From 274d89bfa12ce9e1e7d1f4ed8590898fbbd21093 Mon Sep 17 00:00:00 2001 From: Pietro Fallanca Date: Sun, 15 Apr 2018 16:11:43 +0200 Subject: [PATCH] Fixed a lot of bugs/security issues in the alliance +You can no longer kick people of other alliances +You can no longer change the forum link with no permissions +You can no longer make more than 3 total confederation and 3 total NAP +You can no longer send a diplomacy pact to an alliance with already one pact or one pending pact +You can no longer handle diplomacy without permissions +Fixed security bugs related to invites (sending, deleting etc.) +You can no longer access to any alliance submenus without permissions (kick menu, diplomacy menu, etc.) +Errors are now shown correctly and better handling of them +New forum link and alliance description are shown correctly after editing them +You can no longer access to other alliances informations without being in it (attack reports, news, etc) +Corrected some alliance news +Added some language constants to en.php +Fixed and changed some database.php functions alliance related --- GameEngine/Alliance.php | 220 +++++++++++++------------ GameEngine/Database.php | 70 +++----- GameEngine/Lang/en.php | 18 +- Templates/Alliance/alli_menu.tpl | 4 +- Templates/Alliance/allidesc.tpl | 11 +- Templates/Alliance/assignpos.tpl | 17 +- Templates/Alliance/attack-attacker.tpl | 6 +- Templates/Alliance/attack-defender.tpl | 6 +- Templates/Alliance/attacks.tpl | 22 +-- Templates/Alliance/changename.tpl | 20 +-- Templates/Alliance/changepos.tpl | 24 ++- Templates/Alliance/chat.tpl | 7 +- Templates/Alliance/chgdiplo.tpl | 73 ++------ Templates/Alliance/invite.tpl | 11 +- Templates/Alliance/kick.tpl | 11 +- Templates/Alliance/linkforum.tpl | 16 +- Templates/Alliance/news.tpl | 9 +- Templates/Alliance/option.tpl | 17 +- Templates/Alliance/overview.tpl | 9 +- Templates/Alliance/quitalli.tpl | 15 +- Templates/Build/18.tpl | 2 +- allianz.php | 114 ++++++------- 22 files changed, 313 insertions(+), 389 deletions(-) diff --git a/GameEngine/Alliance.php b/GameEngine/Alliance.php index f1ee6ff6..0197ae4a 100755 --- a/GameEngine/Alliance.php +++ b/GameEngine/Alliance.php @@ -80,6 +80,16 @@ class Alliance { } } + /** + * Redirects to the option menu if some errors were generated + */ + + public function redirect() + { + header("location: allianz.php?s=5"); + exit; + } + public function procAlliForm($post) { if(isset($post['ft'])) { switch($post['ft']) { @@ -89,7 +99,7 @@ class Alliance { } } - if(isset($_POST['dipl']) and isset($_POST['a_name'])) { + if(isset($post['dipl']) && isset($post['a_name'])) { $this->changediplomacy($post); } @@ -177,9 +187,9 @@ class Alliance { global $database, $session; if($session->access != BANNED){ foreach($this->inviteArray as $invite) { - if($invite['id'] == $get['d']) { + if($invite['id'] == $get['d'] && $invite['uid'] == $session->uid) { $database->removeInvitation($get['d']); - $database->insertAlliNotice($invite['alliance'], '' . addslashes($session->username) . ' has rejected the invitation.'); + $database->insertAlliNotice($invite['alliance'], ''.addslashes($session->username).' has rejected the invitation.'); } } header("Location: build.php?gid=18"); @@ -198,10 +208,10 @@ class Alliance { if($session->access != BANNED){ $inviteArray = $database->getAliInvitations($session->alliance); foreach($inviteArray as $invite) { - if($invite['id'] == $get['d']) { - $invitename = $database->getUserArray($invite['uid'], 1); + if($invite['id'] == $get['d'] && $invite['alliance'] == $session->alliance && $this->userPermArray['opt4'] == 1) { + $invitename = $database->getUserArray($invite['uid'], 1); $database->removeInvitation($get['d']); - $database->insertAlliNotice($session->alliance, '' . addslashes($session->username) . ' has deleted the invitation for ' . addslashes($invitename['username']) . '.'); + $database->insertAlliNotice($session->alliance, ''.addslashes($session->username).' has deleted the invitation for '.addslashes($invitename['username']).'.'); } } header("Location: allianz.php?delinvite"); @@ -229,7 +239,7 @@ class Alliance { $database->updateUserField($invite['uid'], "alliance", $invite['alliance'], 1); $database->createAlliPermissions($invite['uid'], $invite['alliance'], '', 0, 0, 0, 0, 0, 0, 0, 0); // Log the notice - $database->insertAlliNotice($invite['alliance'], '' . addslashes($session->username) . ' has joined the alliance.'); + $database->insertAlliNotice($invite['alliance'], ''.addslashes($session->username).' has joined the alliance.'); } else { $accept_error = 1; $max = $alliance_info['max']; @@ -288,7 +298,7 @@ class Alliance { // Asign Permissions $database->createAlliPermissions($session->uid, $aid, 'Alliance founder', '1', '1', '1', '1', '1', '1', '1', '1'); // log the notice - $database->insertAlliNotice($aid, 'The alliance has been founded by ' . addslashes($session->username) . '.'); + $database->insertAlliNotice($aid, 'The alliance has been founded by '.addslashes($session->username).'.'); header("Location: build.php?gid=18"); exit; } @@ -303,35 +313,26 @@ class Alliance { *****************************************/ private function changeAliName($get) { global $form, $database, $session; - if($session->access != BANNED){ - if(!isset($get['ally1']) || $get['ally1'] == "") { - $form->addError("ally1", ATAG_EMPTY); - } - if(!isset($get['ally2']) || $get['ally2'] == "") { - $form->addError("ally2", ANAME_EMPTY); - } - if($database->aExist($get['ally1'], "tag")) { - $form->addError("tag", ATAG_EXIST); - } - if($database->aExist($get['ally2'], "name")) { - $form->addError("name", ANAME_EXIST); - } - if($this->userPermArray['opt3'] == 0) { - $form->addError("perm", NO_PERMISSION); - } - if($form->returnErrors() != 0) { - $_SESSION['errorarray'] = $form->getErrors(); - $_SESSION['valuearray'] = $post; - //header("Location: build.php?id=".