xinyin025/TravianZ
1
0
Fork 0
mirror of https://github.com/Shadowss/TravianZ.git synced 2026-06-28 00:24:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Full Refactor Admin Panel & Logs

Browse Source 
Full Refactor Admin Panel & Logs (now you can see detailed logs in admin panel) - ONLY BACKED
This commit is contained in:
novgorodschi catalin
2026-05-22 11:26:50 +03:00
parent 29b8e91968
commit 3fa16f13b2
36 changed files with 2473 additions and 1539 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Admin/Templates/admin_log.tpl
+126 -41
View File
@@ -1,55 +1,140 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<head>
<link REL="shortcut icon" HREF="favicon.ico"/>
<title><?php if($_SESSION['access'] == ADMIN){ echo 'Admin Control Panel - TravianX'; } else if($_SESSION['access'] == MULTIHUNTER){ echo 'Multihunter Control Panel - TravianX'; } ?></title>
<link rel=stylesheet type="text/css" href="../img/admin/admin.css">
<link rel=stylesheet type="text/css" href="../img/admin/acp.css">
<link rel=stylesheet type="text/css" href="../img/../img.css">
<script src="mt-full.js?423cb" type="text/javascript"></script>
<script src="ajax.js" type="text/javascript"></script>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta http-equiv="imagetoolbar" content="no">
<head>
<link rel="shortcut icon" href="favicon.ico"/>
<title><?php echo ($_SESSION['access'] == ADMIN ? 'Admin Control Panel' : 'Multihunter Control Panel'); ?> - TravianZ</title>
<link rel="stylesheet" type="text/css" href="../img/admin/admin.css">
<link rel="stylesheet" type="text/css" href="../img/admin/acp.css">
<link rel="stylesheet" type="text/css" href="../img/../img.css">
<script src="mt-full.js?423cb" type="text/javascript"></script>
<script src="ajax.js" type="text/javascript"></script>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta http-equiv="imagetoolbar" content="no">
<style>
.logTable { width:100%; border-collapse:collapse; margin-top:10px; }
.logTable th { background:#222; color:#fff; padding:6px; text-align:left; font-size:12px; }
.logTable td { padding:6px; border-bottom:1px solid #ddd; font-size:12px; vertical-align:top; }
.logTable tr:hover { background:#f5f5f5; }
.logCat { font-weight:bold; padding:2px 6px; border-radius:3px; color:#fff; font-size:11px; }
.cat-gold { background:#d4af37; } .cat-plus { background:#6a5acd; }
.cat-ban { background:#c00; } .cat-unban { background:#090; }
.cat-maint { background:#555; } .cat-village { background:#0073aa; }
.cat-msg { background:#ff8800; } .cat-other { background:#888; }
</style>
</head>
<?php
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename admin_log.tpl ##
## Developed by: Dzoki ##
## License: TravianX Project ##
## Copyright: TravianX (c) 2010-2011. All rights reserved. ##
## Refactored by: aggenkeech (2025) ##
## Remake by: Shadow (2026) ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2026. All rights reserved. ##
## ##
#################################################################################
if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!"); ?>
if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!");
// 1. Log-uri normale
$adminLogs = $database->getAdminLog();
$unified = [];
foreach($adminLogs as $l) {
$unified[] = [
'id' => $l['id'],
'time' => $l['time'],
'user' => $l['user'],
'type' => 'admin',
'text' => $l['log']
];
}
// 2. Ban-uri și Unban-uri din banlist
$banQ = mysqli_query($GLOBALS["link"], "
SELECT id, uid, name, reason, time, end, admin, active
FROM ".TB_PREFIX."banlist
ORDER BY time DESC
LIMIT 300
");
while($b = mysqli_fetch_assoc($banQ)) {
// BAN
$unified[] = [
'id' => 1000000 + $b['id'], // offset ca nu se amestece ID-urile
'time' => $b['time'],
'user' => $b['admin'] ?: 1,
'type' => 'ban',
'text' => "Banned user <a href='admin.php?p=player&uid={$b['uid']}'>{$b['name']}</a> (Reason: {$b['reason']})",
'active' => $b['active']
];
// UNBAN - dacă e inactiv, folosim end ca timp de unban
if($b['active'] == 0 && $b['end'] > $b['time']) {
$unified[] = [
'id' => 2000000 + $b['id'],
'time' => $b['end'],
'user' => $b['admin'] ?: 1,
'type' => 'unban',
'text' => "Unbanned user <a href='admin.php?p=player&uid={$b['uid']}'>{$b['name']}</a>",
'active' => 0
];
}
}
// 3. Sortează tot după timp DESC
usort($unified, function($a,$b){ return $b['time'] <=> $a['time']; });
$unified = array_slice($unified, 0, 300);
function logCategory($entry) {
if($entry['type']=='ban') return ['BAN','cat-ban','🔨'];
if($entry['type']=='unban') return ['UNBAN','cat-unban','🔓'];
$t = strtolower(strip_tags($entry['text']));
if (strpos($t,'mass ban')!==false) return ['BAN','cat-ban','🔨'];
if (strpos($t,'mass unban')!==false) return ['UNBAN','cat-unban','🔓'];
if (strpos($t,'gold')!==false) return ['GOLD','cat-gold','💰'];
if (strpos($t,'plus')!==false && strpos($t,'bonus')===false) return ['PLUS','cat-plus','⭐'];
if (strpos($t,'bonus')!==false) return ['BONUS','cat-plus','📈'];
if (strpos($t,'reset')!==false) return ['RESET','cat-maint','⚙️'];
if (strpos($t,'village')!==false || strpos($t,'buildings')!==false || strpos($t,'renamed')!==false) return ['VILLAGE','cat-village','🏘️'];
if (strpos($t,'message')!==false) return ['MESSAGE','cat-msg','✉️'];
return ['OTHER','cat-other','📝'];
}
?>
<h2>Admin Log Unificat - ultimele 300 acțiuni</h2>
<table class="logTable">
<thead>
<tr>
<th width="50">ID</th>
<th width="120">Admin</th>
<th width="100">Categorie</th>
<th>Detalii</th>
<th width="140">Data</th>
</tr>
</thead>
<tbody>
<?php
foreach($unified as $e) {
$admid = (int)$e['user'];
$username = $database->getUserField($admid, "username", 0);
$adminLink = $username ? '<a href="admin.php?p=player&uid='.$admid.'">'.htmlspecialchars($username).'</a>' : '<b>SYSTEM</b>';
if($username == 'Multihunter') $adminLink = '<b style="color:#c00">CONTROL PANEL</b>';
list($cat,$class,$icon) = logCategory($e);
$date = date("d.m.Y H:i:s", $e['time'] + 3600*2);
$details = $e['text'];
?>
<tr>
<td>#<?php echo $e['id'] % 1000000; ?></td>
<td><?php echo $adminLink; ?></td>
<td><span class="logCat <?php echo $class; ?>"><?php echo $icon.' '.$cat; ?></span></td>
<td><?php echo $details; ?></td>
<td><?php echo $date; ?></td>
</tr>
<?php } ?>
</tbody>
</table>
$no = count($database->getAdminLog());
$log = $database->getAdminLog();
for($i=0;$i<$no;$i++) {
$admid = $log[$i]['user']?>
------------------------------------<br>
<b>Log ID:</b> <?php echo $log[$i]['id']; ?><br />
<b>Admin:</b> <?php $user = $database->getUserField($admid,"username",0);
if($user == 'Multihunter') {
echo '<b>CONTROL PANEL</b>';
} else { echo '<a href="admin.php?p=player&uid='.$admid.'">'.$user.'</a>'; }
?><br />
<b>Log:</b> <?php echo $log[$i]['log']; ?><br />
<b>Date:</b> <?php echo date("d.m.Y H:i:s",$log[$i]['time']+3600*2); ?><br />
<?php } ?>
<?php if($total > $limit) { ?>
<p style="margin-top:10px;color:#777">Afișate doar ultimele <?php echo $limit; ?>. Pentru istoric complet, exportă din phpMyAdmin tabelul <code>s1_admin_log</code>.</p>
<?php } ?>
GameEngine/Admin/Mods/addABTroops.php
+49 -14
View File
@@ -3,29 +3,64 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename addABTroops.php ##
## Type BACKEND ##
## Developed by: ronix ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2014. All rights reserved. ##
## ##
#################################################################################
if(!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
include_once("../../Database.php");
$id = (int) $_POST['id'];
$village = $database->getVillage($id);
$user = $database->getUserArray($village['owner'],1);
$atech="";
$btech="";
for($i=1; $i<9; $i++) {
$atech.="a".$i."=".$database->escape($_POST['a'.$i]).", ";
$btech.="b".$i."=".$database->escape($_POST['b'.$i]).(($i > 7) ? "" : ", ");
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
$q = "UPDATE ".TB_PREFIX."abdata SET ".$atech.$btech." WHERE vref = $id";
include_once __DIR__ . "/../../Database.php";
/* ---------------------------------------------------------------------------
* Input
* --------------------------------------------------------------------------- */
$id = (int)($_POST['id'] ?? 0);
if ($id <= 0) {
header("Location: ../../../Admin/admin.php");
exit;
}
$village = $database->getVillage($id);
/* ---------------------------------------------------------------------------
* Update a1-a8 / b1-b8
* --------------------------------------------------------------------------- */
$fields = [];
for ($i = 1; $i <= 8; $i++) {
$a = (int)($_POST['a' . $i] ?? 0);
$b = (int)($_POST['b' . $i] ?? 0);
$fields[] = "a$i = $a";
$fields[] = "b$i = $b";
}
$q = "UPDATE " . TB_PREFIX . "abdata SET " . implode(", ", $fields) . " WHERE vref = $id";
$database->query($q);
$database->query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Changed troop upgrade levels in village <a href=\'admin.php?p=village&did=$id\'>$id</a> ',".time().")");
header("Location: ../../../Admin/admin.php?p=village&did=".$id."&ab");
/* ---------------------------------------------------------------------------
* Log admin - adaptat pentru structura ta:
* CREATE TABLE `s1_admin_log` (`id` int, `user` text, `log` text, `time` int)
* --------------------------------------------------------------------------- */
$adminId = (string)(int)$_SESSION['id'];
$time = time();
$logText = "Changed troop upgrade levels in village <a href='admin.php?p=village&did=$id'>$id</a>";
// escapăm corect pentru coloana TEXT
$adminIdEsc = $database->escape($adminId);
$logEsc = $database->escape($logText);
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminIdEsc', '$logEsc', $time)"
);
header("Location: ../../../Admin/admin.php?p=village&did=" . $id . "&ab");
exit;
?>
GameEngine/Admin/Mods/addTroops.php
+57 -18
View File
@@ -1,8 +1,10 @@
<?php
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename addTroops.php ##
## Type BACKEND ##
## Developed by: Dzoki & Advocatie ##
## License: TravianZ Project ##
## Reworks by: ronix ##
@@ -10,26 +12,63 @@
## ##
#################################################################################
if(!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die(ACCESS_DENIED_ADMIN);
include_once("../../Database.php");
include_once("../../Technology.php");
include_once("../../Data/unitdata.php");
$id = (int)$_POST['id'];
$village = $database->getVillage($id);
$user = $database->getUserArray($village['owner'],1);
$units = "";
$tribe = $user['tribe'];
$u = ($tribe - 1) * 10;
for($i = 1; $i < 11; $i++) {
$units.="u".($u + $i)."=".$database->escape($_POST['u'.($u + $i)].(($i < 10) ? ", " : ""));
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die(defined('ACCESS_DENIED_ADMIN') ? ACCESS_DENIED_ADMIN : 'Access Denied: You are not Admin!');
}
$q = "UPDATE ".TB_PREFIX."units SET ".$units." WHERE vref = ".$id;
include_once __DIR__ . "/../../Database.php";
include_once __DIR__ . "/../../Technology.php";
include_once __DIR__ . "/../../Data/unitdata.php";
/* ---------------------------------------------------------------------------
* Input & validare
* --------------------------------------------------------------------------- */
$id = (int)($_POST['id'] ?? 0);
if ($id <= 0) {
header("Location: ../../../Admin/admin.php");
exit;
}
$village = $database->getVillage($id);
$user = $database->getUserArray($village['owner'], 1);
$tribe = (int)$user['tribe'];
$u = ($tribe - 1) * 10;
/* ---------------------------------------------------------------------------
* Construiește SET pentru u1-u10 / u11-u20 etc.
