From 5ecf035cb3dcaa4fa76f513fc838284b0cb9d14a Mon Sep 17 00:00:00 2001
From: iopietro <iopietro@hotmail.it>
Date: Sat, 19 May 2018 00:01:50 +0200
Subject: [PATCH] Alliance fixes part 2

+Public forums are now displayed for every player on the server
+Fixed some security bugs that permitted to create thread and posts to
private forums
+Fixed some general bugs
---
 GameEngine/Alliance.php              |   6 +-
 GameEngine/Database.php              |  10 +-
 GameEngine/Lang/en.php               |   1 -
 Templates/Alliance/Forum/forum_2.tpl |  15 +--
 Templates/Alliance/Forum/forum_3.tpl |   2 +-
 Templates/Alliance/Forum/forum_4.tpl |   2 +-
 Templates/Alliance/forum.tpl         | 146 +++++++++++++--------------
 allianz.php                          |  40 ++------
 8 files changed, 93 insertions(+), 129 deletions(-)

diff --git a/GameEngine/Alliance.php b/GameEngine/Alliance.php
index d83b601d..a58ef511 100755
--- a/GameEngine/Alliance.php
+++ b/GameEngine/Alliance.php
@@ -87,7 +87,7 @@ class Alliance {
 		public static function canAct($datas, $mode = 0){
 			global $database, $session;
 
-			return ($database->CheckEditRes($datas['aid']) == 1 && ((($database->isAllianceOwner($session->uid) == $datas['alliance'] ||
+			return (/*$database->CheckEditRes($datas['aid']) == 1 && */((($database->isAllianceOwner($session->uid) == $datas['alliance'] ||
 					($datas['forum_perm'] == 1 && $session->alliance == $datas['alliance'])) &&
 					($mode || (isset($datas['admin']) && !empty($datas['admin']) && $datas['admin'] == "switch_admin"))) ||
 					$datas['owner'] == $session->uid));
@@ -99,9 +99,9 @@ class Alliance {
 		 * @param array $get Contains the values of a GET request
 		 */
 		
-		public function redirect($get)
+		public function redirect($get = null)
 		{
-			header("Location: allianz.php?s=2".(isset($get['fid']) && !empty($get['fid']) ? "&fid=".$get['fid']."" : "").
+			header("Location: allianz.php?s=2".(isset($get['fid']) && !empty($get['fid']) && $get['admin'] != 'pos' ? "&fid=".$get['fid']."" : "").
 					(isset($get['admin']) && !empty($get['admin']) ? "&admin=switch_admin" : ""));
 			exit;
 		}
diff --git a/GameEngine/Database.php b/GameEngine/Database.php
index f064b404..7d0de786 100755
--- a/GameEngine/Database.php
+++ b/GameEngine/Database.php
@@ -2256,11 +2256,7 @@ class MYSQLi_DB implements IDbConnection {
 
 		$q = "SELECT Count(*) as Total FROM " . TB_PREFIX . "forum_cat where alliance = $id";
 		$result = mysqli_fetch_array(mysqli_query($this->dblink,$q), MYSQLI_ASSOC);
-		if ($result['Total']) {
-			return true;
-		} else {
-			return false;
-		}
+		return $result['Total'] > 0; 
 	}
 
     // no need to refactor this method
@@ -2373,7 +2369,7 @@ class MYSQLi_DB implements IDbConnection {
 	function ForumCat($id) {
         list($id) = $this->escape_input($id);
 
