mirror of
https://github.com/Shadowss/TravianZ.git
synced 2026-06-28 00:24:23 +00:00
fix: remove SQL injections in Admin
This commit is contained in:
Martin Ambrus
@@ -19,7 +19,7 @@ mysqli_select_db(SQL_DB);
|
||||
if (!isset($_SESSION)) session_start();
|
||||
if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!");
|
||||
|
||||
$id = $_POST['id'];
|
||||
$id = (int) $_POST['id'];
|
||||
$village = $database->getVillage($id);
|
||||
$user = $database->getUserArray($village['owner'],1);
|
||||
$coor = $database->getCoor($village['wref']);
|
||||
@@ -28,6 +28,10 @@ $type = $database->getVillageType($village['wref']);
|
||||
$fdata = $database->getResourceLevel($village['wref']);
|
||||
$units = $database->getUnit($village['wref']);
|
||||
|
||||
foreach ($_POST as $key => $value) {
|
||||
$_POST[$key] = (int) $value;
|
||||
}
|
||||
|
||||
$u1 = $_POST['u1'];
|
||||
$u2 = $_POST['u2'];
|
||||
$u3 = $_POST['u3'];
|
||||
@@ -100,7 +104,7 @@ $q = "UPDATE ".TB_PREFIX."units SET u41 = '$u41', u42 = '$u42', u43 = '$u43', u4
|
||||
mysqli_query($GLOBALS["link"], $q);
|
||||
}
|
||||
|
||||
mysqli_query($GLOBALS["link"], "Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Changed troop anmount in village <a href=\'admin.php?p=village&did=$id\'>$id</a> ',".time().")");
|
||||
mysqli_query($GLOBALS["link"], "Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Changed troop anmount in village <a href=\'admin.php?p=village&did=$id\'>$id</a> ',".time().")");
|
||||
|
||||
header("Location: ../../../Admin/admin.php?p=addTroops&did=".$id."&d");
|
||||
|
||||
|
||||
+2
-2
@@ -15,8 +15,8 @@ mysqli_select_db(SQL_DB);
|
||||
if (!isset($_SESSION)) session_start();
|
||||
if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!");
|
||||
|
||||
$id = $_POST['id'];
|
||||
$admid = $_POST['admid'];
|
||||
$id = (int) $_POST['id'];
|
||||
$admid = (int) $_POST['admid'];
|
||||
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET cp = cp + ".$_POST['cp']." WHERE id = ".$id."");
|
||||
|
||||
$name = $database->getUserField($id,"username",0);
|
||||
|
||||
@@ -17,7 +17,7 @@ if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!");
|
||||
|
||||
|
||||
|
||||
$userid = $_POST['userid'];
|
||||
$userid = (int) $_POST['userid'];
|
||||
mysqli_query($GLOBALS["link"], "DELETE FROM ".TB_PREFIX."medal WHERE userid = ".$userid."");
|
||||
|
||||
header("Location: ../../../Admin/admin.php?p=player&uid=".$userid."");
|
||||
|
||||
@@ -17,7 +17,7 @@ if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!");
|
||||
|
||||
|
||||
|
||||
$deleteweek = $_POST['medalweek'];
|
||||
$deleteweek = (int) $_POST['medalweek'];
|
||||
mysqli_query($GLOBALS["link"], "DELETE FROM ".TB_PREFIX."medal WHERE week = ".$deleteweek."");
|
||||
|
||||
header("Location: ../../../Admin/admin.php?p=delmedal");
|
||||
|
||||
@@ -15,10 +15,14 @@ mysqli_select_db(SQL_DB);
|
||||
if (!isset($_SESSION)) session_start();
|
||||
if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!");
|
||||
|
||||
foreach ($_POST as $key => $value) {
|
||||
$_POST[$key] = $database->escape($value);
|
||||
}
|
||||
|
||||
$id = $_POST['id'];
|
||||
$user = $database->getUserArray($id,1);
|
||||
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET email = '".$_POST['email']."', tribe = ".$_POST['tribe'].", location = '".$_POST['location']."', desc1 = '".$_POST['desc1']."', `desc2` = '".$_POST['desc2']."' WHERE id = ".$_POST['id']."");
|
||||
mysqli_query($GLOBALS["link"], "Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Changed <a href=\'admin.php?p=village&did=$id\'>".$user['username']."</a>\'s profile',".time().")");
|
||||
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET email = '".$_POST['email']."', tribe = ".(int) $_POST['tribe'].", location = '".$_POST['location']."', desc1 = '".$_POST['desc1']."', desc2 = '".$_POST['desc2']."' WHERE id = ".(int) $_POST['id']."");
|
||||
mysqli_query($GLOBALS["link"], "Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Changed <a href=\'admin.php?p=village&did=$id\'>".$user['username']."</a>\'s profile',".time().")");
|
||||
|
||||
|
||||
header("Location: ../../../Admin/admin.php?p=player&uid=".$id."");
|
||||
|
||||
+5
-5
@@ -15,12 +15,12 @@ mysqli_select_db(SQL_DB);
|
||||
if (!isset($_SESSION)) session_start();
|
||||
if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!");
|
||||
|
||||
$id = $_POST['id'];
|
||||
$gold = $_POST['gold'];
|
||||
$id = (int) $_POST['id'];
|
||||
$gold = (int) $_POST['gold'];
|
||||
|
||||
$q = "UPDATE ".TB_PREFIX."users SET gold = gold + ".$_POST['gold']." WHERE id != '0'";
|
||||
mysqli_query($GLOBALS["link"], $q);
|
||||
mysqli_query($GLOBALS["link"], "Insert into ".TB_PREFIX."admin_log values (0,$id,'Added <b>$gold</b> gold to all users',".time().")");
|
||||
$q = "UPDATE ".TB_PREFIX."users SET gold = gold + ".$gold." WHERE id != '0'";
|
||||
mysqli_query($GLOBALS["link"], $q);
|
||||
mysqli_query($GLOBALS["link"], "Insert into ".TB_PREFIX."admin_log values (0,$id,'Added <b>$gold</b> gold to all users',".time().")");
|
||||
|
||||
|
||||
header("Location: ../../../Admin/admin.php?p=gold&g");
|
||||
|
||||
@@ -16,11 +16,11 @@ if (!isset($_SESSION)) session_start();
|
||||
if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!");
|
||||
|
||||
$id = $_POST['id'];
|
||||
$admid = $_POST['admid'];
|
||||
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET gold = gold + ".$_POST['gold']." WHERE id = ".$id."");
|
||||
$admid = (int) $_POST['admid'];
|
||||
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET gold = gold + ".(int) $_POST['gold']." WHERE id = ".(int) $id."");
|
||||
|
||||
$name = $database->getUserField($id,"username",0);
|
||||
mysqli_query($GLOBALS["link"], "Insert into ".TB_PREFIX."admin_log values (0,$admid,'Added <b>".$_POST['gold']."</b> gold to user <a href=\'admin.php?p=player&uid=$id\'>$name</a> ',".time().")");
|
||||
mysqli_query($GLOBALS["link"], "Insert into ".TB_PREFIX."admin_log values (0,$admid,'Added <b>".(int) $_POST['gold']."</b> gold to user <a href=\'admin.php?p=player&uid=$id\'>$name</a> ',".time().")");
|
||||
|
||||
header("Location: ../../../Admin/admin.php?p=player&uid=".$id."&g=ok");
|
||||
?>
|
||||
@@ -17,8 +17,9 @@ mysqli_select_db(SQL_DB);
|
||||
if (!isset($_SESSION)) session_start();
|
||||
if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!");
|
||||
|
||||
$medalid = $_POST['medalid'];
|
||||
$uid = $_POST['uid'];
|
||||
$medalid = (int) $_POST['medalid'];
|
||||
$uid = (int) $_POST['uid'];
|
||||
$admid = (int) $_POST['admid'];
|
||||
|
||||
mysqli_query($GLOBALS["link"], "DELETE FROM ".TB_PREFIX."medal WHERE id = ".$medalid."");
|
||||
|
||||
@@ -28,7 +29,7 @@ $name = mysqli_result($name, 0);
|
||||
mysqli_query($GLOBALS["link"], "Insert into ".TB_PREFIX."admin_log values (0,$admid,'Deleted medal id [#".$medalid."] from the user <a href=\'admin.php?p=player&uid=$uid\'>$name</a> ',".time().")");
|
||||
|
||||
|
||||
$deleteweek = $_POST['medalweek'];
|
||||
$deleteweek = (int) $_POST['medalweek'];
|
||||
mysqli_query($GLOBALS["link"], "DELETE FROM ".TB_PREFIX."medal WHERE week = ".$deleteweek."");
|
||||
|
||||
header("Location: ../../../Admin/admin.php?p=player&uid=".$uid."");
|
||||
|
||||
@@ -16,11 +16,17 @@ mysqli_select_db(SQL_DB);
|
||||
if (!isset($_SESSION)) session_start();
|
||||
if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!");
|
||||
|
||||
$did = $_POST['did'];
|
||||
$origname = $_POST['villagename'];
|
||||
|
||||
foreach ($_POST as $key => $value) {
|
||||
$_POST[$key] = $database->escape($value);
|
||||
}
|
||||
|
||||
$did = (int) $_POST['did'];
|
||||
$name = $_POST['villagename'];
|
||||
$sql = "UPDATE ".TB_PREFIX."vdata SET name = '$name' WHERE wref = $did";
|
||||
|
||||
mysqli_query($GLOBALS["link"], $sql);
|
||||
|
||||
header("Location: ../../../Admin/admin.php?p=village&did=".$did."&name=".$name."");
|
||||
header("Location: ../../../Admin/admin.php?p=village&did=".$did."&name=".$origname."");
|
||||
?>
|
||||
@@ -14,7 +14,11 @@ mysqli_select_db(SQL_DB);
|
||||
if (!isset($_SESSION)) session_start();
|
||||
if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!");
|
||||
|
||||
$uid = $_POST['uid'];
|
||||
foreach ($_POST as $key => $value) {
|
||||
$_POST[$key] = $database->escape($value);
|
||||
}
|
||||
|
||||
$uid = (int) $_POST['uid'];
|
||||
$topic = $_POST['topic'];
|
||||
$message = $_POST['message'];
|
||||
$time = time();
|
||||
|
||||
@@ -77,11 +77,11 @@ if($_GET['aid'])
|
||||
|
||||
<?php
|
||||
error_reporting(0);
|
||||
$sql = "SELECT * FROM ".TB_PREFIX."ali_permission WHERE alliance = ".$_GET['aid']."";
|
||||
