From 331885a11050668b159b8406724da894917b67b0 Mon Sep 17 00:00:00 2001 From: Martin Ambrus Date: Thu, 19 Oct 2017 21:17:11 +0200 Subject: [PATCH] fix: remove SQL injections in Admin --- Admin/Mods/addTroops.php | 8 ++- Admin/Mods/cp.php | 4 +- Admin/Mods/deletemedalbyuser.php | 2 +- Admin/Mods/deletemedalbyweek.php | 2 +- Admin/Mods/editUser.php | 8 ++- Admin/Mods/gold.php | 10 +-- Admin/Mods/gold_1.php | 6 +- Admin/Mods/medals.php | 7 +- Admin/Mods/renameVillage.php | 10 ++- Admin/Mods/sendMessage.php | 6 +- Admin/Templates/alliance.tpl | 20 +++--- Admin/Templates/ban_msg.tpl | 2 +- Admin/Templates/delallymedal.tpl | 2 +- Admin/Templates/deletion.tpl | 2 +- Admin/Templates/delmedal.tpl | 2 +- Admin/Templates/editAccess.tpl | 4 +- Admin/Templates/editHero.tpl | 3 +- Admin/Templates/editPassword.tpl | 2 +- Admin/Templates/player.tpl | 2 +- Admin/Templates/playerheroinfo.tpl | 2 +- Admin/Templates/userillegallog.tpl | 2 +- Admin/Templates/userlogin.tpl | 2 +- Admin/Templates/village.tpl | 2 +- Admin/Templates/villagelog.tpl | 2 +- Admin/database.php | 61 +++++++++++------- Admin/function.php | 14 ++-- GameEngine/Admin/Mods/addABTroops.php | 4 +- GameEngine/Admin/Mods/addTroops.php | 6 +- GameEngine/Admin/Mods/addUsers.php | 13 ++-- GameEngine/Admin/Mods/additional.php | 28 ++++---- GameEngine/Admin/Mods/cp.php | 6 +- GameEngine/Admin/Mods/delallymedal.php | 6 +- GameEngine/Admin/Mods/delallymedalbyaid.php | 6 +- GameEngine/Admin/Mods/delallymedalbyweek.php | 4 +- GameEngine/Admin/Mods/deletemedalbyuser.php | 4 +- GameEngine/Admin/Mods/deletemedalbyweek.php | 4 +- GameEngine/Admin/Mods/editAccess.php | 4 +- GameEngine/Admin/Mods/editAdminInfo.php | 2 +- GameEngine/Admin/Mods/editBuildings.php | 6 +- GameEngine/Admin/Mods/editExtraSet.php | 2 +- GameEngine/Admin/Mods/editHero.php | 13 ++-- GameEngine/Admin/Mods/editLogSet.php | 2 +- GameEngine/Admin/Mods/editNewsboxSet.php | 2 +- GameEngine/Admin/Mods/editOverall.php | 8 +-- GameEngine/Admin/Mods/editPassword.php | 4 +- GameEngine/Admin/Mods/editPlus.php | 14 ++-- GameEngine/Admin/Mods/editPlusSet.php | 2 +- GameEngine/Admin/Mods/editProtection.php | 6 +- GameEngine/Admin/Mods/editResources.php | 16 ++--- GameEngine/Admin/Mods/editServerSet.php | 2 +- GameEngine/Admin/Mods/editSitter.php | 4 +- GameEngine/Admin/Mods/editUser.php | 10 ++- GameEngine/Admin/Mods/editUsername.php | 8 ++- GameEngine/Admin/Mods/editVillageOwner.php | 4 +- GameEngine/Admin/Mods/editWeek.php | 10 +-- GameEngine/Admin/Mods/givePlus.php | 2 +- GameEngine/Admin/Mods/givePlusRes.php | 10 +-- GameEngine/Admin/Mods/giveResBonus.php | 4 +- GameEngine/Admin/Mods/gold.php | 4 +- GameEngine/Admin/Mods/gold_1.php | 6 +- GameEngine/Admin/Mods/mainteneceBan.php | 10 ++- .../Admin/Mods/mainteneceCleanBanData.php | 2 +- GameEngine/Admin/Mods/mainteneceResetGold.php | 2 +- GameEngine/Admin/Mods/mainteneceResetPlus.php | 2 +- .../Admin/Mods/mainteneceResetPlusBonus.php | 2 +- GameEngine/Admin/Mods/mainteneceUnban.php | 6 +- GameEngine/Admin/Mods/medals.php | 7 +- GameEngine/Admin/Mods/natarbuildingplan.php | 4 +- GameEngine/Admin/Mods/natarend.php | 4 +- GameEngine/Admin/Mods/recalcWH.php | 8 ++- GameEngine/Admin/Mods/renameVillage.php | 12 +++- GameEngine/Admin/Mods/sendMessage.php | 2 +- GameEngine/Admin/database.php | 64 +++++++++++++------ GameEngine/Admin/function.php | 10 +-- 74 files changed, 327 insertions(+), 221 deletions(-) diff --git a/Admin/Mods/addTroops.php b/Admin/Mods/addTroops.php index e34d8199..31c01a45 100644 --- a/Admin/Mods/addTroops.php +++ b/Admin/Mods/addTroops.php @@ -19,7 +19,7 @@ mysqli_select_db(SQL_DB); if (!isset($_SESSION)) session_start(); if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!"); -$id = $_POST['id']; +$id = (int) $_POST['id']; $village = $database->getVillage($id); $user = $database->getUserArray($village['owner'],1); $coor = $database->getCoor($village['wref']); @@ -28,6 +28,10 @@ $type = $database->getVillageType($village['wref']); $fdata = $database->getResourceLevel($village['wref']); $units = $database->getUnit($village['wref']); +foreach ($_POST as $key => $value) { + $_POST[$key] = (int) $value; +} + $u1 = $_POST['u1']; $u2 = $_POST['u2']; $u3 = $_POST['u3']; @@ -100,7 +104,7 @@ $q = "UPDATE ".TB_PREFIX."units SET u41 = '$u41', u42 = '$u42', u43 = '$u43', u4 mysqli_query($GLOBALS["link"], $q); } -mysqli_query($GLOBALS["link"], "Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Changed troop anmount in village $id ',".time().")"); +mysqli_query($GLOBALS["link"], "Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Changed troop anmount in village $id ',".time().")"); header("Location: ../../../Admin/admin.php?p=addTroops&did=".$id."&d"); diff --git a/Admin/Mods/cp.php b/Admin/Mods/cp.php index d9dc0290..778ea80e 100644 --- a/Admin/Mods/cp.php +++ b/Admin/Mods/cp.php @@ -15,8 +15,8 @@ mysqli_select_db(SQL_DB); if (!isset($_SESSION)) session_start(); if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!"); -$id = $_POST['id']; -$admid = $_POST['admid']; +$id = (int) $_POST['id']; +$admid = (int) $_POST['admid']; mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET cp = cp + ".$_POST['cp']." WHERE id = ".$id.""); $name = $database->getUserField($id,"username",0); diff --git a/Admin/Mods/deletemedalbyuser.php b/Admin/Mods/deletemedalbyuser.php index 726c8810..879681dc 100644 --- a/Admin/Mods/deletemedalbyuser.php +++ b/Admin/Mods/deletemedalbyuser.php @@ -17,7 +17,7 @@ if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!"); -$userid = $_POST['userid']; +$userid = (int) $_POST['userid']; mysqli_query($GLOBALS["link"], "DELETE FROM ".TB_PREFIX."medal WHERE userid = ".$userid.""); header("Location: ../../../Admin/admin.php?p=player&uid=".$userid.""); diff --git a/Admin/Mods/deletemedalbyweek.php b/Admin/Mods/deletemedalbyweek.php index 5d58b0fd..5e334dcf 100644 --- a/Admin/Mods/deletemedalbyweek.php +++ b/Admin/Mods/deletemedalbyweek.php @@ -17,7 +17,7 @@ if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!"); -$deleteweek = $_POST['medalweek']; +$deleteweek = (int) $_POST['medalweek']; mysqli_query($GLOBALS["link"], "DELETE FROM ".TB_PREFIX."medal WHERE week = ".$deleteweek.""); header("Location: ../../../Admin/admin.php?p=delmedal"); diff --git a/Admin/Mods/editUser.php b/Admin/Mods/editUser.php index be7f051b..a4a7e2c7 100644 --- a/Admin/Mods/editUser.php +++ b/Admin/Mods/editUser.php @@ -15,10 +15,14 @@ mysqli_select_db(SQL_DB); if (!isset($_SESSION)) session_start(); if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!"); +foreach ($_POST as $key => $value) { + $_POST[$key] = $database->escape($value); +} + $id = $_POST['id']; $user = $database->getUserArray($id,1); -mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET email = '".$_POST['email']."', tribe = ".$_POST['tribe'].", location = '".$_POST['location']."', desc1 = '".$_POST['desc1']."', `desc2` = '".$_POST['desc2']."' WHERE id = ".$_POST['id'].""); -mysqli_query($GLOBALS["link"], "Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Changed ".$user['username']."\'s profile',".time().")"); +mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET email = '".$_POST['email']."', tribe = ".(int) $_POST['tribe'].", location = '".$_POST['location']."', desc1 = '".$_POST['desc1']."', desc2 = '".$_POST['desc2']."' WHERE id = ".(int) $_POST['id'].""); +mysqli_query($GLOBALS["link"], "Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Changed ".$user['username']."\'s profile',".time().")"); header("Location: ../../../Admin/admin.php?p=player&uid=".$id.""); diff --git a/Admin/Mods/gold.php b/Admin/Mods/gold.php index 0b026aa5..97f4074f 100644 --- a/Admin/Mods/gold.php +++ b/Admin/Mods/gold.php @@ -15,12 +15,12 @@ mysqli_select_db(SQL_DB); if (!isset($_SESSION)) session_start(); if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!"); -$id = $_POST['id']; -$gold = $_POST['gold']; +$id = (int) $_POST['id']; +$gold = (int) $_POST['gold']; - $q = "UPDATE ".TB_PREFIX."users SET gold = gold + ".$_POST['gold']." WHERE id != '0'"; - mysqli_query($GLOBALS["link"], $q); - mysqli_query($GLOBALS["link"], "Insert into ".TB_PREFIX."admin_log values (0,$id,'Added $gold gold to all users',".time().")"); +$q = "UPDATE ".TB_PREFIX."users SET gold = gold + ".$gold." WHERE id != '0'"; +mysqli_query($GLOBALS["link"], $q); +mysqli_query($GLOBALS["link"], "Insert into ".TB_PREFIX."admin_log values (0,$id,'Added $gold gold to all users',".time().")"); header("Location: ../../../Admin/admin.php?p=gold&g"); diff --git a/Admin/Mods/gold_1.php b/Admin/Mods/gold_1.php index e1f20969..0371e782 100644 --- a/Admin/Mods/gold_1.php +++ b/Admin/Mods/gold_1.php @@ -16,11 +16,11 @@ if (!isset($_SESSION)) session_start(); if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!"); $id = $_POST['id']; -$admid = $_POST['admid']; -mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET gold = gold + ".$_POST['gold']." WHERE id = ".$id.""); +$admid = (int) $_POST['admid']; +mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET gold = gold + ".(int) $_POST['gold']." WHERE id = ".(int) $id.""); $name = $database->getUserField($id,"username",0); -mysqli_query($GLOBALS["link"], "Insert into ".TB_PREFIX."admin_log values (0,$admid,'Added ".$_POST['gold']." gold to user $name ',".time().")"); +mysqli_query($GLOBALS["link"], "Insert into ".TB_PREFIX."admin_log values (0,$admid,'Added ".(int) $_POST['gold']." gold to user $name ',".time().")"); header("Location: ../../../Admin/admin.php?p=player&uid=".$id."&g=ok"); ?> \ No newline at end of file diff --git a/Admin/Mods/medals.php b/Admin/Mods/medals.php index ce73b29b..7583c253 100644 --- a/Admin/Mods/medals.php +++ b/Admin/Mods/medals.php @@ -17,8 +17,9 @@ mysqli_select_db(SQL_DB); if (!isset($_SESSION)) session_start(); if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!"); -$medalid = $_POST['medalid']; -$uid = $_POST['uid']; +$medalid = (int) $_POST['medalid']; +$uid = (int) $_POST['uid']; +$admid = (int) $_POST['admid']; mysqli_query($GLOBALS["link"], "DELETE FROM ".TB_PREFIX."medal WHERE id = ".$medalid.""); @@ -28,7 +29,7 @@ $name = mysqli_result($name, 0); mysqli_query($GLOBALS["link"], "Insert into ".TB_PREFIX."admin_log values (0,$admid,'Deleted medal id [#".$medalid."] from the user $name ',".time().")"); -$deleteweek = $_POST['medalweek']; +$deleteweek = (int) $_POST['medalweek']; mysqli_query($GLOBALS["link"], "DELETE FROM ".TB_PREFIX."medal WHERE week = ".$deleteweek.""); header("Location: ../../../Admin/admin.php?p=player&uid=".$uid.""); diff --git a/Admin/Mods/renameVillage.php b/Admin/Mods/renameVillage.php index 85d5afc1..5688778c 100644 --- a/Admin/Mods/renameVillage.php +++ b/Admin/Mods/renameVillage.php @@ -16,11 +16,17 @@ mysqli_select_db(SQL_DB); if (!isset($_SESSION)) session_start(); if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!"); -$did = $_POST['did']; +$origname = $_POST['villagename']; + +foreach ($_POST as $key => $value) { + $_POST[$key] = $database->escape($value); +} + +$did = (int) $_POST['did']; $name = $_POST['villagename']; $sql = "UPDATE ".TB_PREFIX."vdata SET name = '$name' WHERE wref = $did"; mysqli_query($GLOBALS["link"], $sql); -header("Location: ../../../Admin/admin.php?p=village&did=".$did."&name=".$name.""); +header("Location: ../../../Admin/admin.php?p=village&did=".$did."&name=".$origname.""); ?