-		$q = "SELECT * from " . TB_PREFIX . "forum_cat where alliance = '$id' ORDER BY sorting DESC, id";
+		$q = "SELECT * from " . TB_PREFIX . "forum_cat where alliance = '$id' OR forum_area = 1 ORDER BY sorting DESC, id";
 		$result = mysqli_query($this->dblink,$q);
 		return $this->mysqli_fetch_all($result);
 	}
@@ -2508,7 +2504,7 @@ class MYSQLi_DB implements IDbConnection {
 		$q = "UPDATE
 					".TB_PREFIX."forum_cat
 		      SET
-					sorting = (SELECT * FROM(SELECT ".(!$mode ? "MIN" : "MAX")."(sorting) FROM ".TB_PREFIX."forum_cat WHERE forum_area = $area AND alliance = $ally AND id != $id) f) ".(!$mode ? "-" : "+")." 1
+					sorting = (SELECT * FROM(SELECT ".(!$mode ? "MIN" : "MAX")."(sorting) FROM ".TB_PREFIX."forum_cat WHERE forum_area = $area ".($area != 1 ? "AND alliance = $ally" : "")." AND id != $id) f) ".(!$mode ? "-" : "+")." 1
 		      WHERE
 					id = $id";
 		return mysqli_query($this->dblink, $q);
diff --git a/GameEngine/Lang/en.php b/GameEngine/Lang/en.php
index f28aa055..e4ea08d6 100755
--- a/GameEngine/Lang/en.php
+++ b/GameEngine/Lang/en.php
@@ -1113,7 +1113,6 @@ define("WORLD_WONDER_NOTCHANGE_NAME","You can not change the name of the World W
 define("WORLD_WONDER_NAME_CHANGED","Name changed");
 
 define("HORSEDRINKING","Horse Drinking Trough");
-define("EXTRA_BONUS","Extra bonus");
 define("HORSEDRINKING_DESC","The horse drinking trough of the Romans decreases the training time of cavalry and the upkeep of these troops as well.");
 
 define("GREATWORKSHOP","Great Workshop");
diff --git a/Templates/Alliance/Forum/forum_2.tpl b/Templates/Alliance/Forum/forum_2.tpl
index 978f0dc9..499db6f5 100644
--- a/Templates/Alliance/Forum/forum_2.tpl
+++ b/Templates/Alliance/Forum/forum_2.tpl
@@ -14,7 +14,7 @@ $opt = $database->getAlliPermissions($session->uid, $aid);
 $displayarray = $database->getUserArray($session->uid, 1);
 $forumcat = $database->ForumCat(htmlspecialchars($displayarray['alliance']));
 $ally = $session->alliance;
-$public = mysqli_fetch_array(mysqli_query($database->dblink, "SELECT Count(*) as Total FROM ".TB_PREFIX."forum_cat WHERE alliance = $ally AND forum_area = 1"), MYSQLI_ASSOC);
+$public = mysqli_fetch_array(mysqli_query($database->dblink, "SELECT Count(*) as Total FROM ".TB_PREFIX."forum_cat WHERE forum_area = 1"), MYSQLI_ASSOC);
 $confederation = mysqli_fetch_array(mysqli_query($database->dblink, "SELECT Count(*) as Total FROM ".TB_PREFIX."forum_cat WHERE alliance = $ally AND forum_area = 2"), MYSQLI_ASSOC);
 $alliance = mysqli_fetch_array(mysqli_query($database->dblink, "SELECT Count(*) as Total FROM ".TB_PREFIX."forum_cat WHERE alliance = $ally AND forum_area = 0"), MYSQLI_ASSOC);
 $closed = mysqli_fetch_array(mysqli_query($database->dblink, "SELECT Count(*) as Total FROM ".TB_PREFIX."forum_cat WHERE alliance = $ally AND forum_area = 3"), MYSQLI_ASSOC);
@@ -43,6 +43,9 @@ if($count == 0) echo "<tr><td colspan=\"4\" style=\"text-align: center\">".NO_FO
 foreach($forumcat as $arr){
 	if($arr['forum_area'] != $index) continue;
 	
