From 40eacecea66cda5f5212813978ee2e3c7ff0e565 Mon Sep 17 00:00:00 2001 From: Martin Ambrus Date: Sun, 22 Oct 2017 00:31:25 +0200 Subject: [PATCH] fix: self-kicking from alliance disallowed --- GameEngine/Alliance.php | 2 +- GameEngine/Database.php | 4 ++-- README | 14 ++++++++++++++ Templates/Alliance/kick.tpl | 4 +++- todo.txt | 1 - 5 files changed, 20 insertions(+), 5 deletions(-) diff --git a/GameEngine/Alliance.php b/GameEngine/Alliance.php index 83bec4e5..8adff495 100755 --- a/GameEngine/Alliance.php +++ b/GameEngine/Alliance.php @@ -332,7 +332,7 @@ private function kickAlliUser($post) { global $database, $session, $form; if($session->access != BANNED){ - $UserData = $database->getUserArray($post['a_user'], 0); + $UserData = $database->getUserArray($post['a_user'], 1); if($this->userPermArray['opt2'] == 0) { $form->addError("perm", NO_PERMISSION); } else if($UserData['id'] != $session->uid){ diff --git a/GameEngine/Database.php b/GameEngine/Database.php index d055cdf5..a3414a86 100755 --- a/GameEngine/Database.php +++ b/GameEngine/Database.php @@ -1681,9 +1681,9 @@ class MYSQLi_DB { $num_rows = mysqli_num_rows($result); if($num_rows == 0) { $q = "DELETE FROM " . TB_PREFIX . "alidata WHERE id = $aid"; + mysqli_query($this->dblink,$q); + return mysqli_insert_id($this->dblink); } - mysqli_query($this->dblink,$q); - return mysqli_insert_id($this->dblink); } /***************************************** diff --git a/README b/README index cae30556..c0d770bc 100644 --- a/README +++ b/README @@ -25,6 +25,20 @@ martinambrus changes: 13. alliance description now really editable 14. Admin SQL injection fixes 15. fix for map not showing natar villages +16. weak MD5 password in database converted into strong bcrypt ones +17. newsbox 1 best player can also show admin if they are enabled in config +18. Natar random attacks show attacker as ?? as intended now +19. System Message can contain quotes and no longer inserts BOM characters at the beginning +20. front-end + Admin page titles now correctly reflect where we really are (so browsing history can be navigated easily instead of showing Travian on every page) +21. Return to Server link in Admin works fine if homepage in config does not end with a slash +22. Great Workshop no longer shows as "Error" in Admin when editing Village +23. Great Workshop added to manual pages +24. new Combat Simulator link when showing details of oasis for quicker determination if we can win that fight +25. Support, Taskmaster & Multihunter no longer shown in statistics as last players with 0 villages +26. invalid
tags no longer added to description textboxes when editing User in Admin +27. editing additional user data in Admin now saves them when Enter is used instead of clicking on "Save" as well +28. fixed reports pagination always staying on "All" tab +29. fix for the "fixed" :) self-kicking from an alliance Shadowss changes: diff --git a/Templates/Alliance/kick.tpl b/Templates/Alliance/kick.tpl index 1bbf815b..24fd0f34 100644 --- a/Templates/Alliance/kick.tpl +++ b/Templates/Alliance/kick.tpl @@ -27,7 +27,9 @@ include("alli_menu.tpl"); diff --git a/todo.txt b/todo.txt index c9fd182b..69803ff6 100644 --- a/todo.txt +++ b/todo.txt @@ -8,7 +8,6 @@ - disallow Support to play (single cookie for Admin and the game means support gets no village and lots of warnings when they switch to game now) - resetting res bonus in admin actually says that bonus was given after OK is pressed - quest image should glow red when new task is ready to be read (now it's only red when page is refreshed) -- disallow kicking yourself from alliance or provide a confirmation dialog and correct redirect - sending messages to players via Admin doesn't work - check aliance invitation accepting - apparently it doesn't work too well on first try? - normalize forum tables - varchar is used for numeric values and is joined with int field