* - originalul concatena escape($_POST + ",") greșit
* - aici cast la int + implode
* --------------------------------------------------------------------------- */
$fields = [];
for ($i = 1; $i <= 10; $i++) {
$unitId = $u + $i;
$val = (int)($_POST['u' . $unitId] ?? 0);
$fields[] = "u$unitId = $val";
}
$q = "UPDATE " . TB_PREFIX . "units SET " . implode(", ", $fields) . " WHERE vref = $id";
$database->query($q);
$database->query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Changed troop amounts in village <a href=\'admin.php?p=village&did=$id\'>$id</a> ',".time().")");
/* ---------------------------------------------------------------------------
* Log admin - adaptat pentru tabelul tău
* --------------------------------------------------------------------------- */
$adminId = (string)(int)$_SESSION['id'];
$time = time();
$logText = "Changed troop amounts in village <a href='admin.php?p=village&did=$id'>$id</a>";
$adminIdEsc = $database->escape($adminId);
$logEsc = $database->escape($logText);
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminIdEsc', '$logEsc', $time)"
);
$database->addStarvationData($id);
header("Location: ../../../Admin/admin.php?p=village&did=".$id."&d");
header("Location: ../../../Admin/admin.php?p=village&did=" . $id . "&d");
exit;
?>
GameEngine/Admin/Mods/addUsers.php
+12
View File
@@ -1,5 +1,17 @@
<?php
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename addUser.php ##
## Type BACKEND ##
## Developed by: Dzoki & Advocatie ##
## License: TravianZ Project ##
## Reworks by: ronix ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
use App\Entity\User;
// go max 5 levels up - we don't have folders that go deeper than that
GameEngine/Admin/Mods/additional.php
+1
View File
@@ -5,6 +5,7 @@
## --------------------------------------------------------------------------- ##
## Project: TravianZ (Refactor incremental) ##
## File: additional.tpl ##
## Type BACKEND ##
## Description: Implement Gold Log ##
## Made by: Shadow ##
## License: TravianZ Project ##
GameEngine/Admin/Mods/delallymedal.php
+43 -16
View File
@@ -8,33 +8,60 @@
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
include_once("../../config.php");
// go max 5 levels up - we don't have folders that go deeper than that
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix.'autoloader.php')) {
// we have our path, let's leave
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix."GameEngine/Database.php");
include_once($autoprefix . "GameEngine/config.php");
include_once($autoprefix . "GameEngine/Database.php");
$delete = (int) $_POST['medalid'];
$aid =(int) $_POST['aid'];
$session = (int) $_POST['admid'];
// ---------------------------------------------------------------------------
// Input
// ---------------------------------------------------------------------------
$delete = (int)($_POST['medalid'] ?? 0); // id din allimedal
$aid = (int)($_POST['aid'] ?? 0); // id alianță
$session = (int)($_POST['admid'] ?? 0);
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
$access = mysqli_fetch_array($sql);
$sessionaccess = $access['access'];
if ($delete <= 0 || $aid <= 0) {
header("Location: ../../../Admin/admin.php?p=alliance&aid=$aid&e=bad");
exit;
}
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
// ---------------------------------------------------------------------------
// Verificare admin - păstrăm logica originală
// ---------------------------------------------------------------------------
$admin = $database->getUserArray($session, 1);
if (!$admin || (int)$admin['access'] !== 9) {
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
}
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."allimedal set del = 1 WHERE id = ".$delete."");
// ---------------------------------------------------------------------------
// Ștergere logică medalie alianță
// ---------------------------------------------------------------------------
$database->query("UPDATE ".TB_PREFIX."allimedal SET del = 1 WHERE id = $delete AND allyid = $aid");
header("Location: ../../../Admin/admin.php?p=alliance&aid=".$aid."");
// ---------------------------------------------------------------------------
// Log admin
// ---------------------------------------------------------------------------
$adminId = (int)$_SESSION['id'];
$log = $database->escape("Deleted ally medal #$delete (affected $affected) for ally $aid");
$database->query("INSERT INTO ".TB_PREFIX."admin_log (`id`,`user`,`log`,`time`) VALUES (0,'$adminId','$log',".time().")");
header("Location: ../../../Admin/admin.php?p=alliance&aid=" . $aid);
exit;
?>
GameEngine/Admin/Mods/delallymedalbyaid.php
+49 -16
View File
@@ -8,33 +8,66 @@
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
include_once("../../config.php");
// go max 5 levels up - we don't have folders that go deeper than that
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix.'autoloader.php')) {
// we have our path, let's leave
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix."GameEngine/Database.php");
include_once($autoprefix . "GameEngine/config.php");
include_once($autoprefix . "GameEngine/Database.php");
$allyid =(int) $_POST['allyid'];
$aid = (int) $_POST['aid'];
$session = (int) $_POST['admid'];
// ---------------------------------------------------------------------------
// Input - folosim un singur ID pentru alianță
// ---------------------------------------------------------------------------
$aid = (int)($_POST['aid'] ?? $_POST['allyid'] ?? 0);
$session = (int)($_POST['admid'] ?? 0);
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
$access = mysqli_fetch_array($sql);
$sessionaccess = $access['access'];
if ($aid <= 0 || $session <= 0) {
header("Location: ../../../Admin/admin.php?p=alliance&aid=" . $aid . "&e=bad");
exit;
}
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
// ---------------------------------------------------------------------------
// Verificare admin
// ---------------------------------------------------------------------------
$admin = $database->getUserArray($session, 1);
if (!$admin || (int)$admin['access'] !== 9) {
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
}
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."allimedal set del = 1 WHERE allyid = ".$aid."");
// ---------------------------------------------------------------------------
// Ștergere logică - toate medaliile alianței
// ---------------------------------------------------------------------------
$database->query("UPDATE " . TB_PREFIX . "allimedal SET del = 1 WHERE allyid = $aid AND del = 0");
$affected = mysqli_affected_rows($database->dblink);
header("Location: ../../../Admin/admin.php?p=alliance&aid=".$aid."");
// ---------------------------------------------------------------------------
// Log admin
// ---------------------------------------------------------------------------
$adminId = (int)$_SESSION['id'];
$time = time();
$logText = "Deleted all medals ($affected) for alliance <a href='admin.php?p=alliance&aid=$aid'>$aid</a>";
$logEsc = $database->escape($logText);
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminId', '$logEsc', $time)"
);
header("Location: ../../../Admin/admin.php?p=alliance&aid=" . $aid . "&deleted=$affected");
exit;
?>
GameEngine/Admin/Mods/delallymedalbyweek.php
+49 -15
View File
@@ -8,32 +8,66 @@
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
include_once("../../config.php");
// go max 5 levels up - we don't have folders that go deeper than that
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix.'autoloader.php')) {
// we have our path, let's leave
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix."GameEngine/Database.php");
include_once($autoprefix . "GameEngine/config.php");
include_once($autoprefix . "GameEngine/Database.php");
$deleteweek = (int) $_POST['deleteweek'];
$session = (int) $_POST['admid'];
// ---------------------------------------------------------------------------
// Input
// ---------------------------------------------------------------------------
$deleteweek = (int)($_POST['deleteweek'] ?? 0);
$session = (int)($_POST['admid'] ?? 0);
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
$access = mysqli_fetch_array($sql);
$sessionaccess = $access['access'];
if ($deleteweek <= 0 || $session <= 0) {
header("Location: ../../../Admin/admin.php?p=delallymedal&e=bad");
exit;
}
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
// ---------------------------------------------------------------------------
// Verificare admin
// ---------------------------------------------------------------------------
$admin = $database->getUserArray($session, 1);
if (!$admin || (int)$admin['access'] !== 9) {
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
}
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."allimedal set del = 1 WHERE week = ".$deleteweek."");
// ---------------------------------------------------------------------------
// Ștergere logică pe săptămână
// ---------------------------------------------------------------------------
$database->query("UPDATE " . TB_PREFIX . "allimedal SET del = 1 WHERE week = $deleteweek AND del = 0");
$affected = mysqli_affected_rows($database->dblink);
header("Location: ../../../Admin/admin.php?p=delallymedal");
// ---------------------------------------------------------------------------
// Log admin
// ---------------------------------------------------------------------------
$adminId = (int)$_SESSION['id'];
$time = time();
$logText = "Deleted all alliance medals for week $deleteweek ($affected rows)";
$logEsc = $database->escape($logText);
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminId', '$logEsc', $time)"
);
header("Location: ../../../Admin/admin.php?p=delallymedal&week=$deleteweek&deleted=$affected");
exit;
?>
GameEngine/Admin/Mods/deletemedalbyweek.php
+49 -15
View File
@@ -8,32 +8,66 @@
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
##################################################################################
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
include_once("../../config.php");
// go max 5 levels up - we don't have folders that go deeper than that
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix.'autoloader.php')) {
// we have our path, let's leave
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix."GameEngine/Database.php");
include_once($autoprefix . "GameEngine/config.php");
include_once($autoprefix . "GameEngine/Database.php");
$deleteweek = (int) $_POST['medalweek'];
$session = (int) $_POST['admid'];
// ---------------------------------------------------------------------------
// Input
// ---------------------------------------------------------------------------
$deleteweek = (int)($_POST['medalweek'] ?? 0);
$session = (int)($_POST['admid'] ?? 0);
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
$access = mysqli_fetch_array($sql);
$sessionaccess = $access['access'];
if ($deleteweek <= 0 || $session <= 0) {
header("Location: ../../../Admin/admin.php?p=delmedal&e=bad");
exit;
}
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
// ---------------------------------------------------------------------------
// Verificare admin
// ---------------------------------------------------------------------------
$admin = $database->getUserArray($session, 1);
if (!$admin || (int)$admin['access'] !== 9) {
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
}
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."medal set del = 1 WHERE week = ".$deleteweek."");
// ---------------------------------------------------------------------------
// Ștergere logică - medalii jucători pe săptămână
// ---------------------------------------------------------------------------
