Fixed a lot of bugs/security issues in the alliance

+You can no longer kick people of other alliances
+You can no longer change the forum link with no permissions
+You can no longer make more than 3 total confederation and 3 total NAP
+You can no longer send a diplomacy pact to an alliance with already one
pact or one pending pact
+You can no longer handle diplomacy without permissions
+Fixed security bugs related to invites (sending, deleting etc.)
+You can no longer access to any alliance submenus without permissions
(kick menu, diplomacy menu, etc.)
+Errors are now shown correctly and better handling of them
+New forum link and alliance description are shown correctly after
editing them
+You can no longer access to other alliances informations without being
in it (attack reports, news, etc)
+Corrected some alliance news
+Added some language constants to en.php
+Fixed and changed some database.php functions alliance related

allianz.php

@@ -5,7 +5,12 @@ $start_timer = $generator->pageLoadTimeStart();
 //fix by ronix
 use App\Utils\AccessLogger;
 
-if(isset($_GET['aid']) && !is_numeric($_GET['aid'])) die('Hacking Attemp');
+if(isset($_GET['aid']) && !is_numeric($_GET['aid'])) 
+{
+    header("location: allianz.php"); 
+    exit;
+}
+
 include_once("GameEngine/Village.php");
 include_once("GameEngine/Chat.php");
 AccessLogger::logRequest();
@@ -196,7 +201,7 @@ if(isset($_GET['aid']) or isset($_GET['fid']) or isset($_GET['fid2']) or $sessio
 ?>
 <div id="mid">
 <?php
-$invite_permission = $database->getAlliancePermission($session->uid, "opt4", 0);
+$userPermissions = $database->getAlliPermissions($session->uid, $session->alliance, 0);
 	   include ("Templates/menu.tpl");
 
