diff --git a/GameEngine/Admin/database.php b/GameEngine/Admin/database.php index 25381fff..77230348 100755 --- a/GameEngine/Admin/database.php +++ b/GameEngine/Admin/database.php @@ -178,24 +178,50 @@ class adm_DB { return $r['id']; } - function AddVillage($post) { - global $database; - $wid = $this->getWref($post['x'], $post['y']); - $uid = (int)$post['uid']; - $status = $database->getVillageState($wid); - $status = 0; - if ($status == 0) { - mysqli_query($this->connection, "INSERT INTO ". TB_PREFIX. "admin_log VALUES (0,". (int)$_SESSION['id']. ",'Added new village $wid to user $uid',". time(). ")"); - $database->setFieldTaken($wid); - $username = $database->getUserArray($uid, 1); - $username = $username['username']; - $database->addVillage($wid, $uid, $username, '0'); - $database->addResourceFields($wid, $database->getVillageType($wid, false)); - $database->addUnits($wid); - $database->addTech($wid); - $database->addABTech($wid); + function AddVillage($post) { + global $database; + + $wid = $this->getWref($post['x'], $post['y']); + $uid = (int)$post['uid']; + $status = $database->getVillageState($wid); + $status = 0; + + if ($status == 0) { + $database->setFieldTaken($wid); + + $user = $database->getUserArray($uid, 1); + $username = $user['username']; + + $database->addVillage($wid, $uid, $username, '0'); + $database->addResourceFields($wid, $database->getVillageType($wid, false)); + $database->addUnits($wid); + $database->addTech($wid); + $database->addABTech($wid); + + /* ---------------- Admin log ---------------- */ + $villageName = $database->getVillageField($wid, 'name'); + if (empty($villageName) || $villageName == '?') { + $villageName = $username . "'s village"; } + + $villageNameSafe = htmlspecialchars($villageName, ENT_QUOTES, 'UTF-8'); + $userNameSafe = htmlspecialchars($username, ENT_QUOTES, 'UTF-8'); + + $logText = "Added new village $villageNameSafe to user $userNameSafe"; + $logEsc = $database->escape($logText); + + mysqli_query( + $this->connection, + "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) + VALUES ( + 0, + " . (int)$_SESSION['id'] . ", + '$logEsc', + " . time() . " + )" + ); } +} /* ---------------- Pedepsire jucător ---------------- */