xinyin025/TravianZ
1
0
Fork 0
mirror of https://github.com/Shadowss/TravianZ.git synced 2026-06-29 00:54:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Alliance fixes part 2

Browse Source 
+Public forums are now displayed for every player on the server
+Fixed some security bugs that permitted to create thread and posts to
private forums
+Fixed some general bugs
This commit is contained in:
iopietro
2018-05-19 00:01:50 +02:00
parent b91e27381b
commit 5ecf035cb3
8 changed files with 93 additions and 129 deletions
Download Patch File Download Diff File Expand all files Collapse all files
GameEngine/Alliance.php
+3 -3
View File
@@ -87,7 +87,7 @@ class Alliance {
public static function canAct($datas, $mode = 0){
global $database, $session;
return ($database->CheckEditRes($datas['aid']) == 1 && ((($database->isAllianceOwner($session->uid) == $datas['alliance'] ||
return (/*$database->CheckEditRes($datas['aid']) == 1 && */((($database->isAllianceOwner($session->uid) == $datas['alliance'] ||
($datas['forum_perm'] == 1 && $session->alliance == $datas['alliance'])) &&
($mode || (isset($datas['admin']) && !empty($datas['admin']) && $datas['admin'] == "switch_admin"))) ||
$datas['owner'] == $session->uid));
@@ -99,9 +99,9 @@ class Alliance {
* @param array $get Contains the values of a GET request
*/
public function redirect($get)
public function redirect($get = null)
{
header("Location: allianz.php?s=2".(isset($get['fid']) && !empty($get['fid']) ? "&fid=".$get['fid']."" : "").
header("Location: allianz.php?s=2".(isset($get['fid']) && !empty($get['fid']) && $get['admin'] != 'pos' ? "&fid=".$get['fid']."" : "").
(isset($get['admin']) && !empty($get['admin']) ? "&admin=switch_admin" : ""));
exit;
}
GameEngine/Database.php
+3 -7
View File
@@ -2256,11 +2256,7 @@ class MYSQLi_DB implements IDbConnection {
$q = "SELECT Count(*) as Total FROM " . TB_PREFIX . "forum_cat where alliance = $id";
$result = mysqli_fetch_array(mysqli_query($this->dblink,$q), MYSQLI_ASSOC);
if ($result['Total']) {
return true;
} else {
return false;
}
return $result['Total'] > 0;
}
// no need to refactor this method
@@ -2373,7 +2369,7 @@ class MYSQLi_DB implements IDbConnection {
function ForumCat($id) {
list($id) = $this->escape_input($id);
$q = "SELECT * from " . TB_PREFIX . "forum_cat where alliance = '$id' ORDER BY sorting DESC, id";
$q = "SELECT * from " . TB_PREFIX . "forum_cat where alliance = '$id' OR forum_area = 1 ORDER BY sorting DESC, id";
$result = mysqli_query($this->dblink,$q);
return $this->mysqli_fetch_all($result);
}
@@ -2508,7 +2504,7 @@ class MYSQLi_DB implements IDbConnection {
$q = "UPDATE
".TB_PREFIX."forum_cat
SET
sorting = (SELECT * FROM(SELECT ".(!$mode ? "MIN" : "MAX")."(sorting) FROM ".TB_PREFIX."forum_cat WHERE forum_area = $area AND alliance = $ally AND id != $id) f) ".(!$mode ? "-" : "+")." 1
sorting = (SELECT * FROM(SELECT ".(!$mode ? "MIN" : "MAX")."(sorting) FROM ".TB_PREFIX."forum_cat WHERE forum_area = $area ".($area != 1 ? "AND alliance = $ally" : "")." AND id != $id) f) ".(!$mode ? "-" : "+")." 1