$database->query("UPDATE " . TB_PREFIX . "medal SET del = 1 WHERE week = $deleteweek AND del = 0");
$affected = mysqli_affected_rows($database->dblink);
header("Location: ../../../Admin/admin.php?p=delmedal");
// ---------------------------------------------------------------------------
// Log admin
// ---------------------------------------------------------------------------
$adminId = (int)$_SESSION['id'];
$time = time();
$logText = "Deleted player medals for week $deleteweek ($affected rows)";
$logEsc = $database->escape($logText);
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminId', '$logEsc', $time)"
);
header("Location: ../../../Admin/admin.php?p=delmedal&week=$deleteweek&deleted=$affected");
exit;
?>
GameEngine/Admin/Mods/editBuildings.php
+60 -95
View File
@@ -3,6 +3,7 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename editBuildings.php ##
## Type BACKEND ##
## Developed by: aggenkeech ##
## Fix by: ronix ##
## License: TravianZ Project ##
@@ -10,113 +11,77 @@
## ##
#################################################################################
if(!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
}
include_once("../../config.php");
// go max 5 levels up - we don't have folders that go deeper than that
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix.'autoloader.php')) {
// we have our path, let's leave
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix."GameEngine/Database.php");
include_once($autoprefix . "GameEngine/Database.php");
include_once($autoprefix . "GameEngine/Automation.php");
foreach ($_POST as $key => $value) {
$_POST[$key] = $database->escape($value);
// ---------------------------------------------------------------------------
// Input
// ---------------------------------------------------------------------------
$id = (int)($_POST['id'] ?? 0);
if ($id <= 0) {
header("Location: ../../../Admin/admin.php?p=admin");
exit;
}
$id = (int) $_POST['id'];
// ---------------------------------------------------------------------------
// Construim SET-ul dinamic pentru f1-f40 și f99
// ---------------------------------------------------------------------------
$sets = [];
for ($i = 1; $i <= 40; $i++) {
$level = (int)($_POST["id{$i}level"] ?? 0);
$gid = (int)($_POST["id{$i}gid"] ?? 0);
// limităm la valori rezonabile Travian
$level = max(0, min(20, $level));
$gid = max(0, min(40, $gid));
$sets[] = "f{$i} = $level";
$sets[] = "f{$i}t = $gid";
}
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."fdata SET
f1 = '".$_POST['id1level']."',
f1t = '".$_POST['id1gid']."',
f2 = '".$_POST['id2level']."',
f2t = '".$_POST['id2gid']."',
f3 = '".$_POST['id3level']."',
f3t = '".$_POST['id3gid']."',
f4 = '".$_POST['id4level']."',
f4t = '".$_POST['id4gid']."',
f5 = '".$_POST['id5level']."',
f5t = '".$_POST['id5gid']."',
f6 = '".$_POST['id6level']."',
f6t = '".$_POST['id6gid']."',
f7 = '".$_POST['id7level']."',
f7t = '".$_POST['id7gid']."',
f8 = '".$_POST['id8level']."',
f8t = '".$_POST['id8gid']."',
f9 = '".$_POST['id9level']."',
f9t = '".$_POST['id9gid']."',
f10 = '".$_POST['id10level']."',
f10t = '".$_POST['id10gid']."',
f11 = '".$_POST['id11level']."',
f11t = '".$_POST['id11gid']."',
f12 = '".$_POST['id12level']."',
f12t = '".$_POST['id12gid']."',
f13 = '".$_POST['id13level']."',
f13t = '".$_POST['id13gid']."',
f14 = '".$_POST['id14level']."',
f14t = '".$_POST['id14gid']."',
f15 = '".$_POST['id15level']."',
f15t = '".$_POST['id15gid']."',
f16 = '".$_POST['id16level']."',
f16t = '".$_POST['id16gid']."',
f17 = '".$_POST['id17level']."',
f17t = '".$_POST['id17gid']."',
f18 = '".$_POST['id18level']."',
f18t = '".$_POST['id18gid']."',
f19 = '".$_POST['id19level']."',
f19t = '".$_POST['id19gid']."',
f20 = '".$_POST['id20level']."',
f20t = '".$_POST['id20gid']."',
f21 = '".$_POST['id21level']."',
f21t = '".$_POST['id21gid']."',
f22 = '".$_POST['id22level']."',
f22t = '".$_POST['id22gid']."',
f23 = '".$_POST['id23level']."',
f23t = '".$_POST['id23gid']."',
f24 = '".$_POST['id24level']."',
f24t = '".$_POST['id24gid']."',
f25 = '".$_POST['id25level']."',
f25t = '".$_POST['id25gid']."',
f26 = '".$_POST['id26level']."',
f26t = '".$_POST['id26gid']."',
f27 = '".$_POST['id27level']."',
f27t = '".$_POST['id27gid']."',
f28 = '".$_POST['id28level']."',
f28t = '".$_POST['id28gid']."',
f29 = '".$_POST['id29level']."',
f29t = '".$_POST['id29gid']."',
f30 = '".$_POST['id30level']."',
f30t = '".$_POST['id30gid']."',
f31 = '".$_POST['id31level']."',
f31t = '".$_POST['id31gid']."',
f32 = '".$_POST['id32level']."',
f32t = '".$_POST['id32gid']."',
f33 = '".$_POST['id33level']."',
f33t = '".$_POST['id33gid']."',
f34 = '".$_POST['id34level']."',
f34t = '".$_POST['id34gid']."',
f35 = '".$_POST['id35level']."',
f35t = '".$_POST['id35gid']."',
f36 = '".$_POST['id36level']."',
f36t = '".$_POST['id36gid']."',
f37 = '".$_POST['id37level']."',
f37t = '".$_POST['id37gid']."',
f38 = '".$_POST['id38level']."',
f38t = '".$_POST['id38gid']."',
f39 = '".$_POST['id39level']."',
f39t = '".$_POST['id39gid']."',
f40 = '".$_POST['id40level']."',
f40t = '".$_POST['id40gid']."',
f99 = '".$_POST['id99level']."',
f99t = '".$_POST['id99gid']."'
WHERE vref = $id") or die(mysqli_error($database->dblink));
// câmpurile speciale f99 (capcană / zid?)
$level99 = (int)($_POST['id99level'] ?? 0);
$gid99 = (int)($_POST['id99gid'] ?? 0);
$sets[] = "f99 = " . max(0, min(20, $level99));
$sets[] = "f99t = " . max(0, min(40, $gid99));
header("Location: ../../../Admin/admin.php?p=village&did=".$id."");
?>
$setSql = implode(', ', $sets);
// ---------------------------------------------------------------------------
// Update
// ---------------------------------------------------------------------------
$database->query("UPDATE " . TB_PREFIX . "fdata SET $setSql WHERE vref = $id");
// recalculăm populația după editare
$automation = new Automation();
$automation->recountPop($id);
// ---------------------------------------------------------------------------
// Log admin
// ---------------------------------------------------------------------------
$adminId = (int)$_SESSION['id'];
$time = time();
$log = $database->escape("Edited buildings for village <a href='admin.php?p=village&did=$id'>$id</a>");
$database->query("INSERT INTO " . TB_PREFIX . "admin_log (`id`,`user`,`log`,`time`) VALUES (0,'$adminId','$log',$time)");
header("Location: ../../../Admin/admin.php?p=village&did=" . $id);
exit;
?>
GameEngine/Admin/Mods/editHero.php
+83 -28
View File
@@ -2,7 +2,8 @@
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename addTroops.php ##
## Filename editHero.php ##
## Type BACKEND ##
## Developed by: Dzoki & Advocatie ##
## License: TravianZ Project ##
## Reworks by: ronix ##
@@ -10,34 +11,88 @@
## ##
#################################################################################
if(!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
include_once("../../Database.php");
$status="&ce=1";
foreach ($_POST as $key => $value) {
$_POST[$key] = $database->escape($value);
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
if(isset($_POST['id']) && isset($_POST['hid'])) {
$_POST['hname'] = trim(stripslashes($_POST['hname']));
if ($_POST['hname']=="") {
header("Location: ../../../Admin/admin.php?p=editHero&uid=".$_POST['id']."&e=1");
exit;
}
include_once("../../Data/hero_full.php");
$id = (int) $_POST['id'];
$hid = (int) $_POST['hid'];
$q = "UPDATE ".TB_PREFIX."hero SET unit=".(int) $_POST['hunit'].", name='".$_POST['hname']."', level=".(int) $_POST['hlvl'].", points=".(int) $_POST['exp'].", experience=".(int) $hero_levels[$_POST['hlvl']].", health='".$_POST['hhealth']."',
attack=".(int) $_POST['hatk'].", defence=".(int) $_POST['hdef'].", attackbonus=".(int) $_POST['hob'].", defencebonus=".(int) $_POST['hdb'].", regeneration=".(int) $_POST['hrege']." WHERE heroid = ".$hid." AND uid = ".$id;
$return=$database->query($q);
if($return) {
$database->query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Changed hero info',".time().")");
$status="&cs=1";
}
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
header("Location: ../../../Admin/admin.php?p=player&uid=".$id.$status);
include_once($autoprefix . "GameEngine/config.php");
include_once($autoprefix . "GameEngine/Database.php");
include_once($autoprefix . "GameEngine/Data/hero_full.php");
$status = "&ce=1";
if (isset($_POST['id'], $_POST['hid'])) {
$id = (int)$_POST['id'];
$hid = (int)$_POST['hid'];
$hname = trim($_POST['hname'] ?? '');
if ($hname === '') {
header("Location: ../../../Admin/admin.php?p=editHero&uid=$id&e=1");
exit;
}
// Input curat - cast individual, NU escape global
$hunit = (int)($_POST['hunit'] ?? 0);
$hlvl = max(0, min(100, (int)($_POST['hlvl'] ?? 0)));
$exp = (int)($_POST['exp'] ?? 0);
$hhealth = (float)($_POST['hhealth'] ?? 100);
$hatk = (int)($_POST['hatk'] ?? 0);
$hdef = (int)($_POST['hdef'] ?? 0);
$hob = (int)($_POST['hob'] ?? 0);
$hdb = (int)($_POST['hdb'] ?? 0);
$hrege = (int)($_POST['hrege'] ?? 0);
$experience = isset($hero_levels[$hlvl]) ? (int)$hero_levels[$hlvl] : 0;
$hnameEsc = $database->escape($hname);
$q = "UPDATE " . TB_PREFIX . "hero SET
unit = $hunit,
name = '$hnameEsc',
level = $hlvl,
points = $exp,
experience = $experience,
health = '$hhealth',
attack = $hatk,
defence = $hdef,
attackbonus = $hob,
defencebonus = $hdb,
regeneration = $hrege
WHERE heroid = $hid AND uid = $id";
$return = $database->query($q);
// ---------------------------------------------------------------------------
// Log admin - adaptat pentru tabelul tău
// ---------------------------------------------------------------------------
if ($return) {
$adminId = (int)$_SESSION['id'];
$time = time();
$logText = "Changed hero info for user <a href='admin.php?p=player&uid=$id'>$id</a> (hero $hid)";
$logEsc = $database->escape($logText);
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminId', '$logEsc', $time)"
);
$status = "&cs=1";
}
}
header("Location: ../../../Admin/admin.php?p=player&uid=" . (int)$id . $status);
exit;
?>
GameEngine/Admin/Mods/editOverall.php
+52 -18
View File
@@ -2,41 +2,75 @@
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename editOverall.php ##
## Filename editOverall.php ##
## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
include_once("../../config.php");
// go max 5 levels up - we don't have folders that go deeper than that
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix.'autoloader.php')) {
// we have our path, let's leave
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix."GameEngine/Database.php");
include_once($autoprefix . "GameEngine/Database.php");
$session = (int) $_POST['admid'];
$id = (int) $_POST['id'];
// ---------------------------------------------------------------------------
// Input
// ---------------------------------------------------------------------------
$session = (int)($_POST['admid'] ?? 0);
$id = (int)($_POST['id'] ?? 0);
$off = (int)($_POST['off'] ?? 0);
$def = (int)($_POST['def'] ?? 0);
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
$access = mysqli_fetch_array($sql);
$sessionaccess = $access['access'];
if ($id <= 0 || $session <= 0) {
header("Location: ../../../Admin/admin.php?p=player&uid=$id&e=bad");
exit;
}
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
// ---------------------------------------------------------------------------
// Verificare admin
// ---------------------------------------------------------------------------
$admin = $database->getUserArray($session, 1);
if (!$admin || (int)$admin['access'] !== 9) {
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
}
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET
apall = '".(int) $_POST['off']."',
dpall = '".(int) $_POST['def']."'