$post['id']); - } else { - $database->setAlliName($session->alliance, $get['ally2'], $get['ally1']); - // log the notice - $database->insertAlliNotice($session->alliance, '' . addslashes($session->username) . ' has changed the alliance name.'); - } - }else{ + if($session->access == BANNED) { header("Location: banned.php"); exit; } + + if(!isset($get['ally1']) || $get['ally1'] == "") $form->addError("ally1", ATAG_EMPTY); + + if(!isset($get['ally2']) || $get['ally2'] == "") $form->addError("ally2", ANAME_EMPTY); + + if($database->aExist($get['ally1'], "tag")) $form->addError("ally1", ATAG_EXIST); + + if($database->aExist($get['ally2'], "name")) $form->addError("ally2", ANAME_EXIST); + + if($this->userPermArray['opt3'] == 0) $form->addError("perm", NO_PERMISSION); + + if($form->returnErrors() == 0) { + $database->setAlliName($session->alliance, $get['ally2'], $get['ally1']); + // log the notice + $database->insertAlliNotice($session->alliance, ''.addslashes($session->username).' has changed the alliance name.'); + } } /***************************************** @@ -346,11 +347,10 @@ class Alliance { if($form->returnErrors() != 0) { $_SESSION['errorarray'] = $form->getErrors(); $_SESSION['valuearray'] = $post; - //header("Location: build.php?id=".$post['id']); } else { $database->submitAlliProfile($session->alliance, $post['be2'], $post['be1']); // log the notice - $database->insertAlliNotice($session->alliance, '' . addslashes($session->username) . ' has changed the alliance description.'); + $database->insertAlliNotice($session->alliance, ''.addslashes($session->username).' has changed the alliance description.'); } }else{ header("Location: banned.php"); @@ -361,25 +361,33 @@ class Alliance { /***************************************** Function to change the user permissions *****************************************/ - private function changeUserPermissions($post) { + private function changeUserPermissions($post) + { global $database, $session, $form; - if($session->access != BANNED){ - if($this->userPermArray['opt1'] == 0) { - $form->addError("perm", NO_PERMISSION); - } - if($form->returnErrors() != 0) { - $_SESSION['errorarray'] = $form->getErrors(); - $_SESSION['valuearray'] = $post; - //header("Location: build.php?id=".$post['id']); - } else { - $database->updateAlliPermissions($post['a_user'], $session->alliance, $post['a_titel'], $post['e1'], $post['e2'], $post['e3'], $post['e4'], $post['e5'], $post['e6'], $post['e7']); - // log the notice - $database->insertAlliNotice($session->alliance, '' . addslashes($session->username) . ' has changed permissions.'); - } - }else{ + if($session->access == BANNED) + { header("Location: banned.php"); exit; } + + if($this->userPermArray['opt1'] == 0) $form->addError("perm", NO_PERMISSION); + elseif($database->getUserField($post['a_user'], "alliance", 0) != $session->alliance) $form->addError("perm", USER_NOT_IN_YOUR_ALLY); + elseif($post['a_user'] == $session->uid) $form->addError("perm", CANT_EDIT_YOUR_PERMISSIONS); + else + { + $database->updateAlliPermissions($post['a_user'], $session->alliance, $post['a_titel'], $post['e1'], $post['e2'], $post['e3'], $post['e4'], $post['e5'], $post['e6'], $post['e7']); + // log the notice + $database->insertAlliNotice($session->alliance, ''.addslashes($session->username).' has changed permissions of '.addslashes($database->getUserField($post['a_user'], "username", 0)).'.'); + $form->addError("perm", ALLY_PERMISSIONS_UPDATED); + } + + if($form->returnErrors() > 0) + { + $_SESSION['errorarray'] = $form->getErrors(); + $_SESSION['valuearray'] = $post; + header("Location: allianz.php?s=5"); + exit; + } } /***************************************** Function to kick a user from alliance @@ -391,20 +399,23 @@ class Alliance { $UserData = $database->getUserArray($post['a_user'], 1); if($this->userPermArray['opt2'] == 0) { $form->addError("perm", NO_PERMISSION); + } else if($database->getUserField($post['a_user'], "alliance", 0) != $session->alliance){ + $form->addError("perm", USER_NOT_IN_YOUR_ALLY); } else if($UserData['id'] != $session->uid){ $database->updateUserField($post['a_user'], 'alliance', 0, 1); $database->deleteAlliPermissions($post['a_user']); $database->deleteAlliance($session->alliance); // log the notice - $database->insertAlliNotice($session->alliance, '' . addslashes($post['a_user']) . ' has quit the alliance.'); - if($session->alliance && $database->isAllianceOwner($UserData['id']) == $session->alliance){ + $database->insertAlliNotice($session->alliance, ''.($kickedUsername = addslashes($database->getUserField($post['a_user'], "username", 0))).' has been expelled from the alliance by '.addslashes($session->username).'.'); + if($session->alliance && $database->isAllianceOwner($UserData['id']) == $session->alliance){ $newowner = $database->getAllMember2($session->alliance); $newleader = $newowner['id']; $q = "UPDATE " . TB_PREFIX . "alidata set leader = ".(int) $newleader." where id = ".(int) $session->alliance.""; $database->query($q); $database->updateAlliPermissions($newleader, 1, 1, 1, 1, 1, 1, 1, 1, 1); - Automation::updateMax($newleader); + Automation::updateMax($newleader); } + $form->addError("perm", $kickedUsername.ALLY_USER_KICKED); } } else { header("Location: banned.php"); @@ -415,17 +426,19 @@ class Alliance { Function to set forum link *****************************************/ public function setForumLink($post) { - global $database, $session; - if($session->access != BANNED){ - if(isset($post['f_link'])){ - $database->setAlliForumdblink($session->alliance, $post['f_link']); - header("Location: allianz.php?s=5"); - exit; - } - }else{ + global $database, $session, $form; + if($session->access == BANNED) + { header("Location: banned.php"); exit; } + + if($this->userPermArray['opt5'] == 0) $form->addError("perm", NO_PERMISSION); + else + { + $database->setAlliForumdblink($session->alliance, $post['f_link']); + $form->addError("perm", ALLY_FORUM_LINK_UPDATED); + } } /***************************************** Function to vote on forum survey @@ -452,9 +465,9 @@ class Alliance { global $database, $session, $form; if($session->access != BANNED){ if(!isset($post['pw']) || $post['pw'] == "") { - $form->addError("pw1", PW_EMPTY); + $form->addError("pw", PW_EMPTY); } elseif(!password_verify($post['pw'], $session->userinfo['password'])) { - $form->addError("pw2", PW_ERR); + $form->addError("pw", LOGIN_PW_ERROR); } else { // check whether this is not the founder leaving and if he is, see whether // his replacement has been selected @@ -465,7 +478,7 @@ class Alliance { ) { // check that we have a valid new founder if (!isset($post['new_founder'])) { - $form->addError("founder", 'founder was not selected'); + $form->addError("founder", 'Founder was not selected.'); return; } else { $post['new_founder'] = (int) $post['new_founder']; @@ -481,8 +494,8 @@ class Alliance { } } - if (!