WHERE
id = $id";
return mysqli_query($this->dblink, $q);
GameEngine/Lang/en.php
-1
View File
@@ -1113,7 +1113,6 @@ define("WORLD_WONDER_NOTCHANGE_NAME","You can not change the name of the World W
define("WORLD_WONDER_NAME_CHANGED","Name changed");
define("HORSEDRINKING","Horse Drinking Trough");
define("EXTRA_BONUS","Extra bonus");
define("HORSEDRINKING_DESC","The horse drinking trough of the Romans decreases the training time of cavalry and the upkeep of these troops as well.");
define("GREATWORKSHOP","Great Workshop");
Templates/Alliance/Forum/forum_2.tpl
+8 -7
View File
@@ -14,7 +14,7 @@ $opt = $database->getAlliPermissions($session->uid, $aid);
$displayarray = $database->getUserArray($session->uid, 1);
$forumcat = $database->ForumCat(htmlspecialchars($displayarray['alliance']));
$ally = $session->alliance;
$public = mysqli_fetch_array(mysqli_query($database->dblink, "SELECT Count(*) as Total FROM ".TB_PREFIX."forum_cat WHERE alliance = $ally AND forum_area = 1"), MYSQLI_ASSOC);
$public = mysqli_fetch_array(mysqli_query($database->dblink, "SELECT Count(*) as Total FROM ".TB_PREFIX."forum_cat WHERE forum_area = 1"), MYSQLI_ASSOC);
$confederation = mysqli_fetch_array(mysqli_query($database->dblink, "SELECT Count(*) as Total FROM ".TB_PREFIX."forum_cat WHERE alliance = $ally AND forum_area = 2"), MYSQLI_ASSOC);
$alliance = mysqli_fetch_array(mysqli_query($database->dblink, "SELECT Count(*) as Total FROM ".TB_PREFIX."forum_cat WHERE alliance = $ally AND forum_area = 0"), MYSQLI_ASSOC);
$closed = mysqli_fetch_array(mysqli_query($database->dblink, "SELECT Count(*) as Total FROM ".TB_PREFIX."forum_cat WHERE alliance = $ally AND forum_area = 3"), MYSQLI_ASSOC);
@@ -43,6 +43,9 @@ if($count == 0) echo "<tr><td colspan=\"4\" style=\"text-align: center\">".NO_FO
foreach($forumcat as $arr){
if($arr['forum_area'] != $index) continue;
$checkArray = ['aid' => $aid, 'alliance' => $arr['alliance'], 'forum_perm' => $opt['opt5'],
'owner' => 0, 'admin' => $_GET['admin']];
$countop = $database->CountCat($arr['id']);
$lpost = $owner = "";
if($countop > 0){
@@ -65,13 +68,11 @@ foreach($forumcat as $arr){
}
echo '<tr><td class="ico">';
if($database->CheckEditRes($aid) == 1 && ($database->isAllianceOwner($session->uid) == $arr['alliance'] || $opt['opt5'] == 1) && isset($_GET['admin']) && !empty($_GET['admin']) && $_GET['admin'] == "switch_admin"){
echo '<a class="up_arr" href="allianz.php?s=2&fid='.$arr['id'].'&bid='.$index.'&admin=pos&res=1" title="To top">
if(Alliance::canAct($checkArray)){
echo '<a class="up_arr" href="allianz.php?s=2&fid='.$arr['id'].'&res=1&admin=pos" title="To top">
<img src="img/x.gif" alt="To top" /></a><a class="edit" href="allianz.php?s=2&idf='.$arr['id'].'&admin=editforum" title="edit">
<img src="img/x.gif" alt="edit" /></a><br />
<a class="down_arr" href="allianz.php?s=2&fid='.$arr['id'].'&bid='.$index.'&admin=pos&res=0" title="To bottom">
<img src="img/x.gif" alt="To bottom" /></a>
<a class="fdel" href="allianz.php?s=2&idf='.$arr['id'].'&admin=delforum" onClick="return confirm(\'confirm delete?\');" title="delete">