WHERE id = $id") or die(mysqli_error($database->dblink));
// ---------------------------------------------------------------------------
// Update
// ---------------------------------------------------------------------------
$database->query("UPDATE " . TB_PREFIX . "users SET apall = $off, dpall = $def WHERE id = $id");
header("Location: ../../../Admin/admin.php?p=player&uid=".$id."");
// ---------------------------------------------------------------------------
// Log admin
// ---------------------------------------------------------------------------
$adminId = (int)$_SESSION['id'];
$time = time();
$logText = "Changed overall stats for user <a href='admin.php?p=player&uid=$id'>$id</a> (off=$off, def=$def)";
$logEsc = $database->escape($logText);
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminId', '$logEsc', $time)"
);
header("Location: ../../../Admin/admin.php?p=player&uid=" . $id);
exit;
?>
GameEngine/Admin/Mods/editPassword.php
+56 -17
View File
@@ -3,40 +3,79 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename editPassword.php ##
## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
include_once("../../config.php");
// go max 5 levels up - we don't have folders that go deeper than that
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix.'autoloader.php')) {
// we have our path, let's leave
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix."GameEngine/Database.php");
include_once($autoprefix . "GameEngine/Database.php");
$session = (int) $_POST['admid'];
$id = (int) $_POST['uid'];
$pass = password_hash($_POST['newpw'], PASSWORD_BCRYPT, ['cost' => 12]);
// ---------------------------------------------------------------------------
// Input
// ---------------------------------------------------------------------------
$session = (int)($_POST['admid'] ?? 0);
$id = (int)($_POST['uid'] ?? 0);
$newpw = trim($_POST['newpw'] ?? '');
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
$access = mysqli_fetch_array($sql);
$sessionaccess = $access['access'];
if ($id <= 0 || $session <= 0 || $newpw === '') {
header("Location: ../../../Admin/admin.php?p=player&uid=$id&e=pw");
exit;
}
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
// ---------------------------------------------------------------------------
// Verificare admin
// ---------------------------------------------------------------------------
$admin = $database->getUserArray($session, 1);
if (!$admin || (int)$admin['access'] !== 9) {
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
}
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET
password = '".$pass."'
WHERE id = $id") or die(mysqli_error($database->dblink));
// ---------------------------------------------------------------------------
// Hash parolă
// ---------------------------------------------------------------------------
$pass = password_hash($newpw, PASSWORD_BCRYPT, ['cost' => 12]);
$passEsc = $database->escape($pass);
header("Location: ../../../Admin/admin.php?p=player&uid=".$id."");
// ---------------------------------------------------------------------------
// Update
// ---------------------------------------------------------------------------
$database->query("UPDATE " . TB_PREFIX . "users SET password = '$passEsc' WHERE id = $id");
// ---------------------------------------------------------------------------
// Log admin
// ---------------------------------------------------------------------------
$adminId = (int)$_SESSION['id'];
$time = time();
$logText = "Changed password for user <a href='admin.php?p=player&uid=$id'>$id</a>";
$logEsc = $database->escape($logText);
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminId', '$logEsc', $time)"
);
header("Location: ../../../Admin/admin.php?p=player&uid=" . $id . "&pw=1");
exit;
?>
GameEngine/Admin/Mods/editPlus.php
+54 -17
View File
@@ -3,45 +3,82 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename editPlus.php ##
## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
include_once("../../config.php");
// go max 5 levels up - we don't have folders that go deeper than that
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix.'autoloader.php')) {
// we have our path, let's leave
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix."GameEngine/Database.php");
include_once($autoprefix . "GameEngine/Database.php");
$id = (int) $_POST['id'];
// ---------------------------------------------------------------------------
// Input
// ---------------------------------------------------------------------------
$id = (int)($_POST['id'] ?? 0);
if ($id <= 0) {
header("Location: ../../../Admin/admin.php?p=search");
exit;
}
$bonusDuration = [];
$time = time();
$bonusDuration['plus'] = (int) $_POST['plus'] * 86400; //Plus
$bonusDuration['b1'] = (int) $_POST['wood'] * 86400; //+25% Wood
$bonusDuration['b2'] = (int) $_POST['clay'] * 86400; //+25% Clay
$bonusDuration['b3'] = (int) $_POST['iron'] * 86400; //+25% Iron
$bonusDuration['b4'] = (int) $_POST['crop'] * 86400; //+25% Crop
$bonusDuration = [
'plus' => (int)($_POST['plus'] ?? 0) * 86400,
'b1' => (int)($_POST['wood'] ?? 0) * 86400,
'b2' => (int)($_POST['clay'] ?? 0) * 86400,
'b3' => (int)($_POST['iron'] ?? 0) * 86400,
'b4' => (int)($_POST['crop'] ?? 0) * 86400,
];
$user = $database->getUserArray($id, 1);
if (!$user) {
header("Location: ../../../Admin/admin.php?p=player&uid=$id&e=notfound");
exit;
}
foreach($bonusDuration as $index => $bonus){
$bonusDuration[$index] = $bonusDuration[$index] + ($user[$index] < $time ? $time : $user[$index]);
if($bonusDuration[$index] < $time) $bonusDuration[$index] = 0;
foreach ($bonusDuration as $key => $add) {
$current = (int)($user[$key] ?? 0);
$base = $current < $time ? $time : $current;
$bonusDuration[$key] = $add > 0 ? $base + $add : $current;
if ($bonusDuration[$key] < $time) {
$bonusDuration[$key] = 0;
}
}
$database->updateUserField($id, array_keys($bonusDuration), array_values($bonusDuration), 1);
header("Location: ../../../Admin/admin.php?p=player&uid=".$id."");
// ---------------------------------------------------------------------------
// Log admin
// ---------------------------------------------------------------------------
$adminId = (int)$_SESSION['id'];
$logText = "Updated Plus/bonuses for user <a href='admin.php?p=player&uid=$id'>$id</a> (plus={$_POST['plus']}d, wood={$_POST['wood']}d, clay={$_POST['clay']}d, iron={$_POST['iron']}d, crop={$_POST['crop']}d)";
$logEsc = $database->escape($logText);
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminId', '$logEsc', $time)"
);
header("Location: ../../../Admin/admin.php?p=player&uid=" . $id);
exit;
?>
GameEngine/Admin/Mods/editProtection.php
+52 -19
View File
@@ -2,43 +2,76 @@
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename editProtection ##
## Filename editProtection.php ##
## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
include_once("../../config.php");
// go max 5 levels up - we don't have folders that go deeper than that
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix.'autoloader.php')) {
// we have our path, let's leave
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix."GameEngine/Database.php");
include_once($autoprefix . "GameEngine/Database.php");
$session = (int) $_POST['admid'];
$id = (int) $_POST['id'];
// ---------------------------------------------------------------------------
// Input
// ---------------------------------------------------------------------------
$session = (int)($_POST['admid'] ?? 0);
$id = (int)($_POST['id'] ?? 0);
$days = (int)($_POST['protect'] ?? 0);
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
$access = mysqli_fetch_array($sql);
$sessionaccess = $access['access'];
if ($id <= 0 || $session <= 0) {
header("Location: ../../../Admin/admin.php?p=player&uid=$id&e=bad");
exit;
}
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
// ---------------------------------------------------------------------------
// Verificare admin
// ---------------------------------------------------------------------------
$admin = $database->getUserArray($session, 1);
if (!$admin || (int)$admin['access'] !== 9) {
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
}
$dur = (int) $_POST['protect'] * 86400;
$protection = (time() + $dur);
// ---------------------------------------------------------------------------
// Calcul protecție
// ---------------------------------------------------------------------------
$time = time();
$protection = $days > 0 ? $time + ($days * 86400) : 0;
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET
protect = '".$protection."'
WHERE id = $id") or die(mysqli_error($database->dblink));
$database->query("UPDATE " . TB_PREFIX . "users SET protect = $protection WHERE id = $id");
header("Location: ../../../Admin/admin.php?p=player&uid=".$id."");
// ---------------------------------------------------------------------------
// Log admin
// ---------------------------------------------------------------------------
$adminId = (int)$_SESSION['id'];
$logText = "Set protection for user <a href='admin.php?p=player&uid=$id'>$id</a> to $days days";
$logEsc = $database->escape($logText);
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminId', '$logEsc', $time)"
);
header("Location: ../../../Admin/admin.php?p=player&uid=" . $id);
exit;
?>
GameEngine/Admin/Mods/editResources.php
+68 -21
View File
@@ -3,44 +3,91 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename editResources.php ##
## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
include_once("../../config.php");
// go max 5 levels up - we don't have folders that go deeper than that
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix.'autoloader.php')) {
// we have our path, let's leave
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix."GameEngine/Database.php");
include_once($autoprefix . "GameEngine/Database.php");
$session = (int) $_POST['admid'];
$id = (int) $_POST['did'];
// ---------------------------------------------------------------------------
// Input
// ---------------------------------------------------------------------------
$session = (int)($_POST['admid'] ?? 0);
$id = (int)($_POST['did'] ?? 0);
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
$access = mysqli_fetch_array($sql);
$sessionaccess = $access['access'];
if ($id <= 0 || $session <= 0) {
header("Location: ../../../Admin/admin.php?p=admin&e=bad");
exit;
}
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
// ---------------------------------------------------------------------------
// Verificare admin
// ---------------------------------------------------------------------------
$admin = $database->getUserArray($session, 1);
if (!$admin || (int)$admin['access'] !== 9) {
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
}
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."vdata SET
wood = '".(int) $_POST['wood']."',
clay = '".(int) $_POST['clay']."',
iron = '".(int) $_POST['iron']."',
crop = '".(int) $_POST['crop']."',
maxstore = '".(int) $_POST['maxstore']."',
maxcrop = '".(int) $_POST['maxcrop']."'
WHERE wref = '".$id."'") or die(mysqli_error($database->dblink));
// ---------------------------------------------------------------------------
// Valori
// ---------------------------------------------------------------------------
$wood = max(0, (int)($_POST['wood'] ?? 0));
$clay = max(0, (int)($_POST['clay'] ?? 0));
$iron = max(0, (int)($_POST['iron'] ?? 0));
$crop = max(0, (int)($_POST['crop'] ?? 0));
$maxstore = max(0, (int)($_POST['maxstore'] ?? 0));
$maxcrop = max(0, (int)($_POST['maxcrop'] ?? 0));
header("Location: ../../../Admin/admin.php?p=village&did=".$id."");
// ---------------------------------------------------------------------------
// Update
// ---------------------------------------------------------------------------
$database->query(
"UPDATE " . TB_PREFIX . "vdata SET
wood = $wood,
clay = $clay,
iron = $iron,
crop = $crop,
maxstore = $maxstore,
maxcrop = $maxcrop
WHERE wref = $id"
);
// ---------------------------------------------------------------------------
// Log admin
// ---------------------------------------------------------------------------
$adminId = (int)$_SESSION['id'];
$time = time();
$logText = "Edited resources for village <a href='admin.php?p=village&did=$id'>$id</a> (w:$wood c:$clay i:$iron cr:$crop)";
$logEsc = $database->escape($logText);
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminId', '$logEsc', $time)"
);
header("Location: ../../../Admin/admin.php?p=village&did=" . $id);
exit;
?>
GameEngine/Admin/Mods/editSitter.php
+51 -17
View File
@@ -3,40 +3,74 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename editSitter.php ##
## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
include_once("../../config.php");
// go max 5 levels up - we don't have folders that go deeper than that
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix.'autoloader.php')) {
// we have our path, let's leave
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix."GameEngine/Database.php");
include_once($autoprefix . "GameEngine/Database.php");
$session = (int) $_POST['admid'];
$id = (int) $_POST['id'];
// ---------------------------------------------------------------------------
// Input
// ---------------------------------------------------------------------------
$session = (int)($_POST['admid'] ?? 0);
$id = (int)($_POST['id'] ?? 0);
$sit1 = (int)($_POST['sitter1'] ?? 0);
$sit2 = (int)($_POST['sitter2'] ?? 0);
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
$access = mysqli_fetch_array($sql);
$sessionaccess = $access['access'];
if ($id <= 0 || $session <= 0) {
header("Location: ../../../Admin/admin.php?p=player&uid=$id&e=bad");
exit;
}
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
// ---------------------------------------------------------------------------
// Verificare admin
// ---------------------------------------------------------------------------
$admin = $database->getUserArray($session, 1);
if (!$admin || (int)$admin['access'] !== 9) {
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
}
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET
sit1 = '".$_POST['sitter1']."',
sit2 = '".$_POST['sitter2']."'
