode($post){
-		global $database,$session,$form;
-		$set =false;
-		if($post['vac'] && $post['vac_days'] >=2 && $post['vac_days'] <=14) {
-		$database->setvacmode($post['uid'],$post['vac_days']);
-		$set =true;
-		}
-		else {
-		echo "Minimum days is 2";die();exit();
-		}
-		if($set){
-        unset($_SESSION['wid']);
-		$database->activeModify(addslashes($session->username),1);
-		$database->UpdateOnline("logout") or die(mysqli_error($database->dblink));
-		$session->Logout();
-		header("Location: login.php");
-		exit;
-		}else{
-		header("Location: spieler.php?s=5");
-		exit;
-		}
-		}
+	    global $database,$session,$form;
+
+	    if(isset($post['vac']) && $post['vac'] && isset($post['vac_days']) && $post['vac_days'] >=2 && $post['vac_days'] <=14){        
+	        unset($_SESSION['wid']);
+	        $database->setvacmode($session->uid,$post['vac_days']);
+	        $database->activeModify(addslashes($session->username),1);
+	        $database->UpdateOnline("logout") or die(mysqli_error($database->dblink));
+	        $session->Logout();
+	        header("Location: login.php");
+	        exit;
+	    }else{
+	        header("Location: spieler.php?s=".$session->uid);
+	        $form->add("vac", VAC_MODE_WRONG_DAYS);
+	        exit();
+	    }
+	    
+	}
 
 		/*******************************************************
 		Function to vacation mode - by advocaite and Shadow
@@ -146,55 +142,51 @@ class Profile {
 	private function updateAccount($post) {
 		global $database,$session,$form;
 
-		if($post['pw2'] == $post['pw3']) {
-			if($database->login($session->username,$post['pw1'])) {
-				if ($_POST['uid'] != $session->uid){
-                    die("Hacking Attempr");
-                } else {
-                    $database->updateUserField($post['uid'],"password",password_hash($post['pw2'], PASSWORD_BCRYPT,['cost' => 12]),1);
-				}
-			}
-			else {
-				$form->addError("pw",LOGIN_PW_ERROR);
-			}
-		}
-		else {
-			$form->addError("pw",PASS_MISMATCH);
+		if(!empty($post['pw1']) && !empty($post['pw2']) && !empty($post['pw3'])){
+		    if($post['pw2'] == $post['pw3']) {
+		        if($database->login($session->username,$post['pw1'])) {
+		            $database->updateUserField($session->uid,"password",password_hash($post['pw2'], PASSWORD_BCRYPT,['cost' => 12]),1);
+		        }else {
+		            $form->addError("pw",LOGIN_PW_ERROR);
+		        }
+		    }else {
+		        $form->addError("pw",PASS_MISMATCH);
+		    }
 		}
 
+		if(!empty($post['email_alt']) && !empty($post['email_neu'])){
+		    if($post['email_alt'] == $session->userinfo['email']) {
+		        $database->updateUserField($session->uid,"email",$post['email_neu'],1);
+		    }else {
+		        $form->addError("email",EMAIL_ERROR);
+		    }
+		}	
 
-		if($post['email_alt'] == $session->userinfo['email']) {
-			$database->updateUserField($post['uid'],"email",$post['email_neu'],1);
-		}
-		else {
-			$form->addError("email",EMAIL_ERROR);
+		if(!empty($post['del_pw']) && $post['del']){
+		    if(password_verify($post['del_pw'], $session->userinfo['password'])) {
+		        $database->setDeleting($session->uid,0);
+		    }else {
+		        $form->addError("del",PASS_MISMATCH);
+		    }
 		}
 
-
-		if($post['del'] && password_verify($post['del_pw'], $session->userinfo['password'])) {
-				$database->setDeleting($post['uid'],0);
-		}
-		else {
-			$form->addError("del",PASS_MISMATCH);
-		}
-
-
-		if($post['v1'] != "") {
+		if(!empty($post['v1'])) {
 			$sitid = $database->getUserField($post['v1'],"id",1);
 			if($sitid == $session->userinfo['sit1'] || $sitid == $session->userinfo['sit2']) {
 				$form->addError("sit",SIT_ERROR);
-			}
-			else if($sitid != $session->uid){
+			}else if($sitid != $session->uid){
 				if($session->userinfo['sit1'] == 0) {
-					$database->updateUserField($post['uid'],"sit1",$sitid,1);
-				}
-				else if($session->userinfo['sit2'] == 0) {
-					$database->updateUserField($post['uid'],"sit2",$sitid,1);
+				    $database->updateUserField($session->uid,"sit1",$sitid,1);
+				}else if($session->userinfo['sit2'] == 0) {
+				    $database->updateUserField($session->uid,"sit2",$sitid,1);
 				}
 			}
 		}
 
