From 2eaa92fc03e364fdfcb9df6212caf3cc64f53083 Mon Sep 17 00:00:00 2001 From: novgorodschi catalin Date: Tue, 2 Jun 2026 08:10:46 +0300 Subject: [PATCH] Fix gold log script Fix gold log script --- GameEngine/Admin/Mods/additional.php | 8 ++++++-- GameEngine/Admin/Mods/gold.php | 5 ++++- GameEngine/Admin/Mods/gold_1.php | 5 ++++- install/include/accounts.php | 6 +++--- install/templates/script.tpl | 4 ++-- 5 files changed, 19 insertions(+), 9 deletions(-) diff --git a/GameEngine/Admin/Mods/additional.php b/GameEngine/Admin/Mods/additional.php index 1e6c73e1..f1884daf 100755 --- a/GameEngine/Admin/Mods/additional.php +++ b/GameEngine/Admin/Mods/additional.php @@ -69,10 +69,14 @@ if($diffGold!== 0){ $details = 'Admin adjustment by '.($session->username?? 'Admin'); $now = time(); + // folosește mysqli_real_escape_string dacă $database->query nu face escape automat + $action_esc = mysqli_real_escape_string($GLOBALS["link"], $action); + $details_esc = mysqli_real_escape_string($GLOBALS["link"], $details); + $database->query(" INSERT INTO ".TB_PREFIX."gold_fin_log - (wid, uid, action, gold, time, details) - VALUES ($wid, $id, '$action', $diffGold, $now, '$details') + (uid, wid, action, gold, time, log) + VALUES ($id, $wid, '$action_esc', $diffGold, $now, '$details_esc') "); } diff --git a/GameEngine/Admin/Mods/gold.php b/GameEngine/Admin/Mods/gold.php index 7b106443..c551fb36 100755 --- a/GameEngine/Admin/Mods/gold.php +++ b/GameEngine/Admin/Mods/gold.php @@ -54,7 +54,10 @@ while($u = mysqli_fetch_assoc($users)){ $vill = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT wref FROM ".TB_PREFIX."vdata WHERE owner = $uid LIMIT 1")); $wid = (int)($vill['wref'] ?? 0); - mysqli_query($GLOBALS["link"], "INSERT INTO ".TB_PREFIX."gold_fin_log (wid, uid, action, gold, time, details) VALUES ($wid, $uid, 'Admin added Gold', $amount, $now, '$details')"); + mysqli_query($GLOBALS["link"], + "INSERT INTO ".TB_PREFIX."gold_fin_log (uid, wid, action, gold, time, log) + VALUES ($uid, $wid, 'Admin added Gold', $amount, $now, '$details')" + ) or die(mysqli_error($GLOBALS["link"])); } header("Location: ../../../Admin/admin.php?p=gold&g"); diff --git a/GameEngine/Admin/Mods/gold_1.php b/GameEngine/Admin/Mods/gold_1.php index aeab4e15..7e8e45eb 100755 --- a/GameEngine/Admin/Mods/gold_1.php +++ b/GameEngine/Admin/Mods/gold_1.php @@ -48,7 +48,10 @@ $adminName = $acc['username']; $details = mysqli_real_escape_string($GLOBALS["link"], 'Admin gift by '.$adminName); $now = time(); -mysqli_query($GLOBALS["link"], "INSERT INTO ".TB_PREFIX."gold_fin_log (wid, uid, action, gold, time, details) VALUES ($wid, $id, '$action', $amount, $now, '$details')") or die(mysqli_error($GLOBALS["link"])); +mysqli_query($GLOBALS["link"], + "INSERT INTO ".TB_PREFIX."gold_fin_log (uid, wid, action, gold, time, log) + VALUES ($id, $wid, '$action', $amount, $now, '$details')" +) or die(mysqli_error($GLOBALS["link"])); header("Location: ../../../Admin/admin.php?p=usergold&g"); exit; diff --git a/install/include/accounts.php b/install/include/accounts.php index 7c696398..fe4ef784 100644 --- a/install/include/accounts.php +++ b/install/include/accounts.php @@ -64,8 +64,8 @@ strtolower($_POST['aname']) != 'multihunter' && strtolower($_POST['aname']) != 'support' ) { - mysqli_query($database->dblink, "INSERT INTO " . TB_PREFIX . "users SET username = '".$database->escape($_POST['aname'])."', password = '" . password_hash($_POST['apass'], PASSWORD_BCRYPT, ['cost' => 12]) . "', email = '".$database->escape($_POST['aemail'])."', tribe = ".(int) $_POST['atribe'].", access = 9, is_bcrypt = 1") OR DIE (mysqli_error($database->dblink)); - $uid = mysqli_insert_id($database->dblink); + mysqli_query($database->dblink, "INSERT INTO " . TB_PREFIX . "users SET username = '".$database->escape($_POST['aname'])."', password = '" . password_hash($_POST['apass'], PASSWORD_BCRYPT, ['cost' => 12]) . "', email = '".$database->escape($_POST['aemail'])."', tribe = ".(int) $_POST['atribe'].", access = 9, is_bcrypt = 1, desc1 = '[#MULTIHUNTER]', desc2 = '[#MH]\n[#TEAM]'") OR DIE (mysqli_error($database->dblink)); + $uid = mysqli_insert_id($database->dblink); $admin_village_created = false; $xcoor = round(WORLD_MAX / 2); $addUnitsWrefs = []; @@ -93,7 +93,7 @@ // set up MultiHunter $password = $_POST['mhpw']; - mysqli_query($database->dblink, "UPDATE " . TB_PREFIX . "users SET password = '" . password_hash($password, PASSWORD_BCRYPT,['cost' => 12]) . "' WHERE username = 'Multihunter'"); + mysqli_query($database->dblink, "UPDATE " . TB_PREFIX . "users SET password = '" . password_hash($password, PASSWORD_BCRYPT,['cost' => 12]) . "', desc1 = '[#MH]', desc2 = '[#MULTIHUNTER]' WHERE username = 'Multihunter'"); $wid = $admin->getWref(0, 0); $uid = 5; $status = $database->getVillageState($wid); diff --git a/install/templates/script.tpl b/install/templates/script.tpl index 4dd5daeb..9d043413 100644 --- a/install/templates/script.tpl +++ b/install/templates/script.tpl @@ -68,7 +68,7 @@ document.addEventListener('DOMContentLoaded',function(){ -

TravianZ Installation

Setup wizard • v.9.0 Incremental Refactor

+

TravianZ Installation

Setup wizard • v.10.0 Full Refactor&Redesign

`; var wrap = document.querySelector('.wrapper'); if(wrap) wrap.parentNode.insertBefore(h, wrap); @@ -76,7 +76,7 @@ document.addEventListener('DOMContentLoaded',function(){ // FOOTER var f = document.createElement('div'); f.className = 'tz-footer'; - f.innerHTML = `
© 2010 - 2026 TravianZ • All rights reserved
Server running on v.9.0 Incremental Refactor
`; + f.innerHTML = `
© 2010 - 2026 TravianZ • All rights reserved
Server running on v.10.0 Full Refactor&Redesign
`; document.body.appendChild(f); // curăță resturi vechi