WHERE id = $id") or die(mysqli_error($database->dblink));
// ---------------------------------------------------------------------------
// Update
// ---------------------------------------------------------------------------
$database->query("UPDATE " . TB_PREFIX . "users SET sit1 = $sit1, sit2 = $sit2 WHERE id = $id");
header("Location: ../../../Admin/admin.php?p=player&uid=".$id."");
// ---------------------------------------------------------------------------
// Log admin
// ---------------------------------------------------------------------------
$adminId = (int)$_SESSION['id'];
$time = time();
$logText = "Changed sitters for user <a href='admin.php?p=player&uid=$id'>$id</a> (sit1=$sit1, sit2=$sit2)";
$logEsc = $database->escape($logText);
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminId', '$logEsc', $time)"
);
header("Location: ../../../Admin/admin.php?p=player&uid=" . $id);
exit;
?>
GameEngine/Admin/Mods/editUser.php
+66 -23
View File
@@ -3,48 +3,91 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename editUser.php ##
## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
include_once("../../config.php");
// go max 5 levels up - we don't have folders that go deeper than that
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix.'autoloader.php')) {
// we have our path, let's leave
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix."GameEngine/Database.php");
include_once($autoprefix . "GameEngine/Database.php");
foreach ($_POST as $key => $value) {
$_POST[$key] = $database->escape($value);
// ---------------------------------------------------------------------------
// Input
// ---------------------------------------------------------------------------
$session = (int)($_POST['admid'] ?? 0);
$id = (int)($_POST['id'] ?? 0);
if ($id <= 0 || $session <= 0) {
header("Location: ../../../Admin/admin.php?p=player&uid=$id&e=bad");
exit;
}
$session = (int) $_POST['admid'];
$id = (int) $_POST['id'];
// ---------------------------------------------------------------------------
// Verificare admin
// ---------------------------------------------------------------------------
$admin = $database->getUserArray($session, 1);
if (!$admin || (int)$admin['access'] !== 9) {
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
}
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
$access = mysqli_fetch_array($sql);
$sessionaccess = $access['access'];
// ---------------------------------------------------------------------------
// Câmpuri
// ---------------------------------------------------------------------------
$email = $database->escape(trim($_POST['email'] ?? ''));
$tribe = max(1, min(5, (int)($_POST['tribe'] ?? 1)));
$location = $database->escape(trim($_POST['location'] ?? ''));
$desc1 = $database->escape($_POST['desc1'] ?? '');
$desc2 = $database->escape($_POST['desc2'] ?? '');
$quest = $database->escape($_POST['quest'] ?? '');
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
// ---------------------------------------------------------------------------
// Update
// ---------------------------------------------------------------------------
$database->query(
"UPDATE " . TB_PREFIX . "users SET
email = '$email',
tribe = $tribe,
location = '$location',
desc1 = '$desc1',
desc2 = '$desc2',
quest = '$quest'
WHERE id = $id"
);
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET
email = '".$_POST['email']."',
tribe = ".(int) $_POST['tribe'].",
location = '".$_POST['location']."',
desc1 = '".$_POST['desc1']."',
desc2 = '".$_POST['desc2']."',
quest = '".$_POST['quest']."'
WHERE id = $id") or die(mysqli_error($database->dblink));
// ---------------------------------------------------------------------------
// Log admin
// ---------------------------------------------------------------------------
$adminId = (int)$_SESSION['id'];
$time = time();
$logText = "Edited profile for user <a href='admin.php?p=player&uid=$id'>$id</a>";
$logEsc = $database->escape($logText);
header("Location: ../../../Admin/admin.php?p=player&uid=".$id."");
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminId', '$logEsc', $time)"
);
header("Location: ../../../Admin/admin.php?p=player&uid=" . $id);
exit;
?>
GameEngine/Admin/Mods/editUsername.php
+65 -16
View File
@@ -3,41 +3,90 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename editUsername.php ##
## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
include_once("../../config.php");
// go max 5 levels up - we don't have folders that go deeper than that
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix.'autoloader.php')) {
// we have our path, let's leave
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix."GameEngine/Database.php");
include_once($autoprefix . "GameEngine/Database.php");
foreach ($_POST as $key => $value) {
$_POST[$key] = $database->escape($value);
// ---------------------------------------------------------------------------
// Input
// ---------------------------------------------------------------------------
$uid = (int)($_POST['uid'] ?? 0);
$session = (int)($_POST['admid'] ?? 0);
$username = trim($_POST['username'] ?? '');
if ($uid <= 0 || $session <= 0 || $username === '') {
header("Location: ../../../Admin/admin.php?p=player&uid=$uid&e=user");
exit;
}
$uid = (int) $_POST['uid'];
$session = (int) $_POST['admid'];
// ---------------------------------------------------------------------------
// Verificare admin
// ---------------------------------------------------------------------------
$admin = $database->getUserArray($session, 1);
if (!$admin || (int)$admin['access'] !== 9) {
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
}
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
$access = mysqli_fetch_array($sql);
$sessionaccess = $access['access'];
// ---------------------------------------------------------------------------
// Validare username
// ---------------------------------------------------------------------------
if (strlen($username) < 3 || strlen($username) > 20 || !preg_match('/^[a-zA-Z0-9_]+$/', $username)) {
header("Location: ../../../Admin/admin.php?p=player&uid=$uid&e=invalid");
exit;
}
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
// verificare duplicat
$check = $database->query("SELECT id FROM " . TB_PREFIX . "users WHERE username = '" . $database->escape($username) . "' AND id != $uid LIMIT 1");
if (mysqli_num_rows($check) > 0) {
header("Location: ../../../Admin/admin.php?p=player&uid=$uid&e=taken");
exit;
}
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET username = '".$_POST['username']."' WHERE id = ".$uid."");
$usernameEsc = $database->escape($username);
header("Location: ../../../Admin/admin.php?p=player&uid=".$uid."");
// ---------------------------------------------------------------------------
// Update
// ---------------------------------------------------------------------------
$database->query("UPDATE " . TB_PREFIX . "users SET username = '$usernameEsc' WHERE id = $uid");
// ---------------------------------------------------------------------------
// Log admin
// ---------------------------------------------------------------------------
$adminId = (int)$_SESSION['id'];
$time = time();
$logText = "Changed username for user $uid to '$usernameEsc'";
$logEsc = $database->escape($logText);
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminId', '$logEsc', $time)"
);
header("Location: ../../../Admin/admin.php?p=player&uid=" . $uid . "&name=1");
exit;
?>
GameEngine/Admin/Mods/editVillageOwner.php
+70 -16
View File
@@ -3,39 +3,93 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename editVillageOwner.php ##
## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
include_once("../../config.php");
// go max 5 levels up - we don't have folders that go deeper than that
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix.'autoloader.php')) {
// we have our path, let's leave
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix."GameEngine/Database.php");
include_once($autoprefix . "GameEngine/Database.php");
$session = (int) $_POST['admid'];
$id = (int) $_POST['did'];
// ---------------------------------------------------------------------------
// Input
// ---------------------------------------------------------------------------
$session = (int)($_POST['admid'] ?? 0);
$did = (int)($_POST['did'] ?? 0);
$newowner = (int)($_POST['newowner'] ?? 0);
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
$access = mysqli_fetch_array($sql);
$sessionaccess = $access['access'];
if ($did <= 0 || $session <= 0 || $newowner <= 0) {
header("Location: ../../../Admin/admin.php?p=admin&e=owner");
exit;
}
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
// ---------------------------------------------------------------------------
// Verificare admin
// ---------------------------------------------------------------------------
$admin = $database->getUserArray($session, 1);
if (!$admin || (int)$admin['access'] !== 9) {
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
}
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."vdata SET
owner = '".$_POST['newowner']."'
WHERE wref = $id") or die(mysqli_error($database->dblink));
// ---------------------------------------------------------------------------
// Verifică sat și noul owner
// ---------------------------------------------------------------------------
$village = $database->getVillage($did);
if (!$village) {
header("Location: ../../../Admin/admin.php?p=admin&e=novillage");
exit;
}
header("Location: ../../../Admin/admin.php?p=player&uid=".$_POST['newowner']."");
$newUser = $database->getUserArray($newowner, 1);
if (!$newUser) {
header("Location: ../../../Admin/admin.php?p=village&did=$did&e=nouser");
exit;
}
$oldOwner = (int)$village['owner'];
// ---------------------------------------------------------------------------
// Update
// ---------------------------------------------------------------------------
$database->query("UPDATE " . TB_PREFIX . "vdata SET owner = $newowner WHERE wref = $did");
// actualizează și owner în oaze ocupate de sat (opțional dar recomandat)
$database->query("UPDATE " . TB_PREFIX . "odata SET owner = $newowner WHERE conqured = $did");
// ---------------------------------------------------------------------------
// Log admin
// ---------------------------------------------------------------------------
$adminId = (int)$_SESSION['id'];
$time = time();
$logText = "Changed owner for village <a href='admin.php?p=village&did=$did'>$did</a> from $oldOwner to <a href='admin.php?p=player&uid=$newowner'>$newowner</a>";
$logEsc = $database->escape($logText);
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminId', '$logEsc', $time)"
);
header("Location: ../../../Admin/admin.php?p=player&uid=" . $newowner);
exit;
?>
GameEngine/Admin/Mods/editWeek.php
+56 -18
View File
@@ -3,41 +3,79 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename editWeek.php ##
## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
include_once("../../config.php");
// go max 5 levels up - we don't have folders that go deeper than that
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix.'autoloader.php')) {
// we have our path, let's leave
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix."GameEngine/Database.php");
include_once($autoprefix . "GameEngine/Database.php");
$session = (int) $_POST['admid'];
$id = (int) $_POST['id'];
// ---------------------------------------------------------------------------
// Input
// ---------------------------------------------------------------------------
$session = (int)($_POST['admid'] ?? 0);
$id = (int)($_POST['id'] ?? 0);
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
$access = mysqli_fetch_array($sql);
$sessionaccess = $access['access'];
if ($id <= 0 || $session <= 0) {
header("Location: ../../../Admin/admin.php?p=player&uid=$id&e=bad");
exit;
}
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
// ---------------------------------------------------------------------------
// Verificare admin
// ---------------------------------------------------------------------------
$admin = $database->getUserArray($session, 1);
if (!$admin || (int)$admin['access'] !== 9) {
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
}
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET
ap = '".(int) $_POST['off']."',
dp = '".(int) $_POST['def']."',
RR = '".(int) $_POST['res']."'
