diff --git a/Admin/Templates/addABTroops.tpl b/Admin/Templates/addABTroops.tpl
index 1490e270..417e3591 100644
--- a/Admin/Templates/addABTroops.tpl
+++ b/Admin/Templates/addABTroops.tpl
@@ -18,7 +18,9 @@
## --------------------------------------------------------------------------- ##
#################################################################################
$unarray = array(1=>U1,U2,U3,U4,U5,U6,U7,U8,U9,U10,U11,U12,U13,U14,U15,U16,U17,U18,U19,U20,U21,U22,U23,U24,U25,U26,U27,U28,U29,U30,U31,U32,U33,U34,U35,U36,U37,U38,U39,U40,U41,U42,U43,U44,U45,U46,U47,U48,U49,U50,U99,U0);
-if($_SESSION['access'] < 9) die(ACCESS_DENIED_ADMIN);
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die(defined('ACCESS_DENIED_ADMIN') ? ACCESS_DENIED_ADMIN : 'Access Denied: You are not Admin!');
+}
$id = $_GET['did'];
if(isset($id)){
$abtech = $database->getABTech($id);
diff --git a/Admin/Templates/addTroops.tpl b/Admin/Templates/addTroops.tpl
index b19b98d8..60de0bdc 100644
--- a/Admin/Templates/addTroops.tpl
+++ b/Admin/Templates/addTroops.tpl
@@ -18,7 +18,9 @@
## --------------------------------------------------------------------------- ##
#################################################################################
$unarray = [1=>U1,U2,U3,U4,U5,U6,U7,U8,U9,U10,U11,U12,U13,U14,U15,U16,U17,U18,U19,U20,U21,U22,U23,U24,U25,U26,U27,U28,U29,U30,U31,U32,U33,U34,U35,U36,U37,U38,U39,U40,U41,U42,U43,U44,U45,U46,U47,U48,U49,U50,U99,U0];
-if($_SESSION['access'] < 9) die(ACCESS_DENIED_ADMIN);
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die(defined('ACCESS_DENIED_ADMIN') ? ACCESS_DENIED_ADMIN : 'Access Denied: You are not Admin!');
+}
$id = $_GET['did'];
if(isset($id)){
$units = $database->getUnit($village['wref']);
diff --git a/Admin/Templates/ban.tpl b/Admin/Templates/ban.tpl
index 6ae80e08..5d1628ba 100644
--- a/Admin/Templates/ban.tpl
+++ b/Admin/Templates/ban.tpl
@@ -17,7 +17,7 @@
## Copyright : TravianZ (c) 2010-2025. All rights reserved. ##
## --------------------------------------------------------------------------- ##
#################################################################################
-if($_SESSION['access'] < ADMIN) die("Access Denied!");
+if($_SESSION['access'] < MULTIHUNTER) die("Access Denied!");
$error = '';
$success = '';
diff --git a/Admin/Templates/massmessage.tpl b/Admin/Templates/massmessage.tpl
new file mode 100644
index 00000000..747c46de
--- /dev/null
+++ b/Admin/Templates/massmessage.tpl
@@ -0,0 +1,112 @@
+
+
+
+
+
+
+
+
+
+
+
Send Message to All Players
+
Mesaj in-game pentru toti userii (ID > 5)
+
+
+
+
+
+ Confirmare: Esti sigur ca vrei sa trimiti?
+ Subject: =htmlspecialchars($_SESSION['mass_subject'])?>
+
+
+
+
+
+
Se trimit mesajele...
+
=$_GET['msg']?? ''?>
+
+
+
+
+
+
+
+
+
✓ Mass message trimis cu succes la toti jucatorii!
+
+
\ No newline at end of file
diff --git a/Admin/Templates/playeradditionalinfo.tpl b/Admin/Templates/playeradditionalinfo.tpl
index d3ceccf2..f1858877 100644
--- a/Admin/Templates/playeradditionalinfo.tpl
+++ b/Admin/Templates/playeradditionalinfo.tpl
@@ -28,15 +28,20 @@
-
-
- Additional Information
+
+
+ |
+ Additional Information
+
+
- |
-
-
+
+
+ |
+
+
| Access |
diff --git a/Admin/Templates/playerinfo.tpl b/Admin/Templates/playerinfo.tpl
