From 5270b1ca306a82eab9070845396659547639e591 Mon Sep 17 00:00:00 2001
From: iopietro <iopietro@hotmail.it>
Date: Tue, 17 Apr 2018 22:54:07 +0200
Subject: [PATCH] Fixed bugs in trade routes

+Trade routes can't be hacked anymore
+Fixed a bug that permitted to choose any village when adding a trade
route
+Fixed a bug that permitted to choose a time greater than 23 and less
than 0
+Fixed a bug that permitted to choose a number of repetitions greater
than 3 and less than 1
+Fixed a bug that permitted to edit other players trade route
+Fixed a bug that permitted to create a trading route with the same
village you were in
+Fixed some minor bugs
+Reworked the post/get request system, it's buch better now
---
 GameEngine/Lang/en.php        |   8 +-
 Templates/Build/17_4.tpl      |  20 ++--
 Templates/Build/17_create.tpl |   4 +-
 Templates/Build/17_edit.tpl   |   6 +-
 build.php                     | 193 ++++++++++++++++------------------
 5 files changed, 107 insertions(+), 124 deletions(-)

diff --git a/GameEngine/Lang/en.php b/GameEngine/Lang/en.php
index ca4722d9..fa404081 100755
--- a/GameEngine/Lang/en.php
+++ b/GameEngine/Lang/en.php
@@ -891,10 +891,10 @@ define("EXTEND","Extend");
 define("EDIT","Edit");
 define("EXTEND_TRADE_ROUTES","Extend the trade route by <b>7</b> days for");
 define("CREATE_TRADE_ROUTES","Create new trade route");
-define("DELIVERIES","deliveries");
-define("START_TIME_TRADE","start time");
+define("DELIVERIES","Deliveries");
+define("START_TIME_TRADE","Start time");
 define("CREATE_TRADE_ROUTE","Create trade route");
-define("TARGET_VILLAGE","target village");
+define("TARGET_VILLAGE","Target village");
 define("EDIT_TRADE_ROUTES","Edit trade route");
 define("TRADE_ROUTES_DESC","Trade route allows you to set up routes for your merchant that he will walk every day at a certain hour. <br /><br /> Standard this holds on for <b>7</b> days, but you can extend it with <b>7</b> days for the cost of");
 define("NPC_TRADE_DESC","With the NPC merchant you can distribute the resources in your warehouse as you desire. <br /><br /> The first line shows the current stock. In the second line you can choose another distribution. The third line shows the difference between the old and new stock.");
@@ -1114,7 +1114,7 @@ define("BUILDING_BEING_DEMOLISHED","Building presently being demolished");
 define("COSTS_UPGRADING_LEVEL","Costs</b> for upgrading to level");
 define("WORKERS_ALREADY_WORK","The workers are already at work.");
 define("CONSTRUCTING_MASTER_BUILDER","Constructing with master builder ");
-define("COSTS","costs");
+define("COSTS","Costs");
 define("GOLD","Gold");
 define("WORKERS_ALREADY_WORK_WAITING","The workers are already at work. (waiting loop)");
 define("ENOUGH_FOOD_EXPAND_CROPLAND","Not enough food. Expand cropland.");
diff --git a/Templates/Build/17_4.tpl b/Templates/Build/17_4.tpl
index 36ffec5c..7dabaf9e 100644
--- a/Templates/Build/17_4.tpl
+++ b/Templates/Build/17_4.tpl
@@ -7,23 +7,19 @@
 </p> 
  
 <?php include("17_menu.tpl"); 
-
-if(isset($_GET['action'])){
+if(isset($_POST['action'])){
 $routeaccess = 1;
 }
 if(isset($_GET['create']) && $session->gold > 1){
 $routeaccess = 1;
 include("17_create.tpl");
-}else if($_GET['action'] == 'editRoute' && isset($_GET['routeid']) && $_GET['routeid'] != ""){
-$traderoute = $database->getTradeRouteUid($_GET['routeid']);
-if($traderoute == $session->uid){
+}else if($_POST['action'] == 'editRoute' && isset($_POST['routeid']) && !empty($_POST['routeid']) && $database->getTradeRouteUid($_POST['routeid']) == $session->uid){
 include("17_edit.tpl");
-}
 }else{
 ?>
 