> \ No newline at end of file diff --git a/Admin/Mods/sendMessage.php b/Admin/Mods/sendMessage.php index 15affd0c..f18b115d 100644 --- a/Admin/Mods/sendMessage.php +++ b/Admin/Mods/sendMessage.php @@ -14,7 +14,11 @@ mysqli_select_db(SQL_DB); if (!isset($_SESSION)) session_start(); if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!"); -$uid = $_POST['uid']; +foreach ($_POST as $key => $value) { + $_POST[$key] = $database->escape($value); +} + +$uid = (int) $_POST['uid']; $topic = $_POST['topic']; $message = $_POST['message']; $time = time(); diff --git a/Admin/Templates/alliance.tpl b/Admin/Templates/alliance.tpl index b3bffc50..06b73701 100644 --- a/Admin/Templates/alliance.tpl +++ b/Admin/Templates/alliance.tpl @@ -77,11 +77,11 @@ if($_GET['aid']) "; } if($row['accepted'] ==1) { $accepted = ""; } - $ally = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."alidata WHERE id = ".$row['alli2']."")); + $ally = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."alidata WHERE id = ".(int) $row['alli2']."")); echo ' '.$ally['tag'].' @@ -299,7 +299,7 @@ if($_GET['aid']) "; } if($row['accepted'] ==1) { $accepted = ""; } - $ally = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."alidata WHERE id = ".$row['alli1']."")); + $ally = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."alidata WHERE id = ".(int) $row['alli1']."")); echo ' '.$ally['tag'].' @@ -335,7 +335,7 @@ if($_GET['aid']) "; } if($row['accepted'] == 1) { $accepted = ""; } - $ally1 = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."alidata WHERE id = ".$row['alli1']."")); - $ally2 = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."alidata WHERE id = ".$row['alli2']."")); + $ally1 = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."alidata WHERE id = ".(int) $row['alli1']."")); + $ally2 = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."alidata WHERE id = ".(int) $row['alli2']."")); echo ' '.$ally1['tag'].' & '.$ally2['tag'].' diff --git a/Admin/Templates/ban_msg.tpl b/Admin/Templates/ban_msg.tpl index e3c5095e..801ee948 100644 --- a/Admin/Templates/ban_msg.tpl +++ b/Admin/Templates/ban_msg.tpl @@ -8,7 +8,7 @@ ## ## ################################################################################# $time = time(); -$ban = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."banlist WHERE `uid` = '".$session->uid."' and active = 1"); +$ban = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."banlist WHERE `uid` = '".(int) $session->uid."' and active = 1"); $ban1 = mysqli_fetch_array($ban); ?> diff --git a/Admin/Templates/delallymedal.tpl b/Admin/Templates/delallymedal.tpl index 2315afc3..9bf6d9df 100644 --- a/Admin/Templates/delallymedal.tpl +++ b/Admin/Templates/delallymedal.tpl @@ -130,7 +130,7 @@ $nummedals = mysqli_num_rows($sql); $bb = $row['id']; $allyid = $row['allyid']; - $unq = "SELECT name FROM ".TB_PREFIX."alidata WHERE id = ".$allyid.""; + $unq = "SELECT name FROM ".TB_PREFIX."alidata WHERE id = ".(int) $allyid.""; $user = mysqli_result(mysqli_query($GLOBALS["link"], $unq), 0); $allyname = $user; diff --git a/Admin/Templates/deletion.tpl b/Admin/Templates/deletion.tpl index 99952659..4a71760f 100644 --- a/Admin/Templates/deletion.tpl +++ b/Admin/Templates/deletion.tpl @@ -50,7 +50,7 @@ if($_GET['uid']) Villages: diff --git a/Admin/Templates/delmedal.tpl b/Admin/Templates/delmedal.tpl index 4c5e2139..8798a0a8 100644 --- a/Admin/Templates/delmedal.tpl +++ b/Admin/Templates/delmedal.tpl @@ -141,7 +141,7 @@ $nummedals = mysqli_num_rows($sql); $week = $row['week']; $points = $row['points']; $bb = $row['id']; - $playerid = $row['userid']; + $playerid = (int) $row['userid']; $unq = "SELECT username FROM ".TB_PREFIX."users where id = $playerid"; $user = mysqli_result(mysqli_query($GLOBALS["link"], $unq), 0); diff --git a/Admin/Templates/editAccess.tpl b/Admin/Templates/editAccess.tpl index e90027c0..08f03c6b 100644 --- a/Admin/Templates/editAccess.tpl +++ b/Admin/Templates/editAccess.tpl @@ -10,10 +10,10 @@ ################################################################################# if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!"); -$id = $_SESSION['id']; +$id = (int) $_SESSION['id']; if(isset($_GET['uid'])) { - $sql = mysqli_query($GLOBALS["link"], "SELECT access FROM ".TB_PREFIX."users WHERE id = ".$_GET['uid'].""); + $sql = mysqli_query($GLOBALS["link"], "SELECT access FROM ".TB_PREFIX."users WHERE id = ".(int) $_GET['uid'].""); $curaccess = mysqli_result($sql, 0); $player = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$id."")); ?> diff --git a/Admin/Templates/editHero.tpl b/Admin/Templates/editHero.tpl index 08db5e06..2616e3c1 100644 --- a/Admin/Templates/editHero.tpl +++ b/Admin/Templates/editHero.tpl @@ -8,9 +8,8 @@ ## Copyright: TravianZ (c) 2010-2014. All rights reserved. ## ## ## ################################################################################# -$id = isset($_GET['uid']); if(isset($_GET['uid'])){ - $id = $_GET['uid']; + $id = (int) $_GET['uid']; include_once("../GameEngine/Data/hero_full.php"); include_once("../GameEngine/Units.php"); $user = $database->getUserArray($id,1); diff --git a/Admin/Templates/editPassword.tpl b/Admin/Templates/editPassword.tpl index de2ebae3..4894ede0 100644 --- a/Admin/Templates/editPassword.tpl +++ b/Admin/Templates/editPassword.tpl @@ -1,7 +1,7 @@ + $user = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".(int) $_GET['uid']."")); ?>
diff --git a/Admin/Templates/player.tpl b/Admin/Templates/player.tpl index c8480b00..c24e6c0f 100644 --- a/Admin/Templates/player.tpl +++ b/Admin/Templates/player.tpl @@ -57,7 +57,7 @@ if(isset($id)) diff --git a/Admin/Templates/playerheroinfo.tpl b/Admin/Templates/playerheroinfo.tpl index d29f7838..a4ecb41f 100644 --- a/Admin/Templates/playerheroinfo.tpl +++ b/Admin/Templates/playerheroinfo.tpl @@ -11,7 +11,7 @@ include_once("../GameEngine/Data/hero_full.php"); include_once("../GameEngine/Units.php"); -$id=$user['id']; +$id=(int) $user['id']; $hero = mysqli_query($GLOBALS["link"], "SELECT * FROM " . TB_PREFIX . "hero WHERE `uid` = ".$id); $hero_info = mysqli_fetch_array($hero); if (!empty($hero_info)) { diff --git a/Admin/Templates/userillegallog.tpl b/Admin/Templates/userillegallog.tpl index 31e26459..e7623731 100644 --- a/Admin/Templates/userillegallog.tpl +++ b/Admin/Templates/userillegallog.tpl @@ -1,5 +1,5 @@ query_return($q); if(count($result) >0) { diff --git a/Admin/Templates/villagelog.tpl b/Admin/Templates/villagelog.tpl index 084c98dc..152afcb4 100644 --- a/Admin/Templates/villagelog.tpl +++ b/Admin/Templates/villagelog.tpl @@ -16,7 +16,7 @@ if(isset($id)) escape_input($username,$password); + $q = "SELECT password FROM ".TB_PREFIX."users where username = '$username' and access >= ".MULTIHUNTER; $result = mysqli_query($this->connection, $q); $dbarray = mysqli_fetch_array($result); @@ -70,7 +73,7 @@ class adm_DB { $popTot += $this->buildingPOP($building,$lvl); } } - $q = "UPDATE ".TB_PREFIX."vdata set pop = $popTot where wref = $vid"; + $q = "UPDATE ".TB_PREFIX."vdata set pop = $popTot where wref = ".(int) $vid; mysqli_query($this->connection, $q); } @@ -108,12 +111,12 @@ class adm_DB { $popTot += $this->buildingCP($building,$lvl); } } - $q = "UPDATE ".TB_PREFIX."vdata set cp = $popTot where wref = $vid"; + $q = "UPDATE ".TB_PREFIX."vdata set cp = $popTot where wref = ".(int) $vid; mysqli_query($this->connection, $q); } function getWref($x,$y) { - $q = "SELECT id FROM ".TB_PREFIX."wdata where x = $x and y = $y"; + $q = "SELECT id FROM ".TB_PREFIX."wdata where x = ".(int) $x." and y = ".(int) $y; $result = mysqli_query($this->connection, $q); $r = mysqli_fetch_array($result); return $r['id']; @@ -122,11 +125,11 @@ class adm_DB { function AddVillage($post){ global $database; $wid = $this->getWref($post['x'],$post['y']); - $uid = $post['uid']; + $uid = (int) $post['uid']; $status = $database->getVillageState($wid); $status = 0; if($status == 0){ - mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Added new village $wid to user $uid',".time().")"); + mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Added new village $wid to user $uid',".time().")"); $database->setFieldTaken($wid); $database->addVillage($wid,$uid,'new village','0'); $database->addResourceFields($wid,$database->getVillageType($wid)); @@ -163,23 +166,23 @@ class adm_DB { } if($post['clean_ware']){ $time = time(); - $q = "UPDATE ".TB_PREFIX."vdata SET `wood` = '0', `clay` = '0', `iron` = '0', `crop` = '0', `lastupdate` = '$time' WHERE wref = $vid;"; + $q = "UPDATE ".TB_PREFIX."vdata SET `wood` = '0', `clay` = '0', `iron` = '0', `crop` = '0', `lastupdate` = '$time' WHERE wref = ".(int) $vid; mysqli_query($this->connection, $q); } } - mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Punished user: ".$post['uid']." with -".$post['punish']."% population',".time().")"); + mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Punished user: ".(int) $post['uid']." with -".(int) $post['punish']."% population',".time().")"); } function PunishBuilding($vid,$proc,$pop){ global $database; - $q = "UPDATE ".TB_PREFIX."vdata set pop = $pop where wref = $vid;"; + $q = "UPDATE ".TB_PREFIX."vdata set pop = ".(int) $pop." where wref = ".(int) $vid;; mysqli_query($this->connection, $q); $fdata = $database->getResourceLevel($vid); for ($i = 1; $i <= 40; $i++) { if($fdata['f'.$i]>1){ $zm = ($fdata['f'.$i]/100)*$proc; if($zm < 1){$zm = 1;}else{$zm = floor($zm);} - $q = "UPDATE ".TB_PREFIX."fdata SET `f$i` = '$zm' WHERE `vref` = $vid;"; + $q = "UPDATE ".TB_PREFIX."fdata SET `f$i` = '$zm' WHERE `vref` = ".(int) $vid; mysqli_query($this->connection, $q); } } @@ -192,19 +195,21 @@ class adm_DB { } function DelUnits2($vid,$unit){ - $q = "UPDATE ".TB_PREFIX."units SET `u$unit` = '0' WHERE `vref` = $vid;"; + global $database; + $unit = $database->escape($unit); + $q = "UPDATE ".TB_PREFIX."units SET `u$unit` = '0' WHERE `vref` = ".(int) $vid; mysqli_query($this->connection, $q); } function DelPlayer($uid,$pass){ global $database; - $ID = $_SESSION['id']; + $ID = (int) $_SESSION['id']; if($this->CheckPass($pass,$ID)){ $villages = $database->getProfileVillages($uid); for ($i = 0; $i <= count($villages)-1; $i++) { $this->DelVillage($villages[$i]['wref'], 1); } - $q = "DELETE FROM ".TB_PREFIX."hero where uid = $uid"; + $q = "DELETE FROM ".TB_PREFIX."hero where uid = ".(int) $uid; mysqli_query($this->connection, $q); $name = $database->getUserField($uid,"username",0); @@ -222,7 +227,7 @@ class adm_DB { } function CheckPass($password,$uid){ - $q = "SELECT password FROM ".TB_PREFIX."users where id = '$uid' and access = ".ADMIN; + $q = "SELECT password FROM ".TB_PREFIX."users where id = ".(int) $uid." and access = ".ADMIN; $result = mysqli_query($this->connection, $q); $dbarray = mysqli_fetch_array($result); if($dbarray['password'] == md5($password)) { @@ -234,6 +239,7 @@ class adm_DB { function DelVillage($wref, $mode=0){ global $database; + $wref = (int) $wreff; if($mode==0){ $q = "SELECT * FROM ".TB_PREFIX."vdata WHERE `wref` = $wref and capital = 0"; }else{ @@ -241,7 +247,7 @@ class adm_DB { } $result = mysqli_query($this->connection, $q); if(mysqli_num_rows($result) > 0){ - mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Deleted village $wref',".time().")"); + mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Deleted village $wref',".time().")"); $database->clearExpansionSlot($wref); @@ -354,7 +360,7 @@ class adm_DB { } if( intval($enforce['hero']) > 0){ - $q = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".$from['owner'].""; + $q = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".