diff --git a/GameEngine/Account.php b/GameEngine/Account.php
index 7a7032f2..8f6f7a8a 100644
--- a/GameEngine/Account.php
+++ b/GameEngine/Account.php
@@ -203,7 +203,7 @@ class Account {
private function Logout() {
global $session,$database;
unset($_SESSION['wid']);
- $database->activeModify($session->username,1);
+ $database->activeModify(addslashes($session->username),1);
$database->UpdateOnline("logout") or die(mysql_error());
$session->Logout();
}
diff --git a/GameEngine/Automation.php b/GameEngine/Automation.php
index 55f324ec..f005e47d 100644
--- a/GameEngine/Automation.php
+++ b/GameEngine/Automation.php
@@ -1322,7 +1322,7 @@ class Automation {
}
$dead['hero']='0';
if($unitlist){
- $dead['hero']+=$battlepart['deadherodef'][$DefenderID];
+ $dead['hero']+=$battlepart['deadherodef'];
$database->modifyUnit($data['to'],array("hero"),array($battlepart['deadherodef']),array(0));
}
//kill other defence in village
@@ -1335,7 +1335,11 @@ class Automation {
$tribe = 4;
}
$start = ($tribe-1)*10+1;
-
+ $totalreinfunits = 0;
+ for($i=1;$i<=50;$i++) {
+ $totalreinfunits += $enforce['u'.$i];
+ }
+ if($totalreinfunits > 0){
if($tribe == 1){ $rom='1'; } else if($tribe == 2){ $ger='1'; }else if($tribe == 3){ $gal='1'; }else if($tribe == 4){ $nat='1'; } else { $natar='1'; }
for($i=$start;$i<=($start+9);$i++) {
if($enforce['u'.$i]>'0'){
@@ -1349,6 +1353,7 @@ class Automation {
$dead[$i]='0';
}
}
+ }
if($enforce['hero']>'0'){
$database->modifyEnforce($enforce['id'],"hero",$battlepart['deadheroref'][$enforce['id']],0);
$dead['hero']+=$battlepart['deadheroref'][$enforce['id']];
diff --git a/GameEngine/Battle.php b/GameEngine/Battle.php
index 7da3ee39..673fa615 100644
--- a/GameEngine/Battle.php
+++ b/GameEngine/Battle.php
@@ -232,7 +232,7 @@ class Battle {
if($Defender['hero'] != 0)
{
//exit($DefenderID);
- $defhero[$DefenderWref] = $this->getBattleHero($DefenderID);
+ $defenderhero = $this->getBattleHero($DefenderID);
}
$DefendersAll = $database->getEnforceVillage($DefenderWref,0);
@@ -344,8 +344,8 @@ class Battle {
$units['Def_unit'][$y] = $Defender['u'.$y];
}
if ($Defender['hero'] != 0){
- $dp += $defhero[$DefenderWref]['di'] * 35;
- $dp = $dp * $defhero[$DefenderWref]['db'];
+ $dp += $defenderhero['di'] * 35;
+ $dp = $dp * $defenderhero['db'];
}
$DefendersAll = $database->getEnforceVillage($DefenderWref,0);
if(!empty($DefendersAll)){
@@ -377,10 +377,10 @@ class Battle {
if($Defender['hero'] != 0)
{
$units['Def_unit']['hero'] = $Defender['hero'];
- $cdp += $defhero[$DefenderWref]['dc'];
- $dp += $defhero[$DefenderWref]['di'];
- $dp = $dp * $defhero[$DefenderWref]['db'];
- $cdp = $cdp * $defhero[$DefenderWref]['db'];
+ $cdp += $defenderhero['dc'];
+ $dp += $defenderhero['di'];
+ $dp = $dp * $defenderhero['db'];
+ $cdp = $cdp * $defenderhero['db'];
}
$DefendersAll = $database->getEnforceVillage($DefenderWref,0);
if(!empty($DefendersAll)){
@@ -627,7 +627,7 @@ class Battle {
if ($units['Def_unit']['hero']>0)
{
- $_result=mysql_query("select * from " . TB_PREFIX . "hero where `dead`='0' and `heroid`='".$defhero[$DefenderWref]['heroid']."'");
+ $_result=mysql_query("select * from " . TB_PREFIX . "hero where `dead`='0' and `heroid`='".$defenderhero['heroid']."'");
$fdb = mysql_fetch_array($_result);
$hero_id=$fdb['heroid'];
$hero_health=$fdb['health'];
@@ -635,13 +635,13 @@ class Battle {
if ($hero_health<=$damage_health or $damage_health>90)
{
//hero die
- $result['deadherodef'][$defhero[$DefenderWref]['uid']] = 1;
+ $result['deadherodef'] = 1;
mysql_query("update " . TB_PREFIX . "hero set `dead`='1' where `heroid`='".$hero_id."'");
mysql_query("update " . TB_PREFIX . "hero set `health`='0' where `heroid`='".$hero_id."'");
}
else
{
- $result['deadherodef'][$defhero[$DefenderWref]['uid']] = 0;
+ $result['deadherodef'] = 0;
mysql_query("update " . TB_PREFIX . "hero set `health`=`health`-".$damage_health." where `heroid`='".$hero_id."'");
}
}
diff --git a/GameEngine/Database/db_MYSQL.php b/GameEngine/Database/db_MYSQL.php
index 0b20b2d0..b53568a3 100644
--- a/GameEngine/Database/db_MYSQL.php
+++ b/GameEngine/Database/db_MYSQL.php
@@ -330,7 +330,7 @@ class MYSQL_DB {
$q = "INSERT IGNORE INTO " . TB_PREFIX . "online (name, uid, time, sit) VALUES ('$name', '$uid', " . time() . ", 1)";
return mysql_query($q, $this->connection);