index 0933eba8..598c76c9 100644
--- a/Admin/Templates/playerinfo.tpl
+++ b/Admin/Templates/playerinfo.tpl
@@ -94,13 +94,13 @@
| Population |
-
-
-
- |
+
+
+
+
| Age |
@@ -207,17 +207,17 @@
?>
| » Ban User |
- | » Send Message |
- | » Edit Plus & Res Bonus |
- | » Edit Sitters |
-
- | » Edit Protection |
- | » Edit Password |
- | » Edit Overall Off & Def |
- | » Edit Weekly Off, Def, Raid |
- | » User Login Log |
- | » User Illegal Log |
-
+ | » Send Message |
+
+ | » Edit Plus & Res Bonus |
+ | » Edit Sitters |
+ | » Edit Protection |
+ | » Edit Password |
+ | » Edit Overall Off & Def |
+ | » Edit Weekly Off, Def, Raid |
+
+ | » User Login Log |
+ | » User Illegal Log |
diff --git a/Admin/Templates/sysmessage.tpl b/Admin/Templates/sysmessage.tpl
new file mode 100644
index 00000000..58ca922c
--- /dev/null
+++ b/Admin/Templates/sysmessage.tpl
@@ -0,0 +1,117 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Confirmare system message
+ Color:
+ =htmlspecialchars($_SESSION['sys_subject'])?>
+
+
+ =nl2br(htmlspecialchars($_SESSION['sys_message']))?>
+
+
+
+
+
+
+
+ Sending system message...
+
+
+
+
+
+
+
+
+
+ ✓ System message sent successfully
+
+
+
+
\ No newline at end of file
diff --git a/Admin/Templates/troopUpgrades.tpl b/Admin/Templates/troopUpgrades.tpl
index 1f43c9a2..0dfa1ab5 100644
--- a/Admin/Templates/troopUpgrades.tpl
+++ b/Admin/Templates/troopUpgrades.tpl
@@ -55,9 +55,11 @@ $img = $tribe==1 ? "" : $tribe-1;
}
?>
+
AB Tech updated'; ?>
+
\ No newline at end of file
diff --git a/Admin/Templates/village.tpl b/Admin/Templates/village.tpl
index 2d2da5f4..9dfd0b94 100644
--- a/Admin/Templates/village.tpl
+++ b/Admin/Templates/village.tpl
@@ -122,7 +122,9 @@ if(isset($id)){
-
+
+
+
|
@@ -131,7 +133,9 @@ if(isset($id)){
-
+
+
+
| Population | |
@@ -142,7 +146,8 @@ if(isset($id)){
-
+
| Res | Amt | Cap | Prod |
Wood | | | |
@@ -215,7 +220,7 @@ if(isset($id)){
Buildings
| ID | GID | Name | Lvl | Edit |
- procResType($fdata['f'.$i.'t']); echo '| '.$i.' | '.$fdata['f'.$i.'t'].' | '.$bu.' | '.$fdata['f'.$i].' | '.$svgEdit.' |
'; } ?>
+ procResType($fdata['f'.$i.'t']); echo '| '.$i.' | '.$fdata['f'.$i.'t'].' | '.$bu.' | '.$fdata['f'.$i].' | '.($_SESSION['access'] == ADMIN ? ''.$svgEdit.'': '').' |
'; } ?>
diff --git a/Admin/admin.php b/Admin/admin.php
index 5d7b0f78..8940d907 100644
--- a/Admin/admin.php
+++ b/Admin/admin.php
@@ -53,6 +53,14 @@ if (!empty($_GET['p'])) {
case 'message':
$subpage = 'Players Message';
break;
+
+ case 'massmessage':
+ $subpage = 'Mass Message';
+ break;
+
+ case 'sysmessage':
+ $subpage = 'System Message';
+ break;
case 'map':
$subpage = 'Map';
@@ -578,8 +586,8 @@ Logged: =$adminName?> (=$rank
Messages
Ban
@@ -613,7 +621,7 @@ Logged: =$adminName?> (=$rank
diff --git a/GameEngine/Admin/Mods/massmessage.php b/GameEngine/Admin/Mods/massmessage.php
new file mode 100644
index 00000000..2f8f2799
--- /dev/null
+++ b/GameEngine/Admin/Mods/massmessage.php
@@ -0,0 +1,183 @@
+escape($_SESSION['mass_subject']);
+ $message = $_SESSION['mass_message'];
+ $color = $database->escape(
+ $_SESSION['mass_color'] ?: 'black'
+ );
+
+ /*
+ |--------------------------------------------------------------------------
+ | BBCode
+ |--------------------------------------------------------------------------
+ */
+