(int) $from['owner'].""; $result = mysqli_query($q); $hero_f=mysqli_fetch_array($result); $hero_unit=$hero_f['unit']; @@ -471,51 +477,62 @@ class adm_DB { function DelBan($uid,$id){ global $database; $name = addslashes($database->getUserField($uid,"username",0)); - mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Unbanned user $name',".time().")"); - $q = "UPDATE ".TB_PREFIX."users SET `access` = '".USER."' WHERE `id` = $uid;"; + mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Unbanned user $name',".time().")"); + $q = "UPDATE ".TB_PREFIX."users SET `access` = '".USER."' WHERE `id` = ".(int) $uid; mysqli_query($this->connection, $q); - $q = "UPDATE ".TB_PREFIX."banlist SET `active` = '0' WHERE `id` = $id;"; + $q = "UPDATE ".TB_PREFIX."banlist SET `active` = '0' WHERE `id` = ".(int) $id; mysqli_query($this->connection, $q); } function AddBan($uid,$end,$reason){ global $database; + list($end,$reason) = $database->escape_input($end,$reason); $name = addslashes($database->getUserField($uid,"username",0)); - mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Banned user $name',".time().")"); - $q = "UPDATE ".TB_PREFIX."users SET `access` = '0' WHERE `id` = $uid;"; + mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Banned user $name',".time().")"); + $q = "UPDATE ".TB_PREFIX."users SET `access` = '0' WHERE `id` = ".(int) $uid; mysqli_query($this->connection, $q); $time = time(); - $admin = $_SESSION['id']; //$database->getUserField($_SESSION['username'],'id',1); + $admin = (int) $_SESSION['id']; //$database->getUserField($_SESSION['username'],'id',1); $name = addslashes($database->getUserField($uid,'username',0)); - $q = "INSERT INTO ".TB_PREFIX."banlist (`uid`, `name`, `reason`, `time`, `end`, `admin`, `active`) VALUES ($uid, '$name' , '$reason', '$time', '$end', '$admin', '1');"; + $q = "INSERT INTO ".TB_PREFIX."banlist (`uid`, `name`, `reason`, `time`, `end`, `admin`, `active`) VALUES (".(int) $uid.", '$name' , '$reason', '$time', '$end', '$admin', '1');"; mysqli_query($this->connection, $q); } function search_player($player){ + global $database; + $player = $database->escape($player); $q = "SELECT id,username FROM ".TB_PREFIX."users WHERE `username` LIKE '%$player%' and username != 'support'"; $result = mysqli_query($this->connection, $q); return $this->mysqli_fetch_all($result); } function search_email($email){ + global $database; + $email = $database->escape($email); $q = "SELECT id,email FROM ".TB_PREFIX."users WHERE `email` LIKE '%$email%' and username != 'support'"; $result = mysqli_query($this->connection, $q); return $this->mysqli_fetch_all($result); } function search_village($village){ + global $database; + $village = $database->escape($village); $q = "SELECT * FROM ".TB_PREFIX."vdata WHERE `name` LIKE '%$village%' or `wref` LIKE '%$village%'"; $result = mysqli_query($this->connection, $q); return $this->mysqli_fetch_all($result); } function search_alliance($alliance){ + global $database; + $alliance = $database->escape($alliance); $q = "SELECT * FROM ".TB_PREFIX."alidata WHERE `name` LIKE '%$alliance%' or `tag` LIKE '%$alliance%' or `id` LIKE '%$alliance%'"; $result = mysqli_query($this->connection, $q); return $this->mysqli_fetch_all($result); } function search_ip($ip){ + global $database; + $ip = $database->escape($ip); $q = "SELECT * FROM ".TB_PREFIX."login_log WHERE `ip` LIKE '%$ip%'"; $result = mysqli_query($this->connection, $q); return $this->mysqli_fetch_all($result); diff --git a/Admin/function.php b/Admin/function.php index 7b97d5b2..a17222d9 100644 --- a/Admin/function.php +++ b/Admin/function.php @@ -30,6 +30,10 @@ class funct { function Act($get){ global $admin,$database; + foreach ($get as $key => $value) { + $get[$key] = $database->escape($value); + } + switch($get['action']){ case "recountPop": $admin->recountPop($get['did']); @@ -92,10 +96,10 @@ class funct { header("Location: admin.php?p=player&uid=".$get['uid'].$error); exit; case "reviveHero": - $result=$database->query("SELECT * FROM ".TB_PREFIX."hero WHERE uid='".$get['uid']."'"); + $result=$database->query("SELECT * FROM ".TB_PREFIX."hero WHERE uid=".(int) $get['uid']); $hdata=mysqli_fetch_array($result); - $database->query("UPDATE ".TB_PREFIX."units SET hero = 1 WHERE vref = ".$hdata['wref']); - $database->query("UPDATE ".TB_PREFIX."hero SET `dead` = '0', `inrevive` = '0', `health` = '100', `lastupdate` = ".time()." WHERE `uid` = '".$get['uid']."'"); + $database->query("UPDATE ".TB_PREFIX."units SET hero = 1 WHERE vref = ".(int) $hdata['wref']); + $database->query("UPDATE ".TB_PREFIX."hero SET `dead` = '0', `inrevive` = '0', `health` = '100', `lastupdate` = ".time()." WHERE `uid` = ".(int) $get['uid']); header("Location: admin.php?p=player&uid=".$get['uid']."&rc=1"); exit; case "addHero": @@ -104,10 +108,10 @@ class funct { $database->query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, - `intraining`) VALUES ('".$get['uid']."', '" . $vilarray['wref'] . "', '0', '".$get['u']."', '".addslashes($user['username'])."', + `intraining`) VALUES (".(int) $get['uid'].", " . (int) $vilarray['wref'] . ", '0', ".(int) $get['u'].", '".addslashes($user['username'])."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".time()."', '50', '0')"); - $database->query("UPDATE ".TB_PREFIX."units SET hero = 1 WHERE vref = ".$vilarray['wref']); + $database->query("UPDATE ".TB_PREFIX."units SET hero = 1 WHERE vref = ".(int) $vilarray['wref']); header("Location: admin.php?p=player&uid=".$get['uid']."&ac=1"); exit; diff --git a/GameEngine/Admin/Mods/addABTroops.php b/GameEngine/Admin/Mods/addABTroops.php index ba592bf5..8f1abf0b 100755 --- a/GameEngine/Admin/Mods/addABTroops.php +++ b/GameEngine/Admin/Mods/addABTroops.php @@ -13,7 +13,7 @@ if(!isset($_SESSION)) session_start(); if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!"); include_once("../../Database.php"); -$id = $_POST['id']; +$id = (int) $_POST['id']; $village = $database->getVillage($id); $user = $database->getUserArray($village['owner'],1); $atech=""; @@ -25,7 +25,7 @@ for($i=1; $i<9; $i++) { $q = "UPDATE ".TB_PREFIX."abdata SET ".$atech.$btech." WHERE vref = $id"; $database->query($q); -$database->query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Changed troop anmount in village $id ',".time().")"); +$database->query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Changed troop anmount in village $id ',".time().")"); header("Location: ../../../Admin/admin.php?p=village&did=".$id."&ab"); diff --git a/GameEngine/Admin/Mods/addTroops.php b/GameEngine/Admin/Mods/addTroops.php index a04a19fc..5265222e 100755 --- a/GameEngine/Admin/Mods/addTroops.php +++ b/GameEngine/Admin/Mods/addTroops.php @@ -27,11 +27,11 @@ $units=""; if($tribe ==6){ $u = 50;} for($i=1; $i<11; $i++) { - $units.="u".($u+$i)."=".$_POST['u'.($u+$i)].(($i < 10) ? ", " : ""); + $units.="u".($u+$i)."=".$database->escape($_POST['u'.($u+$i)].(($i < 10) ? ", " : "")); } -$q = "UPDATE ".TB_PREFIX."units SET ".$units." WHERE vref = $id"; +$q = "UPDATE ".TB_PREFIX."units SET ".$units." WHERE vref = ".(int) $id; $database->query($q); -$database->query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Changed troop anmount in village $id ',".time().")"); +$database->query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Changed troop anmount in village $id ',".time().")"); header("Location: ../../../Admin/admin.php?p=village&did=".$id."&d"); ?> \ No newline at end of file diff --git a/GameEngine/Admin/Mods/addUsers.php b/GameEngine/Admin/Mods/addUsers.php index 413f2ce0..faa54a3a 100755 --- a/GameEngine/Admin/Mods/addUsers.php +++ b/GameEngine/Admin/Mods/addUsers.php @@ -16,12 +16,15 @@ mysqli_select_db($GLOBALS["link"], SQL_DB); $wgarray=array(1=>1200,1700,2300,3100,4000,5000,6300,7800,9600,11800,14400,17600,21400,25900,31300,37900,45700,55100,66400,80000); +foreach ($_POST as $key => $value) { + $_POST[$key] = $database->escape($value); +} -$id = $_POST['id']; +$id = (int) $_POST['id']; $baseName = $_POST['users_base_name']; $amount = (int) $_POST['users_amount']; $beginnersProtection = $_POST['users_protection']; -$postTribe = $_POST['tribe']; +$postTribe = (int) $_POST['tribe']; // Some basic error checking if (strlen($baseName) < 4) @@ -101,7 +104,7 @@ else // beginners protection is not checked // Need a $database function for this // (assuming we don't already have one as creating Natars also updates this way) - $q = "UPDATE " . TB_PREFIX . "users SET desc2 = '[#0]' WHERE id = $uid"; + $q = "UPDATE " . TB_PREFIX . "users SET desc2 = '[#0]' WHERE id = ".(int) $uid; mysqli_query($GLOBALS["link"], $q) or die(mysqli_error($database->dblink)); if (!$beginnersProtection) @@ -113,7 +116,7 @@ else $protection = time(); mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET protect = '".$protection."' -WHERE id = $uid") or die(mysqli_error($database->dblink)); +WHERE id = ".(int) $uid) or die(mysqli_error($database->dblink)); } $database->updateUserField($uid,"act","",1); @@ -128,7 +131,7 @@ WHERE id = $uid") or die(mysqli_error($database->dblink)); //insert village with all resource and building with random level $time = time(); - $q = "INSERT INTO ".TB_PREFIX."vdata (`wref`,`owner`,`name`,`capital`,`pop`,`cp`,`celebration`,`type`,`wood`,`clay`,`iron`,`maxstore`,`crop`,`maxcrop`,`lastupdate`,`loyalty`,`exp1`,`exp2`,`exp3`,`created`) values ('$wid','$uid','".$userName."\'s village',1,200,1,0,0,$rand_resource,$rand_resource,$rand_resource,$cap_storage,$rand_resource,$cap_storage,$time,100,0,0,0,$time)"; + $q = "INSERT INTO ".TB_PREFIX."vdata (`wref`,`owner`,`name`,`capital`,`pop`,`cp`,`celebration`,`type`,`wood`,`clay`,`iron`,`maxstore`,`crop`,`maxcrop`,`lastupdate`,`loyalty`,`exp1`,`exp2`,`exp3`,`created`) values (".(int) $wid.",".(int) $uid.",'".$userName."\'s village',1,200,1,0,0,$rand_resource,$rand_resource,$rand_resource,$cap_storage,$rand_resource,$cap_storage,$time,100,0,0,0,$time)"; mysqli_query($GLOBALS["link"], $q) or die(mysqli_error($database->dblink)); $q = "insert into ".TB_PREFIX."fdata (`vref`,`f1`,`f1t`,`f2`,`f2t`,`f3`,`f3t`,`f4`,`f4t`,`f5`,`f5t`,`f6`,`f6t`,`f7`,`f7t`,`f8`,`f8t`,`f9`,`f9t`,`f10`,`f10t`,`f11`,`f11t`,`f12`,`f12t`,`f13`,`f13t`,`f14`,`f14t`,`f15`,`f15t`,`f16`,`f16t`,`f17`,`f17t`,`f18`,`f18t`,`f19`,`f19t`,`f20`,`f20t`,`f21`,`f21t`,`f22`,`f22t`,`f23`,`f23t`,`f24`,`f24t`,`f25`,`f25t`,`f26`,`f26t`,`f27`,`f27t`,`f28`,`f28t`,`f29`,`f29t`,`f30`,`f30t`,`f31`,`f31t`,`f32`,`f32t`,`f33`,`f33t`,`f34`,`f34t`,`f35`,`f35t`,`f36`,`f36t`,`f37`,`f37t`,`f38`,`f38t`,`f39`,`f39t`,`f40`,`f40t`,`f99`,`f99t`,`wwname`) values ($wid ,".rand(5,10).",1,".rand(5,10).",4,".rand(5,10).",1,".rand(5,10).",3,".rand(5,10).",2,".rand(5,10).",2,".rand(5,10).",3,".rand(5,10).",4,".rand(5,10).",4,".rand(5,10).",3,".rand(5,10).",3,".rand(5,10).",4,".rand(5,10).",4,".rand(5,10).",1,".rand(5,10).",4,".rand(5,10).",2,".rand(5,10).",1,".rand(5,10).",2,".rand(2,5).",8,".rand(5,20).",37,".rand(10,20).",26,".rand(10,20).",22,".rand(10,20).",19,".rand(2,5).",9,$level_storage,11,".rand(10,20).",15,".rand(10,20).",20,0,0,".rand(10,15).",17,$level_storage,10,".rand(5,10).",12,0,0,10,23,0,0,0,0,0,0,0,0,".rand(5,10).",18,".rand(5,10).",16,0,0,0,0,'World Wonder')"; mysqli_query($GLOBALS["link"], $q); diff --git a/GameEngine/Admin/Mods/additional.php b/GameEngine/Admin/Mods/additional.php index cbe36d2a..b2c72ab8 100755 --- a/GameEngine/Admin/Mods/additional.php +++ b/GameEngine/Admin/Mods/additional.php @@ -14,7 +14,7 @@ if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$id = $_POST['id']; +$id = (int) $_POST['id']; $admid = $_POST['admid']; //$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$admid.""); @@ -26,22 +26,26 @@ if (!isset($_SESSION)) { if($_SESSION['access'] != ADMIN) die("

