mirror of
https://github.com/Shadowss/TravianZ.git
synced 2026-07-08 21:56:09 +00:00
fix: remove SQL injections in Admin
This commit is contained in:
@@ -16,6 +16,14 @@
|
||||
## Source code: https://github.com/Shadowss/TravianZ ##
|
||||
## ##
|
||||
#################################################################################
|
||||
if (!function_exists('mysqli_result')) {
|
||||
function mysqli_result($res, $row, $field=0) {
|
||||
$res->data_seek($row);
|
||||
$datarow = $res->fetch_array();
|
||||
return $datarow[$field];
|
||||
}
|
||||
}
|
||||
|
||||
if(isset($gameinstall) && $gameinstall == 1){
|
||||
include_once("../../GameEngine/config.php");
|
||||
include_once("../../GameEngine/Data/buidata.php");
|
||||
@@ -35,6 +43,8 @@ class adm_DB {
|
||||
}
|
||||
|
||||
function Login($username,$password){
|
||||
global $database;
|
||||
list($username,$password) = $database->escape_input($username,$password);
|
||||
$q = "SELECT password FROM ".TB_PREFIX."users where username = '$username' and access >= ".MULTIHUNTER;
|
||||
$result = mysqli_query($this->connection,$q);
|
||||
$dbarray = mysqli_fetch_array($result);
|
||||
@@ -70,7 +80,7 @@ class adm_DB {
|
||||
}
|
||||
}
|
||||
|
||||
$q = "UPDATE ".TB_PREFIX."vdata set pop = $popTot where wref = $vid";
|
||||
$q = "UPDATE ".TB_PREFIX."vdata set pop = $popTot where wref = ".(int) $vid;
|
||||
mysqli_query($this->connection, $q);
|
||||
}
|
||||
|
||||
@@ -85,7 +95,7 @@ class adm_DB {
|
||||
$popTot += $this->buildingCP($building,$lvl);
|
||||
}
|
||||
}
|
||||
$q = "UPDATE ".TB_PREFIX."vdata set cp = $popTot where wref = $vid";
|
||||
$q = "UPDATE ".TB_PREFIX."vdata set cp = $popTot where wref = ".(int) $vid;
|
||||
mysqli_query($this->connection,$q);
|
||||
}
|
||||
|
||||
@@ -114,7 +124,7 @@ class adm_DB {
|
||||
}
|
||||
|
||||
function getWref($x,$y) {
|
||||
$q = "SELECT id FROM ".TB_PREFIX."wdata where x = $x and y = $y";
|
||||
$q = "SELECT id FROM ".TB_PREFIX."wdata where x = ".(int) $x." and y = ".(int) $y;
|
||||
$result = mysqli_query($this->connection,$q);
|
||||
$r = mysqli_fetch_array($result);
|
||||
return $r['id'];
|
||||
@@ -127,7 +137,7 @@ class adm_DB {
|
||||
$status = $database->getVillageState($wid);
|
||||
$status = 0;
|
||||
if($status == 0){
|
||||
mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Added new village <b><a href=\'admin.php?p=village&did=$wid\'>$wid</a></b> to user <b><a href=\'admin.php?p=player&uid=$uid\'>$uid</a></b>',".time().")");
|
||||
mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Added new village <b><a href=\'admin.php?p=village&did=$wid\'>$wid</a></b> to user <b><a href=\'admin.php?p=player&uid=$uid\'>$uid</a></b>',".time().")");
|
||||
$database->setFieldTaken($wid);
|
||||
$database->addVillage($wid,$uid,'new village','0');
|
||||
$database->addResourceFields($wid,$database->getVillageType($wid));
|
||||
@@ -164,23 +174,23 @@ class adm_DB {
|
||||
}
|
||||
if($post['clean_ware']){
|
||||
$time = time();
|
||||
$q = "UPDATE ".TB_PREFIX."vdata SET `wood` = '0', `clay` = '0', `iron` = '0', `crop` = '0', `lastupdate` = '$time' WHERE wref = $vid;";
|
||||
$q = "UPDATE ".TB_PREFIX."vdata SET `wood` = '0', `clay` = '0', `iron` = '0', `crop` = '0', `lastupdate` = '$time' WHERE wref = ".(int) $vid;
|
||||
mysqli_query($this->connection,$q);
|
||||
}
|
||||
}
|
||||
mysqli_query($this->connection,"Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Punished user: <a href=\'admin.php?p=player&uid=".$post['uid']."\'>".$post['uid']."</a> with <b>-".$post['punish']."%</b> population',".time().")");
|
||||
mysqli_query($this->connection,"Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Punished user: <a href=\'admin.php?p=player&uid=".(int) $post['uid']."\'>".(int) $post['uid']."</a> with <b>-".(int) $post['punish']."%</b> population',".time().")");