-		$_SESSION['errorarray'] = $form->getErrors();
+		if($form->returnErrors() > 0){
+		    $_SESSION['errorarray'] = $form->getErrors();
+		    $_SESSION['valuearray'] = $_POST;
+		}	
 		header("Location: spieler.php?s=3");
 		exit;
 	}
@@ -216,7 +208,7 @@ class Profile {
 
 	private function cancelDeleting($get) {
 		global $database,$session;
-		$database->setDeleting($get['id'],1);
+		$database->setDeleting($session->uid,1);
 		header("Location: spieler.php?s=".$get['s']);
 		exit;
 	}
diff --git a/Templates/Build/12_upgrades.tpl b/Templates/Build/12_upgrades.tpl
index 4b66292f..6b21c22d 100644
--- a/Templates/Build/12_upgrades.tpl
+++ b/Templates/Build/12_upgrades.tpl
@@ -84,6 +84,7 @@
 		foreach($ABups as $black) {
 			$unit = ($session->tribe-1)*10 + substr($black['tech'],1,2);
 			echo "<tr><td class=\"desc\"><img class=\"unit u$unit\" src=\"img/x.gif\" alt=\"".$technology->getUnitName($unit)."\" title=\"".$technology->getUnitName($unit)."\" />".$technology->getUnitName($unit);
+			echo "<span class=\"none\"> (".LEVEL." ".($timer+$ups).")</span>";
 			if($timer > 1) echo "<span class=\"none\"> ".WAITING."</span>";
 			echo "</td>";
 			echo "<td class=\"dur\"><span id=\"timer$timer\">".$generator->getTimeFormat($black['timestamp']-time())."</span></td>";
diff --git a/Templates/Build/13_upgrades.tpl b/Templates/Build/13_upgrades.tpl
index 9b92aeb7..b1bc14e3 100644
--- a/Templates/Build/13_upgrades.tpl
+++ b/Templates/Build/13_upgrades.tpl
@@ -84,6 +84,7 @@
 		foreach($ABups as $arms) {
 			$unit = ($session->tribe-1)*10 + substr($arms['tech'],1,2);
 			echo "<tr><td class=\"desc\"><img class=\"unit u$unit\" src=\"img/x.gif\" alt=\"".$technology->getUnitName($unit)."\" title=\"".$technology->getUnitName($unit)."\" />".$technology->getUnitName($unit);
+			echo "<span class=\"none\"> (".LEVEL." ".($timer+$ups).")</span>";
 			if($timer > 1) echo "<span class=\"none\"> ".WAITING."</span>";
 			echo "</td>";
 			echo "<td class=\"dur\"><span id=\"timer$timer\">".$generator->getTimeFormat($arms['timestamp']-time())."</span></td>";
diff --git a/Templates/Profile/account.tpl b/Templates/Profile/account.tpl
index e399ff00..771bdc62 100644
--- a/Templates/Profile/account.tpl
+++ b/Templates/Profile/account.tpl
@@ -3,7 +3,6 @@
 <?php include("menu.tpl"); ?>
 <form action="spieler.php" method="POST">
 <input type="hidden" name="ft" value="p3">
-<input type="hidden" name="uid" value="<?php echo $session->uid; ?>" />
 <table cellpadding="1" cellspacing="1" id="change_pass" class="account">
 <thead><tr>
     <th colspan="2">Change password</th>
@@ -22,8 +21,8 @@
     <td><input class="text" type="password" name="pw3" maxlength="30" /></td>
 </tr></tbody></table>
 <?php
-if($form->getError("pw") != "") {
-echo "<span class=\"error\">".$form->getError('pw')."</span>";
+if(!empty($passError = $form->getError("pw"))) {
+    echo "<span class=\"error\">".$passError."</span>";
 }
 ?>
 <table cellpadding="1" cellspacing="1" id="change_mail" class="account"><thead><tr>
@@ -42,8 +41,8 @@ echo "<span class=\"error\">".$form->getError('pw')."</span>";
         <td><input class="text" type="text" name="email_neu" /></td>
     </tr></tbody></table>
 <?php
-if($form->getError("email") != "") {
-echo "<span class=\"error\">".$form->getError('email')."</span>";
+if(!empty($emailError = $form->getError("email"))) {
+echo "<span class=\"error\">".$emailError."</span>";
 }
 ?>
     <table cellpadding="1" cellspacing="1" id="sitter" class="account"><thead>
@@ -96,8 +95,8 @@ echo "<a href=\"spieler.php?uid=".$sit['id']."\">".$database->getUserField($sit[
 ?>
 </td></tr></table>
 <?php
-if($form->getError("email") != "") {
-echo "<span class=\"error\">".$form->getError('email')."</span>";
+if(!empty($sitterError = $form->getError("sit"))) {
+    echo "<span class=\"error\">".$sitterError."</span>";
 }
 ?>
     <table cellpadding="1" cellspacing="1" id="del_acc" class="account"><thead>
@@ -117,7 +116,7 @@ echo "<a href=\"spieler.php?s=3&id=".$session->uid."&a=1&e=4\"><img
 		title=\"Cancel process\" /> </a>";
 		$time=$generator->getTimeFormat(($timestamp-time()));
         echo "The account will be deleted in <span
-		id=\"timer1\">".$time."</span> .</td>";
+		id=\"timer2\">".$time."</span> .</td>";
 }
 else {
 ?>
@@ -136,8 +135,8 @@ else {
         ?>
     </tr></tbody></table>
     <?php
-if($form->getError("del") != "") {
-echo "<span class=\"error\">".$form->getError("del")."</span>";
+if(!empty($deleteError = $form->getError("del"))) {
+    echo "<span class=\"error\">".$deleteError."</span>";
 }
 ?>
     <p class="btn"><input type="image" value="" name="s1" id="btn_save" class="dynamic_img" src="img/x.gif" alt="save" /></p>
diff --git a/Templates/Profile/notfound.tpl b/Templates/Profile/notfound.tpl
index db9517c0..ee776f4f 100644
--- a/Templates/Profile/notfound.tpl
+++ b/Templates/Profile/notfound.tpl
@@ -1,3 +1,4 @@
 <?php
 header("Location: dorf1.php");
-exit;
\ No newline at end of file
+exit;
+?>
\ No newline at end of file
diff --git a/Templates/Profile/preference.tpl b/Templates/Profile/preference.tpl
index 08b9d518..408a7836 100644
--- a/Templates/Profile/preference.tpl
+++ b/Templates/Profile/preference.tpl
@@ -96,7 +96,6 @@ while($data = mysqli_fetch_assoc($query)) {
 <?php include("menu.tpl"); ?>
 <form action="spieler.php?s=2" method="POST">
   <input type="hidden" name="ft" value="p2">
-  <input type="hidden" name="uid" value="<?php echo $session->uid; ?>" />
   <table cellpadding="1" cellspacing="1" id="links">
     <thead>
       <tr>
diff --git a/Templates/Profile/profile.tpl b/Templates/Profile/profile.tpl
index 940871ab..ef4a17b8 100644
--- a/Templates/Profile/profile.tpl
+++ b/Templates/Profile/profile.tpl
@@ -23,7 +23,6 @@ $varmedal = $database->getProfileMedal($session->uid);
 include("menu.tpl"); ?>
 <form action="spieler.php" method="POST">
     <input type="hidden" name="ft" value="p1" />
-    <input type="hidden" name="uid" value="<?php echo $session->uid; ?>" />
     <input type="hidden" name="id" value="<?php echo (isset($id) ? $id : ''); ?>" />
 