$sql = "SELECT * FROM ".TB_PREFIX."ali_permission WHERE alliance = ".(int) $_GET['aid']."";
|
||||
$result = mysqli_query($GLOBALS["link"], $sql);
|
||||
while($row = mysqli_fetch_assoc($result))
|
||||
{
|
||||
$player = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$row['uid'].""));
|
||||
$player = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".(int) $row['uid'].""));
|
||||
if($row['opt1'] == 1) { $position1 = "Assign To Position"; } else { $position1 = "No Assigning Positions"; }
|
||||
if($row['opt2'] == 1) { $position2 = "Kick Players"; } else { $position2 = "No Kicking Players"; }
|
||||
if($row['opt3'] == 1) { $position3 = "Change Alliance Description"; } else { $position3 = "No Changing Description"; }
|
||||
@@ -235,7 +235,7 @@ if($_GET['aid'])
|
||||
</tr>
|
||||
</thead>
|
||||
<?php
|
||||
$sql = "SELECT * FROM ".TB_PREFIX."ali_log WHERE aid = ".$_GET['aid']."";
|
||||
$sql = "SELECT * FROM ".TB_PREFIX."ali_log WHERE aid = ".(int) $_GET['aid']."";
|
||||
$result = mysqli_query($GLOBALS["link"], $sql);
|
||||
while($row = mysqli_fetch_assoc($result))
|
||||
{
|
||||
@@ -264,7 +264,7 @@ if($_GET['aid'])
|
||||
</tr>
|
||||
</thead>
|
||||
<?php
|
||||
$sql = "SELECT * FROM ".TB_PREFIX."diplomacy WHERE alli1 = ".$_GET['aid']."";
|
||||
$sql = "SELECT * FROM ".TB_PREFIX."diplomacy WHERE alli1 = ".(int) $_GET['aid']."";
|
||||
$result = mysqli_query($GLOBALS["link"], $sql);
|
||||
while($row = mysqli_fetch_assoc($result))
|
||||
{
|
||||
@@ -274,7 +274,7 @@ if($_GET['aid'])
|
||||
if($row['accepted'] == 0) { $accepted = "<img src=\"../../gpack/travian_default/img/a/del.gif\">"; }
|
||||
if($row['accepted'] ==1) { $accepted = "<img src=\"../../gpack/travian_default/img/a/acc.gif\">"; }
|
||||
|
||||
$ally = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."alidata WHERE id = ".$row['alli2'].""));
|
||||
$ally = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."alidata WHERE id = ".(int) $row['alli2'].""));
|
||||
echo '
|
||||
<tr>
|
||||
<td><a href="admin.php?p=alliance&aid='.$row['alli1'].'">'.$ally['tag'].'</a></td>
|
||||
@@ -299,7 +299,7 @@ if($_GET['aid'])
|
||||
</tr>
|
||||
</thead>
|
||||
<?php
|
||||
$sql = "SELECT * FROM ".TB_PREFIX."diplomacy WHERE alli2 = ".$_GET['aid']."";
|
||||
$sql = "SELECT * FROM ".TB_PREFIX."diplomacy WHERE alli2 = ".(int) $_GET['aid']."";
|
||||
$result = mysqli_query($GLOBALS["link"], $sql);
|
||||
while($row = mysqli_fetch_assoc($result))
|
||||
{
|
||||
@@ -309,7 +309,7 @@ if($_GET['aid'])
|
||||
if($row['accepted'] == 0) { $accepted = "<img src=\"../../gpack/travian_default/img/a/del.gif\">"; }
|
||||
if($row['accepted'] ==1) { $accepted = "<img src=\"../../gpack/travian_default/img/a/acc.gif\">"; }
|
||||
|
||||
$ally = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."alidata WHERE id = ".$row['alli1'].""));
|
||||
$ally = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."alidata WHERE id = ".(int) $row['alli1'].""));
|
||||
echo '
|
||||
<tr>
|
||||
<td><a href="admin.php?p=alliance&aid='.$row['alli2'].'">'.$ally['tag'].'</a></td>
|
||||
@@ -335,7 +335,7 @@ if($_GET['aid'])
|
||||
</tr>
|
||||
</thead>
|
||||
<?php
|
||||
$sql = "SELECT * FROM ".TB_PREFIX."diplomacy WHERE alli1 = ".$_GET['aid']." OR alli2 = ".$_GET['aid']." AND accepted = 1";
|
||||
$sql = "SELECT * FROM ".TB_PREFIX."diplomacy WHERE alli1 = ".(int) $_GET['aid']." OR alli2 = ".(int) $_GET['aid']." AND accepted = 1";
|
||||
$result = mysqli_query($GLOBALS["link"], $sql);
|
||||
while($row = mysqli_fetch_assoc($result))
|
||||
{
|
||||
@@ -345,8 +345,8 @@ if($_GET['aid'])
|
||||
if($row['accepted'] == 0) { $accepted = "<img src=\"../../gpack/travian_default/img/a/del.gif\">"; }
|
||||
if($row['accepted'] == 1) { $accepted = "<img src=\"../../gpack/travian_default/img/a/acc.gif\">"; }
|
||||
|
||||
$ally1 = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."alidata WHERE id = ".$row['alli1'].""));
|
||||
$ally2 = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."alidata WHERE id = ".$row['alli2'].""));
|
||||
$ally1 = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."alidata WHERE id = ".(int) $row['alli1'].""));
|
||||
$ally2 = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."alidata WHERE id = ".(int) $row['alli2'].""));
|
||||
echo '
|
||||
<tr>
|
||||
<td><a href="admin.php?p=alliance&aid='.$row['alli1'].'">'.$ally1['tag'].'</a> & <a href="admin.php?p=alliance&aid='.$row['alli2'].'">'.$ally2['tag'].'</a></td>
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
## ##
|
||||
#################################################################################
|
||||
$time = time();
|
||||
$ban = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."banlist WHERE `uid` = '".$session->uid."' and active = 1");
|
||||
$ban = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."banlist WHERE `uid` = '".(int) $session->uid."' and active = 1");
|
||||
$ban1 = mysqli_fetch_array($ban);
|
||||
?>
|
||||
|
||||
|
||||
@@ -130,7 +130,7 @@ $nummedals = mysqli_num_rows($sql);
|
||||
$bb = $row['id'];
|
||||
$allyid = $row['allyid'];
|
||||
|
||||
$unq = "SELECT name FROM ".TB_PREFIX."alidata WHERE id = ".$allyid."";
|
||||
$unq = "SELECT name FROM ".TB_PREFIX."alidata WHERE id = ".(int) $allyid."";
|
||||
$user = mysqli_result(mysqli_query($GLOBALS["link"], $unq), 0);
|
||||
$allyname = $user;
|
||||
|
||||
|
||||
@@ -50,7 +50,7 @@ if($_GET['uid'])
|
||||
<td>Villages:</td>
|
||||
<td>
|
||||
<?php
|
||||
$result = mysqli_query($GLOBALS["link"], "SELECT SQL_CACHE * FROM ".TB_PREFIX."vdata WHERE owner = ".$user['id']."");
|
||||
$result = mysqli_query($GLOBALS["link"], "SELECT SQL_CACHE * FROM ".TB_PREFIX."vdata WHERE owner = ".(int) $user['id']."");
|
||||
$num_rows = mysqli_num_rows($result);
|
||||
echo $num_rows;
|
||||
?>
|
||||
|
||||
@@ -141,7 +141,7 @@ $nummedals = mysqli_num_rows($sql);
|
||||
$week = $row['week'];
|
||||
$points = $row['points'];
|
||||
$bb = $row['id'];
|
||||
$playerid = $row['userid'];
|
||||
$playerid = (int) $row['userid'];
|
||||
|
||||
$unq = "SELECT username FROM ".TB_PREFIX."users where id = $playerid";
|
||||
$user = mysqli_result(mysqli_query($GLOBALS["link"], $unq), 0);
|
||||
|
||||
@@ -10,10 +10,10 @@
|
||||
#################################################################################
|
||||
|
||||
if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!");
|
||||
$id = $_SESSION['id'];
|
||||
$id = (int) $_SESSION['id'];
|
||||
if(isset($_GET['uid']))
|
||||
{
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT access FROM ".TB_PREFIX."users WHERE id = ".$_GET['uid']."");
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT access FROM ".TB_PREFIX."users WHERE id = ".(int) $_GET['uid']."");
|
||||
$curaccess = mysqli_result($sql, 0);
|
||||
$player = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$id.""));
|
||||
?>
|
||||
|
||||
@@ -8,9 +8,8 @@
|
||||
## Copyright: TravianZ (c) 2010-2014. All rights reserved. ##
|
||||
## ##
|
||||
#################################################################################
|
||||
$id = isset($_GET['uid']);
|
||||
if(isset($_GET['uid'])){
|
||||
$id = $_GET['uid'];
|
||||
$id = (int) $_GET['uid'];
|
||||
include_once("../GameEngine/Data/hero_full.php");
|
||||
include_once("../GameEngine/Units.php");
|
||||
$user = $database->getUserArray($id,1);
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
<?php
|
||||
if(isset($_GET['uid']))
|
||||
{
|
||||
$user = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$_GET['uid']."")); ?>
|
||||
$user = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".(int) $_GET['uid']."")); ?>
|
||||
<form action="../GameEngine/Admin/Mods/editPassword.php" method="POST">
|
||||
<input type="hidden" name="admid" id="admid" value="<?php echo $_SESSION['id']; ?>">
|
||||
<input type="hidden" name="uid" id="uid" value="<?php echo $_GET['uid']; ?>">
|
||||
|
||||
@@ -57,7 +57,7 @@ if(isset($id))
|
||||
</div>
|
||||
|
||||
<?php
|
||||
$sql = "SELECT * FROM ".TB_PREFIX."banlist WHERE uid = ".$id."";
|
||||
$sql = "SELECT * FROM ".TB_PREFIX."banlist WHERE uid = ".(int) $id."";
|
||||
$numbans = mysqli_num_rows(mysqli_query($GLOBALS["link"], $sql));
|
||||
?>
|
||||
<table id="member" cellpadding="1" cellspacing="1">
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
|
||||
include_once("../GameEngine/Data/hero_full.php");
|
||||
include_once("../GameEngine/Units.php");
|
||||
$id=$user['id'];
|
||||
$id=(int) $user['id'];
|
||||
$hero = mysqli_query($GLOBALS["link"], "SELECT * FROM " . TB_PREFIX . "hero WHERE `uid` = ".$id);
|
||||
$hero_info = mysqli_fetch_array($hero);
|
||||
if (!empty($hero_info)) {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