|
||||
}
|
||||
|
||||
function PunishBuilding($vid,$proc,$pop){
|
||||
global $database;
|
||||
$q = "UPDATE ".TB_PREFIX."vdata set pop = $pop where wref = $vid;";
|
||||
$q = "UPDATE ".TB_PREFIX."vdata set pop = ".(int) $pop." where wref = ".(int) $vid;
|
||||
mysqli_query($this->connection,$q);
|
||||
$fdata = $database->getResourceLevel($vid);
|
||||
for ($i = 1; $i <= 40; $i++) {
|
||||
if($fdata['f'.$i]>1){
|
||||
$zm = ($fdata['f'.$i]/100)*$proc;
|
||||
if($zm < 1){$zm = 1;}else{$zm = floor($zm);}
|
||||
$q = "UPDATE ".TB_PREFIX."fdata SET `f$i` = '$zm' WHERE `vref` = $vid;";
|
||||
$q = "UPDATE ".TB_PREFIX."fdata SET `f$i` = '$zm' WHERE `vref` = ".(int) $vid;
|
||||
mysqli_query($this->connection, $q);
|
||||
}
|
||||
}
|
||||
@@ -193,24 +203,24 @@ class adm_DB {
|
||||
}
|
||||
|
||||
function DelUnits2($vid,$unit){
|
||||
$q = "UPDATE ".TB_PREFIX."units SET `u$unit` = '0' WHERE `vref` = $vid;";
|
||||
$q = "UPDATE ".TB_PREFIX."units SET `u$unit` = '0' WHERE `vref` = ".(int) $vid;
|
||||
mysqli_query($this->connection,$q);
|
||||
}
|
||||
|
||||
function DelPlayer($uid,$pass){
|
||||
global $database;
|
||||
$ID = $_SESSION['id'];//$database->getUserField($_SESSION['username'],'id',1);
|
||||
$ID = (int) $_SESSION['id'];//$database->getUserField($_SESSION['username'],'id',1);
|
||||
if($this->CheckPass($pass,$ID)){
|
||||
$villages = $database->getProfileVillages($uid);
|
||||
for ($i = 0; $i <= count($villages)-1; $i++) {
|
||||
$this->DelVillage($villages[$i]['wref'], 1);
|
||||
}
|
||||
$q = "DELETE FROM ".TB_PREFIX."hero where uid = $uid";
|
||||
$q = "DELETE FROM ".TB_PREFIX."hero where uid = ".(int) $uid;
|
||||
mysqli_query($this->connection,$q);
|
||||
|
||||
$name = $database->getUserField($uid,"username",0);
|
||||
mysqli_query($this->connection,"Insert into ".TB_PREFIX."admin_log values (0,$ID,'Deleted user <a>$name</a>',".time().")");
|
||||
$q = "DELETE FROM ".TB_PREFIX."users WHERE `id` = $uid;";
|
||||
$q = "DELETE FROM ".TB_PREFIX."users WHERE `id` = ".(int) $uid;
|
||||
mysqli_query($this->connection,$q);
|
||||
}
|
||||
}
|
||||
@@ -223,7 +233,7 @@ class adm_DB {
|
||||
}
|
||||
|
||||
function CheckPass($password,$uid){
|
||||
$q = "SELECT password FROM ".TB_PREFIX."users where id = '$uid' and access = ".ADMIN;
|
||||
$q = "SELECT password FROM ".TB_PREFIX."users where id = ".(int) $uid." and access = ".ADMIN;
|
||||
$result = mysqli_query($this->connection, $q);
|
||||
$dbarray = mysqli_fetch_array($result);
|
||||
if($dbarray['password'] == md5($password)) {
|
||||
@@ -235,6 +245,7 @@ class adm_DB {
|
||||
|
||||
function DelVillage($wref, $mode=0){
|
||||
global $database;
|
||||
$wref = (int) $wref;
|
||||
if($mode==0){
|
||||
$q = "SELECT * FROM ".TB_PREFIX."vdata WHERE `wref` = $wref and capital = 0";
|
||||
}else{
|
||||
@@ -242,7 +253,7 @@ class adm_DB {
|
||||
}
|
||||
$result = mysqli_query($this->connection, $q);
|
||||
if(mysqli_num_rows($result) > 0){
|
||||
mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Deleted village <b>$wref</b>',".time().")");
|
||||
mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Deleted village <b>$wref</b>',".time().")");
|
||||
|
||||
$database->clearExpansionSlot($wref);
|
||||
|
||||
@@ -315,8 +326,9 @@ class adm_DB {
|
||||
|
||||
function DelBan($uid,$id){
|
||||
global $database;
|
||||
$name = addslashes($database->getUserField($uid,"username",0));
|
||||
mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Unbanned user <a href=\'admin.php?p=player&uid=$uid\'>$name</a>',".time().")");
|
||||
$name = addslashes($database->getUserField($uid,"username",0));
|
||||
$uid = (int) $uid;
|