     <table cellpadding="1" cellspacing="1" id="edit" ><thead>
diff --git a/Templates/Profile/vacation.tpl b/Templates/Profile/vacation.tpl
index 55171c74..b742bdf0 100644
--- a/Templates/Profile/vacation.tpl
+++ b/Templates/Profile/vacation.tpl
@@ -20,7 +20,6 @@
 include("menu.tpl"); ?>
 <form action="spieler.php" method="POST">
 <input type="hidden" name="ft" value="p4">
-<input type="hidden" name="uid" value="<?php echo $session->uid; ?>" />
 
 <table cellpadding="1" cellspacing="1" id="del_acc" class="account"><thead>
 <tr>
diff --git a/Templates/Simulator/def_3.tpl b/Templates/Simulator/def_3.tpl
index fe7585bf..5e5c7407 100644
--- a/Templates/Simulator/def_3.tpl
+++ b/Templates/Simulator/def_3.tpl
@@ -53,7 +53,7 @@
 								<input class="text" type="text" name="a2_24" value="<?php echo $form->getValue('a2_24'); ?>" maxlength="10" title="Number Theutates Thunder" />
 							</td>
 							<td class="research">
-								<input class="text" type="text" name="f2_24" value="<?php echo $form->getValue('a2_24'); ?>" maxlength="2" title="Level Armoury Theutates Thunder" />
+								<input class="text" type="text" name="f2_24" value="<?php echo $form->getValue('f2_24'); ?>" maxlength="2" title="Level Armoury Theutates Thunder" />
 							</td></tr><tr>
 							<td class="ico">
 								<img src="img/x.gif" class="unit u25" title="Druidrider" alt="Druidrider" />