<img src="img/x.gif" alt="edit" /></a><br /><a class="down_arr" href="allianz.php?s=2&fid='.$arr['id'].'&res=0&admin=pos" title="To bottom">
<img src="img/x.gif" alt="To bottom" /></a><a class="fdel" href="allianz.php?s=2&idf='.$arr['id'].'&admin=delforum" onClick="return confirm(\'confirm delete?\');" title="delete">
<img src="img/x.gif" alt="delete" /></a>';
}
else echo '<img class="folder" src="img/x.gif" title="Thread without new posts" alt="Thread without new posts">';
Templates/Alliance/Forum/forum_3.tpl
+1 -1
View File
@@ -32,7 +32,7 @@ $title = stripslashes($showTopic['title']);
<td>Move topic</td>
<td><select class="dropdown" name="fid">
<?php
$show_cat = $database->ForumCat($session->alliance);
$show_cat = $database->ForumCat($session->alliance);
foreach($show_cat as $cats) {
if($cats['id'] == $_GET['fid']) echo '<option value="'.$cats['id'].'" selected>'.stripslashes($cats['forum_name']).'</option>';
else echo '<option value="'.$cats['id'].'">'.stripslashes($cats['forum_name']).'</option>';
Templates/Alliance/Forum/forum_4.tpl
+1 -1
View File
@@ -47,7 +47,7 @@ if($ChckTopic){
$post_dates = date('m/d/y, H:i a',$arrs['date']);
$owner_topics = $database->getUserArray($arrs['owner'],1);
}
echo '<tr><td class="ico">';
if(Alliance::canAct($checkArray))
{
Templates/Alliance/forum.tpl
+71 -75
View File
@@ -30,11 +30,13 @@ if(isset($_POST['new']) && $opt['opt5'] == 1 &&
$database->CreatForum($forum_owner, $aid, $forum_name, $forum_des, $forum_area);
}
if(isset($_POST['edittopic']) && $opt['opt5'] == 1 &&
if(isset($_POST['edittopic']) &&
isset($_POST['fid']) && !empty($_POST['fid']) &&
isset($_POST['tid']) && !empty($_POST['tid']) &&
isset($_POST['thema']) && !empty($_POST['thema']) &&
$database->ForumCatAlliance($_POST['fid']) == $session->alliance)
Alliance::canAct(['aid' => $aid, 'alliance' => ($topic = reset($database->ShowTopic($_POST['tid'])))['alliance'],
'forum_perm' => $opt['opt5'], 'admin' => $_GET['admin'], 'owner' => $topic['owner']], 1) &&
(($forumData = reset($database->ForumCatEdit($_POST['fid'])))['alliance'] == $session->alliance || $forumData['forum_area'] == 1))
{
$topic_name = $_POST['thema'];
$topic_cat = $_POST['fid'];
@@ -57,7 +59,8 @@ if(isset($_POST['editforum']) && $opt['opt5'] == 1 &&
}
if(isset($_POST['newtopic']) && isset($_POST['thema']) && isset($_POST['text']) && isset($_POST['fid'])
&& !empty($_POST['thema']) && !empty($_POST['text']) && !empty($_POST['fid'])){
&& !empty($_POST['thema']) && !empty($_POST['text']) && !empty($_POST['fid']) &&
(($forumData = reset($database->ForumCatEdit($_POST['fid'])))['alliance'] == $session->alliance || $forumData['forum_area'] == 1)){
$title = $_POST['thema'];
$text = $_POST['text'];
$cat = $_POST['fid'];
@@ -140,70 +143,72 @@ if(isset($_POST['newtopic']) && isset($_POST['thema']) && isset($_POST['text'])
}
}
if(isset($_POST['newpost'])){
$text = $_POST['text'];
if(isset($_POST['newpost']) && isset($_POST['text']) && !empty($_POST['text']) &&