 <p><?php echo TRADE_ROUTES_DESC;?> <img src="../../<?php echo GP_LOCATE; ?>img/a/gold.gif" alt="Gold" title="<?php echo GOLD;?>"><b>2</b>.</p>
-
+<form method="post" action ="build.php?id=34&t=4">
 <table id="npc" cellpadding="1" cellspacing="1"> 
 <thead>
 <tr>
@@ -41,7 +37,7 @@ $routes = $database->getTradeRoute($session->uid);
 foreach($routes as $route){
 ?>
 <tr>
-<th><label><input class="radio" type="radio" onclick="window.location.href = '?id=<?php echo $id; ?>&t=4&routeid=<?php echo $route['id']; ?>';" name="routeid" value="<?php echo $route['id']; ?>" <?php if($routeid == $route['id']) { echo "".CHECKED.""; } ?>></label></th>
+<th><label><input class="radio" type="radio" name="routeid" value="<?php echo $route['id']; ?>" <?php if($routeid == $route['id']) { echo "".CHECKED.""; } ?>></label></th>
 <th>
 <?php
 echo "".TRADE_ROUTE_TO." <a href=karte.php?d=".$route['wid']."&c=".$generator->getMapCheck($route['wid']).">".$database->getVillageField($route['wid'],"name")."</a>";
@@ -57,16 +53,18 @@ echo "".TRADE_ROUTE_TO." <a href=karte.php?d=".$route['wid']."&c=".$generator->g
 </th>
 	<th colspan="4">
    <?php $routeid=$routeid == 0? $routeid=0:$routeid; ?>	
-   <a href="build.php?action=extendRoute&routeid=<?php echo $routeid; ?>"><?php echo EXTEND;?></a>*
- | <a href="build.php?id=<?php echo $id; ?>&t=4&action=editRoute&routeid=<?php echo $routeid; ?>"><?php echo EDIT;?></a>
- | <a href="build.php?action=delRoute&routeid=<?php echo $routeid; ?>"><?php echo DELETE;?></a>
+   <button type="submit" name="action" value="extendRoute"><?php echo EXTEND;?>*</button>
+ | <button type="submit" name="action" value="editRoute"><?php echo EDIT;?></button>
+ | <button type="submit" name="action" value="delRoute"><?php echo DELETE;?></button>
 	</th></tr></tfoot></table>
+</form>
 		* <?php echo EXTEND_TRADE_ROUTES;?> <img src="../../<?php echo GP_LOCATE; ?>img/a/gold.gif" alt="Gold" title="<?php echo GOLD;?>"><b>2</b>
 <br>
 <div class="options">
     <a class="arrow" href="build.php?gid=17&t=4&create">» <?php echo CREATE_TRADE_ROUTES;?></a>
 </div>
 	</div>
+
 <?php
 }}else{
 header("Location: build.php?id=".$_GET['id']."");
diff --git a/Templates/Build/17_create.tpl b/Templates/Build/17_create.tpl
index 68b08707..78defb60 100644
--- a/Templates/Build/17_create.tpl
+++ b/Templates/Build/17_create.tpl
@@ -59,14 +59,14 @@
 					<th>
 						<?php echo COSTS;?>:					</th>
 					<td>
-						<img src="../../<?php echo GP_LOCATE; ?>img/a/gold.gif" alt="Gold" title="<?php echo GOLD;?>"> 2
+						<img src="../../<?php echo GP_LOCATE; ?>img/a/gold.gif" alt="Gold" title="<?php echo GOLD;?>"> <b>2</b>
 					</td>
 				</tr>
 				<tr>
 					<th>
 						<?php echo DURATION;?>:					</th>
 					<td>
-						7 <?php echo DAYS;?>
+						<b>7</b> <?php echo DAYS;?>
 					</td>
 				</tr>
 			</tbody></table>
diff --git a/Templates/Build/17_edit.tpl b/Templates/Build/17_edit.tpl
index f9d0dc37..f6d4ef40 100644
--- a/Templates/Build/17_edit.tpl
+++ b/Templates/Build/17_edit.tpl
@@ -1,8 +1,8 @@
-<?php $edited_route = $database->getTradeRoute2($_GET['routeid']); ?>
+<?php $edited_route = $database->getTradeRoute2($_POST['routeid']); ?>
 <form action="build.php" method="post">
 		<div class="boxes boxesColor gray"><div class="boxes-tl"></div><div class="boxes-tr"></div><div class="boxes-tc"></div><div class="boxes-ml"></div><div class="boxes-mr"></div><div class="boxes-mc"></div><div class="boxes-bl"></div><div class="boxes-br"></div><div class="boxes-bc"></div><div class="boxes-contents cf">
-        <input type="hidden" name="action" value="editRoute">
-		<input type="hidden" name="routeid" value="<?php echo $_GET['routeid']; ?>">
+        <input type="hidden" name="action" value="editRoute2">
+		<input type="hidden" name="routeid" value="<?php echo $_POST['routeid']; ?>">
 			<table cellpadding="1" cellspacing="1" id="npc" class="transparent">
 			<thead>
 			<tr>
diff --git a/build.php b/build.php
index 66e1cae9..10545f7c 100644
--- a/build.php
+++ b/build.php
@@ -67,141 +67,126 @@ if ( isset( $_GET['id'] ) ) {
     }
 }
 