+ $message = preg_replace(
+ "/\[img\](.*?)\[\/img\]/i",
+ "
",
+ $message
+ );
+
+ $message = preg_replace(
+ "/\[url\](.*?)\[\/url\]/i",
+ "$1",
+ $message
+ );
+
+ $message = preg_replace(
+ "/\[url=(.*?)\](.*?)\[\/url\]/i",
+ "$2",
+ $message
+ );
+
+ $message = "[message]".$message."[/message]";
+
+ $message = $database->escape($message);
+
+ /*
+ |--------------------------------------------------------------------------
+ | ALL PLAYERS
+ |--------------------------------------------------------------------------
+ */
+
+ $result = mysqli_query(
+ $database->dblink,
+ "SELECT id
+ FROM ".TB_PREFIX."users
+ WHERE id > 5
+ ORDER BY id ASC"
+ );
+
+ $rows = [];
+
+ $time = time();
+
+ while ($user = mysqli_fetch_assoc($result)) {
+
+ $uid = (int)$user['id'];
+
+ $rows[] =
+ "(".
+ $uid.",".
+ "1,".
+ "'".$subject."',".
+ "'".$message."',".
+ "0,".
+ "0,".
+ "0,".
+ $time.",".
+ "0,".
+ "0,".
+ "0,".
+ "0,".
+ "0,".
+ "0".
+ ")";
+ }
+
+ if (!empty($rows)) {
+
+ $sql =
+ "INSERT INTO ".TB_PREFIX."mdata
+ (
+ target,
+ owner,
+ topic,
+ message,
+ viewed,
+ archived,
+ send,
+ time,
+ deltarget,
+ delowner,
+ alliance,
+ player,
+ coor,
+ report
+ )
+ VALUES
+ ".implode(",", $rows);
+
+ mysqli_query(
+ $database->dblink,
+ $sql
+ );
+ }
+
+ unset(
+ $_SESSION['mass_subject'],
+ $_SESSION['mass_message'],
+ $_SESSION['mass_color']
+ );
+
+ header("Location: ../../../Admin/admin.php?p=massmessage&done=1");
+ exit;
+}
+
+header("Location: ../../../Admin/admin.php?p=massmessage");
+exit;
+?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/sendMessage.php b/GameEngine/Admin/Mods/sendMessage.php
index 7d9f4651..48c56c63 100755
--- a/GameEngine/Admin/Mods/sendMessage.php
+++ b/GameEngine/Admin/Mods/sendMessage.php
@@ -13,6 +13,7 @@
if (!isset($_SESSION)) {
session_start();
}
+
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
@@ -33,51 +34,93 @@ for ($i = 0; $i < 5; $i++) {
include_once($autoprefix . "GameEngine/Database.php");
// ---------------------------------------------------------------------------
-// Input
+// INPUT
// ---------------------------------------------------------------------------
-$session = (int)($_POST['admid'] ?? 0);
+$adminId = (int)($_SESSION['id'] ?? 0);
$uid = (int)($_POST['uid'] ?? 0);
$topic = trim($_POST['topic'] ?? 'Admin Message');
$message = trim($_POST['message'] ?? '');
+// ---------------------------------------------------------------------------
+// VALIDARE
+// ---------------------------------------------------------------------------
+if ($adminId <= 0) {
+ die("Invalid admin session.");
+}
+
if ($uid <= 0 || $message === '') {
header("Location: ../../../Admin/admin.php?p=Newmessage&uid=$uid&e=1");
exit;
}
// ---------------------------------------------------------------------------
-// Verificare admin
+// SANITIZARE
// ---------------------------------------------------------------------------
-$admin = $database->getUserArray($session, 1);
-if (!$admin || (int)$admin['access'] !== 9) {
- die('Access Denied: You are not Admin!
');
-}
-
-// ---------------------------------------------------------------------------
-// Insert mesaj
-// ---------------------------------------------------------------------------
-$time = time();
$topicEsc = $database->escape($topic);