WHERE id = $id") or die(mysqli_error($database->dblink));
// ---------------------------------------------------------------------------
// Valori
// ---------------------------------------------------------------------------
$ap = (int)($_POST['off'] ?? 0);
$dp = (int)($_POST['def'] ?? 0);
$rr = (int)($_POST['res'] ?? 0);
header("Location: ../../../Admin/admin.php?p=player&uid=".$id."");
// ---------------------------------------------------------------------------
// Update
// ---------------------------------------------------------------------------
$database->query("UPDATE " . TB_PREFIX . "users SET ap = $ap, dp = $dp, RR = $rr WHERE id = $id");
// ---------------------------------------------------------------------------
// Log admin
// ---------------------------------------------------------------------------
$adminId = (int)$_SESSION['id'];
$time = time();
$logText = "Changed weekly stats for user <a href='admin.php?p=player&uid=$id'>$id</a> (ap=$ap, dp=$dp, RR=$rr)";
$logEsc = $database->escape($logText);
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminId', '$logEsc', $time)"
);
header("Location: ../../../Admin/admin.php?p=player&uid=" . $id);
exit;
?>
GameEngine/Admin/Mods/givePlus.php
+48 -28
View File
@@ -1,52 +1,72 @@
<?php
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename givePlus.php ##
## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
include_once("../../config.php");
function mysqli_result($res, $row, $field=0) {
$res->data_seek($row);
$datarow = $res->fetch_array();
return $datarow[$field];
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
// go max 5 levels up - we don't have folders that go deeper than that
include_once("../../config.php");
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix.'autoloader.php')) {
// we have our path, let's leave
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix."GameEngine/Database.php");
include_once($autoprefix . "GameEngine/Database.php");
$sql = "SELECT id FROM ".TB_PREFIX."users ORDER BY ID DESC LIMIT 1";
$loops = mysqli_result(mysqli_query($GLOBALS["link"], $sql), 0);
$plusdur = $_POST['plus'] * 86400;
for($i = 0; $i < $loops + 1; $i++)
{
$query = "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$i."";
$result = mysqli_query($GLOBALS["link"], $query);
while($row = mysqli_fetch_assoc($result))
{
if($row['plus'] < time()) { $plusbefore = time(); $addplus = $plusbefore + $plusdur; } elseif($row['plus'] > time()) { $plusbefore = $row['plus']; $addplus = $plusbefore + $plusdur; }
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET
plus = '".$addplus."'
WHERE id = '".$row['id']."'");
}
// ---------------------------------------------------------------------------
// Input
// ---------------------------------------------------------------------------
$days = (int)($_POST['plus'] ?? 0);
if ($days <= 0) {
header("Location: ../../../Admin/admin.php?p=givePlus&e=0");
exit;
}
header("Location: ../../../Admin/admin.php?p=givePlus&g");
$plusdur = $days * 86400;
$time = time();
// ---------------------------------------------------------------------------
// Update în masă fără loop
// ---------------------------------------------------------------------------
// Dacă plus < now, pornește de acum, altfel adaugă la timpul existent
$database->query(
"UPDATE " . TB_PREFIX . "users
SET plus = IF(plus < $time, $time + $plusdur, plus + $plusdur)
WHERE id > 3"
);
// ---------------------------------------------------------------------------
// Log admin
// ---------------------------------------------------------------------------
$adminId = (int)$_SESSION['id'];
$logText = "Gave $days days Plus to all players";
$logEsc = $database->escape($logText);
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminId', '$logEsc', $time)"
);
header("Location: ../../../Admin/admin.php?p=givePlus&g=1");
exit;
?>
GameEngine/Admin/Mods/givePlusRes.php
+62 -45
View File
@@ -3,67 +3,84 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename givePlusRes.php ##
## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
include_once("../../config.php");
function mysqli_result($res, $row, $field=0) {
$res->data_seek($row);
$datarow = $res->fetch_array();
return $datarow[$field];
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
// go max 5 levels up - we don't have folders that go deeper than that
include_once("../../config.php");
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix.'autoloader.php')) {
// we have our path, let's leave
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix."GameEngine/Database.php");
include_once($autoprefix . "GameEngine/Database.php");
$session = (int) $_POST['admid'];
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
$access = mysqli_fetch_array($sql);
$sessionaccess = $access['access'];
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
$sql = "SELECT id FROM ".TB_PREFIX."users ORDER BY ID DESC LIMIT 1";
$loops = mysqli_result(mysqli_query($GLOBALS["link"], $sql), 0);
$wood = (int) $_POST['wood'] * 86400;
$clay = (int) $_POST['clay'] * 86400;
$iron = (int) $_POST['iron'] * 86400;
$crop = (int) $_POST['crop'] * 86400;
for($i = 0; $i < $loops + 1; $i++)
{
$query = "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$i."";
$result = mysqli_query($GLOBALS["link"], $query);
while($row = mysqli_fetch_assoc($result))
{
if($row['b1'] < time()) { $b1before = time(); $addb1 = $b1before + $wood; } elseif($row['b1'] > time()) { $b1before = $row['b1']; $addb1 = $b1before + $wood; }
if($row['b2'] < time()) { $b2before = time(); $addb2 = $b1before + $clay; } elseif($row['b2'] > time()) { $b2before = $row['b2']; $addb2 = $b1before + $clay; }
if($row['b3'] < time()) { $b3before = time(); $addb3 = $b1before + $iron; } elseif($row['b3'] > time()) { $b3before = $row['b3']; $addb3 = $b1before + $iron; }
if($row['b4'] < time()) { $b4before = time(); $addb4 = $b1before + $crop; } elseif($row['b4'] > time()) { $b4before = $row['b4']; $addb4 = $b1before + $crop; }
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET
b1 = '".$addb1."',
b2 = '".$addb2."',
b3 = '".$addb3."',
b4 = '".$addb4."'
WHERE id = '".$row['id']."'");
}
// ---------------------------------------------------------------------------
// Input
// ---------------------------------------------------------------------------
$session = (int)($_POST['admid'] ?? 0);
$admin = $database->getUserArray($session, 1);
if (!$admin || (int)$admin['access'] !== 9) {
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
}
header("Location: ../../../Admin/admin.php?p=givePlusRes&g");
$wood = (int)($_POST['wood'] ?? 0) * 86400;
$clay = (int)($_POST['clay'] ?? 0) * 86400;
$iron = (int)($_POST['iron'] ?? 0) * 86400;
$crop = (int)($_POST['crop'] ?? 0) * 86400;
if ($wood + $clay + $iron + $crop == 0) {
header("Location: ../../../Admin/admin.php?p=givePlusRes&e=0");
exit;
}
$time = time();
// ---------------------------------------------------------------------------
// Update în masă
// ---------------------------------------------------------------------------
if ($wood > 0) {
$database->query("UPDATE " . TB_PREFIX . "users SET b1 = IF(b1 < $time, $time + $wood, b1 + $wood) WHERE id > 3");
}
if ($clay > 0) {
$database->query("UPDATE " . TB_PREFIX . "users SET b2 = IF(b2 < $time, $time + $clay, b2 + $clay) WHERE id > 3");
}
if ($iron > 0) {
$database->query("UPDATE " . TB_PREFIX . "users SET b3 = IF(b3 < $time, $time + $iron, b3 + $iron) WHERE id > 3");
}
if ($crop > 0) {
$database->query("UPDATE " . TB_PREFIX . "users SET b4 = IF(b4 < $time, $time + $crop, b4 + $crop) WHERE id > 3");
}
// ---------------------------------------------------------------------------
// Log admin
// ---------------------------------------------------------------------------
$adminId = (int)$_SESSION['id'];
$logText = "Gave res bonuses to all: wood=" . ($_POST['wood'] ?? 0) . "d, clay=" . ($_POST['clay'] ?? 0) . "d, iron=" . ($_POST['iron'] ?? 0) . "d, crop=" . ($_POST['crop'] ?? 0) . "d";
$logEsc = $database->escape($logText);
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminId', '$logEsc', $time)"
);
header("Location: ../../../Admin/admin.php?p=givePlusRes&g=1");
exit;
?>
GameEngine/Admin/Mods/giveResBonus.php
+49 -16
View File
@@ -3,39 +3,72 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename giveResBonus.php ##
## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
include_once("../../config.php");
error_reporting(E_ALL);
// go max 5 levels up - we don't have folders that go deeper than that
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix.'autoloader.php')) {
// we have our path, let's leave
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix."GameEngine/Database.php");
include_once($autoprefix . "GameEngine/Database.php");
$session = (int) $_POST['admid'];
// ---------------------------------------------------------------------------
// Verificare admin
// ---------------------------------------------------------------------------
$session = (int)($_POST['admid'] ?? 0);
$admin = $database->getUserArray($session, 1);
if (!$admin || (int)$admin['access'] !== 9) {
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
}
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
$access = mysqli_fetch_array($sql);
$sessionaccess = $access['access'];
// ---------------------------------------------------------------------------
// Input
// ---------------------------------------------------------------------------
$gold = (int)($_POST['gold'] ?? 0);
if ($gold <= 0) {
header("Location: ../../../Admin/admin.php?p=maintenenceResetPlusBonus&e=0");
exit;
}
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
$time = time();
$q = "UPDATE ".TB_PREFIX."users SET gold = gold + ".(int) $_POST['gold']." WHERE id != '0'";
mysqli_query($GLOBALS["link"], $q) or die(mysqli_error($database->dblink));
// ---------------------------------------------------------------------------
// Update
// ---------------------------------------------------------------------------
$database->query("UPDATE " . TB_PREFIX . "users SET gold = gold + $gold WHERE id > 3");
header("Location: ../../../Admin/admin.php?p=maintenenceResetPlusBonus&g");
// ---------------------------------------------------------------------------
// Log admin
// ---------------------------------------------------------------------------
$adminId = (int)$_SESSION['id'];
$logText = "Gave $gold gold to all players";
$logEsc = $database->escape($logText);
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminId', '$logEsc', $time)"
);
header("Location: ../../../Admin/admin.php?p=maintenenceResetPlusBonus&g=1");
exit;
?>
GameEngine/Admin/Mods/gold.php
+1
View File
@@ -3,6 +3,7 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename gold.php ##
## Type BACKEND ##
## Developed by: aggenkeech ##
## Refactored by: Shadow ##
## License: TravianZ Project ##
GameEngine/Admin/Mods/gold_1.php
+8
View File
@@ -1,9 +1,17 @@
<?php
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename gold_1.php ##
## Type BACKEND ##
## Developed by: aggenkeech ##
## Refactored by: Shadow ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
GameEngine/Admin/Mods/mainteneceBan.php
+61 -41
View File
@@ -3,69 +3,89 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename mainteneceBan.php ##
## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
include_once("../../config.php");
// go max 5 levels up - we don't have folders that go deeper than that
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix.'autoloader.php')) {
// we have our path, let's leave
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix."GameEngine/Database.php");
include_once($autoprefix . "GameEngine/Database.php");
foreach ($_POST as $key => $value) {
$_POST[$key] = $database->escape($value);
// ---------------------------------------------------------------------------
// Verificare admin
// ---------------------------------------------------------------------------
$session = (int)($_POST['admid'] ?? 0);
$admin = $database->getUserArray($session, 1);
if (!$admin || (int)$admin['access'] !== 9) {
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
}
$session = (int) $_POST['admid'];
// ---------------------------------------------------------------------------
// Input
// ---------------------------------------------------------------------------
$duration = (int)($_POST['duration'] ?? 0) * 3600;
$start = trim($_POST['start'] ?? '');
$reason = trim($_POST['reason'] ?? 'Maintenance ban');