} else {
- $q = "DELETE FROM " . TB_PREFIX . "online WHERE name ='" . $session->username . "'";
+ $q = "DELETE FROM " . TB_PREFIX . "online WHERE name ='" . addslashes($session->username) . "'";
return mysql_query($q, $this->connection);
}
}
diff --git a/GameEngine/Market.php b/GameEngine/Market.php
index 313758b4..6600f620 100644
--- a/GameEngine/Market.php
+++ b/GameEngine/Market.php
@@ -95,13 +95,8 @@ class Market {
$reqMerc = ceil((array_sum($resource)-0.1)/$this->maxcarry);
if($this->merchantAvail() != 0 && $reqMerc <= $this->merchantAvail()) {
- if(isset($post['x']) && isset($post['y']) && $post['x'] != "" && $post['y'] != "") {
- $coor = array('x'=>$post['x'], 'y'=>$post['y']);
- $id = $generator->getBaseID($coor['x'],$coor['y']);
- }else if(isset($post['dname']) && $post['dname'] != "") {
- $id = $database->getVillageByName($post['dname']);
+ $id = $post['getwref'];
$coor = $database->getCoor($id);
- }
if($database->getVillageState($id)) {
$timetaken = $generator->procDistanceTime($coor,$village->coor,$session->tribe,0);
$res = $resource[0]+$resource[1]+$resource[2]+$resource[3];
diff --git a/GameEngine/Message.php b/GameEngine/Message.php
index 5d69c4a6..e213102d 100644
--- a/GameEngine/Message.php
+++ b/GameEngine/Message.php
@@ -40,9 +40,9 @@ class Message {
break;
case "m2":
if ($post['an'] == "[ally]"){
- $this->sendAMessage($post['be'],$post['message']);
+ $this->sendAMessage($post['be'],addslashes($post['message']));
}else{
- $this->sendMessage($post['an'],$post['be'],$post['message']);
+ $this->sendMessage($post['an'],$post['be'],addslashes($post['message']));
}
header("Location: nachrichten.php?t=2");
break;
@@ -474,7 +474,7 @@ class Message {
$welcomemsg = preg_replace("'%ALLI%'", $database->countAlli(), $welcomemsg);
$welcomemsg = preg_replace("'%SERVER_NAME%'", SERVER_NAME, $welcomemsg);
$welcomemsg = "[message]".$welcomemsg."[/message]";
- return $database->sendMessage($uid, 5, WEL_TOPIC, $welcomemsg, 0, 0, 0, 0, 0);
+ return $database->sendMessage($uid, 5, WEL_TOPIC, addslashes($welcomemsg), 0, 0, 0, 0, 0);
}
private function wordCensor($text) {
diff --git a/Templates/Build/17.tpl b/Templates/Build/17.tpl
index 1962d206..fe1d37fa 100644
--- a/Templates/Build/17.tpl
+++ b/Templates/Build/17.tpl
@@ -34,9 +34,6 @@ if(isset($_POST['ft'])=='check' && $allres!=0 && $allres <= $maxcarry && ($_POST
diff --git a/Templates/Build/37_train.tpl b/Templates/Build/37_train.tpl
index 7b6e9d8f..7128c2a9 100644
--- a/Templates/Build/37_train.tpl
+++ b/Templates/Build/37_train.tpl
@@ -523,7 +523,7 @@ $output.="
if($session->access != BANNED){
mysql_query("DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'");
if($count_hero == 0){
- mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '1', '".$session->username."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u1['time'] / SPEED)*3))."', '50')");
+ mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '1', '".addslashes($session->username)."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u1['time'] / SPEED)*3))."', '50')");
mysql_query("UPDATE " . TB_PREFIX . "units SET `u1` = `u1` - 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "units SET `hero` = 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u1['wood']." WHERE `wref` = '" . $village->wid . "'");
@@ -540,7 +540,7 @@ $output.="
if($session->access != BANNED){
mysql_query("DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'");
if($count_hero == 0){
- mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '1', '".$session->username."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u1['time'] / SPEED)*3))."', '50')");
+ mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '1', '".addslashes($session->username)."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u1['time'] / SPEED)*3))."', '50')");
mysql_query("UPDATE " . TB_PREFIX . "units SET `u2` = `u2` - 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "units SET `hero` = 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u2['wood']." WHERE `wref` = '" . $village->wid . "'");
@@ -556,7 +556,7 @@ $output.="
if($_GET['train'] == 3){
if($session->access != BANNED){
mysql_query("DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'");
- mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '3', '".$session->username."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u3['time'] / SPEED)*3))."', '50')");
+ mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '3', '".addslashes($session->username)."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u3['time'] / SPEED)*3))."', '50')");
mysql_query("UPDATE " . TB_PREFIX . "units SET `u3` = `u3` - 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "units SET `hero` = 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u3['wood']." WHERE `wref` = '" . $village->wid . "'");
@@ -572,7 +572,7 @@ $output.="
if($session->access != BANNED){
mysql_query("DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'");
if($count_hero == 0){
- mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '5', '".$session->username."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u5['time'] / SPEED)*3))."', '50')");
+ mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '5', '".addslashes($session->username)."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u5['time'] / SPEED)*3))."', '50')");
mysql_query("UPDATE " . TB_PREFIX . "units SET `u5` = `u5` - 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "units SET `hero` = 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u5['wood']." WHERE `wref` = '" . $village->wid . "'");
@@ -589,7 +589,7 @@ $output.="
if($session->access != BANNED){
mysql_query("DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'");
if($count_hero == 0){
- mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '6', '".$session->username."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u6['time'] / SPEED)*3))."', '50')");
+ mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '6', '".addslashes($session->username)."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u6['time'] / SPEED)*3))."', '50')");
mysql_query("UPDATE " . TB_PREFIX . "units SET `u6` = `u6` - 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "units SET `hero` = 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u6['wood']." WHERE `wref` = '" . $village->wid . "'");
@@ -608,7 +608,7 @@ $output.="
if($session->access != BANNED){
mysql_query("DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'");
if($count_hero == 0){
- mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '11', '".$session->username."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u11['time'] / SPEED)*3))."', '50')");
+ mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '11', '".addslashes($session->username)."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u11['time'] / SPEED)*3))."', '50')");
mysql_query("UPDATE " . TB_PREFIX . "units SET `u11` = `u11` - 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "units SET `hero` = 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u11['wood']." WHERE `wref` = '" . $village->wid . "'");
@@ -625,7 +625,7 @@ $output.="
if($session->access != BANNED){
mysql_query("DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'");
if($count_hero == 0){
- mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '12', '".$session->username."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u12['time'] / SPEED)*3))."', '50')");
+ mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '12', '".addslashes($session->username)."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u12['time'] / SPEED)*3))."', '50')");
mysql_query("UPDATE " . TB_PREFIX . "units SET `u12` = `u12` - 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "units SET `hero` = 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u12['wood']." WHERE `wref` = '" . $village->wid . "'");
@@ -642,7 +642,7 @@ $output.="
if($session->access != BANNED){
mysql_query("DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'");
if($count_hero == 0){
- mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '13', '".$session->username."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u13['time'] / SPEED)*3))."', '50')");
+ mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '13', '".addslashes($session->username)."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u13['time'] / SPEED)*3))."', '50')");