$msgEsc = $database->escape($message);
-$database->query(
- "INSERT INTO " . TB_PREFIX . "mdata
- (target, owner, topic, message, viewed, time, archive)
- VALUES ($uid, 1, '$topicEsc', '$msgEsc', 0, $time, 0)"
-);
+$time = time();
// ---------------------------------------------------------------------------
-// Log admin
+// INSERT MESAJ (FULL FIX)
+// ---------------------------------------------------------------------------
+$sql = "
+INSERT INTO " . TB_PREFIX . "mdata
+(
+ target,
+ owner,
+ topic,
+ message,
+ viewed,
+ archived,
+ send,
+ time,
+ deltarget,
+ delowner,
+ alliance,
+ player,
+ coor,
+ report
+)
+VALUES
+(
+ $uid,
+ $adminId,
+ '$topicEsc',
+ '$msgEsc',
+ 0,
+ 0,
+ 0,
+ $time,
+ 0,
+ 0,
+ 0,
+ 0,
+ 0,
+ 0
+)
+";
+
+$result = $database->query($sql);
+
+if (!$result) {
+ die("Message insert failed: " . $database->getError());
+}
+
+// ---------------------------------------------------------------------------
+// LOG ADMIN ACTION
// ---------------------------------------------------------------------------
-$adminId = (int)$_SESSION['id'];
$logText = "Sent message to uid $uid: '$topicEsc'";
-$logEsc = $database->escape($logText);
+$logEsc = $database->escape($logText);
-$database->query(
- "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
- "VALUES (0, '$adminId', '$logEsc', $time)"
-);
+$database->query("
+INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`)
+VALUES (0, $adminId, '$logEsc', $time)
+");
+// ---------------------------------------------------------------------------
+// REDIRECT SUCCESS
+// ---------------------------------------------------------------------------
header("Location: ../../../Admin/admin.php?p=Newmessage&uid=" . $uid . "&msg=ok");
exit;
?>
\ No newline at end of file
diff --git a/Templates/maintenance_status.tpl b/Templates/maintenance_status.tpl
new file mode 100644
index 00000000..8efd8889
--- /dev/null
+++ b/Templates/maintenance_status.tpl
@@ -0,0 +1,51 @@
+setMaintenance($newState, $session->uid);
+ // redirect ca sa curatam URL-ul
+ $cleanUrl = strtok($_SERVER["REQUEST_URI"], '?');
+ header("Location: $cleanUrl");
+ exit;
+ }
+
+ $maint = $database->getMaintenance();
+
+ if(!empty($maint['active'])) {
+ $started = $maint['started_at'] ? date('H:i d.m.Y', $maint['started_at']) : '-';
+ $starter = $database->getUserArray($maint['started_by'], 1);
+ $starterName = $starter['username'] ?? 'UID '.$maint['started_by'];
+ ?>
+
+ Maintenance ON
+
+
+
+ Maintenance OFF
+
+
\ No newline at end of file
diff --git a/Templates/menu.tpl b/Templates/menu.tpl
index 2daaef83..3bb1cd66 100644
--- a/Templates/menu.tpl
+++ b/Templates/menu.tpl
@@ -126,10 +126,6 @@ $idUser = isset($_SESSION['id_user']) ? (int)$_SESSION['id_user'] : 0;
-
-
-
-
Build Cropper
@@ -197,6 +193,12 @@ $idUser = isset($_SESSION['id_user']) ? (int)$_SESSION['id_user'] : 0;
* Natars include
*/
include("Templates/natars.tpl");
+
+ /**
+ * Maintenance status for admins
+ */
+ include("Templates/maintenance_status.tpl");
+
?>
diff --git a/massmessage.php b/massmessage.php
deleted file mode 100644
index e437ec2a..00000000
--- a/massmessage.php
+++ /dev/null
@@ -1,281 +0,0 @@
-dblink,"SELECT id FROM ".TB_PREFIX."users WHERE access = 9 AND id = ".(int) $session->uid)) != '1') die("Hacking attemp!");