-if ( $session->goldclub == 1 && count( $session->villages ) > 1 ) {
-    if ( isset( $_GET['routeid'] ) ) {
-        $routeid = $_GET['routeid'];
+if ($session->goldclub == 1 && count($session->villages) > 1 ) {
+    if (isset($_POST['routeid'])) {
+        $routeid = $_POST['routeid'];
     }
 
-    if ( isset( $_POST['action'] ) && $_POST['action'] == 'addRoute' ) {
-        if ( $session->access != BANNED ) {
-            if ( $session->gold >= 2 ) {
-                for ( $i = 1; $i <= 4; $i ++ ) {
-                    if ( $_POST[ 'r' . $i ] == "" ) {
-                        $_POST[ 'r' . $i ] = 0;
+    if (isset($_POST['action']) && $_POST['action'] == 'addRoute') {
+        if ($session->access != BANNED) {
+            if ($session->gold >= 2 && $session->goldclub == 1) {
+                for ($i = 1; $i <= 4; $i ++) {
+                    if (empty($_POST['r'.$i])) {
+                        $_POST['r'.$i] = 0;
                     }
                 }
 
-                $totalres = preg_replace( "/[^0-9]/", "", $_POST['r1'] ) + preg_replace( "/[^0-9]/", "", $_POST['r2'] ) + preg_replace( "/[^0-9]/", "", $_POST['r3'] ) + preg_replace( "/[^0-9]/", "", $_POST['r4'] );
-                $reqMerc  = ceil( ( $totalres - 0.1 ) / $market->maxcarry );
-                $second   = date( "s" );
-                $minute   = date( "i" );
-                $hour     = date( "G" ) - $_POST['start'];
+                $totalres = preg_replace("/[^0-9]/", "", $_POST['r1']) + preg_replace("/[^0-9]/", "", $_POST['r2']) + preg_replace("/[^0-9]/", "", $_POST['r3']) + preg_replace("/[^0-9]/", "", $_POST['r4']);
+                $reqMerc  = ceil(($totalres - 0.1) / $market->maxcarry);
+                $second   = date("s");
+                $minute   = date("i");
+                $hour     = date("G") - $_POST['start'];
 
-                if ( date( "G" ) > $_POST['start'] ) {
-                    $day = 1;
-                } else {
-                    $day = 0;
-                }
+                if (date("G") > $_POST['start']) $day = 1;      
+                else $day = 0;             
 
-                $timestamp = strtotime( "-$hour hours -$second second -$minute minutes +$day day" );
+                $timestamp = strtotime("-$hour hours -$second second -$minute minutes +$day day");
 
-                if ( $totalres > 0 ) {
-                    $database->createTradeRoute( $session->uid, $_POST['tvillage'], $village->wid, $_POST['r1'], $_POST['r2'], $_POST['r3'], $_POST['r4'], $_POST['start'], $_POST['deliveries'], $reqMerc, $timestamp );
-                    header( "Location: build.php?gid=17&t=4" );
-                    exit;
+                if ($totalres > 0 && $_POST['tvillage'] != $village->wid && in_array($_POST['tvillage'], $session->villages) && ($_POST['start'] >= 0 && $_POST['start'] <= 23) && ($_POST['deliveries'] >= 1 && $_POST['deliveries'] <= 3)) {
+                    $database->createTradeRoute($session->uid, $_POST['tvillage'], $village->wid, $_POST['r1'], $_POST['r2'], $_POST['r3'], $_POST['r4'], $_POST['start'], $_POST['deliveries'], $reqMerc, $timestamp);
                     $route = 1;
+                    header("Location: build.php?gid=17&t=4");
+                    exit;            
                 } else {
-                    header( "Location: build.php?gid=17&t=4&create" );
-                    exit;
                     $route = 1;
+                    header("Location: build.php?gid=17&t=4&create");
+                    exit;                 
                 }
             }
         } else {
             $route = 0;
-            header( "Location: banned.php" );
+            header("Location: banned.php");
             exit;
         }
     }
 