<?php
|
||||
$id = $_GET['uid'];
|
||||
$id = (int) $_GET['uid'];
|
||||
if(isset($id))
|
||||
{
|
||||
$player = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = $id"));
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
<?php
|
||||
$id = $_GET['uid'];
|
||||
$id = (int) $_GET['uid'];
|
||||
if(isset($id))
|
||||
{
|
||||
$player = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = $id"));
|
||||
|
||||
@@ -37,7 +37,7 @@ if(isset($id))
|
||||
elseif($type == 12){ $typ = array(5,4,3,6); }
|
||||
$ocounter = array();
|
||||
$wood = $clay = $iron =$crop = 0;
|
||||
$q = "SELECT o.*, w.x, w.y FROM ".TB_PREFIX."odata AS o LEFT JOIN ".TB_PREFIX."wdata AS w ON o.wref=w.id WHERE conqured = ".$village['wref'];
|
||||
$q = "SELECT o.*, w.x, w.y FROM ".TB_PREFIX."odata AS o LEFT JOIN ".TB_PREFIX."wdata AS w ON o.wref=w.id WHERE conqured = ".(int) $village['wref'];
|
||||
$result = $database->query_return($q);
|
||||
if(count($result) >0)
|
||||
{
|
||||
|
||||
@@ -16,7 +16,7 @@ if(isset($id))
|
||||
</tr>
|
||||
</thead>
|
||||
<?php
|
||||
$sql = "SELECT * FROM ".TB_PREFIX."build_log WHERE wid = ".$_GET['did']."";
|
||||
$sql = "SELECT * FROM ".TB_PREFIX."build_log WHERE wid = ".(int) $_GET['did']."";
|
||||
$result = mysqli_query($GLOBALS["link"], $sql);
|
||||
while($row = mysqli_fetch_assoc($result))
|
||||
{
|
||||
|
||||
+39
-22
@@ -36,6 +36,9 @@ class adm_DB {
|
||||
}
|
||||
|
||||
function Login($username,$password){
|
||||
global $database;
|
||||
list($username,$password) = $database->escape_input($username,$password);
|
||||
|
||||
$q = "SELECT password FROM ".TB_PREFIX."users where username = '$username' and access >= ".MULTIHUNTER;
|
||||
$result = mysqli_query($this->connection, $q);
|
||||
$dbarray = mysqli_fetch_array($result);
|
||||
@@ -70,7 +73,7 @@ class adm_DB {
|
||||
$popTot += $this->buildingPOP($building,$lvl);
|
||||
}
|
||||
}
|
||||
$q = "UPDATE ".TB_PREFIX."vdata set pop = $popTot where wref = $vid";
|
||||
$q = "UPDATE ".TB_PREFIX."vdata set pop = $popTot where wref = ".(int) $vid;
|
||||
mysqli_query($this->connection, $q);
|
||||
}
|
||||
|
||||
@@ -108,12 +111,12 @@ class adm_DB {
|
||||
$popTot += $this->buildingCP($building,$lvl);
|
||||
}
|
||||
}
|
||||
$q = "UPDATE ".TB_PREFIX."vdata set cp = $popTot where wref = $vid";
|
||||
$q = "UPDATE ".TB_PREFIX."vdata set cp = $popTot where wref = ".(int) $vid;
|
||||
mysqli_query($this->connection, $q);
|
||||
}
|
||||
|
||||
function getWref($x,$y) {
|
||||
$q = "SELECT id FROM ".TB_PREFIX."wdata where x = $x and y = $y";
|
||||
$q = "SELECT id FROM ".TB_PREFIX."wdata where x = ".(int) $x." and y = ".(int) $y;
|
||||
$result = mysqli_query($this->connection, $q);
|
||||
$r = mysqli_fetch_array($result);
|
||||
return $r['id'];
|
||||
@@ -122,11 +125,11 @@ class adm_DB {
|
||||
function AddVillage($post){
|
||||
global $database;
|
||||
$wid = $this->getWref($post['x'],$post['y']);
|
||||
$uid = $post['uid'];
|
||||
$uid = (int) $post['uid'];
|
||||
$status = $database->getVillageState($wid);
|
||||
$status = 0;
|
||||
if($status == 0){
|
||||
mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Added new village <b><a href=\'admin.php?p=village&did=$wid\'>$wid</a></b> to user <b><a href=\'admin.php?p=player&uid=$uid\'>$uid</a></b>',".time().")");
|
||||
mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Added new village <b><a href=\'admin.php?p=village&did=$wid\'>$wid</a></b> to user <b><a href=\'admin.php?p=player&uid=$uid\'>$uid</a></b>',".time().")");
|
||||
$database->setFieldTaken($wid);
|
||||
$database->addVillage($wid,$uid,'new village','0');
|
||||
$database->addResourceFields($wid,$database->getVillageType($wid));
|
||||
@@ -163,23 +166,23 @@ class adm_DB {
|
||||
}
|
||||
if($post['clean_ware']){
|
||||
$time = time();
|
||||
$q = "UPDATE ".TB_PREFIX."vdata SET `wood` = '0', `clay` = '0', `iron` = '0', `crop` = '0', `lastupdate` = '$time' WHERE wref = $vid;";
|
||||
$q = "UPDATE ".TB_PREFIX."vdata SET `wood` = '0', `clay` = '0', `iron` = '0', `crop` = '0', `lastupdate` = '$time' WHERE wref = ".(int) $vid;
|
||||
mysqli_query($this->connection, $q);
|
||||
}
|
||||
}
|
||||
mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Punished user: <a href=\'admin.php?p=player&uid=".$post['uid']."\'>".$post['uid']."</a> with <b>-".$post['punish']."%</b> population',".time().")");
|
||||
mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Punished user: <a href=\'admin.php?p=player&uid=".(int) $post['uid']."\'>".(int) $post['uid']."</a> with <b>-".(int) $post['punish']."%</b> population',".time().")");
|
||||
}
|
||||
|
||||
function PunishBuilding($vid,$proc,$pop){
|
||||
global $database;
|
||||
$q = "UPDATE ".TB_PREFIX."vdata set pop = $pop where wref = $vid;";
|
||||
$q = "UPDATE ".TB_PREFIX."vdata set pop = ".(int) $pop." where wref = ".(int) $vid;;
|
||||
mysqli_query($this->connection, $q);
|
||||
$fdata = $database->getResourceLevel($vid);
|
||||
for ($i = 1; $i <= 40; $i++) {
|
||||
if($fdata['f'.$i]>1){
|
||||
$zm = ($fdata['f'.$i]/100)*$proc;
|
||||
if($zm < 1){$zm = 1;}else{$zm = floor($zm);}
|
||||
$q = "UPDATE ".TB_PREFIX."fdata SET `f$i` = '$zm' WHERE `vref` = $vid;";
|
||||
$q = "UPDATE ".TB_PREFIX."fdata SET `f$i` = '$zm' WHERE `vref` = ".(int) $vid;
|
||||
mysqli_query($this->connection, $q);
|
||||
}
|
||||
}
|
||||
@@ -192,19 +195,21 @@ class adm_DB {
|
||||
}
|
||||
|
||||
function DelUnits2($vid,$unit){
|
||||
$q = "UPDATE ".TB_PREFIX."units SET `u$unit` = '0' WHERE `vref` = $vid;";
|
||||
global $database;
|
||||
$unit = $database->escape($unit);
|
||||
$q = "UPDATE ".TB_PREFIX."units SET `u$unit` = '0' WHERE `vref` = ".(int) $vid;
|
||||
mysqli_query($this->connection, $q);
|
||||
}
|
||||
|
||||
function DelPlayer($uid,$pass){
|
||||
global $database;
|
||||
$ID = $_SESSION['id'];
|
||||
$ID = (int) $_SESSION['id'];
|
||||
if($this->CheckPass($pass,$ID)){
|
||||
$villages = $database->getProfileVillages($uid);
|
||||
for ($i = 0; $i <= count($villages)-1; $i++) {
|
||||
$this->DelVillage($villages[$i]['wref'], 1);
|
||||
}
|
||||
$q = "DELETE FROM ".TB_PREFIX."hero where uid = $uid";
|
||||
$q = "DELETE FROM ".TB_PREFIX."hero where uid = ".(int) $uid;
|
||||
mysqli_query($this->connection, $q);
|
||||
|
||||
$name = $database->getUserField($uid,"username",0);
|
||||
@@ -222,7 +227,7 @@ class adm_DB {
|
||||
}
|
||||
|
||||
function CheckPass($password,$uid){
|
||||
$q = "SELECT password FROM ".TB_PREFIX."users where id = '$uid' and access = ".ADMIN;
|
||||
$q = "SELECT password FROM ".TB_PREFIX."users where id = ".(int) $uid." and access = ".ADMIN;
|
||||
$result = mysqli_query($this->connection, $q);
|
||||
$dbarray = mysqli_fetch_array($result);
|
||||
if($dbarray['password'] == md5($password)) {
|
||||
@@ -234,6 +239,7 @@ class adm_DB {
|
||||
|
||||
function DelVillage($wref, $mode=0){
|
||||
global $database;
|
||||
$wref = (int) $wreff;
|
||||
if($mode==0){
|
||||
$q = "SELECT * FROM ".TB_PREFIX."vdata WHERE `wref` = $wref and capital = 0";
|
||||
}else{
|
||||
@@ -241,7 +247,7 @@ class adm_DB {
|
||||
}
|
||||
$result = mysqli_query($this->connection, $q);
|
||||
if(mysqli_num_rows($result) > 0){
|
||||
mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Deleted village <b>$wref</b>',".time().")");
|
||||
mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Deleted village <b>$wref</b>',".time().")");
|
||||
|
||||
$database->clearExpansionSlot($wref);
|
||||
|
||||
@@ -354,7 +360,7 @@ class adm_DB {
|
||||
}
|
||||
|
||||
if( intval($enforce['hero']) > 0){
|
||||
$q = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".$from['owner']."";
|
||||
$q = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".(int) $from['owner']."";
|
||||
$result = mysqli_query($q);
|
||||
$hero_f=mysqli_fetch_array($result);
|
||||
$hero_unit=$hero_f['unit'];
|
||||
@@ -471,51 +477,62 @@ class adm_DB {
|
||||
function DelBan($uid,$id){
|
||||
global $database;
|
||||
$name = addslashes($database->getUserField($uid,"username",0));
|
||||
mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Unbanned user <a href=\'admin.php?p=player&uid=$uid\'>$name</a>',".time().")");
|
||||
$q = "UPDATE ".TB_PREFIX."users SET `access` = '".USER."' WHERE `id` = $uid;";
|
||||
mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Unbanned user <a href=\'admin.php?p=player&uid=$uid\'>$name</a>',".time().")");
|
||||
$q = "UPDATE ".TB_PREFIX."users SET `access` = '".USER."' WHERE `id` = ".(int) $uid;
|
||||
mysqli_query($this->connection, $q);
|
||||
$q = "UPDATE ".TB_PREFIX."banlist SET `active` = '0' WHERE `id` = $id;";
|
||||