mysql_query("UPDATE " . TB_PREFIX . "units SET `u13` = `u13` - 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "units SET `hero` = 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u13['wood']." WHERE `wref` = '" . $village->wid . "'");
@@ -659,7 +659,7 @@ $output.="
if($session->access != BANNED){
mysql_query("DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'");
if($count_hero == 0){
- mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '15', '".$session->username."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u15['time'] / SPEED)*3))."', '50')");
+ mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '15', '".addslashes($session->username)."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u15['time'] / SPEED)*3))."', '50')");
mysql_query("UPDATE " . TB_PREFIX . "units SET `u15` = `u15` - 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "units SET `hero` = 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u15['wood']." WHERE `wref` = '" . $village->wid . "'");
@@ -676,7 +676,7 @@ $output.="
if($session->access != BANNED){
mysql_query("DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'");
if($count_hero == 0){
- mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '16', '".$session->username."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u16['time'] / SPEED)*3))."', '50')");
+ mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '16', '".addslashes($session->username)."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u16['time'] / SPEED)*3))."', '50')");
mysql_query("UPDATE " . TB_PREFIX . "units SET `u16` = `u16` - 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "units SET `hero` = 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u16['wood']." WHERE `wref` = '" . $village->wid . "'");
@@ -695,7 +695,7 @@ $output.="
if($session->access != BANNED){
mysql_query("DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'");
if($count_hero == 0){
- mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '21', '".$session->username."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u21['time'] / SPEED)*3))."', '50')");
+ mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '21', '".addslashes($session->username)."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u21['time'] / SPEED)*3))."', '50')");
mysql_query("UPDATE " . TB_PREFIX . "units SET `u21` = `u21` - 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "units SET `hero` = 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u21['wood']." WHERE `wref` = '" . $village->wid . "'");
@@ -712,7 +712,7 @@ $output.="
if($session->access != BANNED){
mysql_query("DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'");
if($count_hero == 0){
- mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '22', '".$session->username."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u22['time'] / SPEED)*3))."', '50')");
+ mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '22', '".addslashes($session->username)."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u22['time'] / SPEED)*3))."', '50')");
mysql_query("UPDATE " . TB_PREFIX . "units SET `u22` = `u22` - 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "units SET `hero` = 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u22['wood']." WHERE `wref` = '" . $village->wid . "'");
@@ -729,7 +729,7 @@ $output.="
if($session->access != BANNED){
mysql_query("DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'");
if($count_hero == 0){
- mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '24', '".$session->username."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u24['time'] / SPEED)*3))."', '50')");
+ mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '24', '".addslashes($session->username)."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u24['time'] / SPEED)*3))."', '50')");
mysql_query("UPDATE " . TB_PREFIX . "units SET `u24` = `u24` - 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "units SET `hero` = 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u24['wood']." WHERE `wref` = '" . $village->wid . "'");
@@ -746,7 +746,7 @@ $output.="
if($session->access != BANNED){
mysql_query("DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'");
if($count_hero == 0){
- mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '25', '".$session->username."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u25['time'] / SPEED)*3))."', '50')");
+ mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '25', '".addslashes($session->username)."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u25['time'] / SPEED)*3))."', '50')");
mysql_query("UPDATE " . TB_PREFIX . "units SET `u25` = `u25` - 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "units SET `hero` = 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u25['wood']." WHERE `wref` = '" . $village->wid . "'");
@@ -763,7 +763,7 @@ $output.="
if($session->access != BANNED){
mysql_query("DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'");
if($count_hero == 0){
- mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '26', '".$session->username."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u26['time'] / SPEED)*3))."', '50')");
+ mysql_query("INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '26', '".addslashes($session->username)."', '0', '10', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u26['time'] / SPEED)*3))."', '50')");
mysql_query("UPDATE " . TB_PREFIX . "units SET `u26` = `u26` - 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "units SET `hero` = 1 WHERE `vref` = '" . $village->wid . "'");
mysql_query("UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u26['wood']." WHERE `wref` = '" . $village->wid . "'");
diff --git a/Templates/Message/inbox.tpl b/Templates/Message/inbox.tpl
index e38657ae..9d2380e6 100644
--- a/Templates/Message/inbox.tpl
+++ b/Templates/Message/inbox.tpl
@@ -11,7 +11,7 @@ include("menu.tpl");
| Sent |
|
username."'") or die(mysql_error());
+ $MyGold = mysql_query("SELECT * FROM ".TB_PREFIX."users WHERE `id`='".$session->uid."'") or die(mysql_error());
$golds = mysql_fetch_array($MyGold);
$date2=strtotime("NOW");
if ($golds['plus'] <= $date2) { ?>
diff --git a/Templates/Message/read.tpl b/Templates/Message/read.tpl
index 9203c263..6d287bbe 100644
--- a/Templates/Message/read.tpl
+++ b/Templates/Message/read.tpl
@@ -26,7 +26,7 @@ include("menu.tpl");
-
+
diff --git a/Templates/Message/sent.tpl b/Templates/Message/sent.tpl
index e5af5732..708e6a0a 100644
--- a/Templates/Message/sent.tpl
+++ b/Templates/Message/sent.tpl
@@ -22,7 +22,7 @@
| Recipient |
Sent |
|---|
| username."'") or die(mysql_error());
+ $MyGold = mysql_query("SELECT * FROM ".TB_PREFIX."users WHERE `id`='".$session->uid."'") or die(mysql_error());
$golds = mysql_fetch_array($MyGold);
$date2=strtotime("NOW");
if ($golds['plus'] <= $date2) { ?>
diff --git a/Templates/Message/write.tpl b/Templates/Message/write.tpl
index 55813694..f492aaa1 100644
--- a/Templates/Message/write.tpl
+++ b/Templates/Message/write.tpl
@@ -111,7 +111,7 @@ if(is_int($i/2)){ echo " |
|---|
"; } ?> |
| "; }else{ echo " | ";}}else if($user['friend'.$i.'wait'] == 0){
if(is_int($i/2)){ echo "
"; } ?> |
- ".$database->getUserField($user['friend'.$i],"username",0).""; ?>
+ ".$database->getUserField($user['friend'.$i],"username",0).""; ?>
|
getUserArray($user['friend'.$i], 1);
@@ -139,7 +139,7 @@ $friendwait = $friend['id'];
if($wait == 0){
if(is_int($i/2)){ echo "
"; } ?> |
- ".$database->getUserField($user['friend'.$i],"username",0).""; ?>
+ ".$database->getUserField($user['friend'.$i],"username",0).""; ?>
|
";
@@ -147,7 +147,7 @@ if(!is_int($i/2)){ echo "
"; }else{ echo " | ";}
}else{
if(is_int($i/2)){ echo ""; } ?> |
- ".$database->getUserField($friendwait,"username",0).""; ?>
+ ".$database->getUserField($friendwait,"username",0).""; ?>
|
 |
| username."'") or die(mysql_error());
+ $MyGold = mysql_query("SELECT * FROM ".TB_PREFIX."users WHERE `id`='".$session->uid."'") or die(mysql_error());
$golds = mysql_fetch_array($MyGold);
$date2=strtotime("NOW");
if ($golds['plus'] <= $date2) { ?>
diff --git a/Templates/Profile/account.tpl b/Templates/Profile/account.tpl
index dee47f2d..499947af 100644
--- a/Templates/Profile/account.tpl
+++ b/Templates/Profile/account.tpl
@@ -10,16 +10,16 @@
|
| Old password |
- |
+ |
| New password |
- |
+ |
| New password |
- |
+ |
getError("pw") != "") {
@@ -34,12 +34,12 @@ echo "".$form->getError('pw')."";
Please enter your old and your new e-mail addresses. You will then receive a code snippet at both e-mail addresses which you have to enter here. |
| Old email |
- |
+ |
| New email |
- |
+ |
getError("email") != "") {