-    if ( isset( $_GET['action'] ) && $_GET['action'] == 'extendRoute' ) {
-        if ( $session->access != BANNED ) {
-            if ( $session->gold >= 2 ) {
-                $traderoute = $database->getTradeRouteUid( $_GET['routeid'] );
-
-                if ( $traderoute == $session->uid ) {
-                    $database->editTradeRoute( $_GET['routeid'], "timeleft", 604800, 1 );
+    if (isset($_POST['routeid']) && isset($_POST['action']) && $_POST['action'] == 'extendRoute') {
+        if ($session->access != BANNED) {
+            if ($session->gold >= 2 && $session->goldclub == 1) {
+                $traderoute = $database->getTradeRouteUid($_POST['routeid']);
+                if ($traderoute == $session->uid) {
+                    $database->editTradeRoute($_POST['routeid'], "timeleft", 604800, 1);
                     $newgold = $session->gold - 2;
-                    $database->updateUserField( $session->uid, 'gold', $newgold, 1 );
-                    header( "Location: build.php?gid=17&t=4" );
-                    exit;
-                    $route = 1;
-                    unset( $routeid );
-                } else {
-                    header( "Location: build.php?gid=17&t=4" );
-                    exit;
-                    $route = 1;
-                    unset( $routeid );
+                    $database->updateUserField($session->uid, 'gold', $newgold, 1);                      
                 }
-
-            } else {
-                header( "Location: build.php?gid=17&t=4" );
-                exit;
-                $route = 1;
-            }
-        } else {
-            $route = 0;
-            header( "Location: banned.php" );
-            exit;
-        }
-    }
-
-    if ( isset( $_POST['action'] ) && $_POST['action'] == 'editRoute' ) {
-        if ( $session->access != BANNED ) {
-            $totalres = $_POST['r1'] + $_POST['r2'] + $_POST['r3'] + $_POST['r4'];
-            $reqMerc  = ceil( ( $totalres - 0.1 ) / $market->maxcarry );
-
-            if ( $totalres > 0 ) {
-                $database->editTradeRoute( $_POST['routeid'], "wood", $_POST['r1'], 0 );
-                $database->editTradeRoute( $_POST['routeid'], "clay", $_POST['r2'], 0 );
-                $database->editTradeRoute( $_POST['routeid'], "iron", $_POST['r3'], 0 );
-                $database->editTradeRoute( $_POST['routeid'], "crop", $_POST['r4'], 0 );
-                $database->editTradeRoute( $_POST['routeid'], "start", $_POST['start'], 0 );
-                $database->editTradeRoute( $_POST['routeid'], "deliveries", $_POST['deliveries'], 0 );
-                $database->editTradeRoute( $_POST['routeid'], "merchant", $reqMerc, 0 );
-                $second = date( "s" );
-                $minute = date( "i" );
-                $hour   = date( "G" ) - $_POST['start'];
-                if ( date( "G" ) > $_POST['start'] ) {
-                    $day = 1;
-                } else {
-                    $day = 0;
-                }
-                $timestamp = strtotime( "-$hour hours -$second seconds -$minute minutes +$day day" );
-                $database->editTradeRoute( $_POST['routeid'], "timestamp", $timestamp, 0 );
-            }
-
-            header( "Location: build.php?gid=17&t=4" );
-            exit;
+            }    
             $route = 1;
-            unset( $routeid );
+            unset($routeid);
+            header("Location: build.php?gid=17&t=4");
+            exit;
         } else {
             $route = 0;
-            header( "Location: banned.php" );
+            header("Location: banned.php");
             exit;
         }
     }
 