$q = "UPDATE ".TB_PREFIX."banlist SET `active` = '0' WHERE `id` = ".(int) $id;
|
||||
mysqli_query($this->connection, $q);
|
||||
}
|
||||
|
||||
function AddBan($uid,$end,$reason){
|
||||
global $database;
|
||||
list($end,$reason) = $database->escape_input($end,$reason);
|
||||
$name = addslashes($database->getUserField($uid,"username",0));
|
||||
mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Banned user <a href=\'admin.php?p=player&uid=$uid\'>$name</a>',".time().")");
|
||||
$q = "UPDATE ".TB_PREFIX."users SET `access` = '0' WHERE `id` = $uid;";
|
||||
mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Banned user <a href=\'admin.php?p=player&uid=$uid\'>$name</a>',".time().")");
|
||||
$q = "UPDATE ".TB_PREFIX."users SET `access` = '0' WHERE `id` = ".(int) $uid;
|
||||
mysqli_query($this->connection, $q);
|
||||
$time = time();
|
||||
$admin = $_SESSION['id']; //$database->getUserField($_SESSION['username'],'id',1);
|
||||
$admin = (int) $_SESSION['id']; //$database->getUserField($_SESSION['username'],'id',1);
|
||||
$name = addslashes($database->getUserField($uid,'username',0));
|
||||
$q = "INSERT INTO ".TB_PREFIX."banlist (`uid`, `name`, `reason`, `time`, `end`, `admin`, `active`) VALUES ($uid, '$name' , '$reason', '$time', '$end', '$admin', '1');";
|
||||
$q = "INSERT INTO ".TB_PREFIX."banlist (`uid`, `name`, `reason`, `time`, `end`, `admin`, `active`) VALUES (".(int) $uid.", '$name' , '$reason', '$time', '$end', '$admin', '1');";
|
||||
mysqli_query($this->connection, $q);
|
||||
}
|
||||
|
||||
function search_player($player){
|
||||
global $database;
|
||||
$player = $database->escape($player);
|
||||
$q = "SELECT id,username FROM ".TB_PREFIX."users WHERE `username` LIKE '%$player%' and username != 'support'";
|
||||
$result = mysqli_query($this->connection, $q);
|
||||
return $this->mysqli_fetch_all($result);
|
||||
}
|
||||
|
||||
function search_email($email){
|
||||
global $database;
|
||||
$email = $database->escape($email);
|
||||
$q = "SELECT id,email FROM ".TB_PREFIX."users WHERE `email` LIKE '%$email%' and username != 'support'";
|
||||
$result = mysqli_query($this->connection, $q);
|
||||
return $this->mysqli_fetch_all($result);
|
||||
}
|
||||
|
||||
function search_village($village){
|
||||
global $database;
|
||||
$village = $database->escape($village);
|
||||
$q = "SELECT * FROM ".TB_PREFIX."vdata WHERE `name` LIKE '%$village%' or `wref` LIKE '%$village%'";
|
||||
$result = mysqli_query($this->connection, $q);
|
||||
return $this->mysqli_fetch_all($result);
|
||||
}
|
||||
|
||||
function search_alliance($alliance){
|
||||
global $database;
|
||||
$alliance = $database->escape($alliance);
|
||||
$q = "SELECT * FROM ".TB_PREFIX."alidata WHERE `name` LIKE '%$alliance%' or `tag` LIKE '%$alliance%' or `id` LIKE '%$alliance%'";
|
||||
$result = mysqli_query($this->connection, $q);
|
||||
return $this->mysqli_fetch_all($result);
|
||||
}
|
||||
|
||||
function search_ip($ip){
|
||||
global $database;
|
||||
$ip = $database->escape($ip);
|
||||
$q = "SELECT * FROM ".TB_PREFIX."login_log WHERE `ip` LIKE '%$ip%'";
|
||||
$result = mysqli_query($this->connection, $q);
|
||||
return $this->mysqli_fetch_all($result);
|
||||
|
||||
+9
-5
@@ -30,6 +30,10 @@ class funct {
|
||||
function Act($get){
|
||||
global $admin,$database;
|
||||
|
||||
foreach ($get as $key => $value) {
|
||||
$get[$key] = $database->escape($value);
|
||||
}
|
||||
|
||||
switch($get['action']){
|
||||
case "recountPop":
|
||||
$admin->recountPop($get['did']);
|
||||
@@ -92,10 +96,10 @@ class funct {
|
||||
header("Location: admin.php?p=player&uid=".$get['uid'].$error);
|
||||
exit;
|
||||
case "reviveHero":
|
||||
$result=$database->query("SELECT * FROM ".TB_PREFIX."hero WHERE uid='".$get['uid']."'");
|
||||
$result=$database->query("SELECT * FROM ".TB_PREFIX."hero WHERE uid=".(int) $get['uid']);
|
||||
$hdata=mysqli_fetch_array($result);
|
||||
$database->query("UPDATE ".TB_PREFIX."units SET hero = 1 WHERE vref = ".$hdata['wref']);
|
||||
$database->query("UPDATE ".TB_PREFIX."hero SET `dead` = '0', `inrevive` = '0', `health` = '100', `lastupdate` = ".time()." WHERE `uid` = '".$get['uid']."'");
|
||||
$database->query("UPDATE ".TB_PREFIX."units SET hero = 1 WHERE vref = ".(int) $hdata['wref']);
|
||||
$database->query("UPDATE ".TB_PREFIX."hero SET `dead` = '0', `inrevive` = '0', `health` = '100', `lastupdate` = ".time()." WHERE `uid` = ".(int) $get['uid']);
|
||||
header("Location: admin.php?p=player&uid=".$get['uid']."&rc=1");
|
||||
exit;
|
||||
case "addHero":
|
||||
@@ -104,10 +108,10 @@ class funct {
|
||||
|
||||
$database->query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`,
|
||||
`experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`,
|
||||
`intraining`) VALUES ('".$get['uid']."', '" . $vilarray['wref'] . "', '0', '".$get['u']."', '".addslashes($user['username'])."',
|
||||
`intraining`) VALUES (".(int) $get['uid'].", " . (int) $vilarray['wref'] . ", '0', ".(int) $get['u'].", '".addslashes($user['username'])."',
|
||||
'0', '5', '0', '0', '100', '0', '0', '0', '0', '".time()."', '50', '0')");
|
||||
|
||||
$database->query("UPDATE ".TB_PREFIX."units SET hero = 1 WHERE vref = ".$vilarray['wref']);
|
||||
$database->query("UPDATE ".TB_PREFIX."units SET hero = 1 WHERE vref = ".(int) $vilarray['wref']);
|
||||
|
||||
header("Location: admin.php?p=player&uid=".$get['uid']."&ac=1");
|
||||
exit;
|
||||
|
||||
@@ -13,7 +13,7 @@ if(!isset($_SESSION)) session_start();
|
||||
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
|
||||
include_once("../../Database.php");
|
||||
|
||||
$id = $_POST['id'];
|
||||
$id = (int) $_POST['id'];
|
||||
$village = $database->getVillage($id);
|
||||
$user = $database->getUserArray($village['owner'],1);
|
||||
$atech="";
|
||||
@@ -25,7 +25,7 @@ for($i=1; $i<9; $i++) {
|
||||
|
||||
$q = "UPDATE ".TB_PREFIX."abdata SET ".$atech.$btech." WHERE vref = $id";
|
||||
$database->query($q);
|
||||
$database->query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Changed troop anmount in village <a href=\'admin.php?p=village&did=$id\'>$id</a> ',".time().")");
|
||||
$database->query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Changed troop anmount in village <a href=\'admin.php?p=village&did=$id\'>$id</a> ',".time().")");
|
||||
|
||||
header("Location: ../../../Admin/admin.php?p=village&did=".$id."&ab");
|
||||
|
||||
|
||||
@@ -27,11 +27,11 @@ $units="";
|
||||
if($tribe ==6){ $u = 50;}
|
||||
|
||||
for($i=1; $i<11; $i++) {
|
||||
$units.="u".($u+$i)."=".$_POST['u'.($u+$i)].(($i < 10) ? ", " : "");
|
||||
$units.="u".($u+$i)."=".$database->escape($_POST['u'.($u+$i)].(($i < 10) ? ", " : ""));
|
||||
}
|
||||
$q = "UPDATE ".TB_PREFIX."units SET ".$units." WHERE vref = $id";
|
||||
$q = "UPDATE ".TB_PREFIX."units SET ".$units." WHERE vref = ".(int) $id;
|
||||
$database->query($q);
|
||||
$database->query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Changed troop anmount in village <a href=\'admin.php?p=village&did=$id\'>$id</a> ',".time().")");
|
||||
$database->query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Changed troop anmount in village <a href=\'admin.php?p=village&did=$id\'>$id</a> ',".time().")");
|
||||
|
||||
header("Location: ../../../Admin/admin.php?p=village&did=".$id."&d");
|
||||
?>
|
||||
@@ -16,12 +16,15 @@ mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$wgarray=array(1=>1200,1700,2300,3100,4000,5000,6300,7800,9600,11800,14400,17600,21400,25900,31300,37900,45700,55100,66400,80000);
|
||||
|
||||
foreach ($_POST as $key => $value) {
|
||||
$_POST[$key] = $database->escape($value);
|
||||
}
|
||||
|
||||
$id = $_POST['id'];
|
||||
$id = (int) $_POST['id'];
|
||||
$baseName = $_POST['users_base_name'];
|
||||
$amount = (int) $_POST['users_amount'];
|
||||
$beginnersProtection = $_POST['users_protection'];
|
||||
$postTribe = $_POST['tribe'];
|
||||
$postTribe = (int) $_POST['tribe'];
|
||||
|
||||
// Some basic error checking
|
||||
if (strlen($baseName) < 4)
|
||||
@@ -101,7 +104,7 @@ else
|
||||
// beginners protection is not checked
|
||||
// Need a $database function for this
|
||||
// (assuming we don't already have one as creating Natars also updates this way)
|
||||
$q = "UPDATE " . TB_PREFIX . "users SET desc2 = '[#0]' WHERE id = $uid";
|
||||
$q = "UPDATE " . TB_PREFIX . "users SET desc2 = '[#0]' WHERE id = ".(int) $uid;
|
||||
mysqli_query($GLOBALS["link"], $q) or die(mysqli_error($database->dblink));
|
||||
|
||||
if (!$beginnersProtection)
|
||||
@@ -113,7 +116,7 @@ else
|
||||
$protection = time();
|
||||
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET
|
||||
protect = '".$protection."'