$validMemberFound) { - $form->addError("founder2", 'founder is not valid'); + if (!$validMemberFound || $post['new_founder'] == $session->uid) { + $form->addError("founder", 'Invalid founder.'); return; } @@ -523,44 +536,49 @@ class Alliance { private function changediplomacy($post) { global $database, $session, $form; - if($session->access != BANNED){ - $aName = $_POST['a_name']; - $aType = (int)intval($_POST['dipl']); - if($database->aExist($aName, "tag")) { - $allianceID = $database->getAllianceID($aName); - if($allianceID != $session->alliance) { - if($aType >= 1 and $aType <= 3) { - if(!$database->diplomacyInviteCheck2($session->alliance, $allianceID)) { - $database->diplomacyInviteAdd($session->alliance, $allianceID, $aType); - if($aType == 1){ - $notice = "offer a confederation to"; - }else if($aType == 2){ - $notice = "offer non-aggression pact to"; - }else if($aType == 3){ - $notice = "declare war on"; - } - $database->insertAlliNotice($session->alliance, '' . $database->getAllianceName($session->alliance) . ' '. $notice .' ' . $aName . '.'); - $form->addError("name", "Invite sended"); - } else { - $form->addError("name", "You have already sended them a invite"); - } - - } else { - $form->addError("name", "wrong choice made"); - } - } else { - $form->addError("name", "You can not invite your own alliance"); - } - } else { - $form->addError("name", "Alliance does not exist"); - } - }else{ + if($session->access == BANNED) { header("Location: banned.php"); exit; } + if($this->userPermArray['opt6'] == 1){ + if(!empty($post['a_name']) || !empty($post['dipl'])){ + $aName = $post['a_name']; + $aType = (int)intval($post['dipl']); + if($database->aExist($aName, "tag")) { + $allianceID = $database->getAllianceID($aName); + if($allianceID != $session->alliance) { + if($aType >= 1 and $aType <= 3) { + if(!$database->diplomacyInviteCheck2($session->alliance, $allianceID)) { + if($database->diplomacyCheckLimits($session->alliance, $aType)){ + $database->diplomacyInviteAdd($session->alliance, $allianceID, $aType); + if($aType == 1){ + $notice = OFFERED_CONFED_TO; + }else if($aType == 2){ + $notice = OFFERED_NON_AGGRESION_PACT_TO; + }else if($aType == 3){ + $notice = DECLARED_WAR_ON; + } + $database->insertAlliNotice($session->alliance, ''.$database->getAllianceName($session->alliance).' '.$notice.' '.$aName.'.'); + $database->insertAlliNotice($allianceID, ''.$database->getAllianceName($session->alliance).' '.$notice.' '.$aName.'.'); + $form->addError("name", INVITE_SENT); + + } + else $form->addError("name", ALLY_TOO_MUCH_PACTS); + } + else $form->addError("name", INVITE_ALREADY_SENT); + } + else $form->addError("name", WRONG_DIPLOMACY); + } + else $form->addError("name", CANNOT_INVITE_SAME_ALLY); + } + else $form->addError("name", ALLY_DOESNT_EXISTS); + } + else $form->addError("name", NAME_OR_DIPL_EMPTY); + } + else $form->addError("name", NO_PERMISSION); } - } +} - $alliance = new Alliance; +$alliance = new Alliance; ?> diff --git a/GameEngine/Database.php b/GameEngine/Database.php index cc8268af..c8628adf 100755 --- a/GameEngine/Database.php +++ b/GameEngine/Database.php @@ -3107,10 +3107,10 @@ class MYSQLi_DB implements IDbConnection { return mysqli_query($this->dblink,$q); } - function diplomacyOwnOffers($session_alliance) { - list($session_alliance) = $this->escape_input((int) $session_alliance); + function diplomacyOwnOffers($sessionAlliance) { + list($sessionAlliance) = $this->escape_input((int) $sessionAlliance); - $q = "SELECT * FROM " . TB_PREFIX . "diplomacy WHERE alli1 = $session_alliance AND accepted = 0"; + $q = "SELECT * FROM " . TB_PREFIX . "diplomacy WHERE alli1 = $sessionAlliance AND accepted = 0"; $result = mysqli_query($this->dblink,$q); return $this->mysqli_fetch_all($result); } @@ -3125,32 +3125,32 @@ class MYSQLi_DB implements IDbConnection { return $dbarray['id']; } - function diplomacyCancelOffer($id) { - list($id) = $this->escape_input((int) $id); + function diplomacyCancelOffer($id, $sessionAlliance) { + list($id, $sessionAlliance) = $this->escape_input((int) $id, (int) $sessionAlliance); - $q = "DELETE FROM " . TB_PREFIX . "diplomacy WHERE id = $id"; + $q = "DELETE FROM " . TB_PREFIX . "diplomacy WHERE id = $id AND alli1 = $sessionAlliance"; return mysqli_query($this->dblink,$q); } - function diplomacyInviteAccept($id, $session_alliance) { - list($id, $session_alliance) = $this->escape_input((int) $id, (int) $session_alliance); + function diplomacyInviteAccept($id, $sessionAlliance) { + list($id, $sessionAlliance) = $this->escape_input((int) $id, (int) $sessionAlliance); - $q = "UPDATE " . TB_PREFIX . "diplomacy SET accepted = 1 WHERE id = $id AND alli2 = $session_alliance"; + $q = "UPDATE " . TB_PREFIX . "diplomacy SET accepted = 1 WHERE id = $id AND alli2 = $sessionAlliance"; return mysqli_query($this->dblink,$q); } - function diplomacyInviteDenied($id, $session_alliance) { - list($id, $session_alliance) = $this->escape_input((int) $id, (int) $session_alliance); + function diplomacyInviteDenied($id, $sessionAlliance) { + list($id, $sessionAlliance) = $this->escape_input((int) $id, (int) $sessionAlliance); - $q = "DELETE FROM " . TB_PREFIX . "diplomacy WHERE id = $id AND alli2 = $session_alliance"; + $q = "DELETE FROM " . TB_PREFIX . "diplomacy WHERE id = $id AND alli2 = $sessionAlliance"; return mysqli_query($this->dblink,$q); } // no need to cache this method - function diplomacyInviteCheck($session_alliance) { - list($session_alliance) = $this->escape_input((int) $session_alliance); + function