-    if ( isset( $_GET['action'] ) && $_GET['action'] == 'delRoute' ) {
-        if ( $session->access != BANNED ) {
-            $traderoute = $database->getTradeRouteUid( $_GET['routeid'] );
-
-            if ( $traderoute == $session->uid ) {
-                $database->deleteTradeRoute( $_GET['routeid'] );
-                header( "Location: build.php?gid=17&t=4" );
-                exit;
+    if (isset($_POST['routeid']) && isset($_POST['action']) && $_POST['action'] == 'editRoute2') {
+        if ($session->access != BANNED) {
+            if($session->goldclub == 1){
+                for ($i = 1; $i <= 4; $i ++) {
+                    if (empty($_POST['r'.$i])) {
+                        $_POST['r'.$i] = 0;
+                    }
+                }
+                $totalres = preg_replace("/[^0-9]/", "", $_POST['r1']) + preg_replace("/[^0-9]/", "", $_POST['r2']) + preg_replace("/[^0-9]/", "", $_POST['r3']) + preg_replace("/[^0-9]/", "", $_POST['r4']);
+                $reqMerc  = ceil(($totalres - 0.1) / $market->maxcarry);
+                
+                $traderoute = $database->getTradeRouteUid($_POST['routeid']);
+                if ($totalres > 0 && $traderoute == $session->uid && ($_POST['start'] >= 0 && $_POST['start'] <= 23) && ($_POST['deliveries'] >= 1 && $_POST['deliveries'] <= 3)) {
+                    $database->editTradeRoute($_POST['routeid'], "wood", $_POST['r1'], 0);
+                    $database->editTradeRoute($_POST['routeid'], "clay", $_POST['r2'], 0);
+                    $database->editTradeRoute($_POST['routeid'], "iron", $_POST['r3'], 0);
+                    $database->editTradeRoute($_POST['routeid'], "crop", $_POST['r4'], 0);
+                    $database->editTradeRoute($_POST['routeid'], "start", $_POST['start'], 0);
+                    $database->editTradeRoute($_POST['routeid'], "deliveries", $_POST['deliveries'], 0);
+                    $database->editTradeRoute($_POST['routeid'], "merchant", $reqMerc, 0);
+                    $second = date("s");
+                    $minute = date("i");
+                    $hour   = date("G") - $_POST['start'];
+                    if (date("G") > $_POST['start'])  $day = 1;
+                    else $day = 0;
+                    $timestamp = strtotime("-$hour hours -$second seconds -$minute minutes +$day day");
+                    $database->editTradeRoute($_POST['routeid'], "timestamp", $timestamp, 0);
+                }
+                
                 $route = 1;
-                unset( $routeid );
+                unset($routeid);
+                header("Location: build.php?gid=17&t=4");
+                exit;               
             } else {
-                header( "Location: build.php?gid=17&t=4" );
+                $route = 0;
+                header("Location: banned.php");
                 exit;
-                $route = 1;
-                unset( $routeid );
             }
-        } else {
-            $route = 0;
-            header( "Location: banned.php" );
-            exit;
-        }
+        } 
+    }
+
+    if (isset($_POST['routeid']) && isset($_POST['action']) && $_POST['action'] == 'delRoute') {
+        if ($session->access != BANNED ) {
+            if($session->goldclub == 1){
+                $traderoute = $database->getTradeRouteUid($_POST['routeid']);
+                if ($traderoute == $session->uid) $database->deleteTradeRoute($_POST['routeid']);
+                $route = 1;
+                unset($routeid);
+                header("Location: build.php?gid=17&t=4");
+                exit;          
+            } else {
+                $route = 0;
+                header("Location: banned.php");
+                exit;
+            }
+        }        
     }
 }
 
@@ -361,7 +346,7 @@ if ( isset( $_GET['id'] ) ) {
 <?php include("Templates/menu.tpl"); ?>
 <div id="content"  class="build">
 <?php
-if(isset($_GET['id']) or isset($_GET['gid']) or $route == 1 or isset($_GET['routeid']) or isset($_GET['buildingFinish'])) {
+if(isset($_GET['id']) || isset($_GET['gid']) || $route == 1 || isset($_POST['routeid']) || isset($_GET['buildingFinish'])) {
 	if(isset($_GET['s']))
 	{
 		if (!ctype_digit($_GET['s'])) {