|
||||
WHERE id = $uid") or die(mysqli_error($database->dblink));
|
||||
WHERE id = ".(int) $uid) or die(mysqli_error($database->dblink));
|
||||
}
|
||||
|
||||
$database->updateUserField($uid,"act","",1);
|
||||
@@ -128,7 +131,7 @@ WHERE id = $uid") or die(mysqli_error($database->dblink));
|
||||
|
||||
//insert village with all resource and building with random level
|
||||
$time = time();
|
||||
$q = "INSERT INTO ".TB_PREFIX."vdata (`wref`,`owner`,`name`,`capital`,`pop`,`cp`,`celebration`,`type`,`wood`,`clay`,`iron`,`maxstore`,`crop`,`maxcrop`,`lastupdate`,`loyalty`,`exp1`,`exp2`,`exp3`,`created`) values ('$wid','$uid','".$userName."\'s village',1,200,1,0,0,$rand_resource,$rand_resource,$rand_resource,$cap_storage,$rand_resource,$cap_storage,$time,100,0,0,0,$time)";
|
||||
$q = "INSERT INTO ".TB_PREFIX."vdata (`wref`,`owner`,`name`,`capital`,`pop`,`cp`,`celebration`,`type`,`wood`,`clay`,`iron`,`maxstore`,`crop`,`maxcrop`,`lastupdate`,`loyalty`,`exp1`,`exp2`,`exp3`,`created`) values (".(int) $wid.",".(int) $uid.",'".$userName."\'s village',1,200,1,0,0,$rand_resource,$rand_resource,$rand_resource,$cap_storage,$rand_resource,$cap_storage,$time,100,0,0,0,$time)";
|
||||
mysqli_query($GLOBALS["link"], $q) or die(mysqli_error($database->dblink));
|
||||
$q = "insert into ".TB_PREFIX."fdata (`vref`,`f1`,`f1t`,`f2`,`f2t`,`f3`,`f3t`,`f4`,`f4t`,`f5`,`f5t`,`f6`,`f6t`,`f7`,`f7t`,`f8`,`f8t`,`f9`,`f9t`,`f10`,`f10t`,`f11`,`f11t`,`f12`,`f12t`,`f13`,`f13t`,`f14`,`f14t`,`f15`,`f15t`,`f16`,`f16t`,`f17`,`f17t`,`f18`,`f18t`,`f19`,`f19t`,`f20`,`f20t`,`f21`,`f21t`,`f22`,`f22t`,`f23`,`f23t`,`f24`,`f24t`,`f25`,`f25t`,`f26`,`f26t`,`f27`,`f27t`,`f28`,`f28t`,`f29`,`f29t`,`f30`,`f30t`,`f31`,`f31t`,`f32`,`f32t`,`f33`,`f33t`,`f34`,`f34t`,`f35`,`f35t`,`f36`,`f36t`,`f37`,`f37t`,`f38`,`f38t`,`f39`,`f39t`,`f40`,`f40t`,`f99`,`f99t`,`wwname`) values ($wid ,".rand(5,10).",1,".rand(5,10).",4,".rand(5,10).",1,".rand(5,10).",3,".rand(5,10).",2,".rand(5,10).",2,".rand(5,10).",3,".rand(5,10).",4,".rand(5,10).",4,".rand(5,10).",3,".rand(5,10).",3,".rand(5,10).",4,".rand(5,10).",4,".rand(5,10).",1,".rand(5,10).",4,".rand(5,10).",2,".rand(5,10).",1,".rand(5,10).",2,".rand(2,5).",8,".rand(5,20).",37,".rand(10,20).",26,".rand(10,20).",22,".rand(10,20).",19,".rand(2,5).",9,$level_storage,11,".rand(10,20).",15,".rand(10,20).",20,0,0,".rand(10,15).",17,$level_storage,10,".rand(5,10).",12,0,0,10,23,0,0,0,0,0,0,0,0,".rand(5,10).",18,".rand(5,10).",16,0,0,0,0,'World Wonder')";
|
||||
mysqli_query($GLOBALS["link"], $q);
|
||||
|
||||
@@ -14,7 +14,7 @@ if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$id = $_POST['id'];
|
||||
$id = (int) $_POST['id'];
|
||||
$admid = $_POST['admid'];
|
||||
|
||||
//$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$admid."");
|
||||
@@ -26,22 +26,26 @@ if (!isset($_SESSION)) {
|
||||
|
||||
if($_SESSION['access'] != ADMIN) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
|
||||
|
||||
$access = $_POST['access'];
|
||||
$dur = $_POST['protect'] * 86400;
|
||||
foreach ($_POST as $key => $value) {
|
||||
$_POST[$key] = $database->escape($value);
|
||||
}
|
||||
|
||||
$access = (int) $_POST['access'];
|
||||
$dur = (int) $_POST['protect'] * 86400;
|
||||
$protection = (time() + $dur);
|
||||
|
||||
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET
|
||||
access = ".$access.",
|
||||
gold = ".$_POST['gold'].",
|
||||
sit1 = '".$_POST['sitter1']."',
|
||||
sit2 = '".$_POST['sitter2']."',
|
||||
gold = ".(int) $_POST['gold'].",
|
||||
sit1 = '".(int) $_POST['sitter1']."',
|
||||
sit2 = '".(int) $_POST['sitter2']."',
|
||||
protect = '".$protection."',
|
||||
cp = ".$_POST['cp'].",
|
||||
ap = '".$_POST['off']."',
|
||||
dp = '".$_POST['def']."',
|
||||
RR = '".$_POST['res']."',
|
||||
apall = '".$_POST['ooff']."',
|
||||
dpall = '".$_POST['odef']."'
|
||||
cp = ".(int) $_POST['cp'].",
|
||||
ap = '".(int) $_POST['off']."',
|
||||
dp = '".(int) $_POST['def']."',
|
||||
RR = '".(int) $_POST['res']."',
|
||||
apall = '".(int) $_POST['ooff']."',
|
||||
dpall = '".(int) $_POST['odef']."'
|
||||
WHERE id = ".$id."") or die(mysqli_error($database->dblink));
|
||||
|
||||
header("Location: ../../../Admin/admin.php?p=player&uid=".$id."");
|
||||
|
||||
@@ -15,8 +15,8 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$id = $_POST['id'];
|
||||
$admid = $_POST['admid'];
|
||||
$id = (int) $_POST['id'];
|
||||
$admid = (int) $_POST['admid'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$admid."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
@@ -24,7 +24,7 @@ $sessionaccess = $access['access'];
|
||||
|
||||
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
|
||||
|
||||
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET cp = cp + ".$_POST['cp']." WHERE id = ".$id."");
|
||||
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET cp = cp + ".(int) $_POST['cp']." WHERE id = ".$id."");
|
||||
|
||||
header("Location: ../../../Admin/admin.php?p=player&uid=".$id."");
|
||||
?>
|
||||
@@ -15,9 +15,9 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$delete = $_POST['medalid'];
|
||||
$aid = $_POST['aid'];
|
||||
$session = $_POST['admid'];
|
||||
$delete = (int) $_POST['medalid'];
|
||||
$aid =(int) $_POST['aid'];
|
||||
$session = (int) $_POST['admid'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
|
||||
@@ -15,9 +15,9 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$allyid = $_POST['allyid'];
|
||||
$aid = $_POST['aid'];
|
||||
$session = $_POST['admid'];
|
||||
$allyid =(int) $_POST['allyid'];
|
||||
$aid = (int) $_POST['aid'];
|
||||
$session = (int) $_POST['admid'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
|
||||
@@ -15,8 +15,8 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$deleteweek = $_POST['deleteweek'];
|
||||
$session = $_POST['admid'];
|
||||
$deleteweek = (int) $_POST['deleteweek'];
|
||||
$session = (int) $_POST['admid'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
|
||||
@@ -15,8 +15,8 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$userid = $_POST['userid'];
|
||||
$session = $_POST['admid'];
|
||||
$userid = (int) $_POST['userid'];
|
||||
$session = (int) $_POST['admid'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
|
||||
@@ -15,8 +15,8 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$deleteweek = $_POST['medalweek'];
|
||||
$session = $_POST['admid'];
|
||||
$deleteweek = (int) $_POST['medalweek'];
|
||||
$session = (int) $_POST['admid'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
|
||||
@@ -15,8 +15,8 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$session = $_POST['admid'];
|
||||
$id = $_POST['uid'];
|
||||
$session = (int) $_POST['admid'];
|
||||
$id = (int) $_POST['uid'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
if(!isset($_SESSION)) session_start();
|
||||
if($_SESSION['access'] < 9) die(ACCESS_DENIED_ADMIN);
|
||||
include_once("../../Database.php");
|
||||
$id = $_POST['id'];
|
||||
$id = (int) $_POST['id'];
|
||||
|
||||
$myFile = "../../config.php";
|
||||
$fh = fopen($myFile, 'w') or die("<br/><br/><br/>Can't open file: GameEngine\config.php");
|
||||
|
||||
@@ -18,7 +18,11 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$id = $_POST['id'];
|
||||
foreach ($_POST as $key => $value) {
|
||||
$_POST[$key] = $database->escape($value);
|
||||
}
|
||||
|
||||
$id = (int) $_POST['id'];
|
||||
|
||||
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."fdata SET
|
||||
f1 = '".$_POST['id1level']."',
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
if(!isset($_SESSION)) session_start();
|
||||
if($_SESSION['access'] < 9) die(ACCESS_DENIED_ADMIN);
|
||||
include_once("../../Database.php");
|
||||
$id = $_POST['id'];
|
||||
$id = (int) $_POST['id'];
|
||||
|
||||
$myFile = "../../config.php";
|
||||
$fh = fopen($myFile, 'w') or die("<br/><br/><br/>Can't open file: GameEngine\config.php");
|
||||
|
||||
@@ -14,6 +14,11 @@ if(!isset($_SESSION)) session_start();
|
||||
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
|
||||
include_once("../../Database.php");
|
||||
$status="&ce=1";
|
||||
|
||||
foreach ($_POST as $key => $value) {
|
||||
$_POST[$key] = $database->escape($value);
|
||||
}
|
||||
|
||||
if(isset($_POST['id'])) {
|
||||
$_POST['hname'] = trim(stripslashes($_POST['hname']));
|
||||
if ($_POST['hname']=="") {
|
||||
@@ -23,13 +28,13 @@ if(isset($_POST['id'])) {
|
||||
|
||||
include_once("../../Data/hero_full.php");
|
||||
|
||||
$id = $_POST['id'];
|
||||
$id = (int) $_POST['id'];
|
||||
|
||||
$q = "UPDATE ".TB_PREFIX."hero SET unit=".$_POST['hunit'].", name='".$_POST['hname']."', level=".$_POST['hlvl'].", points=".$_POST['exp'].", experience=".$hero_levels[$_POST['hlvl']].", health=".$_POST['hhealth'].",
|
||||
attack=".$_POST['hatk'].", defence=".$_POST['hdef'].", attackbonus=".$_POST['hob'].", defencebonus=".$_POST['hdb'].", regeneration=".$_POST['hrege']." WHERE uid = ".$id;
|
||||
$q = "UPDATE ".TB_PREFIX."hero SET unit=".(int) $_POST['hunit'].", name='".$_POST['hname']."', level=".(int) $_POST['hlvl'].", points=".(int) $_POST['exp'].", experience=".(int) $hero_levels[$_POST['hlvl']].", health='".$_POST['hhealth']."',
|
||||
attack=".(int) $_POST['hatk'].", defence=".(int) $_POST['hdef'].", attackbonus=".(int) $_POST['hob'].", defencebonus=".(int) $_POST['hdb'].", regeneration=".(int) $_POST['hrege']." WHERE uid = ".$id;
|
||||
$return=$database->query($q);
|
||||
if($return) {
|
||||
$database->query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Changed hero info',".time().")");
|
||||
$database->query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Changed hero info',".time().")");
|
||||
$status="&cs=1";
|
||||
}
|
||||
}
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
if(!isset($_SESSION)) session_start();
|
||||
if($_SESSION['access'] < 9) die(ACCESS_DENIED_ADMIN);
|
||||
include_once("../../Database.php");
|
||||
$id = $_POST['id'];
|
||||
$id = (int) $_POST['id'];
|
||||
|
||||
$myFile = "../../config.php";
|
||||
$fh = fopen($myFile, 'w') or die("<br/><br/><br/>Can't open file: GameEngine\config.php");
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
if(!isset($_SESSION)) session_start();
|
||||
if($_SESSION['access'] < 9) die(ACCESS_DENIED_ADMIN);
|
||||
include_once("../../Database.php");
|
||||
$id = $_POST['id'];
|
||||
$id = (int) $_POST['id'];
|
||||
|
||||
$myFile = "../../config.php";
|
||||
$fh = fopen($myFile, 'w') or die("<br/><br/><br/>Can't open file: GameEngine\config.php");
|
||||
|
||||
@@ -15,8 +15,8 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$session = $_POST['admid'];
|
||||
$id = $_POST['id'];
|
||||
$session = (int) $_POST['admid'];
|
||||
$id = (int) $_POST['id'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
@@ -25,8 +25,8 @@ $sessionaccess = $access['access'];
|
||||
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
|
||||
|
||||
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET
|
||||
apall = '".$_POST['off']."',
|
||||
dpall = '".$_POST['def']."'
