diff --git a/GameEngine/Admin/database.php b/GameEngine/Admin/database.php
index 25381fff..77230348 100755
--- a/GameEngine/Admin/database.php
+++ b/GameEngine/Admin/database.php
@@ -178,24 +178,50 @@ class adm_DB {
return $r['id'];
}
- function AddVillage($post) {
- global $database;
- $wid = $this->getWref($post['x'], $post['y']);
- $uid = (int)$post['uid'];
- $status = $database->getVillageState($wid);
- $status = 0;
- if ($status == 0) {
- mysqli_query($this->connection, "INSERT INTO ". TB_PREFIX. "admin_log VALUES (0,". (int)$_SESSION['id']. ",'Added new village $wid to user $uid',". time(). ")");
- $database->setFieldTaken($wid);
- $username = $database->getUserArray($uid, 1);
- $username = $username['username'];
- $database->addVillage($wid, $uid, $username, '0');
- $database->addResourceFields($wid, $database->getVillageType($wid, false));
- $database->addUnits($wid);
- $database->addTech($wid);
- $database->addABTech($wid);
+ function AddVillage($post) {
+ global $database;
+
+ $wid = $this->getWref($post['x'], $post['y']);
+ $uid = (int)$post['uid'];
+ $status = $database->getVillageState($wid);
+ $status = 0;
+
+ if ($status == 0) {
+ $database->setFieldTaken($wid);
+
+ $user = $database->getUserArray($uid, 1);
+ $username = $user['username'];
+
+ $database->addVillage($wid, $uid, $username, '0');
+ $database->addResourceFields($wid, $database->getVillageType($wid, false));
+ $database->addUnits($wid);
+ $database->addTech($wid);
+ $database->addABTech($wid);
+
+ /* ---------------- Admin log ---------------- */
+ $villageName = $database->getVillageField($wid, 'name');
+ if (empty($villageName) || $villageName == '?') {
+ $villageName = $username . "'s village";
}
+
+ $villageNameSafe = htmlspecialchars($villageName, ENT_QUOTES, 'UTF-8');
+ $userNameSafe = htmlspecialchars($username, ENT_QUOTES, 'UTF-8');
+
+ $logText = "Added new village $villageNameSafe to user $userNameSafe";
+ $logEsc = $database->escape($logText);
+
+ mysqli_query(
+ $this->connection,
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`)
+ VALUES (
+ 0,
+ " . (int)$_SESSION['id'] . ",
+ '$logEsc',
+ " . time() . "
+ )"
+ );
}
+}
/* ---------------- Pedepsire jucător ---------------- */