Access Denied: You are not Admin!

"); -$access = $_POST['access']; -$dur = $_POST['protect'] * 86400; +foreach ($_POST as $key => $value) { + $_POST[$key] = $database->escape($value); +} + +$access = (int) $_POST['access']; +$dur = (int) $_POST['protect'] * 86400; $protection = (time() + $dur); mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET access = ".$access.", - gold = ".$_POST['gold'].", - sit1 = '".$_POST['sitter1']."', - sit2 = '".$_POST['sitter2']."', + gold = ".(int) $_POST['gold'].", + sit1 = '".(int) $_POST['sitter1']."', + sit2 = '".(int) $_POST['sitter2']."', protect = '".$protection."', - cp = ".$_POST['cp'].", - ap = '".$_POST['off']."', - dp = '".$_POST['def']."', - RR = '".$_POST['res']."', - apall = '".$_POST['ooff']."', - dpall = '".$_POST['odef']."' + cp = ".(int) $_POST['cp'].", + ap = '".(int) $_POST['off']."', + dp = '".(int) $_POST['def']."', + RR = '".(int) $_POST['res']."', + apall = '".(int) $_POST['ooff']."', + dpall = '".(int) $_POST['odef']."' WHERE id = ".$id."") or die(mysqli_error($database->dblink)); header("Location: ../../../Admin/admin.php?p=player&uid=".$id.""); diff --git a/GameEngine/Admin/Mods/cp.php b/GameEngine/Admin/Mods/cp.php index 2e496929..84b0c657 100755 --- a/GameEngine/Admin/Mods/cp.php +++ b/GameEngine/Admin/Mods/cp.php @@ -15,8 +15,8 @@ include_once("../../config.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$id = $_POST['id']; -$admid = $_POST['admid']; +$id = (int) $_POST['id']; +$admid = (int) $_POST['admid']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$admid.""); $access = mysqli_fetch_array($sql); @@ -24,7 +24,7 @@ $sessionaccess = $access['access']; if($sessionaccess != 9) die("