diplomacyInviteCheck($sessionAlliance) { + list($sessionAlliance) = $this->escape_input((int) $sessionAlliance); - $q = "SELECT * FROM " . TB_PREFIX . "diplomacy WHERE alli2 = $session_alliance AND accepted = 0"; + $q = "SELECT * FROM " . TB_PREFIX . "diplomacy WHERE alli2 = $sessionAlliance AND accepted = 0"; $result = mysqli_query($this->dblink,$q); return $this->mysqli_fetch_all($result); } @@ -3159,7 +3159,7 @@ class MYSQLi_DB implements IDbConnection { function diplomacyInviteCheck2($ally1, $ally2) { list($ally1, $ally2) = $this->escape_input((int) $ally1, (int) $ally2); - $q = "SELECT * FROM " . TB_PREFIX . "diplomacy WHERE alli1 = $ally1 AND alli2 = $ally2 AND accepted = 0"; + $q = "SELECT * FROM " . TB_PREFIX . "diplomacy WHERE (alli1 = $ally1 OR alli2 = $ally1) AND (alli1 = $ally2 OR alli2 = $ally2)"; $result = mysqli_query($this->dblink,$q); return $this->mysqli_fetch_all($result); } @@ -3237,45 +3237,29 @@ class MYSQLi_DB implements IDbConnection { } // no need to cache this method - function diplomacyExistingRelationships($session_alliance) { - list($session_alliance) = $this->escape_input((int) $session_alliance); + function diplomacyExistingRelationships($sessionAlliance) { + list($sessionAlliance) = $this->escape_input((int) $sessionAlliance); - $q = "SELECT * FROM " . TB_PREFIX . "diplomacy WHERE alli2 = $session_alliance AND accepted = 1"; + $q = "SELECT * FROM " . TB_PREFIX . "diplomacy WHERE (alli1 = $sessionAlliance OR alli2 = $sessionAlliance) AND accepted = 1"; $result = mysqli_query($this->dblink,$q); return $this->mysqli_fetch_all($result); } - // no need to cache this method - function diplomacyExistingRelationships2($session_alliance) { - list($session_alliance) = $this->escape_input((int) $session_alliance); + function diplomacyCancelExistingRelationship($id, $sessionAlliance) { + list($id, $sessionAlliance) = $this->escape_input((int) $id, (int) $sessionAlliance); - $q = "SELECT * FROM " . TB_PREFIX . "diplomacy WHERE alli1 = $session_alliance AND accepted = 1"; - $result = mysqli_query($this->dblink,$q); - return $this->mysqli_fetch_all($result); - } - - function diplomacyCancelExistingRelationship($id, $session_alliance) { - list($id, $session_alliance) = $this->escape_input((int) $id, (int) $session_alliance); - - $q = "DELETE FROM " . TB_PREFIX . "diplomacy WHERE id = $id AND alli2 = $session_alliance OR id = $id AND alli1 = $session_alliance"; + $q = "DELETE FROM " . TB_PREFIX . "diplomacy WHERE (alli1 = $sessionAlliance OR alli2 = $sessionAlliance) AND id = $id "; return mysqli_query($this->dblink,$q); } // no need to cache this method - function checkDiplomacyInviteAccept($aid, $type) { + function diplomacyCheckLimits($aid, $type) { list($aid, $type) = $this->escape_input((int) $aid, (int) $type); - - $q = "SELECT Count(*) as Total FROM " . TB_PREFIX . "diplomacy WHERE alli1 = $aid AND type = $type AND accepted = 1 OR alli2 = $aid AND type = $type AND accepted = 1"; + if($type == 3) return true; + + $q = "SELECT Count(case when alli1 = $aid then 1 end) as Total1, Count(case when alli2 = $aid then 1 end) as Total2 FROM " . TB_PREFIX . "diplomacy WHERE type = $type"; $result = mysqli_fetch_array(mysqli_query($this->dblink,$q), MYSQLI_ASSOC); - if($type == 3){ - return true; - }else{ - if($result['Total'] < 4) { - return true; - } else { - return false; - } - } + return $result['Total1'] < 3 && $result['Total2'] < 3; } function setAlliForumdblink($aid, $dblink) { diff --git a/GameEngine/Lang/en.php b/GameEngine/Lang/en.php index 3000fe7a..0639c349 100755 --- a/GameEngine/Lang/en.php +++ b/GameEngine/Lang/en.php @@ -72,7 +72,23 @@ define("ANAME_EMPTY","Name empty"); define("ATAG_EXIST","Tag taken"); define("ANAME_EXIST","Name taken"); define("ALREADY_ALLY_MEMBER","You're already in an alliance"); -define("ALLY_TOO_LOW", "You must have a level 3 or greater alliance"); +define("ALLY_TOO_LOW", "You must have a level 3 or greater embassy"); +define("USER_NOT_IN_YOUR_ALLY","This user is not in your alliance!"); +define("CANT_EDIT_YOUR_PERMISSIONS","You can't edit your own permissions!"); +define("NO_PERMISSION", "You don't have enough permissions!"); +define("NAME_OR_DIPL_EMPTY", "Name or diplomacy empty"); +define("ALLY_DOESNT_EXISTS","Alliance does not exist"); +define("CANNOT_INVITE_SAME_ALLY","You cannot invite your own alliance"); +define("WRONG_DIPLOMACY","Wrong choice made"); +define("INVITE_ALREADY_SENT","Either you have already sent a pact to this alliance, they sent it to yours or you already have a pact with them"); +define("INVITE_SENT","Invite sent"); +define("DECLARED_WAR_ON","declared war to"); +define("OFFERED_NON_AGGRESION_PACT_TO","offered non-aggression pact to"); +define("OFFERED_CONFED_TO","offered a confederation to"); +define("ALLY_TOO_MUCH_PACTS","Either You cannot offer more pacts of this kind or this alliance has reached the limit for this kind of patcs"); +define("ALLY_PERMISSIONS_UPDATED","Permissions updated"); +define("ALLY_FORUM_LINK_UPDATED", "Forum link updated"); +define("ALLY_USER_KICKED"," has been kicked from the alliance"); define("NOT_OPENED_YET","Server not started yet."); define("REGISTER_CLOSED","The register is closed. You can't register to this server."); define("NAME_EMPTY","Please insert name"); diff --git a/Templates/Alliance/alli_menu.tpl b/Templates/Alliance/alli_menu.tpl index 0619593b..7854a853 100644 --- a/Templates/Alliance/alli_menu.tpl +++ b/Templates/Alliance/alli_menu.tpl @@ -1,7 +1,7 @@ alliance == $aid) { ?>
- >Overview + >Overview | >Forum | >Chat | >Attacks @@ -9,7 +9,7 @@ sit == 0){ ?> - | >Options + | >Options diff --git a/Templates/Alliance/allidesc.tpl b/Templates/Alliance/allidesc.tpl index b5837ba6..61f38b3d 100644 --- a/Templates/Alliance/allidesc.tpl +++ b/Templates/Alliance/allidesc.tpl @@ -1,11 +1,6 @@ alliance; -if(isset($aid)) { -$aid = $aid; -} -else { -$aid = $session->alliance; -} $varmedal = $database->getProfileMedalAlly($aid); $allianceinfo = $database->getAlliance($aid); $memberlist = $database->getAllMember($aid); @@ -43,7 +38,7 @@ include("alli_menu.tpl"); Tag - + @@ -66,7 +61,7 @@ include("alli_menu.tpl"); - +