isset($_POST['tid']) && !empty($_POST['tid']) &&
isset($_POST['fid2']) && !empty($_POST['fid2']) &&
(($forumData = reset($database->ForumCatEdit($_POST['fid2'])))['alliance'] == $session->alliance || $forumData['forum_area'] == 1))
{
$text = $_POST['text'];
$tids = $_POST['tid'];
$fid2 = $_POST['fid2'];
$owner = $session->uid;
if(!empty($text)){
if(!preg_match('/\[message\]/', $text) && !preg_match('/\[\/message\]/', $text)){
$text = "[message]".$text."[/message]";
$alliances = $player = $coor = $report = 0;
for($i = 0; $i <= $alliances; $i++){
if(preg_match('/\[alliance'.$i.'\]/', $text) && preg_match('/\[\/alliance'.$i.'\]/', $text)){
$alliance1 = preg_replace('/\[message\](.*?)\[\/alliance'.$i.'\]/is', '', $text);
if(preg_match('/\[alliance'.$i.'\]/', $alliance1) && preg_match('/\[\/alliance'.$i.'\]/', $alliance1)){
$j = $i + 1;
$alliance2 = preg_replace('/\[\/alliance'.$i.'\](.*?)\[\/message\]/is', '', $text);
$alliance1 = preg_replace('/\[alliance'.$i.'\]/', '[alliance'.$j.']', $alliance1);
$alliance1 = preg_replace('/\[\/alliance'.$i.'\]/', '[/alliance'.$j.']', $alliance1);
$text = $alliance2."[/alliance".$i."]".$alliance1;
$alliances += 1;
}
if(!preg_match('/\[message\]/', $text) && !preg_match('/\[\/message\]/', $text)){
$text = "[message]".$text."[/message]";
$alliances = $player = $coor = $report = 0;
for($i = 0; $i <= $alliances; $i++){
if(preg_match('/\[alliance'.$i.'\]/', $text) && preg_match('/\[\/alliance'.$i.'\]/', $text)){
$alliance1 = preg_replace('/\[message\](.*?)\[\/alliance'.$i.'\]/is', '', $text);
if(preg_match('/\[alliance'.$i.'\]/', $alliance1) && preg_match('/\[\/alliance'.$i.'\]/', $alliance1)){
$j = $i + 1;
$alliance2 = preg_replace('/\[\/alliance'.$i.'\](.*?)\[\/message\]/is', '', $text);
$alliance1 = preg_replace('/\[alliance'.$i.'\]/', '[alliance'.$j.']', $alliance1);
$alliance1 = preg_replace('/\[\/alliance'.$i.'\]/', '[/alliance'.$j.']', $alliance1);
$text = $alliance2."[/alliance".$i."]".$alliance1;
$alliances += 1;
}
}
for($i = 0; $i <= $player; $i++){
if(preg_match('/\[player'.$i.'\]/', $text) && preg_match('/\[\/player'.$i.'\]/', $text)){
$player1 = preg_replace('/\[message\](.*?)\[\/player'.$i.'\]/is', '', $text);
if(preg_match('/\[player'.$i.'\]/', $player1) && preg_match('/\[\/player'.$i.'\]/', $player1)){
$j = $i + 1;
$player2 = preg_replace('/\[\/player'.$i.'\](.*?)\[\/message\]/is', '', $text);
$player1 = preg_replace('/\[player'.$i.'\]/', '[player'.$j.']', $player1);
$player1 = preg_replace('/\[\/player'.$i.'\]/', '[/player'.$j.']', $player1);
$text = $player2."[/player".$i."]".$player1;
$player += 1;
}
}
}
for($i = 0; $i <= $coor; $i++){
if(preg_match('/\[coor'.$i.'\]/', $text) && preg_match('/\[\/coor'.$i.'\]/', $text)){
$coor1 = preg_replace('/\[message\](.*?)\[\/coor'.$i.'\]/is', '', $text);
if(preg_match('/\[coor'.$i.'\]/', $coor1) && preg_match('/\[\/coor'.$i.'\]/', $coor1)){
$j = $i + 1;
$coor2 = preg_replace('/\[\/coor'.$i.'\](.*?)\[\/message\]/is', '', $text);
$coor1 = preg_replace('/\[coor'.$i.'\]/', '[coor'.$j.']', $coor1);