Access Denied: You are not Admin!

"); -mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET cp = cp + ".$_POST['cp']." WHERE id = ".$id.""); +mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET cp = cp + ".(int) $_POST['cp']." WHERE id = ".$id.""); header("Location: ../../../Admin/admin.php?p=player&uid=".$id.""); ?> \ No newline at end of file diff --git a/GameEngine/Admin/Mods/delallymedal.php b/GameEngine/Admin/Mods/delallymedal.php index c5ae8d4a..c26b5aef 100755 --- a/GameEngine/Admin/Mods/delallymedal.php +++ b/GameEngine/Admin/Mods/delallymedal.php @@ -15,9 +15,9 @@ include_once("../../config.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$delete = $_POST['medalid']; -$aid = $_POST['aid']; -$session = $_POST['admid']; +$delete = (int) $_POST['medalid']; +$aid =(int) $_POST['aid']; +$session = (int) $_POST['admid']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); diff --git a/GameEngine/Admin/Mods/delallymedalbyaid.php b/GameEngine/Admin/Mods/delallymedalbyaid.php index 817200f3..9b2c9773 100755 --- a/GameEngine/Admin/Mods/delallymedalbyaid.php +++ b/GameEngine/Admin/Mods/delallymedalbyaid.php @@ -15,9 +15,9 @@ include_once("../../config.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$allyid = $_POST['allyid']; -$aid = $_POST['aid']; -$session = $_POST['admid']; +$allyid =(int) $_POST['allyid']; +$aid = (int) $_POST['aid']; +$session = (int) $_POST['admid']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); diff --git a/GameEngine/Admin/Mods/delallymedalbyweek.php b/GameEngine/Admin/Mods/delallymedalbyweek.php index 57cb331c..97c4ba95 100755 --- a/GameEngine/Admin/Mods/delallymedalbyweek.php +++ b/GameEngine/Admin/Mods/delallymedalbyweek.php @@ -15,8 +15,8 @@ include_once("../../config.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$deleteweek = $_POST['deleteweek']; -$session = $_POST['admid']; +$deleteweek = (int) $_POST['deleteweek']; +$session = (int) $_POST['admid']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); diff --git a/GameEngine/Admin/Mods/deletemedalbyuser.php b/GameEngine/Admin/Mods/deletemedalbyuser.php index 020aa9d1..b4def9ec 100755 --- a/GameEngine/Admin/Mods/deletemedalbyuser.php +++ b/GameEngine/Admin/Mods/deletemedalbyuser.php @@ -15,8 +15,8 @@ include_once("../../config.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$userid = $_POST['userid']; -$session = $_POST['admid']; +$userid = (int) $_POST['userid']; +$session = (int) $_POST['admid']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); diff --git a/GameEngine/Admin/Mods/deletemedalbyweek.php b/GameEngine/Admin/Mods/deletemedalbyweek.php index cb6d55fe..f925b2a1 100755 --- a/GameEngine/Admin/Mods/deletemedalbyweek.php +++ b/GameEngine/Admin/Mods/deletemedalbyweek.php @@ -15,8 +15,8 @@ include_once("../../config.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$deleteweek = $_POST['medalweek']; -$session = $_POST['admid']; +$deleteweek = (int) $_POST['medalweek']; +$session = (int) $_POST['admid']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); diff --git a/GameEngine/Admin/Mods/editAccess.php b/GameEngine/Admin/Mods/editAccess.php index e34d4331..4a08c28e 100755 --- a/GameEngine/Admin/Mods/editAccess.php +++ b/GameEngine/Admin/Mods/editAccess.php @@ -15,8 +15,8 @@ include_once("../../config.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$session = $_POST['admid']; -$id = $_POST['uid']; +$session = (int) $_POST['admid']; +$id = (int) $_POST['uid']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); diff --git a/GameEngine/Admin/Mods/editAdminInfo.php b/GameEngine/Admin/Mods/editAdminInfo.php index ef7de426..5d3e1e65 100755 --- a/GameEngine/Admin/Mods/editAdminInfo.php +++ b/GameEngine/Admin/Mods/editAdminInfo.php @@ -12,7 +12,7 @@ if(!isset($_SESSION)) session_start(); if($_SESSION['access'] < 9) die(ACCESS_DENIED_ADMIN); include_once("../../Database.php"); -$id = $_POST['id']; +$id = (int) $_POST['id']; $myFile = "../../config.php"; $fh = fopen($myFile, 'w') or die("


Can't open file: GameEngine\config.php"); diff --git a/GameEngine/Admin/Mods/editBuildings.php b/GameEngine/Admin/Mods/editBuildings.php index d8f9c6da..0f5de801 100755 --- a/GameEngine/Admin/Mods/editBuildings.php +++ b/GameEngine/Admin/Mods/editBuildings.php @@ -18,7 +18,11 @@ include_once("../../config.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$id = $_POST['id']; +foreach ($_POST as $key => $value) { + $_POST[$key] = $database->escape($value); +} + +$id = (int) $_POST['id']; mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."fdata SET f1 = '".$_POST['id1level']."', diff --git a/GameEngine/Admin/Mods/editExtraSet.php b/GameEngine/Admin/Mods/editExtraSet.php index 0572c460..55e1198c 100755 --- a/GameEngine/Admin/Mods/editExtraSet.php +++ b/GameEngine/Admin/Mods/editExtraSet.php @@ -12,7 +12,7 @@ if(!isset($_SESSION)) session_start(); if($_SESSION['access'] < 9) die(ACCESS_DENIED_ADMIN); include_once("../../Database.php"); -$id = $_POST['id']; +$id = (int) $_POST['id']; $myFile = "../../config.php"; $fh = fopen($myFile, 'w') or die("


Can't open file: GameEngine\config.php"); diff --git a/GameEngine/Admin/Mods/editHero.php b/GameEngine/Admin/Mods/editHero.php index e0e97520..c0c5246a 100755 --- a/GameEngine/Admin/Mods/editHero.php +++ b/GameEngine/Admin/Mods/editHero.php @@ -14,6 +14,11 @@ if(!isset($_SESSION)) session_start(); if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!"); include_once("../../Database.php"); $status="&ce=1"; + +foreach ($_POST as $key => $value) { + $_POST[$key] = $database->escape($value); +} + if(isset($_POST['id'])) { $_POST['hname'] = trim(stripslashes($_POST['hname'])); if ($_POST['hname']=="") { @@ -23,13 +28,13 @@ if(isset($_POST['id'])) { include_once("../../Data/hero_full.php"); - $id = $_POST['id']; + $id = (int) $_POST['id']; - $q = "UPDATE ".TB_PREFIX."hero SET unit=".$_POST['hunit'].", name='".$_POST['hname']."', level=".$_POST['hlvl'].", points=".$_POST['exp'].", experience=".$hero_levels[$_POST['hlvl']].", health=".$_POST['hhealth'].", - attack=".$_POST['hatk'].", defence=".$_POST['hdef'].", attackbonus=".$_POST['hob'].", defencebonus=".$_POST['hdb'].", regeneration=".$_POST['hrege']." WHERE uid = ".$id; + $q = "UPDATE ".TB_PREFIX."hero SET unit=".(int) $_POST['hunit'].", name='".$_POST['hname']."', level=".(int) $_POST['hlvl'].", points=".(int) $_POST['exp'].", experience=".(int) $hero_levels[$_POST['hlvl']].", health='".$_POST['hhealth']."', + attack=".(int) $_POST['hatk'].", defence=".(int) $_POST['hdef'].", attackbonus=".(int) $_POST['hob'].", defencebonus=".(int) $_POST['hdb'].", regeneration=".(int) $_POST['hrege']." WHERE uid = ".$id; $return=$database->query($q); if($return) { - $database->query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Changed hero info',".time().")"); + $database->query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Changed hero info',".time().")"); $status="&cs=1"; } } diff --git a/GameEngine/Admin/Mods/editLogSet.php b/GameEngine/Admin/Mods/editLogSet.php index 929d7171..7785a8ca 100755 --- a/GameEngine/Admin/Mods/editLogSet.php +++ b/GameEngine/Admin/Mods/editLogSet.php @@ -12,7 +12,7 @@ if(!isset($_SESSION)) session_start(); if($_SESSION['access'] < 9) die(ACCESS_DENIED_ADMIN); include_once("../../Database.php"); -$id = $_POST['id']; +$id = (int) $_POST['id']; $myFile = "../../config.php"; $fh = fopen($myFile, 'w') or die("


Can't open file: GameEngine\config.php"); diff --git a/GameEngine/Admin/Mods/editNewsboxSet.php b/GameEngine/Admin/Mods/editNewsboxSet.php index 6d397b50..a05b94ab 100755 --- a/GameEngine/Admin/Mods/editNewsboxSet.php +++ b/GameEngine/Admin/Mods/editNewsboxSet.php @@ -12,7 +12,7 @@ if(!isset($_SESSION)) session_start(); if($_SESSION['access'] < 9) die(ACCESS_DENIED_ADMIN); include_once("../../Database.php"); -$id = $_POST['id']; +$id = (int) $_POST['id']; $myFile = "../../config.php"; $fh = fopen($myFile, 'w') or die("


Can't open file: GameEngine\config.php"); diff --git a/GameEngine/Admin/Mods/editOverall.php b/GameEngine/Admin/Mods/editOverall.php index f2263add..567b0e4e 100755 --- a/GameEngine/Admin/Mods/editOverall.php +++ b/GameEngine/Admin/Mods/editOverall.php @@ -15,8 +15,8 @@ include_once("../../config.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$session = $_POST['admid']; -$id = $_POST['id']; +$session = (int) $_POST['admid']; +$id = (int) $_POST['id']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); @@ -25,8 +25,8 @@ $sessionaccess = $access['access']; if($sessionaccess != 9) die("

Access Denied: You are not Admin!

"); mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET - apall = '".$_POST['off']."', - dpall = '".$_POST['def']."' + apall = '".(int) $_POST['off']."', + dpall = '".(int) $_POST['def']."' WHERE id = $id") or die(mysqli_error($database->dblink)); header("Location: ../../../Admin/admin.php?p=player&uid=".$id.""); diff --git a/GameEngine/Admin/Mods/editPassword.php b/GameEngine/Admin/Mods/editPassword.php index c84429fb..d7075e59 100755 --- a/GameEngine/Admin/Mods/editPassword.php +++ b/GameEngine/Admin/Mods/editPassword.php @@ -15,8 +15,8 @@ include_once("../../config.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$session = $_POST['admid']; -$id = $_POST['uid']; +$session = (int) $_POST['admid']; +$id = (int) $_POST['uid']; $pass = md5($_POST['newpw']); $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); diff --git a/GameEngine/Admin/Mods/editPlus.php b/GameEngine/Admin/Mods/editPlus.php index d5a0750e..0358f0b5 100755 --- a/GameEngine/Admin/Mods/editPlus.php +++ b/GameEngine/Admin/Mods/editPlus.php @@ -15,8 +15,8 @@ include_once("../../config.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$session = $_POST['admid']; -$id = $_POST['id']; +$session = (int) $_POST['admid']; +$id = (int) $_POST['id']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); @@ -24,11 +24,11 @@ $sessionaccess = $access['access']; if($sessionaccess != 9) die("

Access Denied: You are not Admin!