$access = 2; // jucători normali
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
$access = mysqli_fetch_array($sql);
$sessionaccess = $access['access'];
$startts = $start ? strtotime($start) : time();
if ($startts === false) $startts = time();
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
$users = mysqli_num_rows(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users"));
$duration = (int) $_POST['duration'] * 3600;
$start = $_POST['start'];
$startts = strtotime($start);
$endts = $startts + $duration;
$reason = $_POST['reason'];
$admin = $session;
$active = '1';
$access = '2';
if ($duration <= 0) $endts = $startts + 86400; // default 1 zi
function mysqli_result($res, $row, $field=0) {
$res->data_seek($row);
$datarow = $res->fetch_array();
return $datarow[$field];
}
$reasonEsc = $database->escape($reason);
$adminId = (int)$session;
$sql = "SELECT id FROM ".TB_PREFIX."users ORDER BY ID DESC LIMIT 1";
$loops = mysqli_result(mysqli_query($GLOBALS["link"], $sql), 0);
// ---------------------------------------------------------------------------
// Ban în masă un singur query
// ---------------------------------------------------------------------------
$database->query(
"INSERT INTO " . TB_PREFIX . "banlist (uid, name, reason, time, end, admin, active)
SELECT id, username, '$reasonEsc', $startts, $endts, $adminId, 1
FROM " . TB_PREFIX . "users
WHERE access = $access AND id > 3
ON DUPLICATE KEY UPDATE
reason = VALUES(reason),
time = VALUES(time),
end = VALUES(end),
admin = VALUES(admin),
active = 1"
);
for($i = 0; $i < $loops + 1; $i++)
{
$query = "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$i." AND access = ".$access."";
$result = mysqli_query($GLOBALS["link"], $query);
while($row = mysqli_fetch_assoc($result))
{
mysqli_query($GLOBALS["link"], "INSERT INTO ".TB_PREFIX."banlist VALUES('', ".(int) $row['id'].", '".$row['username']."', '".$reason."', ".(int) $startts.", ".(int) $endts.", ".(int) $admin.", ".(int) $active.")");
##mysqli_query($GLOBALS["link"], "INSERT INTO ".TB_PREFIX."banlist (`uid`, `name`, `reason`, `time`, `end`, `admin`, `active`) VALUES (".$row['id'].", '".$row['username']."' , '$reason', '$startts', '$endts', '$admin', '1')");
}
}
// ---------------------------------------------------------------------------
// Log admin
// ---------------------------------------------------------------------------
$time = time();
$logText = "Mass ban for access=$access, duration=" . ($duration/3600) . "h, reason='$reasonEsc'";
$logEsc = $database->escape($logText);
header("Location: ../../../Admin/admin.php?p=ban");
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminId', '$logEsc', $time)"
);
header("Location: ../../../Admin/admin.php?p=ban&m=1");
exit;
?>
GameEngine/Admin/Mods/mainteneceCleanBanData.php
+38 -13
View File
@@ -8,31 +8,56 @@
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
include_once("../../config.php");
// go max 5 levels up - we don't have folders that go deeper than that
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix.'autoloader.php')) {
// we have our path, let's leave
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix."GameEngine/Database.php");
include_once($autoprefix . "GameEngine/Database.php");
$session = (int) $_POST['admid'];
// ---------------------------------------------------------------------------
// Verificare admin
// ---------------------------------------------------------------------------
$session = (int)($_POST['admid'] ?? 0);
$admin = $database->getUserArray($session, 1);
if (!$admin || (int)$admin['access'] !== 9) {
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
}
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
$access = mysqli_fetch_array($sql);
$sessionaccess = $access['access'];
// ---------------------------------------------------------------------------
// Truncate banlist
// ---------------------------------------------------------------------------
$database->query("TRUNCATE TABLE " . TB_PREFIX . "banlist");
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
// ---------------------------------------------------------------------------
// Log admin
// ---------------------------------------------------------------------------
$adminId = (int)$_SESSION['id'];
$time = time();
$logText = "Cleared banlist (TRUNCATE)";
$logEsc = $database->escape($logText);
mysqli_query($GLOBALS["link"], "TRUNCATE ".TB_PREFIX."banlist");
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminId', '$logEsc', $time)"
);
header("Location: ../../../Admin/admin.php?p=ban");
header("Location: ../../../Admin/admin.php?p=ban&c=1");
exit;
?>
GameEngine/Admin/Mods/mainteneceResetGold.php
+39 -13
View File
@@ -3,36 +3,62 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename mainteneceResetGold.php ##
## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
include_once("../../config.php");
// go max 5 levels up - we don't have folders that go deeper than that
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix.'autoloader.php')) {
// we have our path, let's leave
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix."GameEngine/Database.php");
include_once($autoprefix . "GameEngine/Database.php");
$session = (int) $_POST['admid'];
// ---------------------------------------------------------------------------
// Verificare admin
// ---------------------------------------------------------------------------
$session = (int)($_POST['admid'] ?? 0);
$admin = $database->getUserArray($session, 1);
if (!$admin || (int)$admin['access'] !== 9) {
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
}
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
$access = mysqli_fetch_array($sql);
$sessionaccess = $access['access'];
// ---------------------------------------------------------------------------
// Reset gold
// ---------------------------------------------------------------------------
$database->query("UPDATE " . TB_PREFIX . "users SET gold = 0 WHERE id > 0");
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
// ---------------------------------------------------------------------------
// Log admin
// ---------------------------------------------------------------------------
$adminId = (int)$_SESSION['id'];
$time = time();
$logText = "Reset gold to 0 for all users";
$logEsc = $database->escape($logText);
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET gold = '0' WHERE id !=0");
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminId', '$logEsc', $time)"
);
header("Location: ../../../Admin/admin.php?p=maintenenceResetGold&g");
header("Location: ../../../Admin/admin.php?p=maintenenceResetGold&g=1");
exit;
?>
GameEngine/Admin/Mods/mainteneceResetPlus.php
+39 -13
View File
@@ -3,36 +3,62 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename mainteneceResetPlus.php ##
## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
include_once("../../config.php");
// go max 5 levels up - we don't have folders that go deeper than that
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix.'autoloader.php')) {
// we have our path, let's leave
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix."GameEngine/Database.php");
include_once($autoprefix . "GameEngine/Database.php");
$session = (int) $_POST['admid'];
// ---------------------------------------------------------------------------
// Verificare admin
// ---------------------------------------------------------------------------
$session = (int)($_POST['admid'] ?? 0);
$admin = $database->getUserArray($session, 1);
if (!$admin || (int)$admin['access'] !== 9) {
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
}
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
$access = mysqli_fetch_array($sql);
$sessionaccess = $access['access'];
// ---------------------------------------------------------------------------
// Reset Plus
// ---------------------------------------------------------------------------
$database->query("UPDATE " . TB_PREFIX . "users SET plus = 0 WHERE id > 0");
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
// ---------------------------------------------------------------------------
// Log admin
// ---------------------------------------------------------------------------
$adminId = (int)$_SESSION['id'];
$time = time();
$logText = "Reset Plus to 0 for all users";
$logEsc = $database->escape($logText);
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET plus = '0' WHERE id !=0");
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminId', '$logEsc', $time)"
);
header("Location: ../../../Admin/admin.php?p=maintenenceResetPlus&g");
header("Location: ../../../Admin/admin.php?p=maintenenceResetPlus&g=1");
exit;
?>
GameEngine/Admin/Mods/mainteneceResetPlusBonus.php
+39 -13
View File
@@ -3,36 +3,62 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename mainteneceResetPlusBonus.php ##
## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
include_once("../../config.php");
// go max 5 levels up - we don't have folders that go deeper than that
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix.'autoloader.php')) {
// we have our path, let's leave
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix."GameEngine/Database.php");
include_once($autoprefix . "GameEngine/Database.php");
$session = (int) $_POST['admid'];
// ---------------------------------------------------------------------------
// Verificare admin
// ---------------------------------------------------------------------------
$session = (int)($_POST['admid'] ?? 0);
$admin = $database->getUserArray($session, 1);
if (!$admin || (int)$admin['access'] !== 9) {
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
}
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
$access = mysqli_fetch_array($sql);
$sessionaccess = $access['access'];
// ---------------------------------------------------------------------------
// Reset bonusuri
// ---------------------------------------------------------------------------
$database->query("UPDATE " . TB_PREFIX . "users SET b1 = 0, b2 = 0, b3 = 0, b4 = 0 WHERE id > 0");
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
// ---------------------------------------------------------------------------
// Log admin
// ---------------------------------------------------------------------------
$adminId = (int)$_SESSION['id'];
$time = time();
$logText = "Reset resource bonuses (b1-b4) to 0 for all users";
$logEsc = $database->escape($logText);
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET b1 = '0', b2 = '0', b3='0', b4='0' WHERE id !=0");
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminId', '$logEsc', $time)"
);
header("Location: ../../../Admin/admin.php?p=maintenenceResetPlusBonus&g");
header("Location: ../../../Admin/admin.php?p=maintenenceResetPlusBonus&g=1");
exit;
?>
GameEngine/Admin/Mods/mainteneceUnban.php
+54 -37
View File
@@ -3,60 +3,77 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename mainteneceUnban.php ##
## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
include_once("../../config.php");
// go max 5 levels up - we don't have folders that go deeper than that
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix.'autoloader.php')) {
// we have our path, let's leave
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix."GameEngine/Database.php");
include_once($autoprefix . "GameEngine/Database.php");
foreach ($_POST as $key => $value) {
$_POST[$key] = $database->escape($value);
// ---------------------------------------------------------------------------
// Verificare admin
// ---------------------------------------------------------------------------
$session = (int)($_POST['admid'] ?? 0);
$admin = $database->getUserArray($session, 1);
if (!$admin || (int)$admin['access'] !== 9) {
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
}
$session = (int) $_POST['admid'];
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
$access = mysqli_fetch_array($sql);
$sessionaccess = $access['access'];
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
$users = mysqli_fetch_array(mysqli_query($GLOBALS["link"], "SELECT Count(*) as Total FROM ".TB_PREFIX."users"), MYSQLI_ASSOC);
$users = $users['Total'];
$reason = $_POST['unbanreason'];
$admin = $session;
$active = '0';
$access = '2';
$actualend = time();
$sql = "SELECT id FROM ".TB_PREFIX."users ORDER BY ID DESC LIMIT 1";
$loops = mysqli_result(mysqli_query($GLOBALS["link"], $sql), 0);
for($i = 0; $i < $loops + 1; $i++)
{
$query = "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$i." AND access = ".$access."";