 	   if(isset($_GET['s']) && $_GET['s'] == 2) {
@@ -235,100 +240,79 @@ $invite_permission = $database->getAlliancePermission($session->uid, "opt4", 0);
 	   }else{
 		header("Location: ".$_SERVER['PHP_SELF']);
 		exit;
-	   }}else if(isset($_GET['delinvite']) && $invite_permission == 1){
+	   }}else if(isset($_GET['delinvite'])){
+	    if($userPermissions['opt4'] == 0) $alliance->redirect();
 		include ("Templates/Alliance/invite.tpl");
 	    } elseif(isset($_POST['o'])) {
 		switch($_POST['o']) {
 			case 1:
-				if(isset($_POST['s']) == 5 && isset($_POST['a_user'])) {
-					$alliance->procAlliForm($_POST);
-					//echo "Funcion para el cambio de nombre de la alianza";
-					include ("Templates/Alliance/changepos.tpl");
-				} else {
-					include ("Templates/Alliance/assignpos.tpl");
-				}
+			    if($userPermissions['opt1'] == 0) $alliance->redirect();
+			    if(isset($_POST['s']) == 5 && isset($_POST['a_user'])){		        
+			        $alliance->procAlliForm($_POST);	
+			        include("Templates/Alliance/changepos.tpl");
+			    }
+			    else include("Templates/Alliance/assignpos.tpl");              
 				break;
 			case 2:
-				if(isset($_POST['s']) == 5 && isset($_POST['a']) == 2) {
-					$alliance->procAlliForm($_POST);
-					include ("Templates/Alliance/kick.tpl");
-				} else {
-					include ("Templates/Alliance/kick.tpl");
-				}
+			    if($userPermissions['opt2'] == 0) $alliance->redirect();
+			    if(isset($_POST['s']) == 5 && isset($_POST['a']) == 2) $alliance->procAlliForm($_POST);			
+				include("Templates/Alliance/kick.tpl");		
 				break;
 			case 3:
-				if(isset($_POST['s']) == 5 && isset($_POST['a']) == 3) {
-					$alliance->procAlliForm($_POST);
-					//echo "Funcion para el cambio de nombre de la alianza";
-					include ("Templates/Alliance/allidesc.tpl");
-				} else {
-					include ("Templates/Alliance/allidesc.tpl");
-				}
+			    if($userPermissions['opt3'] == 0) $alliance->redirect();
+			    if(isset($_POST['s']) == 5 && isset($_POST['a']) == 3) $alliance->procAlliForm($_POST);
+                include("Templates/Alliance/allidesc.tpl");
 				break;
 			case 4:
-				if(isset($_POST['s']) == 5 && isset($_POST['a']) == 4) {
-					$alliance->procAlliForm($_POST);
-					//echo "Funcion para el cambio de nombre de la alianza";
-					include ("Templates/Alliance/invite.tpl");
-				} else {
-					include ("Templates/Alliance/invite.tpl");
-				}
+			    if($userPermissions['opt4'] == 0) $alliance->redirect();
+				if(isset($_POST['s']) == 5 && isset($_POST['a']) == 4) $alliance->procAlliForm($_POST);	
+				include("Templates/Alliance/invite.tpl");
 				break;
 			case 5:
-				$alliance->setForumLink($_POST);
-				include ("Templates/Alliance/linkforum.tpl");
+			    if($userPermissions['opt5'] == 0) $alliance->redirect();
+			    if(isset($_POST['f_link'])) $alliance->setForumLink($_POST);    	    	        
+			    include("Templates/Alliance/linkforum.tpl");
 				break;
 			case 6:
-				if(isset($_POST['dipl']) and isset($_POST['a_name'])) {
-					$alliance->procAlliForm($_POST);
-					include ("Templates/Alliance/chgdiplo.tpl");
-				} else {
-					include ("Templates/Alliance/chgdiplo.tpl");
-				}
+			    if($userPermissions['opt6'] == 0) $alliance->redirect();
+			    if(isset($_POST['dipl']) and isset($_POST['a_name'])) $alliance->procAlliForm($_POST);		
+				include("Templates/Alliance/chgdiplo.tpl");
 				break;
 			case 11:
-				if(isset($_POST['s']) == 5 && isset($_POST['a']) == 11) {
-					$alliance->procAlliForm($_POST);
-					//echo "Funcion para el cambio de nombre de la alianza";
-					include ("Templates/Alliance/quitalli.tpl");
-				} else {
-					include ("Templates/Alliance/quitalli.tpl");
-				}
-				break;
-			default:
-				include ("Templates/Alliance/option.tpl");
+				if(isset($_POST['s']) == 5 && isset($_POST['a']) == 11) $alliance->procAlliForm($_POST);
+				include("Templates/Alliance/quitalli.tpl");
 				break;
 			case 100:
-				if(isset($_POST['s']) == 5 && isset($_POST['a']) == 100) {
-					$alliance->procAlliForm($_POST);
-					//echo "Funcion para el cambio de nombre de la alianza";
-					include ("Templates/Alliance/changename.tpl");
-				} else {
-					include ("Templates/Alliance/changename.tpl");
-				}
+			    if($userPermissions['opt3'] == 0) $alliance->redirect();
+			    if(isset($_POST['s']) == 5 && isset($_POST['a']) == 100) $alliance->procAlliForm($_POST);			
+				include ("Templates/Alliance/changename.tpl");
 				break;
 			case 101:
-				$database->diplomacyCancelOffer($_POST['id']);
+			    if($userPermissions['opt6'] == 0) $alliance->redirect();
+			    if(isset($_POST['id'])) $database->diplomacyCancelOffer($_POST['id'], $session->alliance);
 				include ("Templates/Alliance/chgdiplo.tpl");
 				break;
 			case 102:
-				$database->diplomacyInviteDenied($_POST['id'], $_POST['alli2']);
+			    if($userPermissions['opt6'] == 0) $alliance->redirect();
+			    if(isset($_POST['id'])) $database->diplomacyInviteDenied($_POST['id'], $session->alliance);
 				include ("Templates/Alliance/chgdiplo.tpl");
 				break;
 			case 103:
-			if($database->checkDiplomacyInviteAccept($session->alliance, $_POST['type'])){
-				$database->diplomacyInviteAccept($_POST['id'], $_POST['alli2']);
-			}
+			    if($userPermissions['opt6'] == 0) $alliance->redirect();
+			    if(isset($_POST['id'])) $database->diplomacyInviteAccept($_POST['id'], $session->alliance);
 				include ("Templates/Alliance/chgdiplo.tpl");
 				break;
 			case 104:
-				$database->diplomacyCancelExistingRelationship($_POST['id'], $_POST['alli2']);
+			    if($userPermissions['opt6'] == 0) $alliance->redirect();
+			    if(isset($_POST['id'])) $database->diplomacyCancelExistingRelationship($_POST['id'], $session->alliance);
 				include ("Templates/Alliance/chgdiplo.tpl");
+				break;
+			default:
+			    include("Templates/Alliance/option.tpl");
+			    break;
 		}
-		} else {
-		include ("Templates/Alliance/overview.tpl");
-		}
-
+		} 
+		else include ("Templates/Alliance/overview.tpl");		
 ?>
 </div>
 <br /><br /><br /><br /><div id="side_info">