"); -$pdur = $_POST['plus'] * 86400; -$b1dur = $_POST['wood'] * 86400; -$b2dur = $_POST['clay'] * 86400; -$b3dur = $_POST['iron'] * 86400; -$b4dur = $_POST['crop'] * 86400; +$pdur = (int) $_POST['plus'] * 86400; +$b1dur = (int) $_POST['wood'] * 86400; +$b2dur = (int) $_POST['clay'] * 86400; +$b3dur = (int) $_POST['iron'] * 86400; +$b4dur = (int) $_POST['crop'] * 86400; $sql1 = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$id.""); $user = mysqli_fetch_array($sql1); diff --git a/GameEngine/Admin/Mods/editPlusSet.php b/GameEngine/Admin/Mods/editPlusSet.php index 5871876a..187adb93 100644 --- a/GameEngine/Admin/Mods/editPlusSet.php +++ b/GameEngine/Admin/Mods/editPlusSet.php @@ -13,7 +13,7 @@ if(!isset($_SESSION)) session_start(); if($_SESSION['access'] < 9) die(ACCESS_DENIED_ADMIN); include_once("../../Database.php"); include_once("../../config.php"); -$id = $_POST['id']; +$id = (int) $_POST['id']; $myFile = "../../config.php"; $fh = fopen($myFile, 'w') or die("


Can't open file: GameEngine\config.php"); diff --git a/GameEngine/Admin/Mods/editProtection.php b/GameEngine/Admin/Mods/editProtection.php index c8c00337..232fc83c 100755 --- a/GameEngine/Admin/Mods/editProtection.php +++ b/GameEngine/Admin/Mods/editProtection.php @@ -15,8 +15,8 @@ include_once("../../config.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$session = $_POST['admid']; -$id = $_POST['id']; +$session = (int) $_POST['admid']; +$id = (int) $_POST['id']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); @@ -24,7 +24,7 @@ $sessionaccess = $access['access']; if($sessionaccess != 9) die("

Access Denied: You are not Admin!

"); -$dur = $_POST['protect'] * 86400; +$dur = (int) $_POST['protect'] * 86400; $protection = (time() + $dur); mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET diff --git a/GameEngine/Admin/Mods/editResources.php b/GameEngine/Admin/Mods/editResources.php index a91359ee..ffe8dfac 100755 --- a/GameEngine/Admin/Mods/editResources.php +++ b/GameEngine/Admin/Mods/editResources.php @@ -15,8 +15,8 @@ include_once("../../config.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$session = $_POST['admid']; -$id = $_POST['did']; +$session = (int) $_POST['admid']; +$id = (int) $_POST['did']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); @@ -25,12 +25,12 @@ $sessionaccess = $access['access']; if($sessionaccess != 9) die("

Access Denied: You are not Admin!

"); mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."vdata SET - wood = '".$_POST['wood']."', - clay = '".$_POST['clay']."', - iron = '".$_POST['iron']."', - crop = '".$_POST['crop']."', - maxstore = '".$_POST['maxstore']."', - maxcrop = '".$_POST['maxcrop']."' + wood = '".(int) $_POST['wood']."', + clay = '".(int) $_POST['clay']."', + iron = '".(int) $_POST['iron']."', + crop = '".(int) $_POST['crop']."', + maxstore = '".(int) $_POST['maxstore']."', + maxcrop = '".(int) $_POST['maxcrop']."' WHERE wref = '".$id."'") or die(mysqli_error($database->dblink)); header("Location: ../../../Admin/admin.php?p=village&did=".$id.""); diff --git a/GameEngine/Admin/Mods/editServerSet.php b/GameEngine/Admin/Mods/editServerSet.php index d6f1e559..38973ff4 100755 --- a/GameEngine/Admin/Mods/editServerSet.php +++ b/GameEngine/Admin/Mods/editServerSet.php @@ -12,7 +12,7 @@ if(!isset($_SESSION)) session_start(); if($_SESSION['access'] < 9) die(ACCESS_DENIED_ADMIN); include_once("../../Database.php"); -$id = $_POST['id']; +$id = (int) $_POST['id']; $myFile = "../../config.php"; $fh = fopen($myFile, 'w') or die("


Can't open file: GameEngine\config.php"); diff --git a/GameEngine/Admin/Mods/editSitter.php b/GameEngine/Admin/Mods/editSitter.php index 78003204..6eb7d62d 100755 --- a/GameEngine/Admin/Mods/editSitter.php +++ b/GameEngine/Admin/Mods/editSitter.php @@ -15,8 +15,8 @@ include_once("../../config.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$session = $_POST['admid']; -$id = $_POST['id']; +$session = (int) $_POST['admid']; +$id = (int) $_POST['id']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); diff --git a/GameEngine/Admin/Mods/editUser.php b/GameEngine/Admin/Mods/editUser.php index 59665d60..56cf54a1 100755 --- a/GameEngine/Admin/Mods/editUser.php +++ b/GameEngine/Admin/Mods/editUser.php @@ -15,8 +15,12 @@ include_once("../../config.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$session = $_POST['admid']; -$id = $_POST['id']; +foreach ($_POST as $key => $value) { + $_POST[$key] = $database->escape($value); +} + +$session = (int) $_POST['admid']; +$id = (int) $_POST['id']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); @@ -26,7 +30,7 @@ if($sessionaccess != 9) die("

Access Denied: You are not mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET email = '".$_POST['email']."', - tribe = ".$_POST['tribe'].", + tribe = ".(int) $_POST['tribe'].", location = '".$_POST['location']."', desc1 = '".$_POST['desc1']."', desc2 = '".$_POST['desc2']."', diff --git a/GameEngine/Admin/Mods/editUsername.php b/GameEngine/Admin/Mods/editUsername.php index 69876d08..be9f3e76 100755 --- a/GameEngine/Admin/Mods/editUsername.php +++ b/GameEngine/Admin/Mods/editUsername.php @@ -15,8 +15,12 @@ include_once("../../config.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$uid = $_POST['uid']; -$session = $_POST['admid']; +foreach ($_POST as $key => $value) { + $_POST[$key] = $database->escape($value); +} + +$uid = (int) $_POST['uid']; +$session = (int) $_POST['admid']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); diff --git a/GameEngine/Admin/Mods/editVillageOwner.php b/GameEngine/Admin/Mods/editVillageOwner.php index af382fef..e9d94906 100755 --- a/GameEngine/Admin/Mods/editVillageOwner.php +++ b/GameEngine/Admin/Mods/editVillageOwner.php @@ -15,8 +15,8 @@ include_once("../../config.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$session = $_POST['admid']; -$id = $_POST['did']; +$session = (int) $_POST['admid']; +$id = (int) $_POST['did']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); diff --git a/GameEngine/Admin/Mods/editWeek.php b/GameEngine/Admin/Mods/editWeek.php index 0c1293e1..0d29f552 100755 --- a/GameEngine/Admin/Mods/editWeek.php +++ b/GameEngine/Admin/Mods/editWeek.php @@ -15,8 +15,8 @@ include_once("../../config.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$session = $_POST['admid']; -$id = $_POST['id']; +$session = (int) $_POST['admid']; +$id = (int) $_POST['id']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); @@ -25,9 +25,9 @@ $sessionaccess = $access['access']; if($sessionaccess != 9) die("

Access Denied: You are not Admin!

"); mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET - ap = '".$_POST['off']."', - dp = '".$_POST['def']."', - RR = '".$_POST['res']."' + ap = '".(int) $_POST['off']."', + dp = '".(int) $_POST['def']."', + RR = '".(int) $_POST['res']."' WHERE id = $id") or die(mysqli_error($database->dblink)); header("Location: ../../../Admin/admin.php?p=player&uid=".$id.""); diff --git a/GameEngine/Admin/Mods/givePlus.php b/GameEngine/Admin/Mods/givePlus.php index 38e4a653..b2cf0ce2 100755 --- a/GameEngine/Admin/Mods/givePlus.php +++ b/GameEngine/Admin/Mods/givePlus.php @@ -21,7 +21,7 @@ function mysqli_result($res, $row, $field=0) { $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$session = $_POST['admid']; +$session = (int) $_POST['admid']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); diff --git a/GameEngine/Admin/Mods/givePlusRes.php b/GameEngine/Admin/Mods/givePlusRes.php index a0522e56..7dedd4a9 100755 --- a/GameEngine/Admin/Mods/givePlusRes.php +++ b/GameEngine/Admin/Mods/givePlusRes.php @@ -21,7 +21,7 @@ function mysqli_result($res, $row, $field=0) { $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$session = $_POST['admid']; +$session = (int) $_POST['admid']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); @@ -32,10 +32,10 @@ if($sessionaccess != 9) die("

Access Denied: You are not $sql = "SELECT id FROM ".TB_PREFIX."users ORDER BY ID DESC LIMIT 1"; $loops = mysqli_result(mysqli_query($GLOBALS["link"], $sql), 0); -$wood = $_POST['wood'] * 86400; -$clay = $_POST['clay'] * 86400; -$iron = $_POST['iron'] * 86400; -$crop = $_POST['crop'] * 86400; +$wood = (int) $_POST['wood'] * 86400; +$clay = (int) $_POST['clay'] * 86400; +$iron = (int) $_POST['iron'] * 86400; +$crop = (int) $_POST['crop'] * 86400; for($i = 0; $i < $loops + 1; $i++) { diff --git a/GameEngine/Admin/Mods/giveResBonus.php b/GameEngine/Admin/Mods/giveResBonus.php index 1e7c61ee..5a2585d1 100755 --- a/GameEngine/Admin/Mods/giveResBonus.php +++ b/GameEngine/Admin/Mods/giveResBonus.php @@ -17,7 +17,7 @@ error_reporting(E_ALL); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$session = $_POST['admid']; +$session = (int) $_POST['admid']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); @@ -25,7 +25,7 @@ $sessionaccess = $access['access']; if($sessionaccess != 9) die("

Access Denied: You are not Admin!

"); -$q = "UPDATE ".TB_PREFIX."users SET gold = gold + ".$_POST['gold']." WHERE id != '0'"; +$q = "UPDATE ".TB_PREFIX."users SET gold = gold + ".(int) $_POST['gold']." WHERE id != '0'"; mysqli_query($GLOBALS["link"], $q) or die(mysqli_error($database->dblink)); header("Location: ../../../Admin/admin.php?p=maintenenceResetPlusBonus&g"); diff --git a/GameEngine/Admin/Mods/gold.php b/GameEngine/Admin/Mods/gold.php index e719d808..5245e973 100755 --- a/GameEngine/Admin/Mods/gold.php +++ b/GameEngine/Admin/Mods/gold.php @@ -17,7 +17,7 @@ error_reporting(E_ALL); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$session = $_POST['admid']; +$session = (int) $_POST['admid']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); @@ -25,7 +25,7 @@ $sessionaccess = $access['access']; if($sessionaccess != 9) die("

Access Denied: You are not Admin!

"); -$q = "UPDATE ".TB_PREFIX."users SET gold = gold + ".$_POST['gold']." WHERE id != '0'"; +$q = "UPDATE ".TB_PREFIX."users SET gold = gold + ".(int) $_POST['gold']." WHERE id != '0'"; mysqli_query($GLOBALS["link"], $q) or die(mysqli_error($database->dblink)); header("Location: ../../../Admin/admin.php?p=gold&g"); diff --git a/GameEngine/Admin/Mods/gold_1.php b/GameEngine/Admin/Mods/gold_1.php index 1599b3a9..d760afdb 100755 --- a/GameEngine/Admin/Mods/gold_1.php +++ b/GameEngine/Admin/Mods/gold_1.php @@ -15,8 +15,8 @@ include_once("../../config.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$session = $_POST['admid']; -$id = $_POST['id']; +$session = (int) $_POST['admid']; +$id = (int) $_POST['id']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); @@ -24,7 +24,7 @@ $sessionaccess = $access['access']; if($sessionaccess != 9) die("

Access Denied: You are not Admin!