|
||||
apall = '".(int) $_POST['off']."',
|
||||
dpall = '".(int) $_POST['def']."'
|
||||
WHERE id = $id") or die(mysqli_error($database->dblink));
|
||||
|
||||
header("Location: ../../../Admin/admin.php?p=player&uid=".$id."");
|
||||
|
||||
@@ -15,8 +15,8 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$session = $_POST['admid'];
|
||||
$id = $_POST['uid'];
|
||||
$session = (int) $_POST['admid'];
|
||||
$id = (int) $_POST['uid'];
|
||||
$pass = md5($_POST['newpw']);
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
|
||||
@@ -15,8 +15,8 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$session = $_POST['admid'];
|
||||
$id = $_POST['id'];
|
||||
$session = (int) $_POST['admid'];
|
||||
$id = (int) $_POST['id'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
@@ -24,11 +24,11 @@ $sessionaccess = $access['access'];
|
||||
|
||||
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
|
||||
|
||||
$pdur = $_POST['plus'] * 86400;
|
||||
$b1dur = $_POST['wood'] * 86400;
|
||||
$b2dur = $_POST['clay'] * 86400;
|
||||
$b3dur = $_POST['iron'] * 86400;
|
||||
$b4dur = $_POST['crop'] * 86400;
|
||||
$pdur = (int) $_POST['plus'] * 86400;
|
||||
$b1dur = (int) $_POST['wood'] * 86400;
|
||||
$b2dur = (int) $_POST['clay'] * 86400;
|
||||
$b3dur = (int) $_POST['iron'] * 86400;
|
||||
$b4dur = (int) $_POST['crop'] * 86400;
|
||||
|
||||
$sql1 = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$id."");
|
||||
$user = mysqli_fetch_array($sql1);
|
||||
|
||||
@@ -13,7 +13,7 @@ if(!isset($_SESSION)) session_start();
|
||||
if($_SESSION['access'] < 9) die(ACCESS_DENIED_ADMIN);
|
||||
include_once("../../Database.php");
|
||||
include_once("../../config.php");
|
||||
$id = $_POST['id'];
|
||||
$id = (int) $_POST['id'];
|
||||
|
||||
$myFile = "../../config.php";
|
||||
$fh = fopen($myFile, 'w') or die("<br/><br/><br/>Can't open file: GameEngine\config.php");
|
||||
|
||||
@@ -15,8 +15,8 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$session = $_POST['admid'];
|
||||
$id = $_POST['id'];
|
||||
$session = (int) $_POST['admid'];
|
||||
$id = (int) $_POST['id'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
@@ -24,7 +24,7 @@ $sessionaccess = $access['access'];
|
||||
|
||||
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
|
||||
|
||||
$dur = $_POST['protect'] * 86400;
|
||||
$dur = (int) $_POST['protect'] * 86400;
|
||||
$protection = (time() + $dur);
|
||||
|
||||
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET
|
||||
|
||||
@@ -15,8 +15,8 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$session = $_POST['admid'];
|
||||
$id = $_POST['did'];
|
||||
$session = (int) $_POST['admid'];
|
||||
$id = (int) $_POST['did'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
@@ -25,12 +25,12 @@ $sessionaccess = $access['access'];
|
||||
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
|
||||
|
||||
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."vdata SET
|
||||
wood = '".$_POST['wood']."',
|
||||
clay = '".$_POST['clay']."',
|
||||
iron = '".$_POST['iron']."',
|
||||
crop = '".$_POST['crop']."',
|
||||
maxstore = '".$_POST['maxstore']."',
|
||||
maxcrop = '".$_POST['maxcrop']."'
|
||||
wood = '".(int) $_POST['wood']."',
|
||||
clay = '".(int) $_POST['clay']."',
|
||||
iron = '".(int) $_POST['iron']."',
|
||||
crop = '".(int) $_POST['crop']."',
|
||||
maxstore = '".(int) $_POST['maxstore']."',
|
||||
maxcrop = '".(int) $_POST['maxcrop']."'
|
||||
WHERE wref = '".$id."'") or die(mysqli_error($database->dblink));
|
||||
|
||||
header("Location: ../../../Admin/admin.php?p=village&did=".$id."");
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
if(!isset($_SESSION)) session_start();
|
||||
if($_SESSION['access'] < 9) die(ACCESS_DENIED_ADMIN);
|
||||
include_once("../../Database.php");
|
||||
$id = $_POST['id'];
|
||||
$id = (int) $_POST['id'];
|
||||
|
||||
$myFile = "../../config.php";
|
||||
$fh = fopen($myFile, 'w') or die("<br/><br/><br/>Can't open file: GameEngine\config.php");
|
||||
|
||||
@@ -15,8 +15,8 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$session = $_POST['admid'];
|
||||
$id = $_POST['id'];
|
||||
$session = (int) $_POST['admid'];
|
||||
$id = (int) $_POST['id'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
|
||||
@@ -15,8 +15,12 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$session = $_POST['admid'];
|
||||
$id = $_POST['id'];
|
||||
foreach ($_POST as $key => $value) {
|
||||
$_POST[$key] = $database->escape($value);
|
||||
}
|
||||
|
||||
$session = (int) $_POST['admid'];
|
||||
$id = (int) $_POST['id'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
@@ -26,7 +30,7 @@ if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not
|
||||
|
||||
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET
|
||||
email = '".$_POST['email']."',
|
||||
tribe = ".$_POST['tribe'].",
|
||||
tribe = ".(int) $_POST['tribe'].",
|
||||
location = '".$_POST['location']."',
|
||||
desc1 = '".$_POST['desc1']."',
|
||||
desc2 = '".$_POST['desc2']."',
|
||||
|
||||
@@ -15,8 +15,12 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$uid = $_POST['uid'];
|
||||
$session = $_POST['admid'];
|
||||
foreach ($_POST as $key => $value) {
|
||||
$_POST[$key] = $database->escape($value);
|
||||
}
|
||||
|
||||
$uid = (int) $_POST['uid'];
|
||||
$session = (int) $_POST['admid'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
|
||||
@@ -15,8 +15,8 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$session = $_POST['admid'];
|
||||
$id = $_POST['did'];
|
||||
$session = (int) $_POST['admid'];
|
||||
$id = (int) $_POST['did'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
|
||||
@@ -15,8 +15,8 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$session = $_POST['admid'];
|
||||
$id = $_POST['id'];
|
||||
$session = (int) $_POST['admid'];
|
||||
$id = (int) $_POST['id'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
@@ -25,9 +25,9 @@ $sessionaccess = $access['access'];
|
||||
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
|
||||
|
||||
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET
|
||||
ap = '".$_POST['off']."',
|
||||
dp = '".$_POST['def']."',
|
||||
RR = '".$_POST['res']."'
|
||||
ap = '".(int) $_POST['off']."',
|
||||
dp = '".(int) $_POST['def']."',
|
||||
RR = '".(int) $_POST['res']."'
|
||||
WHERE id = $id") or die(mysqli_error($database->dblink));
|
||||
|
||||
header("Location: ../../../Admin/admin.php?p=player&uid=".$id."");
|
||||
|
||||
@@ -21,7 +21,7 @@ function mysqli_result($res, $row, $field=0) {
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$session = $_POST['admid'];
|
||||
$session = (int) $_POST['admid'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
|
||||
@@ -21,7 +21,7 @@ function mysqli_result($res, $row, $field=0) {
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$session = $_POST['admid'];
|
||||
$session = (int) $_POST['admid'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
@@ -32,10 +32,10 @@ if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not
|
||||
$sql = "SELECT id FROM ".TB_PREFIX."users ORDER BY ID DESC LIMIT 1";
|
||||
$loops = mysqli_result(mysqli_query($GLOBALS["link"], $sql), 0);
|
||||
|
||||
$wood = $_POST['wood'] * 86400;
|
||||
$clay = $_POST['clay'] * 86400;
|
||||
$iron = $_POST['iron'] * 86400;
|
||||
$crop = $_POST['crop'] * 86400;
|
||||
$wood = (int) $_POST['wood'] * 86400;
|
||||
$clay = (int) $_POST['clay'] * 86400;
|
||||
$iron = (int) $_POST['iron'] * 86400;
|
||||
$crop = (int) $_POST['crop'] * 86400;
|
||||
|
||||
for($i = 0; $i < $loops + 1; $i++)
|
||||
{
|
||||
|
||||
@@ -17,7 +17,7 @@ error_reporting(E_ALL);
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$session = $_POST['admid'];
|
||||
$session = (int) $_POST['admid'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
@@ -25,7 +25,7 @@ $sessionaccess = $access['access'];
|
||||
|
||||
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
|
||||
|
||||
$q = "UPDATE ".TB_PREFIX."users SET gold = gold + ".$_POST['gold']." WHERE id != '0'";
|
||||
$q = "UPDATE ".TB_PREFIX."users SET gold = gold + ".(int) $_POST['gold']." WHERE id != '0'";
|
||||
mysqli_query($GLOBALS["link"], $q) or die(mysqli_error($database->dblink));
|
||||
|
||||
header("Location: ../../../Admin/admin.php?p=maintenenceResetPlusBonus&g");
|
||||
|
||||
@@ -17,7 +17,7 @@ error_reporting(E_ALL);
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$session = $_POST['admid'];
|
||||
$session = (int) $_POST['admid'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
@@ -25,7 +25,7 @@ $sessionaccess = $access['access'];
|
||||
|
||||
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
|
||||
|
||||
$q = "UPDATE ".TB_PREFIX."users SET gold = gold + ".$_POST['gold']." WHERE id != '0'";
|
||||
$q = "UPDATE ".TB_PREFIX."users SET gold = gold + ".(int) $_POST['gold']." WHERE id != '0'";
|
||||
mysqli_query($GLOBALS["link"], $q) or die(mysqli_error($database->dblink));
|
||||
|
||||
header("Location: ../../../Admin/admin.php?p=gold&g");
|
||||
|
||||
@@ -15,8 +15,8 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$session = $_POST['admid'];
|
||||
$id = $_POST['id'];
|
||||
$session = (int) $_POST['admid'];
|
||||
$id = (int) $_POST['id'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
@@ -24,7 +24,7 @@ $sessionaccess = $access['access'];
|
||||
|
||||
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
|
||||
|
||||
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET gold = gold + ".$_POST['gold']." WHERE id = ".$id."");
|
||||
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET gold = gold + ".(int) $_POST['gold']." WHERE id = ".$id."");