diff --git a/Templates/Alliance/assignpos.tpl b/Templates/Alliance/assignpos.tpl index 0d29d2e2..a3fe4dad 100644 --- a/Templates/Alliance/assignpos.tpl +++ b/Templates/Alliance/assignpos.tpl @@ -1,10 +1,6 @@ alliance; -} +if(!isset($aid)) $aid = $session->alliance; + $allianceinfo = $database->getAlliance($aid); $memberlist = $database->getAllMember($aid); @@ -28,8 +24,12 @@ if($session->access!=BANNED){ '; + foreach($database->diplomacyOwnOffers($alliance) as $row){ + echo ''; } - } else { - echo ''; } + else echo ''; ?> @@ -136,24 +125,14 @@ - alliance; - if(($dInvites = $database->diplomacyInviteCheck($alliance)) && count($dInvites)){ - foreach($dInvites as $key => $row){ - if($row['type'] == 1){ - $type = "Conf."; - } else if($row['type'] == 2){ - $type = "Nap"; - } else if($row['type'] == 3){ - $type = "War"; - } - echo ''; + foreach($dInvites as $row){ + echo ''; } - } else { - echo ''; - } + } + else echo ''; ?>
Medals
@@ -43,7 +43,6 @@ if($session->access!=BANNED){

-

"; if($ntype==0){ $nn = " scouts "; }else{ $nn = " attacks "; } - $outputList .= $database->getUserField($dataarray[0],username,0); + $outputList .= $database->getUserField($dataarray[0], "username", 0); $outputList .= $nn; - $outputList .= $database->getUserField($dataarray[28],username,0); - $getUserAlly = $database->getUserField($dataarray[28],alliance,0); + $outputList .= $database->getUserField($dataarray[28], "username", 0); + $getUserAlly = $database->getUserField($dataarray[28], "alliance", 0); $getAllyName = $database->getAllianceName($getUserAlly); if($getUserAlly==$session->alliance || !$getUserAlly){ diff --git a/Templates/Alliance/attack-defender.tpl b/Templates/Alliance/attack-defender.tpl index 700b439c..fc5d53ef 100644 --- a/Templates/Alliance/attack-defender.tpl +++ b/Templates/Alliance/attack-defender.tpl @@ -39,11 +39,11 @@ if($ntype==4 || $ntype==5 || $ntype==6 || $ntype==7){ $outputList .= "
"; if($ntype==0){ $nn = " scouts "; }else{ $nn = " attacks "; } - $outputList .= $database->getUserField($dataarray[0],username,0); + $outputList .= $database->getUserField($dataarray[0], "username", 0); $outputList .= $nn; - $outputList .= $database->getUserField($dataarray[28],username,0); - $getUserAlly = $database->getUserField($dataarray[0],alliance,0); + $outputList .= $database->getUserField($dataarray[28], "username", 0); + $getUserAlly = $database->getUserField($dataarray[0], "alliance", 0); $getAllyName = $database->getAllianceName($getUserAlly); if($getUserAlly==$session->alliance || !$getUserAlly){ diff --git a/Templates/Alliance/attacks.tpl b/Templates/Alliance/attacks.tpl index e9ac3253..9c641652 100644 --- a/Templates/Alliance/attacks.tpl +++ b/Templates/Alliance/attacks.tpl @@ -1,10 +1,6 @@ alliance; -} +if(!isset($aid)) $aid = $session->alliance; + $allianceinfo = $database->getAlliance($aid); echo "

".$allianceinfo['tag']." - ".$allianceinfo['name']."