"); -mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET gold = gold + ".$_POST['gold']." WHERE id = ".$id.""); +mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET gold = gold + ".(int) $_POST['gold']." WHERE id = ".$id.""); header("Location: ../../../Admin/admin.php?p=usergold&g"); ?> \ No newline at end of file diff --git a/GameEngine/Admin/Mods/mainteneceBan.php b/GameEngine/Admin/Mods/mainteneceBan.php index c9b07a8a..86fa0e0f 100755 --- a/GameEngine/Admin/Mods/mainteneceBan.php +++ b/GameEngine/Admin/Mods/mainteneceBan.php @@ -15,7 +15,11 @@ include_once("../../config.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$session = $_POST['admid']; +foreach ($_POST as $key => $value) { + $_POST[$key] = $database->escape($value); +} + +$session = (int) $_POST['admid']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); @@ -25,7 +29,7 @@ if($sessionaccess != 9) die("

Access Denied: You are not $users = mysqli_num_rows(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users")); -$duration = $_POST['duration'] * 3600; +$duration = (int) $_POST['duration'] * 3600; $start = $_POST['start']; $startts = strtotime($start); $endts = $startts + $duration; @@ -49,7 +53,7 @@ for($i = 0; $i < $loops + 1; $i++) $result = mysqli_query($GLOBALS["link"], $query); while($row = mysqli_fetch_assoc($result)) { - mysqli_query($GLOBALS["link"], "INSERT INTO ".TB_PREFIX."banlist ".$row['id'].", ".$row['username'].", ".$reason.", ".$startts.", ".$endts.", ".$admin.", ".$active.""); + mysqli_query($GLOBALS["link"], "INSERT INTO ".TB_PREFIX."banlist VALUES('', ".(int) $row['id'].", '".$row['username']."', '".$reason."', ".(int) $startts.", ".(int) $endts.", ".(int) $admin.", ".(int) $active.")"); ##mysqli_query($GLOBALS["link"], "INSERT INTO ".TB_PREFIX."banlist (`uid`, `name`, `reason`, `time`, `end`, `admin`, `active`) VALUES (".$row['id'].", '".$row['username']."' , '$reason', '$startts', '$endts', '$admin', '1')"); } } diff --git a/GameEngine/Admin/Mods/mainteneceCleanBanData.php b/GameEngine/Admin/Mods/mainteneceCleanBanData.php index 316fb7e7..afd86a46 100755 --- a/GameEngine/Admin/Mods/mainteneceCleanBanData.php +++ b/GameEngine/Admin/Mods/mainteneceCleanBanData.php @@ -15,7 +15,7 @@ include_once("../../config.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$session = $_POST['admid']; +$session = (int) $_POST['admid']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); diff --git a/GameEngine/Admin/Mods/mainteneceResetGold.php b/GameEngine/Admin/Mods/mainteneceResetGold.php index 37fe22cb..d8e84da2 100755 --- a/GameEngine/Admin/Mods/mainteneceResetGold.php +++ b/GameEngine/Admin/Mods/mainteneceResetGold.php @@ -15,7 +15,7 @@ include_once("../../config.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$session = $_POST['admid']; +$session = (int) $_POST['admid']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); diff --git a/GameEngine/Admin/Mods/mainteneceResetPlus.php b/GameEngine/Admin/Mods/mainteneceResetPlus.php index 181d32d4..e7a3c267 100755 --- a/GameEngine/Admin/Mods/mainteneceResetPlus.php +++ b/GameEngine/Admin/Mods/mainteneceResetPlus.php @@ -15,7 +15,7 @@ include_once("../../config.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$session = $_POST['admid']; +$session = (int) $_POST['admid']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); diff --git a/GameEngine/Admin/Mods/mainteneceResetPlusBonus.php b/GameEngine/Admin/Mods/mainteneceResetPlusBonus.php index c91db6d1..a03a30a0 100755 --- a/GameEngine/Admin/Mods/mainteneceResetPlusBonus.php +++ b/GameEngine/Admin/Mods/mainteneceResetPlusBonus.php @@ -15,7 +15,7 @@ include_once("../../config.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$session = $_POST['admid']; +$session = (int) $_POST['admid']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); diff --git a/GameEngine/Admin/Mods/mainteneceUnban.php b/GameEngine/Admin/Mods/mainteneceUnban.php index 2d177889..e2ea375e 100755 --- a/GameEngine/Admin/Mods/mainteneceUnban.php +++ b/GameEngine/Admin/Mods/mainteneceUnban.php @@ -15,7 +15,11 @@ include_once("../../config.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$session = $_POST['admid']; +foreach ($_POST as $key => $value) { + $_POST[$key] = $database->escape($value); +} + +$session = (int) $_POST['admid']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); diff --git a/GameEngine/Admin/Mods/medals.php b/GameEngine/Admin/Mods/medals.php index a9777aea..21831829 100755 --- a/GameEngine/Admin/Mods/medals.php +++ b/GameEngine/Admin/Mods/medals.php @@ -18,8 +18,9 @@ mysqli_select_db($GLOBALS["link"], SQL_DB); if (!isset($_SESSION)) session_start(); if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!"); -$medalid = $_POST['medalid']; -$uid = $_POST['uid']; +$medalid = (int) $_POST['medalid']; +$uid = (int) $_POST['uid']; +$admid = (int) $_POST['admid']; mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."medal set del = 1 WHERE id = ".$medalid.""); @@ -29,7 +30,7 @@ $name = mysqli_result($name, 0); mysqli_query($GLOBALS["link"], "Insert into ".TB_PREFIX."admin_log values (0,$admid,'Deleted medal id [#".$medalid."] from the user $name ',".time().")"); -$deleteweek = $_POST['medalweek']; +$deleteweek = (int) $_POST['medalweek']; mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."medal set del = 1 WHERE week = ".$deleteweek.""); header("Location: ../../../Admin/admin.php?p=player&uid=".$uid.""); diff --git a/GameEngine/Admin/Mods/natarbuildingplan.php b/GameEngine/Admin/Mods/natarbuildingplan.php index ca1eefeb..39110996 100755 --- a/GameEngine/Admin/Mods/natarbuildingplan.php +++ b/GameEngine/Admin/Mods/natarbuildingplan.php @@ -15,8 +15,8 @@ include_once("../../Automation.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$id = $_POST['id']; -$amt = $_POST['vill_amount']; +$id = (int) $_POST['id']; +$amt = (int) $_POST['vill_amount']; for($i=1;$i<=$amt;$i++) { diff --git a/GameEngine/Admin/Mods/natarend.php b/GameEngine/Admin/Mods/natarend.php index 0858a71d..0f421a88 100755 --- a/GameEngine/Admin/Mods/natarend.php +++ b/GameEngine/Admin/Mods/natarend.php @@ -15,8 +15,8 @@ include_once("../../Automation.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$id = $_POST['id']; -$amt = $_POST['vill_amount']; +$id = (int) $_POST['id']; +$amt = (int) $_POST['vill_amount']; for($i=1;$i<=$amt;$i++) { diff --git a/GameEngine/Admin/Mods/recalcWH.php b/GameEngine/Admin/Mods/recalcWH.php index a0c9f1ca..8ff3dd99 100755 --- a/GameEngine/Admin/Mods/recalcWH.php +++ b/GameEngine/Admin/Mods/recalcWH.php @@ -12,11 +12,15 @@ if (!isset($_SESSION)) session_start(); if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!"); include_once("../../config.php"); +foreach ($_POST as $key => $value) { + $_POST[$key] = $database->escape($value); +} + $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$session = $_POST['admid']; -$id = $_POST['id']; +$session = (int) $_POST['admid']; +$id = (int) $_POST['id']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); diff --git a/GameEngine/Admin/Mods/renameVillage.php b/GameEngine/Admin/Mods/renameVillage.php index 255520ed..59be09d1 100755 --- a/GameEngine/Admin/Mods/renameVillage.php +++ b/GameEngine/Admin/Mods/renameVillage.php @@ -15,9 +15,15 @@ include_once("../../config.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$did = $_POST['did']; +$nameorig = $_POST['villagename']; + +foreach ($_POST as $key => $value) { + $_POST[$key] = $database->escape($value); +} + +$did = (int) $_POST['did']; $name = $_POST['villagename']; -$session = $_POST['admid']; +$session = (int) $_POST['admid']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); $access = mysqli_fetch_array($sql); @@ -28,5 +34,5 @@ if($sessionaccess != 9) die("