$coor1 = preg_replace('/\[\/coor'.$i.'\]/', '[/coor'.$j.']', $coor1);
$text = $coor2."[/coor".$i."]".$coor1;
$coor += 1;
}
}
}
for($i = 0; $i <= $report; $i++){
if(preg_match('/\[report'.$i.'\]/', $text) && preg_match('/\[\/report'.$i.'\]/', $text)){
$report1 = preg_replace('/\[message\](.*?)\[\/report'.$i.'\]/is', '', $text);
if(preg_match('/\[report'.$i.'\]/', $report1) && preg_match('/\[\/report'.$i.'\]/', $report1)){
$j = $i + 1;
$report2 = preg_replace('/\[\/report'.$i.'\](.*?)\[\/message\]/is', '', $text);
$report1 = preg_replace('/\[report'.$i.'\]/', '[report'.$j.']', $report1);
$report1 = preg_replace('/\[\/report'.$i.'\]/', '[/report'.$j.']', $report1);
$text = $report2."[/report".$i."]".$report1;
$report += 1;
}
}
}
$database->UpdatePostDate($tids);
$database->CreatPost($text, $tids, $owner, $alliances, $player, $coor, $report, $fid2);
}
for($i = 0; $i <= $player; $i++){
if(preg_match('/\[player'.$i.'\]/', $text) && preg_match('/\[\/player'.$i.'\]/', $text)){
$player1 = preg_replace('/\[message\](.*?)\[\/player'.$i.'\]/is', '', $text);
if(preg_match('/\[player'.$i.'\]/', $player1) && preg_match('/\[\/player'.$i.'\]/', $player1)){
$j = $i + 1;
$player2 = preg_replace('/\[\/player'.$i.'\](.*?)\[\/message\]/is', '', $text);
$player1 = preg_replace('/\[player'.$i.'\]/', '[player'.$j.']', $player1);
$player1 = preg_replace('/\[\/player'.$i.'\]/', '[/player'.$j.']', $player1);
$text = $player2."[/player".$i."]".$player1;
$player += 1;
}
}
}
for($i = 0; $i <= $coor; $i++){
if(preg_match('/\[coor'.$i.'\]/', $text) && preg_match('/\[\/coor'.$i.'\]/', $text)){
$coor1 = preg_replace('/\[message\](.*?)\[\/coor'.$i.'\]/is', '', $text);
if(preg_match('/\[coor'.$i.'\]/', $coor1) && preg_match('/\[\/coor'.$i.'\]/', $coor1)){
$j = $i + 1;
$coor2 = preg_replace('/\[\/coor'.$i.'\](.*?)\[\/message\]/is', '', $text);
$coor1 = preg_replace('/\[coor'.$i.'\]/', '[coor'.$j.']', $coor1);
$coor1 = preg_replace('/\[\/coor'.$i.'\]/', '[/coor'.$j.']', $coor1);
$text = $coor2."[/coor".$i."]".$coor1;
$coor += 1;
}
}
}
for($i = 0; $i <= $report; $i++){
if(preg_match('/\[report'.$i.'\]/', $text) && preg_match('/\[\/report'.$i.'\]/', $text)){
$report1 = preg_replace('/\[message\](.*?)\[\/report'.$i.'\]/is', '', $text);
if(preg_match('/\[report'.$i.'\]/', $report1) && preg_match('/\[\/report'.$i.'\]/', $report1)){
$j = $i + 1;
$report2 = preg_replace('/\[\/report'.$i.'\](.*?)\[\/message\]/is', '', $text);
$report1 = preg_replace('/\[report'.$i.'\]/', '[report'.$j.']', $report1);
$report1 = preg_replace('/\[\/report'.$i.'\]/', '[/report'.$j.']', $report1);
$text = $report2."[/report".$i."]".$report1;
$report += 1;
}
}
}
$database->UpdatePostDate($tids);
$database->CreatPost($text, $tids, $owner, $alliances, $player, $coor, $report, $fid2);
}
}
@@ -396,8 +401,10 @@ if($_GET['admin'] == "switch_admin"){
}
}
if($_GET['admin'] == "pos" && isset($_GET['res']) && isset($_GET['bid']) && isset($_GET['fid']) && !empty($_GET['fid']) && $opt['opt5'] == 1){
$database->moveForum($_GET['fid'], $_GET['bid'], $session->alliance, $_GET['res']); //Move the forum to the top/bottom of the list