"; include("alli_menu.tpl"); @@ -66,30 +62,30 @@ if($ntype==4 || $ntype==5 || $ntype==6 || $ntype==7){ $outputList .= "
"; if($ntype==0){ $nn = " scouts "; }else{ $nn = " attacks "; } - $outputList .= $database->getUserField($dataarray[0],username,0); + $outputList .= $database->getUserField($dataarray[0], "username", 0); $outputList .= $nn; - $outputList .= $database->getUserField($dataarray[28],username,0); + $outputList .= $database->getUserField($dataarray[28], "username", 0); if($ntype==0){ $isoasis = $database->isVillageOases($toWref); if($isoasis == 0){ if($toWref != $village->wid){ $getUser = $database->getVillageField($toWref,owner); }else{ - $getUser = $database->getVillageField($dataarray[1],owner); + $getUser = $database->getVillageField($dataarray[1], "owner"); } }else{ if($toWref != $village->wid){ $getUser = $database->getOasisField($toWref,owner); }else{ - $getUser = $database->getOasisField($dataarray[1],owner); + $getUser = $database->getOasisField($dataarray[1], "owner"); } } - $getUserAlly = $database->getUserField($getUser,alliance,0); + $getUserAlly = $database->getUserField($getUser, "alliance", 0); }else if($ntype==1 or $ntype==2 or $ntype==3 or $ntype==18 or $ntype==19){ - $getUserAlly = $database->getUserField($dataarray[28],alliance,0); + $getUserAlly = $database->getUserField($dataarray[28], "alliance", 0); }else{ - $getUserAlly = $database->getUserField($dataarray[0],alliance,0); + $getUserAlly = $database->getUserField($dataarray[0], "alliance", 0); } $getAllyName = $database->getAllianceName($getUserAlly); diff --git a/Templates/Alliance/changename.tpl b/Templates/Alliance/changename.tpl index 337b2520..b5d032a6 100644 --- a/Templates/Alliance/changename.tpl +++ b/Templates/Alliance/changename.tpl @@ -1,38 +1,30 @@ alliance; -} +if(!isset($aid)) $aid = $session->alliance; + $allianceinfo = $database->getAlliance($aid); echo "

".$allianceinfo['tag']." - ".$allianceinfo['name']."

"; include("alli_menu.tpl"); ?> - +
+getError("ally1"); ?> +getError("ally2"); ?>
Change name
Tag -
Name -

-

getError("ally1"); ?>

-

getError("ally2"); ?>

-

getError("owner"); ?>

-

getError("tag"); ?>

-

getError("name"); ?>

\ No newline at end of file +

getError("perm"); ?>

\ No newline at end of file diff --git a/Templates/Alliance/changepos.tpl b/Templates/Alliance/changepos.tpl index d9731dea..c9bfcd0d 100644 --- a/Templates/Alliance/changepos.tpl +++ b/Templates/Alliance/changepos.tpl @@ -1,14 +1,24 @@ getUserField($_POST['a_user'], "alliance", 0) != $session->alliance) +{ + $form->addError("perm", USER_NOT_IN_YOUR_ALLY); } -else { -$aid = $session->alliance; -} -$playerData = $database->getAlliPermissions($_POST['a_user'], $session->alliance); -$playername = $database->getUserField($_POST['a_user'],'username',0); +elseif($_POST['a_user'] == $session->uid) $form->addError("perm", CANT_EDIT_YOUR_PERMISSIONS); +if($form->returnErrors() > 0) +{ + $_SESSION['errorarray'] = $form->getErrors(); + $_SESSION['valuearray'] = $_POST; + header("Location: allianz.php?s=5"); + exit; +} + +if(!isset($aid)) $aid = $session->alliance; + +$playerData = $database->getAlliPermissions($_POST['a_user'], $aid); +$playername = $database->getUserField($_POST['a_user'],'username',0); $allianceinfo = $database->getAlliance($aid); + echo "

".$allianceinfo['tag']." - ".$allianceinfo['name']."

"; include("alli_menu.tpl"); ?> diff --git a/Templates/Alliance/chat.tpl b/Templates/Alliance/chat.tpl index 873fdedc..8708ba18 100644 --- a/Templates/Alliance/chat.tpl +++ b/Templates/Alliance/chat.tpl @@ -1,12 +1,7 @@ alliance; -if(isset($aid)) { -$aid = $aid; -} -else { -$aid = $session->alliance; -} $allianceinfo = $database->getAlliance($aid); echo "

".$allianceinfo['tag']." - ".$allianceinfo['name']."

"; include("alli_menu.tpl"); diff --git a/Templates/Alliance/chgdiplo.tpl b/Templates/Alliance/chgdiplo.tpl index 6b83d1a0..2071de07 100644 --- a/Templates/Alliance/chgdiplo.tpl +++ b/Templates/Alliance/chgdiplo.tpl @@ -16,11 +16,8 @@ */ - if(isset($aid)) { - $aid = $aid; - } else { - $aid = $session->alliance; - } + if(!isset($aid)) $aid = $session->alliance; + $allianceinfo = $database->getAlliance($aid); echo "

".$allianceinfo['tag']." - ".$allianceinfo['name']."

"; include("alli_menu.tpl"); @@ -77,7 +74,7 @@

-

+

getError("name"); ?>

@@ -96,19 +93,11 @@ $alliance = $session->alliance; if(count($database->diplomacyOwnOffers($alliance))){ - foreach($database->diplomacyOwnOffers($alliance) as $key => $value){ - if($value['type'] == 1){ - $type = "Conf."; - } else if($value['type'] == 2){ - $type = "Nap"; - } else if($value['type'] == 3){ - $type = "War"; - } - echo '
'.$database->getAllianceName($value['alli2']).'
'.$type.'
'.$database->getAllianceName($row['alli2']).'
'.(["Conf", "Nap", "War"])[$row['type']-1].'
none
none
'.$database->getAllianceName($row['alli1']).'
'.$type.'
'.$database->getAllianceName($row['alli1']).'
'.(["Conf", "Nap", "War"])[$row['type']-1].'
none
none
@@ -166,37 +145,15 @@ - alliance; if(($rels = $database->diplomacyExistingRelationships($alliance)) && count($rels)){ - foreach($rels as $key => $row){ - if($row['type'] == 1){ - $type = "Conf."; - } else if($row['type'] == 2){ - $type = "Nap"; - } else if($row['type'] == 3){ - $type = "War"; - } - echo '

'.$database->getAllianceName($row['alli1']).'
'.$type.'
'; + foreach($rels as $row){ + echo '
'.$database->getAllianceName(($row['alli1'] == $session->alliance ? $row['alli2'] : $row['alli1'])).'
'.(["Conf", "Nap", "War"])[$row['type']-1].'
'; } - } elseif(($rels = $database->diplomacyExistingRelationships2($alliance)) && count($rels)){ - foreach($rels as $key => $row){ - if($row['type'] == 1){ - $type = "Conf."; - } else if($row['type'] == 2){ - $type = "Nap"; - } else if($row['type'] == 3){ - $type = "War"; - } - echo '
'.$database->getAllianceName($row['alli2']).'
'.$type.'
'; - } - }else { - echo 'none'; } - + else echo 'none'; ?> \ No newline at end of file diff --git a/Templates/Alliance/invite.tpl b/Templates/Alliance/invite.tpl index d32b1ee4..c6dc855b 100644 --- a/Templates/Alliance/invite.tpl +++ b/Templates/Alliance/invite.tpl @@ -1,23 +1,18 @@ alliance; -} +if(!isset($aid)) $aid = $session->alliance; + $allianceinfo = $database->getAlliance($aid); $allianceInvitations = $database->getAliInvitations($aid); echo "

".$allianceinfo['tag']." - ".$allianceinfo['name']."