$result = mysqli_query($GLOBALS["link"], $query);
while($row = mysqli_fetch_assoc($result))
{
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."banlist SET active = '".$active."', end = '".$actualend."' WHERE reason = '".$reason."'");
}
// ---------------------------------------------------------------------------
// Input
// ---------------------------------------------------------------------------
$reason = trim($_POST['unbanreason'] ?? '');
if ($reason === '') {
header("Location: ../../../Admin/admin.php?p=ban&e=noreason");
exit;
}
header("Location: ../../../Admin/admin.php?p=ban");
$reasonEsc = $database->escape($reason);
$time = time();
$adminId = (int)$session;
// ---------------------------------------------------------------------------
// Unban
// ---------------------------------------------------------------------------
$database->query(
"UPDATE " . TB_PREFIX . "banlist
SET active = 0, end = $time
WHERE reason = '$reasonEsc' AND active = 1"
);
// ---------------------------------------------------------------------------
// Log admin
// ---------------------------------------------------------------------------
$logText = "Mass unban for reason='$reasonEsc'";
$logEsc = $database->escape($logText);
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminId', '$logEsc', $time)"
);
header("Location: ../../../Admin/admin.php?p=ban&u=1");
exit;
?>
GameEngine/Admin/Mods/recalcWH.php
+57 -99
View File
@@ -2,123 +2,81 @@
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename editBuildings.php ##
## Filename recalcWH.php (salvează clădirile (f1-f40) ##
## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
include_once("../../config.php");
foreach ($_POST as $key => $value) {
$_POST[$key] = $database->escape($value);
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
// go max 5 levels up - we don't have folders that go deeper than that
include_once("../../config.php");
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix.'autoloader.php')) {
// we have our path, let's leave
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix."GameEngine/Database.php");
include_once($autoprefix . "GameEngine/Database.php");
$session = (int) $_POST['admid'];
$id = (int) $_POST['id'];
// ---------------------------------------------------------------------------
// Verificare admin
// ---------------------------------------------------------------------------
$session = (int)($_POST['admid'] ?? 0);
$id = (int)($_POST['id'] ?? 0);
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
$access = mysqli_fetch_array($sql);
$sessionaccess = $access['access'];
$admin = $database->getUserArray($session, 1);
if (!$admin || (int)$admin['access'] !== 9) {
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
}
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
if ($id <= 0) {
header("Location: ../../../Admin/admin.php?p=villages");
exit;
}
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."fdata SET
f1 = '".$_POST['id1level']."',
f1t = '".$_POST['id1gid']."',
f2 = '".$_POST['id2level']."',
f2t = '".$_POST['id2gid']."',
f3 = '".$_POST['id3level']."',
f3t = '".$_POST['id3gid']."',
f4 = '".$_POST['id4level']."',
f4t = '".$_POST['id4gid']."',
f5 = '".$_POST['id5level']."',
f5t = '".$_POST['id5gid']."',
f6 = '".$_POST['id6level']."',
f6t = '".$_POST['id6gid']."',
f7 = '".$_POST['id7level']."',
f7t = '".$_POST['id7gid']."',
f8 = '".$_POST['id8level']."',
f8t = '".$_POST['id8gid']."',
f9 = '".$_POST['id9level']."',
f9t = '".$_POST['id9gid']."',
f10 = '".$_POST['id10level']."',
f10t = '".$_POST['id10gid']."',
f11 = '".$_POST['id11level']."',
f11t = '".$_POST['id11gid']."',
f12 = '".$_POST['id12level']."',
f12t = '".$_POST['id12gid']."',
f13 = '".$_POST['id13level']."',
f13t = '".$_POST['id13gid']."',
f14 = '".$_POST['id14level']."',
f14t = '".$_POST['id14gid']."',
f15 = '".$_POST['id15level']."',
f15t = '".$_POST['id15gid']."',
f16 = '".$_POST['id16level']."',
f16t = '".$_POST['id16gid']."',
f17 = '".$_POST['id17level']."',
f17t = '".$_POST['id17gid']."',
f18 = '".$_POST['id18level']."',
f18t = '".$_POST['id18gid']."',
f19 = '".$_POST['id19level']."',
f19t = '".$_POST['id19gid']."',
f20 = '".$_POST['id20level']."',
f20t = '".$_POST['id20gid']."',
f21 = '".$_POST['id21level']."',
f21t = '".$_POST['id21gid']."',
f22 = '".$_POST['id22level']."',
f22t = '".$_POST['id22gid']."',
f23 = '".$_POST['id23level']."',
f23t = '".$_POST['id23gid']."',
f24 = '".$_POST['id24level']."',
f24t = '".$_POST['id24gid']."',
f25 = '".$_POST['id25level']."',
f25t = '".$_POST['id25gid']."',
f26 = '".$_POST['id26level']."',
f26t = '".$_POST['id26gid']."',
f27 = '".$_POST['id27level']."',
f27t = '".$_POST['id27gid']."',
f28 = '".$_POST['id28level']."',
f28t = '".$_POST['id28gid']."',
f29 = '".$_POST['id29level']."',
f29t = '".$_POST['id29gid']."',
f30 = '".$_POST['id30level']."',
f30t = '".$_POST['id30gid']."',
f31 = '".$_POST['id31level']."',
f31t = '".$_POST['id31gid']."',
f32 = '".$_POST['id32level']."',
f32t = '".$_POST['id32gid']."',
f33 = '".$_POST['id33level']."',
f33t = '".$_POST['id33gid']."',
f34 = '".$_POST['id34level']."',
f34t = '".$_POST['id34gid']."',
f35 = '".$_POST['id35level']."',
f35t = '".$_POST['id35gid']."',
f36 = '".$_POST['id36level']."',
f36t = '".$_POST['id36gid']."',
f37 = '".$_POST['id37level']."',
f37t = '".$_POST['id37gid']."',
f38 = '".$_POST['id38level']."',
f38t = '".$_POST['id38gid']."',
f39 = '".$_POST['id39level']."',
f39t = '".$_POST['id39gid']."',
f40 = '".$_POST['id40level']."',
f40t = '".$_POST['id40gid']."'
WHERE vref = $id") or die(mysqli_error($database->dblink));
// ---------------------------------------------------------------------------
// Construiește SET dinamic f1-f40
// ---------------------------------------------------------------------------
$sets = [];
for ($i = 1; $i <= 40; $i++) {
$lvl = (int)($_POST["id{$i}level"] ?? 0);
$gid = (int)($_POST["id{$i}gid"] ?? 0);
$sets[] = "f$i = $lvl, f{$i}t = $gid";
}
$setSql = implode(", ", $sets);
header("Location: ../../../Admin/admin.php?action=recountPop&did=".$id."");
// ---------------------------------------------------------------------------
// Update
// ---------------------------------------------------------------------------
$database->query("UPDATE " . TB_PREFIX . "fdata SET $setSql WHERE vref = $id");
// ---------------------------------------------------------------------------
// Log admin
// ---------------------------------------------------------------------------
$adminId = (int)$_SESSION['id'];
$time = time();
$logText = "Recalculated buildings for village $id";
$logEsc = $database->escape($logText);
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminId', '$logEsc', $time)"
);
header("Location: ../../../Admin/admin.php?action=recountPop&did=" . $id);
exit;
?>
GameEngine/Admin/Mods/renameVillage.php
+48 -19
View File
@@ -3,45 +3,74 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename renameVillage.php ##
## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
include_once("../../config.php");
// go max 5 levels up - we don't have folders that go deeper than that
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix.'autoloader.php')) {
// we have our path, let's leave
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix."GameEngine/Database.php");
include_once($autoprefix . "GameEngine/Database.php");
$nameorig = $_POST['villagename'];
// ---------------------------------------------------------------------------
// Input
// ---------------------------------------------------------------------------
$session = (int)($_POST['admid'] ?? 0);
$did = (int)($_POST['did'] ?? 0);
$nameOrig = trim($_POST['villagename'] ?? '');
foreach ($_POST as $key => $value) {
$_POST[$key] = $database->escape($value);
if ($did <= 0 || $nameOrig === '') {
header("Location: ../../../Admin/admin.php?p=village&did=$did&e=1");
exit;
}
$did = (int) $_POST['did'];
$name = $_POST['villagename'];
$session = (int) $_POST['admid'];
// ---------------------------------------------------------------------------
// Verificare admin
// ---------------------------------------------------------------------------
$admin = $database->getUserArray($session, 1);
if (!$admin || (int)$admin['access'] !== 9) {
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
}
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
$access = mysqli_fetch_array($sql);
$sessionaccess = $access['access'];
// ---------------------------------------------------------------------------
// Update
// ---------------------------------------------------------------------------
$nameEsc = $database->escape($nameOrig);
$database->query("UPDATE " . TB_PREFIX . "vdata SET name = '$nameEsc' WHERE wref = $did");
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
// ---------------------------------------------------------------------------
// Log admin
// ---------------------------------------------------------------------------
$adminId = (int)$_SESSION['id'];
$time = time();
$logText = "Renamed village <a href='admin.php?p=village&did=$did'>$did</a> to '$nameEsc'";
$logEsc = $database->escape($logText);
$sql = "UPDATE ".TB_PREFIX."vdata SET name = '$name' WHERE wref = $did";
mysqli_query($GLOBALS["link"], $sql);
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminId', '$logEsc', $time)"
);
header("Location: ../../../Admin/admin.php?p=village&did=".$did."&name=".$nameorig."");
header("Location: ../../../Admin/admin.php?p=village&did=" . $did);
exit;
?>
GameEngine/Admin/Mods/sendMessage.php
+56 -14
View File
@@ -3,39 +3,81 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename sendMessage.php ##
## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
include_once("../../config.php");
// go max 5 levels up - we don't have folders that go deeper than that
// ---------------------------------------------------------------------------
// Autoloader path
// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
if (file_exists($autoprefix.'autoloader.php')) {
// we have our path, let's leave
if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
include_once($autoprefix."GameEngine/Database.php");
include_once($autoprefix . "GameEngine/Database.php");
$session = (int) $_POST['admid'];
// ---------------------------------------------------------------------------
// Input
// ---------------------------------------------------------------------------
$session = (int)($_POST['admid'] ?? 0);
$uid = (int)($_POST['uid'] ?? 0);
$topic = trim($_POST['topic'] ?? 'Admin Message');
$message = trim($_POST['message'] ?? '');
if ($uid <= 0 || $message === '') {
header("Location: ../../../Admin/admin.php?p=Newmessage&uid=$uid&e=1");
exit;
}
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
$access = mysqli_fetch_array($sql);
$sessionaccess = $access['access'];
// ---------------------------------------------------------------------------
// Verificare admin
// ---------------------------------------------------------------------------
$admin = $database->getUserArray($session, 1);
if (!$admin || (int)$admin['access'] !== 9) {
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
}
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
// ---------------------------------------------------------------------------
// Insert mesaj
// ---------------------------------------------------------------------------
$time = time();
$topicEsc = $database->escape($topic);
$msgEsc = $database->escape($message);
$query = "INSERT INTO ".TB_PREFIX."mdata (target, owner, topic, message, viewed, time) VALUES ('$uid', 1, '$topic', '$message', 0, '$time')";
$database->query(
"INSERT INTO " . TB_PREFIX . "mdata
(target, owner, topic, message, viewed, time, archive)
VALUES ($uid, 1, '$topicEsc', '$msgEsc', 0, $time, 0)"
);
mysqli_query($GLOBALS["link"], $query);
// ---------------------------------------------------------------------------
// Log admin
// ---------------------------------------------------------------------------
$adminId = (int)$_SESSION['id'];
$logText = "Sent message to uid $uid: '$topicEsc'";
$logEsc = $database->escape($logText);
header("Location: ../../../Admin/admin.php?p=Newmessage&uid=".$uid."&msg=ok");
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminId', '$logEsc', $time)"
);
header("Location: ../../../Admin/admin.php?p=Newmessage&uid=" . $uid . "&msg=ok");
exit;
?>
GameEngine/Admin/database.php
+706 -748
View File
File diff suppressed because it is too large Load Diff