+	$checkArray = ['aid' => $aid, 'alliance' => $arr['alliance'], 'forum_perm' => $opt['opt5'],
+			'owner' => 0, 'admin' => $_GET['admin']];
+	
 	$countop = $database->CountCat($arr['id']);
 	$lpost = $owner = "";
 	if($countop > 0){
@@ -65,13 +68,11 @@ foreach($forumcat as $arr){
 	}
 
 	echo '<tr><td class="ico">';
-	if($database->CheckEditRes($aid) == 1 && ($database->isAllianceOwner($session->uid) == $arr['alliance'] || $opt['opt5'] == 1) && isset($_GET['admin']) && !empty($_GET['admin']) && $_GET['admin'] == "switch_admin"){
-		echo '<a class="up_arr" href="allianz.php?s=2&fid='.$arr['id'].'&bid='.$index.'&admin=pos&res=1" title="To top">
+	if(Alliance::canAct($checkArray)){
+		echo '<a class="up_arr" href="allianz.php?s=2&fid='.$arr['id'].'&res=1&admin=pos" title="To top">
 			<img src="img/x.gif" alt="To top" /></a><a class="edit" href="allianz.php?s=2&idf='.$arr['id'].'&admin=editforum" title="edit">
-			<img src="img/x.gif" alt="edit" /></a><br />
-			<a class="down_arr" href="allianz.php?s=2&fid='.$arr['id'].'&bid='.$index.'&admin=pos&res=0" title="To bottom">
-			<img src="img/x.gif" alt="To bottom" /></a>
-			<a class="fdel" href="allianz.php?s=2&idf='.$arr['id'].'&admin=delforum" onClick="return confirm(\'confirm delete?\');" title="delete">
+			<img src="img/x.gif" alt="edit" /></a><br /><a class="down_arr" href="allianz.php?s=2&fid='.$arr['id'].'&res=0&admin=pos" title="To bottom">
+			<img src="img/x.gif" alt="To bottom" /></a><a class="fdel" href="allianz.php?s=2&idf='.$arr['id'].'&admin=delforum" onClick="return confirm(\'confirm delete?\');" title="delete">
 			<img src="img/x.gif" alt="delete" /></a>';
 	}
 	else echo '<img class="folder" src="img/x.gif" title="Thread without new posts" alt="Thread without new posts">';
diff --git a/Templates/Alliance/Forum/forum_3.tpl b/Templates/Alliance/Forum/forum_3.tpl
index bd3649c9..19c238f2 100644
--- a/Templates/Alliance/Forum/forum_3.tpl
+++ b/Templates/Alliance/Forum/forum_3.tpl
@@ -32,7 +32,7 @@ $title = stripslashes($showTopic['title']);
 			<td>Move topic</td>
 			<td><select class="dropdown" name="fid">
 <?php
-$show_cat = $database->ForumCat($session->alliance);
+	$show_cat = $database->ForumCat($session->alliance);
 	foreach($show_cat as $cats) {
 		if($cats['id'] == $_GET['fid']) echo '<option value="'.$cats['id'].'" selected>'.stripslashes($cats['forum_name']).'</option>';
 		else echo '<option value="'.$cats['id'].'">'.stripslashes($cats['forum_name']).'</option>';
diff --git a/Templates/Alliance/Forum/forum_4.tpl b/Templates/Alliance/Forum/forum_4.tpl
index 893042bc..e3140c1d 100644
--- a/Templates/Alliance/Forum/forum_4.tpl
+++ b/Templates/Alliance/Forum/forum_4.tpl
@@ -47,7 +47,7 @@ if($ChckTopic){
 			$post_dates = date('m/d/y, H:i a',$arrs['date']);
 			$owner_topics = $database->getUserArray($arrs['owner'],1);
 		}
-		
+
 		echo '<tr><td class="ico">';
 		if(Alliance::canAct($checkArray))
 		{
diff --git a/Templates/Alliance/forum.tpl b/Templates/Alliance/forum.tpl
index 81505225..41cfeed1 100644
--- a/Templates/Alliance/forum.tpl
+++ b/Templates/Alliance/forum.tpl
@@ -30,11 +30,13 @@ if(isset($_POST['new']) && $opt['opt5'] == 1 &&
 	$database->CreatForum($forum_owner, $aid, $forum_name, $forum_des, $forum_area);
 }
 