-
-if (@$_POST['submit'] == "Send")
-{
- unset ($_SESSION['m_message']); unset ($_SESSION['m_subject']); unset ($_SESSION['m_color']);
- if (!$_POST['message']){die("You have to enter message");}
- if (!$_POST['subject']){die("You have to enter subject");}
- if (!$_POST['color']){$_SESSION['m_color'] = "black";}
- $_SESSION['m_subject'] = $_POST['subject'];
- if (!$_SESSION['m_color']){$_SESSION['m_color'] = $_POST['color'];}
- $_SESSION['m_message'] = $_POST['message'];
- $NextStep = true;
-}
-
-
-if (@isset($_POST['confirm']))
-{
- if ($_POST['confirm'] == 'Yes') $NextStep2 = true;
- if ($_POST['confirm'] == 'No' ) $Interupt = true;
-}
-
-$max_per_pass = 1000;
-
-if (isset($_GET['send']) && isset($_GET['from']))
-{
- $_SESSION['m_message'] = preg_replace("/\[img\]([a-z0-9\_\.\:\/\-]*)\[\/img\]/i","
", $_SESSION['m_message']);
- $_SESSION['m_message'] = preg_replace("/\[url\]([a-z0-9\_\.\:\/\-]*)\[\/url\]/i", "$1", $_SESSION['m_message']);
- $_SESSION['m_message'] = preg_replace("/\[url\=([a-z0-9\_\.\:\/\-]*)\]([a-z0-9\_\.\:\/\-]*)\[\/url\]/i", "$2", $_SESSION['m_message']);
- $_SESSION['m_message'] = preg_replace("/\*u([0-9]*)(left|right)\*/i", "
", $_SESSION['m_message']);
- $_SESSION['m_message'] = "[message]".$_SESSION['m_message']."[/message]";
-
- $_SESSION['m_color'] = $database->escape($_SESSION['m_color']);
- $_SESSION['m_subject'] = $database->escape($_SESSION['m_subject']);
- $_SESSION['m_message'] = $database->escape($_SESSION['m_message']);
-
- $users_count = mysqli_fetch_assoc(mysqli_query($database->dblink,"SELECT count(*) as count FROM ".TB_PREFIX."users WHERE id != 0"));
- $users_count = $users_count['count'];
- if ($_GET['from'] + $max_per_pass <= $users_count) $plus = $max_per_pass; else $plus = $users_count - $_GET['from'];
- $sql = "INSERT INTO ".TB_PREFIX."mdata (`target`, `owner`, `topic`, `message`, `viewed`, `archived`, `send`, `time`,`deltarget`,`delowner`,`alliance`,`player`,`coor`,`report`) VALUES ";
- for($i = $_GET['from']; $i < ($_GET['from'] + $plus) ; $i++) {
- if($i > 5){
- if ($_SESSION['m_color'])
- {
- $sql .= "($i, 1, '{$_SESSION['m_subject']}', \"{$_SESSION['m_message']}\", 0, 0, 0, ".time().",0,0,0,0,0,0),";
- }
- else
- {
- $sql .= "($i, 1, '{$_SESSION['m_subject']}', \"{$_SESSION['m_message']}\", 0, 0, 0, ".time().",0,0,0,0,0,0),";
- }
- }
- }
- if($i > 5){
- if ($_SESSION['m_color'])
- {
- $sql .= "($i, 1, '{$_SESSION['m_subject']}', \"{$_SESSION['m_message']}\", 0, 0, 0, ".time().",0,0,0,0,0,0)";
- }
- else
- {
- $sql .= "($i, 0, '{$_SESSION['m_subject']}', \"{$_SESSION['m_message']}\", 0, 0, 0, ".time().",0,0,0,0,0,0),";
- }
- }
- mysqli_query($database->dblink,$sql);
- if (($users_count - $_GET['from']) > $max_per_pass) {
- header("Location: massmessage.php?send=true&from=",$_GET['from'] + $max_per_pass);
- exit;
- } else $done = true;
-}
-
-?>
-
-
-
-
- - Mass Message
-
-
-
-
-
-
-
-
-
-
-
-
- gpack == null || GP_ENABLE == false) {
- echo "
-
- ";
- } else {
- echo "
-
- ";
- }
- ?>
-
-
-
-
-
-
- gpack == null || GP_ENABLE == false) {
- echo "
-
- ";
- } else {
- echo "
-
- ";
- }
- ?>
-
-
-
-
-
-
-

-
-
-
-
-
-
-
-
-
-
-
-
-
-

-

-

-

-

-

-

-

-

-

-

-

-

-

-

-

-

-

-

-

-

-

-

-

-

-

-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file