From 2c9d42081e035ff9231e6c043dc9485b25bd2c95 Mon Sep 17 00:00:00 2001 From: unknown Date: Thu, 25 Oct 2012 19:45:44 +0200 Subject: [PATCH 1/8] update --- Templates/Plus/invite.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Templates/Plus/invite.tpl b/Templates/Plus/invite.tpl index e353dd78..dd48269a 100644 --- a/Templates/Plus/invite.tpl +++ b/Templates/Plus/invite.tpl @@ -23,7 +23,7 @@ include("Templates/Plus/pmenu.tpl");

2) Copy your personal REF-Link and share it!

Your personal REF Link:
- anmelden?id=ref_uid; ?> + anmelden.php?id=ref_uid; ?>

Progress of your invited friends

From 7fe34e2d8a00163a21995cfa65202d571bc79fae Mon Sep 17 00:00:00 2001 From: unknown Date: Thu, 25 Oct 2012 22:12:44 +0200 Subject: [PATCH 2/8] updates --- GameEngine/Building.php | 5 ++++- Templates/Build/15_1.tpl | 10 ++++++++-- build.php | 15 ++++++++------- 3 files changed, 20 insertions(+), 10 deletions(-) diff --git a/GameEngine/Building.php b/GameEngine/Building.php index 28b06904..19596f57 100644 --- a/GameEngine/Building.php +++ b/GameEngine/Building.php @@ -677,7 +677,6 @@ class Building { if($jobs['wid']==$village->wid){ $wwvillage = $database->getResourceLevel($jobs['wid']); if($wwvillage['f99t']!=40){ - $ww = 0; $level = $jobs['level']; if($jobs['type'] != 25 AND $jobs['type'] != 26 AND $jobs['type'] != 40) { $finish = 1; @@ -717,6 +716,10 @@ class Building { } } } + $wwvillage1 = $database->getResourceLevel($village->wid); + if($wwvillage1['f99t']!=40){ + $ww = 0; + } if($ww == 0){ $database->finishDemolition($village->wid); $technology->finishTech(); diff --git a/Templates/Build/15_1.tpl b/Templates/Build/15_1.tpl index 0ff19492..03d8edb0 100644 --- a/Templates/Build/15_1.tpl +++ b/Templates/Build/15_1.tpl @@ -31,9 +31,15 @@ if($village->resarray['f'.$id] >= DEMOLISH_LEVEL_REQ) { echo ""; echo "cancel "; echo "Demolition of ".$building->procResType($VillageResourceLevels['f'.$Demolition['buildnumber'].'t']).": ".$generator->getTimeFormat($Demolition['timetofinish']-time()).""; - ?> - Finish all construction and research orders in this village immediately for 2 Gold? + if($session->gold >= 2) { + if($session->access!=BANNED){ + ?> Finish all construction and research orders in this village immediately for 2 Gold? Finish all construction and research orders in this village immediately for 2 Gold? + "; } else { echo " diff --git a/build.php b/build.php index 15cfc81f..6b50290c 100644 --- a/build.php +++ b/build.php @@ -20,12 +20,7 @@ if(isset($_GET['newdid'])) { if($_GET['id'] == 99 && $village->natar == 0){ header("Location: dorf2.php"); } -if(isset($_GET['buildingFinish'])) { - if($session->gold >= 2) { - $building->finishAll(); - header("Location: build.php?gid=15"); - } -} + $start = $generator->pageLoadTimeStart(); $alliance->procAlliForm($_POST); $technology->procTech($_POST); @@ -311,7 +306,7 @@ $automation->isWinner();
resarray['f'.$_GET['id'].'t'].".tpl"); } + if($_GET['buildingFinish'] == 1) { + if($session->gold >= 2) { + $building->finishAll(); + header("Location: build.php?gid=15"); + } + } } }else{ header("Location: dorf1.php"); From 176c313845e71ab6f4a1d9378797d42f3429ffe2 Mon Sep 17 00:00:00 2001 From: unknown Date: Fri, 26 Oct 2012 14:17:53 +0200 Subject: [PATCH 3/8] fix problem with hero levels --- GameEngine/Automation.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/GameEngine/Automation.php b/GameEngine/Automation.php index 5184314b..2ae5f073 100644 --- a/GameEngine/Automation.php +++ b/GameEngine/Automation.php @@ -3849,10 +3849,15 @@ $crannyimg = "modifyHero("lastupdate",time(),$hdata['heroid']); } } - while($hdata['experience'] > $hero_levels[$hdata['level']+1] && $hdata['level'] < 100){ - mysql_query("UPDATE " . TB_PREFIX ."hero SET level = level + 1 WHERE heroid = '".$hdata['heroid']."'"); + $herolevel = $hdata['level']; + for($i = $herolevel+1; $i < 100; $i++){ + if($hdata['experience'] > $hero_levels[$i]){ + mysql_query("UPDATE " . TB_PREFIX ."hero SET level = $i WHERE heroid = '".$hdata['heroid']."'"); + if($i < 99){ mysql_query("UPDATE " . TB_PREFIX ."hero SET points = points + 5 WHERE heroid = '".$hdata['heroid']."'"); } + } + } $villunits = $database->getUnit($hdata['wref']); if($villunits['hero'] == 0 && $hdata['trainingtime'] < time() && $hdata['inrevive'] == 1){ mysql_query("UPDATE " . TB_PREFIX . "units SET hero = 1 WHERE vref = ".$hdata['wref'].""); From 3843f2734940ce56343a3b160a64f066fce5d85e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicol=C3=B2?= Date: Fri, 2 Nov 2012 22:00:23 +0100 Subject: [PATCH 4/8] Login CSFR Protection --- login.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/login.php b/login.php index 89a3c13e..d310df03 100644 --- a/login.php +++ b/login.php @@ -20,6 +20,14 @@ if(isset($_GET['del_cookie'])) { if(!isset($_COOKIE['COOKUSR'])) { $_COOKIE['COOKUSR'] = ""; } + +if ( $_SERVER[ 'REQUEST_METHOD' ] == 'POST' ) { + if ( !isset( $_SESSION[ 'csrf' ] ) || $_SESSION[ 'csrf' ] !== $_POST[ 'csrf' ] ) + throw new RuntimeException( 'CSRF attack' ); +} +$key = sha1( microtime() ); +$_SESSION[ 'csrf' ] = $key; + ?> @@ -213,6 +221,7 @@ CountBack(gsecs); ?>
+