Access Denied: You are not $sql = "UPDATE ".TB_PREFIX."vdata SET name = '$name' WHERE wref = $did"; mysqli_query($GLOBALS["link"], $sql); -header("Location: ../../../Admin/admin.php?p=village&did=".$did."&name=".$name.""); +header("Location: ../../../Admin/admin.php?p=village&did=".$did."&name=".$nameorig.""); ?> \ No newline at end of file diff --git a/GameEngine/Admin/Mods/sendMessage.php b/GameEngine/Admin/Mods/sendMessage.php index fb3bee1b..e5a6afde 100755 --- a/GameEngine/Admin/Mods/sendMessage.php +++ b/GameEngine/Admin/Mods/sendMessage.php @@ -15,7 +15,7 @@ include_once("../../config.php"); $GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS); mysqli_select_db($GLOBALS["link"], SQL_DB); -$session = $_POST['admid']; +$session = (int) $_POST['admid']; $sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); diff --git a/GameEngine/Admin/database.php b/GameEngine/Admin/database.php index 54e365bd..32b179d5 100755 --- a/GameEngine/Admin/database.php +++ b/GameEngine/Admin/database.php @@ -16,6 +16,14 @@ ## Source code: https://github.com/Shadowss/TravianZ ## ## ## ################################################################################# +if (!function_exists('mysqli_result')) { + function mysqli_result($res, $row, $field=0) { + $res->data_seek($row); + $datarow = $res->fetch_array(); + return $datarow[$field]; + } +} + if(isset($gameinstall) && $gameinstall == 1){ include_once("../../GameEngine/config.php"); include_once("../../GameEngine/Data/buidata.php"); @@ -35,6 +43,8 @@ class adm_DB { } function Login($username,$password){ + global $database; + list($username,$password) = $database->escape_input($username,$password); $q = "SELECT password FROM ".TB_PREFIX."users where username = '$username' and access >= ".MULTIHUNTER; $result = mysqli_query($this->connection,$q); $dbarray = mysqli_fetch_array($result); @@ -70,7 +80,7 @@ class adm_DB { } } - $q = "UPDATE ".TB_PREFIX."vdata set pop = $popTot where wref = $vid"; + $q = "UPDATE ".TB_PREFIX."vdata set pop = $popTot where wref = ".(int) $vid; mysqli_query($this->connection, $q); } @@ -85,7 +95,7 @@ class adm_DB { $popTot += $this->buildingCP($building,$lvl); } } - $q = "UPDATE ".TB_PREFIX."vdata set cp = $popTot where wref = $vid"; + $q = "UPDATE ".TB_PREFIX."vdata set cp = $popTot where wref = ".(int) $vid; mysqli_query($this->connection,$q); } @@ -114,7 +124,7 @@ class adm_DB { } function getWref($x,$y) { - $q = "SELECT id FROM ".TB_PREFIX."wdata where x = $x and y = $y"; + $q = "SELECT id FROM ".TB_PREFIX."wdata where x = ".(int) $x." and y = ".(int) $y; $result = mysqli_query($this->connection,$q); $r = mysqli_fetch_array($result); return $r['id']; @@ -127,7 +137,7 @@ class adm_DB { $status = $database->getVillageState($wid); $status = 0; if($status == 0){ - mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Added new village $wid to user $uid',".time().")"); + mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Added new village $wid to user $uid',".time().")"); $database->setFieldTaken($wid); $database->addVillage($wid,$uid,'new village','0'); $database->addResourceFields($wid,$database->getVillageType($wid)); @@ -164,23 +174,23 @@ class adm_DB { } if($post['clean_ware']){ $time = time(); - $q = "UPDATE ".TB_PREFIX."vdata SET `wood` = '0', `clay` = '0', `iron` = '0', `crop` = '0', `lastupdate` = '$time' WHERE wref = $vid;"; + $q = "UPDATE ".TB_PREFIX."vdata SET `wood` = '0', `clay` = '0', `iron` = '0', `crop` = '0', `lastupdate` = '$time' WHERE wref = ".(int) $vid; mysqli_query($this->connection,$q); } } - mysqli_query($this->connection,"Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Punished user: ".$post['uid']." with -".$post['punish']."% population',".time().")"); + mysqli_query($this->connection,"Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Punished user: ".(int) $post['uid']." with -".(int) $post['punish']."% population',".time().")"); } function PunishBuilding($vid,$proc,$pop){ global $database; - $q = "UPDATE ".TB_PREFIX."vdata set pop = $pop where wref = $vid;"; + $q = "UPDATE ".TB_PREFIX."vdata set pop = ".(int) $pop." where wref = ".(int) $vid; mysqli_query($this->connection,$q); $fdata = $database->getResourceLevel($vid); for ($i = 1; $i <= 40; $i++) { if($fdata['f'.$i]>1){ $zm = ($fdata['f'.$i]/100)*$proc; if($zm < 1){$zm = 1;}else{$zm = floor($zm);} - $q = "UPDATE ".TB_PREFIX."fdata SET `f$i` = '$zm' WHERE `vref` = $vid;"; + $q = "UPDATE ".TB_PREFIX."fdata SET `f$i` = '$zm' WHERE `vref` = ".(int) $vid; mysqli_query($this->connection, $q); } } @@ -193,24 +203,24 @@ class adm_DB { } function DelUnits2($vid,$unit){ - $q = "UPDATE ".TB_PREFIX."units SET `u$unit` = '0' WHERE `vref` = $vid;"; + $q = "UPDATE ".TB_PREFIX."units SET `u$unit` = '0' WHERE `vref` = ".(int) $vid; mysqli_query($this->connection,$q); } function DelPlayer($uid,$pass){ global $database; - $ID = $_SESSION['id'];//$database->getUserField($_SESSION['username'],'id',1); + $ID = (int) $_SESSION['id'];//$database->getUserField($_SESSION['username'],'id',1); if($this->CheckPass($pass,$ID)){ $villages = $database->getProfileVillages($uid); for ($i = 0; $i <= count($villages)-1; $i++) { $this->DelVillage($villages[$i]['wref'], 1); } - $q = "DELETE FROM ".TB_PREFIX."hero where uid = $uid"; + $q = "DELETE FROM ".TB_PREFIX."hero where uid = ".(int) $uid; mysqli_query($this->connection,$q); $name = $database->getUserField($uid,"username",0); mysqli_query($this->connection,"Insert into ".TB_PREFIX."admin_log values (0,$ID,'Deleted user $name',".time().")"); - $q = "DELETE FROM ".TB_PREFIX."users WHERE `id` = $uid;"; + $q = "DELETE FROM ".TB_PREFIX."users WHERE `id` = ".(int) $uid; mysqli_query($this->connection,$q); } } @@ -223,7 +233,7 @@ class adm_DB { } function CheckPass($password,$uid){ - $q = "SELECT password FROM ".TB_PREFIX."users where id = '$uid' and access = ".ADMIN; + $q = "SELECT password FROM ".TB_PREFIX."users where id = ".(int) $uid." and access = ".ADMIN; $result = mysqli_query($this->connection, $q); $dbarray = mysqli_fetch_array($result); if($dbarray['password'] == md5($password)) { @@ -235,6 +245,7 @@ class adm_DB { function DelVillage($wref, $mode=0){ global $database; + $wref = (int) $wref; if($mode==0){ $q = "SELECT * FROM ".TB_PREFIX."vdata WHERE `wref` = $wref and capital = 0"; }else{ @@ -242,7 +253,7 @@ class adm_DB { } $result = mysqli_query($this->connection, $q); if(mysqli_num_rows($result) > 0){ - mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Deleted village $wref',".time().")"); + mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Deleted village $wref',".time().")"); $database->clearExpansionSlot($wref); @@ -315,8 +326,9 @@ class adm_DB { function DelBan($uid,$id){ global $database; - $name = addslashes($database->getUserField($uid,"username",0)); - mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Unbanned user $name',".time().")"); + $name = addslashes($database->getUserField($uid,"username",0)); + $uid = (int) $uid; + mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Unbanned user $name',".time().")"); $q = "UPDATE ".TB_PREFIX."users SET `access` = '".USER."' WHERE `id` = $uid;"; mysqli_query($this->connection, $q); $q = "UPDATE ".TB_PREFIX."banlist SET `active` = '0' WHERE `id` = $id;"; @@ -326,41 +338,53 @@ class adm_DB { function AddBan($uid,$end,$reason){ global $database; $name = addslashes($database->getUserField($uid,"username",0)); - mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Banned user $name',".time().")"); - $q = "UPDATE ".TB_PREFIX."users SET `access` = '0' WHERE `id` = $uid;"; + list($end,$reason) = $database->escape_input($end,$reason); + $uid = (int) $uid; + mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Banned user $name',".time().")"); + $q = "UPDATE ".TB_PREFIX."users SET `access` = '0' WHERE `id` = $uid"; mysqli_query($this->connection, $q); $time = time(); - $admin = $_SESSION['id']; //$database->getUserField($_SESSION['username'],'id',1); + $admin = (int) $_SESSION['id']; //$database->getUserField($_SESSION['username'],'id',1); $name = addslashes($database->getUserField($uid,'username',0)); $q = "INSERT INTO ".TB_PREFIX."banlist (`uid`, `name`, `reason`, `time`, `end`, `admin`, `active`) VALUES ($uid, '$name' , '$reason', '$time', '$end', '$admin', '1');"; mysqli_query($this->connection, $q); } function search_player($player){ + global $database; + $player = $database->escape($player); $q = "SELECT id,username FROM ".TB_PREFIX."users WHERE `username` LIKE '%$player%' and username != 'support'"; $result = mysqli_query($this->connection, $q); return $this->mysqli_fetch_all($result); } function search_email($email){ + global $database; + $email = $database->escape($email); $q = "SELECT id,email FROM ".TB_PREFIX."users WHERE `email` LIKE '%$email%' and username != 'support'"; $result = mysqli_query($this->connection, $q); return $this->mysqli_fetch_all($result); } function search_village($village){ + global $database; + $village = $database->escape($village); $q = "SELECT * FROM ".TB_PREFIX."vdata WHERE `name` LIKE '%$village%' or `wref` LIKE '%$village%'"; $result = mysqli_query($this->connection, $q); return $this->mysqli_fetch_all($result); } function search_alliance($alliance){ + global $database; + $alliance = $database->escape($alliance); $q = "SELECT * FROM ".TB_PREFIX."alidata WHERE `name` LIKE '%$alliance%' or `tag` LIKE '%$alliance%' or `id` LIKE '%$alliance%'"; $result = mysqli_query($this->connection, $q); return $this->mysqli_fetch_all($result); } function search_ip($ip){ + global $database; + $ip = $database->escape($ip); $q = "SELECT * FROM ".TB_PREFIX."login_log WHERE `ip` LIKE '%$ip%'"; $result = mysqli_query($this->connection, $q); return $this->mysqli_fetch_all($result); @@ -519,7 +543,7 @@ class adm_DB { } if( intval($enforce['hero']) > 0){ - $q = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".$from['owner'].""; + $q = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".(int) $from['owner'].""; $result = mysqli_query($q); $hero_f=mysqli_fetch_array($result); $hero_unit=$hero_f['unit']; diff --git a/GameEngine/Admin/function.php b/GameEngine/Admin/function.php index 7b97d5b2..1e3faca6 100755 --- a/GameEngine/Admin/function.php +++ b/GameEngine/Admin/function.php @@ -92,10 +92,10 @@ class funct { header("Location: admin.php?p=player&uid=".$get['uid'].$error); exit; case "reviveHero": - $result=$database->query("SELECT * FROM ".TB_PREFIX."hero WHERE uid='".$get['uid']."'"); + $result=$database->query("SELECT * FROM ".TB_PREFIX."hero WHERE uid=".(int) $get['uid']); $hdata=mysqli_fetch_array($result); - $database->query("UPDATE ".TB_PREFIX."units SET hero = 1 WHERE vref = ".$hdata['wref']); - $database->query("UPDATE ".TB_PREFIX."hero SET `dead` = '0', `inrevive` = '0', `health` = '100', `lastupdate` = ".time()." WHERE `uid` = '".$get['uid']."'"); + $database->query("UPDATE ".TB_PREFIX."units SET hero = 1 WHERE vref = ".(int) $hdata['wref']); + $database->query("UPDATE ".TB_PREFIX."hero SET `dead` = '0', `inrevive` = '0', `health` = '100', `lastupdate` = ".time()." WHERE `uid` = ".(int) $get['uid']); header("Location: admin.php?p=player&uid=".$get['uid']."&rc=1"); exit; case "addHero": @@ -104,10 +104,10 @@ class funct { $database->query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, - `intraining`) VALUES ('".$get['uid']."', '" . $vilarray['wref'] . "', '0', '".$get['u']."', '".addslashes($user['username'])."', + `intraining`) VALUES (".(int) $get['uid'].", " . (int) $vilarray['wref'] . ", '0', ".(int) $get['u'].", '".addslashes($user['username'])."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".time()."', '50', '0')"); - $database->query("UPDATE ".TB_PREFIX."units SET hero = 1 WHERE vref = ".$vilarray['wref']); + $database->query("UPDATE ".TB_PREFIX."units SET hero = 1 WHERE vref = ".(int) $vilarray['wref']); header("Location: admin.php?p=player&uid=".$get['uid']."&ac=1"); exit;