|
||||
|
||||
header("Location: ../../../Admin/admin.php?p=usergold&g");
|
||||
?>
|
||||
@@ -15,7 +15,11 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$session = $_POST['admid'];
|
||||
foreach ($_POST as $key => $value) {
|
||||
$_POST[$key] = $database->escape($value);
|
||||
}
|
||||
|
||||
$session = (int) $_POST['admid'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
@@ -25,7 +29,7 @@ if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not
|
||||
|
||||
$users = mysqli_num_rows(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users"));
|
||||
|
||||
$duration = $_POST['duration'] * 3600;
|
||||
$duration = (int) $_POST['duration'] * 3600;
|
||||
$start = $_POST['start'];
|
||||
$startts = strtotime($start);
|
||||
$endts = $startts + $duration;
|
||||
@@ -49,7 +53,7 @@ for($i = 0; $i < $loops + 1; $i++)
|
||||
$result = mysqli_query($GLOBALS["link"], $query);
|
||||
while($row = mysqli_fetch_assoc($result))
|
||||
{
|
||||
mysqli_query($GLOBALS["link"], "INSERT INTO ".TB_PREFIX."banlist ".$row['id'].", ".$row['username'].", ".$reason.", ".$startts.", ".$endts.", ".$admin.", ".$active."");
|
||||
mysqli_query($GLOBALS["link"], "INSERT INTO ".TB_PREFIX."banlist VALUES('', ".(int) $row['id'].", '".$row['username']."', '".$reason."', ".(int) $startts.", ".(int) $endts.", ".(int) $admin.", ".(int) $active.")");
|
||||
##mysqli_query($GLOBALS["link"], "INSERT INTO ".TB_PREFIX."banlist (`uid`, `name`, `reason`, `time`, `end`, `admin`, `active`) VALUES (".$row['id'].", '".$row['username']."' , '$reason', '$startts', '$endts', '$admin', '1')");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,7 +15,7 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$session = $_POST['admid'];
|
||||
$session = (int) $_POST['admid'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
|
||||
@@ -15,7 +15,7 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$session = $_POST['admid'];
|
||||
$session = (int) $_POST['admid'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
|
||||
@@ -15,7 +15,7 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$session = $_POST['admid'];
|
||||
$session = (int) $_POST['admid'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
|
||||
@@ -15,7 +15,7 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$session = $_POST['admid'];
|
||||
$session = (int) $_POST['admid'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
|
||||
@@ -15,7 +15,11 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$session = $_POST['admid'];
|
||||
foreach ($_POST as $key => $value) {
|
||||
$_POST[$key] = $database->escape($value);
|
||||
}
|
||||
|
||||
$session = (int) $_POST['admid'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
|
||||
@@ -18,8 +18,9 @@ mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
if (!isset($_SESSION)) session_start();
|
||||
if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!");
|
||||
|
||||
$medalid = $_POST['medalid'];
|
||||
$uid = $_POST['uid'];
|
||||
$medalid = (int) $_POST['medalid'];
|
||||
$uid = (int) $_POST['uid'];
|
||||
$admid = (int) $_POST['admid'];
|
||||
|
||||
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."medal set del = 1 WHERE id = ".$medalid."");
|
||||
|
||||
@@ -29,7 +30,7 @@ $name = mysqli_result($name, 0);
|
||||
mysqli_query($GLOBALS["link"], "Insert into ".TB_PREFIX."admin_log values (0,$admid,'Deleted medal id [#".$medalid."] from the user <a href=\'admin.php?p=player&uid=$uid\'>$name</a> ',".time().")");
|
||||
|
||||
|
||||
$deleteweek = $_POST['medalweek'];
|
||||
$deleteweek = (int) $_POST['medalweek'];
|
||||
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."medal set del = 1 WHERE week = ".$deleteweek."");
|
||||
|
||||
header("Location: ../../../Admin/admin.php?p=player&uid=".$uid."");
|
||||
|
||||
@@ -15,8 +15,8 @@ include_once("../../Automation.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$id = $_POST['id'];
|
||||
$amt = $_POST['vill_amount'];
|
||||
$id = (int) $_POST['id'];
|
||||
$amt = (int) $_POST['vill_amount'];
|
||||
|
||||
for($i=1;$i<=$amt;$i++) {
|
||||
|
||||
|
||||
@@ -15,8 +15,8 @@ include_once("../../Automation.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$id = $_POST['id'];
|
||||
$amt = $_POST['vill_amount'];
|
||||
$id = (int) $_POST['id'];
|
||||
$amt = (int) $_POST['vill_amount'];
|
||||
|
||||
for($i=1;$i<=$amt;$i++) {
|
||||
|
||||
|
||||
@@ -12,11 +12,15 @@ if (!isset($_SESSION)) session_start();
|
||||
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
|
||||
include_once("../../config.php");
|
||||
|
||||
foreach ($_POST as $key => $value) {
|
||||
$_POST[$key] = $database->escape($value);
|
||||
}
|
||||
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$session = $_POST['admid'];
|
||||
$id = $_POST['id'];
|
||||
$session = (int) $_POST['admid'];
|
||||
$id = (int) $_POST['id'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
|
||||
@@ -15,9 +15,15 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$did = $_POST['did'];
|
||||
$nameorig = $_POST['villagename'];
|
||||
|
||||
foreach ($_POST as $key => $value) {
|
||||
$_POST[$key] = $database->escape($value);
|
||||
}
|
||||
|
||||
$did = (int) $_POST['did'];
|
||||
$name = $_POST['villagename'];
|
||||
$session = $_POST['admid'];
|
||||
$session = (int) $_POST['admid'];
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
$access = mysqli_fetch_array($sql);
|
||||
@@ -28,5 +34,5 @@ if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not
|
||||
$sql = "UPDATE ".TB_PREFIX."vdata SET name = '$name' WHERE wref = $did";
|
||||
mysqli_query($GLOBALS["link"], $sql);
|
||||
|
||||
header("Location: ../../../Admin/admin.php?p=village&did=".$did."&name=".$name."");
|
||||
header("Location: ../../../Admin/admin.php?p=village&did=".$did."&name=".$nameorig."");
|
||||
?>
|
||||
@@ -15,7 +15,7 @@ include_once("../../config.php");
|
||||
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
|
||||
mysqli_select_db($GLOBALS["link"], SQL_DB);
|
||||
|
||||
$session = $_POST['admid'];
|
||||
$session = (int) $_POST['admid'];
|
||||
|
||||
|
||||
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
|
||||
|
||||
@@ -16,6 +16,14 @@
|
||||
## Source code: https://github.com/Shadowss/TravianZ ##
|
||||
## ##
|
||||
#################################################################################
|
||||
if (!function_exists('mysqli_result')) {
|
||||
function mysqli_result($res, $row, $field=0) {
|
||||
$res->data_seek($row);
|
||||
$datarow = $res->fetch_array();
|
||||
return $datarow[$field];
|
||||
}
|
||||
}
|
||||
|
||||
if(isset($gameinstall) && $gameinstall == 1){
|
||||
include_once("../../GameEngine/config.php");
|
||||
include_once("../../GameEngine/Data/buidata.php");
|
||||
@@ -35,6 +43,8 @@ class adm_DB {
|
||||
}
|
||||
|
||||
function Login($username,$password){
|
||||
global $database;
|
||||
list($username,$password) = $database->escape_input($username,$password);
|
||||
$q = "SELECT password FROM ".TB_PREFIX."users where username = '$username' and access >= ".MULTIHUNTER;
|
||||
$result = mysqli_query($this->connection,$q);
|
||||
$dbarray = mysqli_fetch_array($result);
|
||||
@@ -70,7 +80,7 @@ class adm_DB {
|
||||
}
|
||||
}
|
||||
|
||||
$q = "UPDATE ".TB_PREFIX."vdata set pop = $popTot where wref = $vid";
|
||||
$q = "UPDATE ".TB_PREFIX."vdata set pop = $popTot where wref = ".(int) $vid;
|
||||
mysqli_query($this->connection, $q);
|
||||
}
|
||||
|
||||
@@ -85,7 +95,7 @@ class adm_DB {
|
||||
$popTot += $this->buildingCP($building,$lvl);
|
||||
}
|
||||
}
|
||||
$q = "UPDATE ".TB_PREFIX."vdata set cp = $popTot where wref = $vid";
|
||||
$q = "UPDATE ".TB_PREFIX."vdata set cp = $popTot where wref = ".(int) $vid;
|
||||
mysqli_query($this->connection,$q);
|
||||
}
|
||||
|
||||
@@ -114,7 +124,7 @@ class adm_DB {
|
||||
}
|
||||
|
||||
function getWref($x,$y) {
|
||||
$q = "SELECT id FROM ".TB_PREFIX."wdata where x = $x and y = $y";
|
||||
$q = "SELECT id FROM ".TB_PREFIX."wdata where x = ".(int) $x." and y = ".(int) $y;
|
||||
$result = mysqli_query($this->connection,$q);
|
||||
$r = mysqli_fetch_array($result);
|
||||
return $r['id'];
|
||||
@@ -127,7 +137,7 @@ class adm_DB {
|
||||
$status = $database->getVillageState($wid);
|
||||
$status = 0;
|
||||
if($status == 0){
|
||||
mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Added new village <b><a href=\'admin.php?p=village&did=$wid\'>$wid</a></b> to user <b><a href=\'admin.php?p=player&uid=$uid\'>$uid</a></b>',".time().")");
|
||||
mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Added new village <b><a href=\'admin.php?p=village&did=$wid\'>$wid</a></b> to user <b><a href=\'admin.php?p=player&uid=$uid\'>$uid</a></b>',".time().")");
|
||||
$database->setFieldTaken($wid);
|
||||
$database->addVillage($wid,$uid,'new village','0');
|
||||
$database->addResourceFields($wid,$database->getVillageType($wid));
|
||||
@@ -164,23 +174,23 @@ class adm_DB {
|
||||
}
|
||||
if($post['clean_ware']){
|
||||
$time = time();
|
||||
$q = "UPDATE ".TB_PREFIX."vdata SET `wood` = '0', `clay` = '0', `iron` = '0', `crop` = '0', `lastupdate` = '$time' WHERE wref = $vid;";
|
||||
$q = "UPDATE ".TB_PREFIX."vdata SET `wood` = '0', `clay` = '0', `iron` = '0', `crop` = '0', `lastupdate` = '$time' WHERE wref = ".(int) $vid;
|
||||
mysqli_query($this->connection,$q);
|
||||
}
|
||||
}
|
||||
mysqli_query($this->connection,"Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Punished user: <a href=\'admin.php?p=player&uid=".$post['uid']."\'>".$post['uid']."</a> with <b>-".$post['punish']."%</b> population',".time().")");