if($_GET['admin'] == "pos" && isset($_GET['res']) && isset($_GET['fid']) && !empty($_GET['fid']) && $opt['opt5'] == 1 &&
($forumData = reset($database->ForumCatEdit($_GET['fid'])))['alliance'] == $session->alliance)
{
$database->moveForum($_GET['fid'], $forumData['forum_area'], $session->alliance, $_GET['res']); //Move the forum to the top/bottom of the list
$alliance->redirect($_GET);
}
elseif(isset($_GET['admin']) && !empty($_GET['admin']) && isset($_GET['idt']) && !empty($_GET['idt'])){
@@ -478,17 +485,6 @@ elseif($_GET['admin'] == "editforum" && $opt['opt5'] == 1) include("Forum/forum_
elseif(isset($_GET['tid'])){
if(isset($_GET['ac'])) include ("Forum/forum_7.tpl"); //New post
else include ("Forum/forum_6.tpl"); //Showtopic
}else{
if($database->CheckForum($aid)) include("Forum/forum_2.tpl");
else if($opt['opt5'] == 1){
if($session->access == BANNED){
echo '<p class="error">Forum is not created yet</p><p>
<a href="banned.php"><img id="fbtn_newforum" class="dynamic_img" src="img/x.gif" alt="New forum" /></a></p>';
}else{
echo '<p class="error">Forum is not created yet</p><p>
<a href="allianz.php?s=2&admin=newforum"><img id="fbtn_newforum" class="dynamic_img" src="img/x.gif" alt="New forum" /></a></p>';
}
}
else echo '<p class="error">Forum is not created yet</p>';
}
else include("Forum/forum_2.tpl");
?>
allianz.php
+6 -34
View File
@@ -29,42 +29,14 @@ if(isset($_GET['newdid'])) {
exit;
}
}
if(isset($_GET['s'])){
$automation->isWinner();
}
if(isset($_GET['s'])) $automation->isWinner();
if(isset($_GET['fid'])){
$fid = preg_replace("/[^0-9]/","",$_GET['fid']);
$forum = mysqli_query($database->dblink,"SELECT * FROM " . TB_PREFIX . "forum_cat WHERE id = ".(int) $fid."");
$forum_type = mysqli_fetch_array($forum);
if(!empty($forum_type['forum_name']) && $forum_type['forum_area'] == 0){
if($forum_type['alliance'] != $session->alliance){
header("Location: ".$_SERVER['PHP_SELF']);
exit;
}
}
}else if(isset($_GET['fid2'])){
$fid = preg_replace("/[^0-9]/","",$_GET['fid2']);
$forum = mysqli_query($database->dblink,"SELECT * FROM " . TB_PREFIX . "forum_cat WHERE id = ".(int) $fid."");
if (!empty($forum)) {
$forum_type = mysqli_fetch_array($forum);
if(isset($_GET['fid']) || isset($_GET['fid2'])){
$fid = preg_replace("/[^0-9]/","",!empty($_GET['fid']) ? $_GET['fid'] : $_GET['fid2']);
$forum_type = reset($database->ForumCatEdit($fid));
if (!empty($forum_type)) {
if(!empty($forum_type['forum_name']) && $forum_type['forum_area'] != 1){
if($forum_type['forum_area'] == 0){
if($forum_type['alliance'] != $session->alliance){
header("Location: ".$_SERVER['PHP_SELF']);
exit;
}
}else if($forum_type['forum_area'] == 2){
if($forum_type['alliance'] != $session->alliance){
header("Location: ".$_SERVER['PHP_SELF']);
exit;
}
}else if($forum_type['forum_area'] == 3){
if($forum_type['alliance'] != $session->alliance){
header("Location: ".$_SERVER['PHP_SELF']);
exit;
}
}else{
if($forum_type['alliance'] != $session->alliance){
header("Location: ".$_SERVER['PHP_SELF']);
exit;
}