"; include("alli_menu.tpl"); ?> - - +
diff --git a/Templates/Alliance/kick.tpl b/Templates/Alliance/kick.tpl index 24fd0f34..8dac4a3a 100644 --- a/Templates/Alliance/kick.tpl +++ b/Templates/Alliance/kick.tpl @@ -1,12 +1,9 @@ alliance; -} +if(!isset($aid)) $aid = $session->alliance; + $memberlist = $database->getAllMember($aid); $allianceinfo = $database->getAlliance($aid); + echo "

".$allianceinfo['tag']." - ".$allianceinfo['name']."

"; include("alli_menu.tpl"); ?> @@ -44,4 +41,4 @@ include("alli_menu.tpl");

-

\ No newline at end of file +

getError("perm"); ?>

\ No newline at end of file diff --git a/Templates/Alliance/linkforum.tpl b/Templates/Alliance/linkforum.tpl index b9e86276..35ad4fed 100644 --- a/Templates/Alliance/linkforum.tpl +++ b/Templates/Alliance/linkforum.tpl @@ -1,10 +1,6 @@ alliance; -} +if(!isset($aid)) $aid = $session->alliance; + $allianceinfo = $database->getAlliance($aid); echo "

".$allianceinfo['tag']." - ".$allianceinfo['name']."

"; include("alli_menu.tpl"); @@ -13,7 +9,7 @@ include("alli_menu.tpl"); - +
Invite a player into the alliance
@@ -21,7 +17,8 @@ include("alli_menu.tpl"); - + @@ -29,4 +26,5 @@ include("alli_menu.tpl");
Link to the forum
URL" maxlength="200"> +
-

\ No newline at end of file +

+

getError("perm"); ?>

\ No newline at end of file diff --git a/Templates/Alliance/news.tpl b/Templates/Alliance/news.tpl index 01b96db6..82d32765 100644 --- a/Templates/Alliance/news.tpl +++ b/Templates/Alliance/news.tpl @@ -1,12 +1,7 @@ alliance; -} -$allianceinfo = $database->getAlliance($aid); +if(!isset($aid)) $aid = $session->alliance; +$allianceinfo = $database->getAlliance($aid); $noticeArray = $database->readAlliNotice($aid); echo "

".$allianceinfo['tag']." - ".$allianceinfo['name']."

"; diff --git a/Templates/Alliance/option.tpl b/Templates/Alliance/option.tpl index 66afe7ed..c5aae19c 100644 --- a/Templates/Alliance/option.tpl +++ b/Templates/Alliance/option.tpl @@ -1,17 +1,16 @@ alliance; -} +if(!isset($aid)) $aid = $session->alliance; + $allianceinfo = $database->getAlliance($aid); + echo "

".$allianceinfo['tag']." - ".$allianceinfo['name']."

"; -include("alli_menu.tpl"); +include_once("alli_menu.tpl"); ?> - +

getError("perm"); ?>

+
+ @@ -82,4 +81,4 @@ if ($alliance->userPermArray['opt5']==1){
Options
-

\ No newline at end of file +

\ No newline at end of file diff --git a/Templates/Alliance/overview.tpl b/Templates/Alliance/overview.tpl index 2088e9e4..8a779d8f 100644 --- a/Templates/Alliance/overview.tpl +++ b/Templates/Alliance/overview.tpl @@ -1,10 +1,7 @@ alliance; -} +if(isset($_GET['aid'])) $aid = $_GET['aid']; +else $aid = $session->alliance; + $varmedal = $database->getProfileMedalAlly($aid); $allianceinfo = $database->getAlliance($aid); diff --git a/Templates/Alliance/quitalli.tpl b/Templates/Alliance/quitalli.tpl index 3b6a556d..a32e182f 100644 --- a/Templates/Alliance/quitalli.tpl +++ b/Templates/Alliance/quitalli.tpl @@ -1,10 +1,6 @@ alliance; -} +if(!isset($aid)) $aid = $session->alliance; + $allianceinfo = $database->getAlliance($aid); $isOwner = ($aid && $database->isAllianceOwner($session->uid) == $aid); @@ -15,13 +11,12 @@ if ($isOwner) { echo "

".$allianceinfo['tag']." - ".$allianceinfo['name']."

"; include("alli_menu.tpl"); ?> - - +
@@ -80,6 +75,7 @@ include("alli_menu.tpl"); @@ -98,4 +94,5 @@ include("alli_menu.tpl"); } ?> -