||||
mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Unbanned user <a href=\'admin.php?p=player&uid=$uid\'>$name</a>',".time().")");
|
||||
$q = "UPDATE ".TB_PREFIX."users SET `access` = '".USER."' WHERE `id` = $uid;";
|
||||
mysqli_query($this->connection, $q);
|
||||
$q = "UPDATE ".TB_PREFIX."banlist SET `active` = '0' WHERE `id` = $id;";
|
||||
@@ -326,41 +338,53 @@ class adm_DB {
|
||||
function AddBan($uid,$end,$reason){
|
||||
global $database;
|
||||
$name = addslashes($database->getUserField($uid,"username",0));
|
||||
mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Banned user <a href=\'admin.php?p=player&uid=$uid\'>$name</a>',".time().")");
|
||||
$q = "UPDATE ".TB_PREFIX."users SET `access` = '0' WHERE `id` = $uid;";
|
||||
list($end,$reason) = $database->escape_input($end,$reason);
|
||||
$uid = (int) $uid;
|
||||
mysqli_query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Banned user <a href=\'admin.php?p=player&uid=$uid\'>$name</a>',".time().")");
|
||||
$q = "UPDATE ".TB_PREFIX."users SET `access` = '0' WHERE `id` = $uid";
|
||||
mysqli_query($this->connection, $q);
|
||||
$time = time();
|
||||
$admin = $_SESSION['id']; //$database->getUserField($_SESSION['username'],'id',1);
|
||||
$admin = (int) $_SESSION['id']; //$database->getUserField($_SESSION['username'],'id',1);
|
||||
$name = addslashes($database->getUserField($uid,'username',0));
|
||||
$q = "INSERT INTO ".TB_PREFIX."banlist (`uid`, `name`, `reason`, `time`, `end`, `admin`, `active`) VALUES ($uid, '$name' , '$reason', '$time', '$end', '$admin', '1');";
|
||||
mysqli_query($this->connection, $q);
|
||||
}
|
||||
|
||||
function search_player($player){
|
||||
global $database;
|
||||
$player = $database->escape($player);
|
||||
$q = "SELECT id,username FROM ".TB_PREFIX."users WHERE `username` LIKE '%$player%' and username != 'support'";
|
||||
$result = mysqli_query($this->connection, $q);
|
||||
return $this->mysqli_fetch_all($result);
|
||||
}
|
||||
|
||||
function search_email($email){
|
||||
global $database;
|
||||
$email = $database->escape($email);
|
||||
$q = "SELECT id,email FROM ".TB_PREFIX."users WHERE `email` LIKE '%$email%' and username != 'support'";
|
||||
$result = mysqli_query($this->connection, $q);
|
||||
return $this->mysqli_fetch_all($result);
|
||||
}
|
||||
|
||||
function search_village($village){
|
||||
global $database;
|
||||
$village = $database->escape($village);
|
||||
$q = "SELECT * FROM ".TB_PREFIX."vdata WHERE `name` LIKE '%$village%' or `wref` LIKE '%$village%'";
|
||||
$result = mysqli_query($this->connection, $q);
|
||||
return $this->mysqli_fetch_all($result);
|
||||
}
|
||||
|
||||
function search_alliance($alliance){
|
||||
global $database;
|
||||
$alliance = $database->escape($alliance);
|
||||
$q = "SELECT * FROM ".TB_PREFIX."alidata WHERE `name` LIKE '%$alliance%' or `tag` LIKE '%$alliance%' or `id` LIKE '%$alliance%'";
|
||||
$result = mysqli_query($this->connection, $q);
|
||||
return $this->mysqli_fetch_all($result);
|
||||
}
|
||||
|
||||
function search_ip($ip){
|
||||
global $database;
|
||||
$ip = $database->escape($ip);
|
||||
$q = "SELECT * FROM ".TB_PREFIX."login_log WHERE `ip` LIKE '%$ip%'";
|
||||
$result = mysqli_query($this->connection, $q);
|
||||
return $this->mysqli_fetch_all($result);
|
||||
@@ -519,7 +543,7 @@ class adm_DB {
|
||||
}
|
||||
|
||||
if( intval($enforce['hero']) > 0){
|
||||
$q = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".$from['owner']."";
|
||||
$q = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".(int) $from['owner']."";
|
||||
$result = mysqli_query($q);
|
||||
$hero_f=mysqli_fetch_array($result);
|
||||
$hero_unit=$hero_f['unit'];
|
||||
|
||||
Reference in New Issue
Block a user