|
||||
mysqli_query($this->connection,"Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Punished user: <a href=\'admin.php?p=player&uid=".(int) $post['uid']."\'>".(int) $post['uid']."</a> with <b>-".(int) $post['punish']."%</b> population',".time().")");
|
||||
}
|
||||
|
||||
function PunishBuilding($vid,$proc,$pop){
|
||||
global $database;
|
||||
$q = "UPDATE ".TB_PREFIX."vdata set pop = $pop where wref = $vid;";
|
||||
$q = "UPDATE ".TB_PREFIX."vdata set pop = ".(int) $pop." where wref = ".(int) $vid;
|
||||
mysqli_query($this->connection,$q);
|
||||
$fdata = $database->getResourceLevel($vid);
|
||||
for ($i = 1; $i <= 40; $i++) {
|
||||
if($fdata['f'.$i]>1){
|
||||
$zm = ($fdata['f'.$i]/100)*$proc;
|
||||
if($zm < 1){$zm = 1;}else{$zm = floor($zm);}
|
||||
$q = "UPDATE ".TB_PREFIX."fdata SET `f$i` = '$zm' WHERE `vref` = $vid;";
|
||||
$q = "UPDATE ".TB_PREFIX."fdata SET `f$i` = '$zm' WHERE `vref` = ".(int) $vid;
|
||||
mysqli_query($this->connection, $q);
|
||||
}
|
||||
}
|
||||
@@ -193,24 +203,24 @@ class adm_DB {
|
||||
}
|
||||
|
||||
function DelUnits2($vid,$unit){
|
||||
$q = "UPDATE ".TB_PREFIX."units SET `u$unit` = '0' WHERE `vref` = $vid;";
|
||||
$q = "UPDATE ".TB_PREFIX."units SET `u$unit` = '0' WHERE `vref` = ".(int) $vid;
|
||||
mysqli_query($this->connection,$q);
|
||||
}
|
||||
|
||||
function DelPlayer($uid,$pass){
|
||||
global $database;
|
||||
$ID = $_SESSION['id'];//$database->getUserField($_SESSION['username'],'id',1);
|
||||
$ID = (int) $_SESSION['id'];//$database->getUserField($_SESSION['username'],'id',1);
|
||||
if($this->CheckPass($pass,$ID)){
|
||||
$villages = $database->getProfileVillages($uid);
|
||||
for ($i = 0; $i <= count($villages)-1; $i++) {
|
||||
$this->DelVillage($villages[$i]['wref'], 1);
|
||||
}
|
||||
$q = "DELETE FROM ".TB_PREFIX."hero where uid = $uid";
|
||||
$q = "DELETE FROM ".TB_PREFIX."hero where uid = ".(int) $uid;
|
||||
mysqli_query($this->connection,$q);
|
||||
|
||||
$name = $database->getUserField($uid,"username",0);
|
||||
mysqli_query($this->connection,"Insert into ".TB_PREFIX."admin_log values (0,$ID,'Deleted user <a>$name</a>',".time().")");
|
||||
$q = "DELETE FROM ".TB_PREFIX."users WHERE `id` = $uid;";
|
||||
$q = "DELETE FROM ".TB_PREFIX."users WHERE `id` = ".(int) $uid;
|
||||
mysqli_query($this->connection,$q);
|
||||
}
|
||||
}
|
||||
@@ -223,7 +233,7 @@ class adm_DB {
|
||||
}
|
||||
|
||||
function CheckPass($password,$uid){
|
||||
$q = "SELECT password FROM ".TB_PREFIX."users where id = '$uid' and access = ".ADMIN;
|
||||
$q = "SELECT password FROM ".TB_PREFIX."users where id = ".(int) $uid." and access = ".ADMIN;
|
||||
$result = mysqli_query($this->connection, $q);
|
||||
$dbarray = mysqli_fetch_array($result);
|
||||
if($dbarray['password'] == md5($password)) {
|
||||
@@ -235,6 +245,7 @@ class adm_DB {
|
||||
|
||||
function DelVillage($wref, $mode=0){
|
||||
global $database;
|
||||
$wref = (int) $wref;
|
||||
if($mode==0){
|
||||
$q = "SELECT * FROM ".TB_PREFIX."vdata WHERE `wref` = $wref and capital = 0";
|
||||
}else{
|
||||
@@ -242,7 +253,7 @@ class adm_DB {
|
||||
}
|
||||
$result = mysqli_query($this->connection, $q);
|
||||
if(mysqli_num_rows($result) > 0){
|
||||
mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Deleted village <b>$wref</b>',".time().")");
|
||||
mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Deleted village <b>$wref</b>',".time().")");
|
||||
|
||||
$database->clearExpansionSlot($wref);
|
||||
|
||||
@@ -315,8 +326,9 @@ class adm_DB {
|
||||
|
||||
function DelBan($uid,$id){
|
||||
global $database;
|
||||
$name = addslashes($database->getUserField($uid,"username",0));
|
||||
mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Unbanned user <a href=\'admin.php?p=player&uid=$uid\'>$name</a>',".time().")");
|
||||
$name = addslashes($database->getUserField($uid,"username",0));
|
||||
$uid = (int) $uid;
|
||||
mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Unbanned user <a href=\'admin.php?p=player&uid=$uid\'>$name</a>',".time().")");
|
||||
$q = "UPDATE ".TB_PREFIX."users SET `access` = '".USER."' WHERE `id` = $uid;";
|
||||
mysqli_query($this->connection, $q);
|
||||
$q = "UPDATE ".TB_PREFIX."banlist SET `active` = '0' WHERE `id` = $id;";
|
||||
@@ -326,41 +338,53 @@ class adm_DB {
|
||||
function AddBan($uid,$end,$reason){
|
||||
global $database;
|
||||
$name = addslashes($database->getUserField($uid,"username",0));
|
||||
mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Banned user <a href=\'admin.php?p=player&uid=$uid\'>$name</a>',".time().")");
|
||||
$q = "UPDATE ".TB_PREFIX."users SET `access` = '0' WHERE `id` = $uid;";
|
||||
list($end,$reason) = $database->escape_input($end,$reason);
|
||||
$uid = (int) $uid;
|
||||
mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Banned user <a href=\'admin.php?p=player&uid=$uid\'>$name</a>',".time().")");
|
||||
$q = "UPDATE ".TB_PREFIX."users SET `access` = '0' WHERE `id` = $uid";
|
||||
mysqli_query($this->connection, $q);
|
||||
$time = time();
|
||||
$admin = $_SESSION['id']; //$database->getUserField($_SESSION['username'],'id',1);
|
||||
$admin = (int) $_SESSION['id']; //$database->getUserField($_SESSION['username'],'id',1);
|
||||
$name = addslashes($database->getUserField($uid,'username',0));
|
||||
$q = "INSERT INTO ".TB_PREFIX."banlist (`uid`, `name`, `reason`, `time`, `end`, `admin`, `active`) VALUES ($uid, '$name' , '$reason', '$time', '$end', '$admin', '1');";
|
||||
mysqli_query($this->connection, $q);
|
||||
}
|
||||
|
||||
function search_player($player){
|
||||
global $database;
|
||||
$player = $database->escape($player);
|
||||
$q = "SELECT id,username FROM ".TB_PREFIX."users WHERE `username` LIKE '%$player%' and username != 'support'";
|
||||
$result = mysqli_query($this->connection, $q);
|
||||
return $this->mysqli_fetch_all($result);
|
||||
}
|
||||
|
||||
function search_email($email){
|
||||
global $database;
|
||||
$email = $database->escape($email);
|
||||
$q = "SELECT id,email FROM ".TB_PREFIX."users WHERE `email` LIKE '%$email%' and username != 'support'";
|
||||
$result = mysqli_query($this->connection, $q);
|
||||
return $this->mysqli_fetch_all($result);
|
||||
}
|
||||
|
||||
function search_village($village){
|
||||
global $database;
|
||||
$village = $database->escape($village);
|
||||
$q = "SELECT * FROM ".TB_PREFIX."vdata WHERE `name` LIKE '%$village%' or `wref` LIKE '%$village%'";
|
||||
$result = mysqli_query($this->connection, $q);
|
||||
return $this->mysqli_fetch_all($result);
|
||||
}
|
||||
|
||||
function search_alliance($alliance){
|
||||
global $database;
|
||||
$alliance = $database->escape($alliance);
|
||||
$q = "SELECT * FROM ".TB_PREFIX."alidata WHERE `name` LIKE '%$alliance%' or `tag` LIKE '%$alliance%' or `id` LIKE '%$alliance%'";
|
||||
$result = mysqli_query($this->connection, $q);
|
||||
return $this->mysqli_fetch_all($result);
|
||||
}
|
||||
|
||||
function search_ip($ip){
|
||||
global $database;
|
||||
$ip = $database->escape($ip);
|
||||
$q = "SELECT * FROM ".TB_PREFIX."login_log WHERE `ip` LIKE '%$ip%'";
|
||||
$result = mysqli_query($this->connection, $q);
|
||||
return $this->mysqli_fetch_all($result);
|
||||
@@ -519,7 +543,7 @@ class adm_DB {
|
||||
}
|
||||
|
||||
if( intval($enforce['hero']) > 0){
|
||||
$q = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".$from['owner']."";
|
||||
$q = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".(int) $from['owner']."";
|
||||
$result = mysqli_query($q);
|
||||
$hero_f=mysqli_fetch_array($result);
|
||||
$hero_unit=$hero_f['unit'];
|
||||
|
||||
@@ -92,10 +92,10 @@ class funct {
|
||||
header("Location: admin.php?p=player&uid=".$get['uid'].$error);
|
||||
exit;
|
||||
case "reviveHero":
|
||||
$result=$database->query("SELECT * FROM ".TB_PREFIX."hero WHERE uid='".$get['uid']."'");
|
||||
$result=$database->query("SELECT * FROM ".TB_PREFIX."hero WHERE uid=".(int) $get['uid']);
|
||||
$hdata=mysqli_fetch_array($result);
|
||||
$database->query("UPDATE ".TB_PREFIX."units SET hero = 1 WHERE vref = ".$hdata['wref']);
|
||||
$database->query("UPDATE ".TB_PREFIX."hero SET `dead` = '0', `inrevive` = '0', `health` = '100', `lastupdate` = ".time()." WHERE `uid` = '".$get['uid']."'");
|
||||
$database->query("UPDATE ".TB_PREFIX."units SET hero = 1 WHERE vref = ".(int) $hdata['wref']);
|
||||
$database->query("UPDATE ".TB_PREFIX."hero SET `dead` = '0', `inrevive` = '0', `health` = '100', `lastupdate` = ".time()." WHERE `uid` = ".(int) $get['uid']);
|
||||
header("Location: admin.php?p=player&uid=".$get['uid']."&rc=1");
|
||||
exit;
|
||||
case "addHero":
|
||||
@@ -104,10 +104,10 @@ class funct {
|
||||
|
||||
$database->query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`,
|
||||
`experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`,
|
||||
`intraining`) VALUES ('".$get['uid']."', '" . $vilarray['wref'] . "', '0', '".$get['u']."', '".addslashes($user['username'])."',
|
||||
`intraining`) VALUES (".(int) $get['uid'].", " . (int) $vilarray['wref'] . ", '0', ".(int) $get['u'].", '".addslashes($user['username'])."',
|
||||
'0', '5', '0', '0', '100', '0', '0', '0', '0', '".time()."', '50', '0')");
|
||||
|
||||
$database->query("UPDATE ".TB_PREFIX."units SET hero = 1 WHERE vref = ".$vilarray['wref']);
|
||||
$database->query("UPDATE ".TB_PREFIX."units SET hero = 1 WHERE vref = ".(int) $vilarray['wref']);
|
||||
|
||||
header("Location: admin.php?p=player&uid=".$get['uid']."&ac=1");
|
||||
exit;
|
||||
|
||||
Reference in New Issue
Block a user