\ No newline at end of file +

+

getError("founder"); ?>

\ No newline at end of file diff --git a/Templates/Build/18.tpl b/Templates/Build/18.tpl index 7f0cb6c0..609586cc 100644 --- a/Templates/Build/18.tpl +++ b/Templates/Build/18.tpl @@ -47,7 +47,7 @@ echo " foreach($alliance->inviteArray as $invite) { echo " - "; + "; } } else { diff --git a/allianz.php b/allianz.php index 51e1a3f8..946ee026 100644 --- a/allianz.php +++ b/allianz.php @@ -5,7 +5,12 @@ $start_timer = $generator->pageLoadTimeStart(); //fix by ronix use App\Utils\AccessLogger; -if(isset($_GET['aid']) && !is_numeric($_GET['aid'])) die('Hacking Attemp'); +if(isset($_GET['aid']) && !is_numeric($_GET['aid'])) +{ + header("location: allianz.php"); + exit; +} + include_once("GameEngine/Village.php"); include_once("GameEngine/Chat.php"); AccessLogger::logRequest(); @@ -196,7 +201,7 @@ if(isset($_GET['aid']) or isset($_GET['fid']) or isset($_GET['fid2']) or $sessio ?>
getAlliancePermission($session->uid, "opt4", 0); +$userPermissions = $database->getAlliPermissions($session->uid, $session->alliance, 0); include ("Templates/menu.tpl"); if(isset($_GET['s']) && $_GET['s'] == 2) { @@ -235,100 +240,79 @@ $invite_permission = $database->getAlliancePermission($session->uid, "opt4", 0); }else{ header("Location: ".$_SERVER['PHP_SELF']); exit; - }}else if(isset($_GET['delinvite']) && $invite_permission == 1){ + }}else if(isset($_GET['delinvite'])){ + if($userPermissions['opt4'] == 0) $alliance->redirect(); include ("Templates/Alliance/invite.tpl"); } elseif(isset($_POST['o'])) { switch($_POST['o']) { case 1: - if(isset($_POST['s']) == 5 && isset($_POST['a_user'])) { - $alliance->procAlliForm($_POST); - //echo "Funcion para el cambio de nombre de la alianza"; - include ("Templates/Alliance/changepos.tpl"); - } else { - include ("Templates/Alliance/assignpos.tpl"); - } + if($userPermissions['opt1'] == 0) $alliance->redirect(); + if(isset($_POST['s']) == 5 && isset($_POST['a_user'])){ + $alliance->procAlliForm($_POST); + include("Templates/Alliance/changepos.tpl"); + } + else include("Templates/Alliance/assignpos.tpl"); break; case 2: - if(isset($_POST['s']) == 5 && isset($_POST['a']) == 2) { - $alliance->procAlliForm($_POST); - include ("Templates/Alliance/kick.tpl"); - } else { - include ("Templates/Alliance/kick.tpl"); - } + if($userPermissions['opt2'] == 0) $alliance->redirect(); + if(isset($_POST['s']) == 5 && isset($_POST['a']) == 2) $alliance->procAlliForm($_POST); + include("Templates/Alliance/kick.tpl"); break; case 3: - if(isset($_POST['s']) == 5 && isset($_POST['a']) == 3) { - $alliance->procAlliForm($_POST); - //echo "Funcion para el cambio de nombre de la alianza"; - include ("Templates/Alliance/allidesc.tpl"); - } else { - include ("Templates/Alliance/allidesc.tpl"); - } + if($userPermissions['opt3'] == 0) $alliance->redirect(); + if(isset($_POST['s']) == 5 && isset($_POST['a']) == 3) $alliance->procAlliForm($_POST); + include("Templates/Alliance/allidesc.tpl"); break; case 4: - if(isset($_POST['s']) == 5 && isset($_POST['a']) == 4) { - $alliance->procAlliForm($_POST); - //echo "Funcion para el cambio de nombre de la alianza"; - include ("Templates/Alliance/invite.tpl"); - } else { - include ("Templates/Alliance/invite.tpl"); - } + if($userPermissions['opt4'] == 0) $alliance->redirect(); + if(isset($_POST['s']) == 5 && isset($_POST['a']) == 4) $alliance->procAlliForm($_POST); + include("Templates/Alliance/invite.tpl"); break; case 5: - $alliance->setForumLink($_POST); - include ("Templates/Alliance/linkforum.tpl"); + if($userPermissions['opt5'] == 0) $alliance->redirect(); + if(isset($_POST['f_link'])) $alliance->setForumLink($_POST); + include("Templates/Alliance/linkforum.tpl"); break; case 6: - if(isset($_POST['dipl']) and isset($_POST['a_name'])) { - $alliance->procAlliForm($_POST); - include ("Templates/Alliance/chgdiplo.tpl"); - } else { - include ("Templates/Alliance/chgdiplo.tpl"); - } + if($userPermissions['opt6'] == 0) $alliance->redirect(); + if(isset($_POST['dipl']) and isset($_POST['a_name'])) $alliance->procAlliForm($_POST); + include("Templates/Alliance/chgdiplo.tpl"); break; case 11: - if(isset($_POST['s']) == 5 && isset($_POST['a']) == 11) { - $alliance->procAlliForm($_POST); - //echo "Funcion para el cambio de nombre de la alianza"; - include ("Templates/Alliance/quitalli.tpl"); - } else { - include ("Templates/Alliance/quitalli.tpl"); - } - break; - default: - include ("Templates/Alliance/option.tpl"); + if(isset($_POST['s']) == 5 && isset($_POST['a']) == 11) $alliance->procAlliForm($_POST); + include("Templates/Alliance/quitalli.tpl"); break; case 100: - if(isset($_POST['s']) == 5 && isset($_POST['a']) == 100) { - $alliance->procAlliForm($_POST); - //echo "Funcion para el cambio de nombre de la alianza"; - include ("Templates/Alliance/changename.tpl"); - } else { - include ("Templates/Alliance/changename.tpl"); - } + if($userPermissions['opt3'] == 0) $alliance->redirect(); + if(isset($_POST['s']) == 5 && isset($_POST['a']) == 100) $alliance->procAlliForm($_POST); + include ("Templates/Alliance/changename.tpl"); break; case 101: - $database->diplomacyCancelOffer($_POST['id']); + if($userPermissions['opt6'] == 0) $alliance->redirect(); + if(isset($_POST['id'])) $database->diplomacyCancelOffer($_POST['id'], $session->alliance); include ("Templates/Alliance/chgdiplo.tpl"); break; case 102: - $database->diplomacyInviteDenied($_POST['id'], $_POST['alli2']); + if($userPermissions['opt6'] == 0) $alliance->redirect(); + if(isset($_POST['id'])) $database->diplomacyInviteDenied($_POST['id'], $session->alliance); include ("Templates/Alliance/chgdiplo.tpl"); break; case 103: - if($database->checkDiplomacyInviteAccept($session->alliance, $_POST['type'])){ - $database->diplomacyInviteAccept($_POST['id'], $_POST['alli2']); - } + if($userPermissions['opt6'] == 0) $alliance->redirect(); + if(isset($_POST['id'])) $database->diplomacyInviteAccept($_POST['id'], $session->alliance); include ("Templates/Alliance/chgdiplo.tpl"); break; case 104: - $database->diplomacyCancelExistingRelationship($_POST['id'], $_POST['alli2']); + if($userPermissions['opt6'] == 0) $alliance->redirect(); + if(isset($_POST['id'])) $database->diplomacyCancelExistingRelationship($_POST['id'], $session->alliance); include ("Templates/Alliance/chgdiplo.tpl"); + break; + default: + include("Templates/Alliance/option.tpl"); + break; } - } else { - include ("Templates/Alliance/overview.tpl"); - } - + } + else include ("Templates/Alliance/overview.tpl"); ?>




Quit alliance
+ getError("pw"); ?>
\"refuse\"  ".$database->getAllianceName($invite['alliance'])." ".ACCEPT."
 ".ACCEPT."