-if(isset($_POST['edittopic']) && $opt['opt5'] == 1 && 
+if(isset($_POST['edittopic']) && 
    isset($_POST['fid']) && !empty($_POST['fid']) &&
    isset($_POST['tid']) && !empty($_POST['tid']) &&
    isset($_POST['thema']) && !empty($_POST['thema']) &&
-   $database->ForumCatAlliance($_POST['fid']) == $session->alliance)
+   Alliance::canAct(['aid' => $aid, 'alliance' => ($topic = reset($database->ShowTopic($_POST['tid'])))['alliance'], 
+	                 'forum_perm' => $opt['opt5'], 'admin' => $_GET['admin'], 'owner' => $topic['owner']], 1) &&
+   (($forumData = reset($database->ForumCatEdit($_POST['fid'])))['alliance'] == $session->alliance || $forumData['forum_area'] == 1))
 {
 	$topic_name = $_POST['thema'];
 	$topic_cat = $_POST['fid'];
@@ -57,7 +59,8 @@ if(isset($_POST['editforum']) && $opt['opt5'] == 1 &&
 }
 
 if(isset($_POST['newtopic']) && isset($_POST['thema']) && isset($_POST['text']) && isset($_POST['fid'])
-		&& !empty($_POST['thema']) && !empty($_POST['text']) && !empty($_POST['fid'])){
+   && !empty($_POST['thema']) && !empty($_POST['text']) && !empty($_POST['fid']) &&
+  (($forumData = reset($database->ForumCatEdit($_POST['fid'])))['alliance'] == $session->alliance || $forumData['forum_area'] == 1)){
 	$title = $_POST['thema'];
 	$text = $_POST['text'];
 	$cat = $_POST['fid'];
@@ -140,70 +143,72 @@ if(isset($_POST['newtopic']) && isset($_POST['thema']) && isset($_POST['text'])
 	}
 }
 
-if(isset($_POST['newpost'])){
-	$text = $_POST['text'];
+if(isset($_POST['newpost']) && isset($_POST['text']) && !empty($_POST['text']) &&
+   isset($_POST['tid']) && !empty($_POST['tid']) &&
+   isset($_POST['fid2']) && !empty($_POST['fid2']) &&
+   (($forumData = reset($database->ForumCatEdit($_POST['fid2'])))['alliance'] == $session->alliance || $forumData['forum_area'] == 1))
+{
+   	$text = $_POST['text'];
 	$tids = $_POST['tid'];
 	$fid2 = $_POST['fid2'];
 	$owner = $session->uid;
-	if(!empty($text)){
-		if(!preg_match('/\[message\]/', $text) && !preg_match('/\[\/message\]/', $text)){
-			$text = "[message]".$text."[/message]";
-			$alliances = $player = $coor = $report = 0;
-			for($i = 0; $i <= $alliances; $i++){
-				if(preg_match('/\[alliance'.$i.'\]/', $text) && preg_match('/\[\/alliance'.$i.'\]/', $text)){
-					$alliance1 = preg_replace('/\[message\](.*?)\[\/alliance'.$i.'\]/is', '', $text);
-					if(preg_match('/\[alliance'.$i.'\]/', $alliance1) && preg_match('/\[\/alliance'.$i.'\]/', $alliance1)){
-						$j = $i + 1;
-						$alliance2 = preg_replace('/\[\/alliance'.$i.'\](.*?)\[\/message\]/is', '', $text);
-						$alliance1 = preg_replace('/\[alliance'.$i.'\]/', '[alliance'.$j.']', $alliance1);
-						$alliance1 = preg_replace('/\[\/alliance'.$i.'\]/', '[/alliance'.$j.']', $alliance1);
-						$text = $alliance2."[/alliance".$i."]".$alliance1;
-						$alliances += 1;
-					}
+	if(!preg_match('/\[message\]/', $text) && !preg_match('/\[\/message\]/', $text)){
+		$text = "[message]".$text."[/message]";
+		$alliances = $player = $coor = $report = 0;
+		for($i = 0; $i <= $alliances; $i++){
+			if(preg_match('/\[alliance'.$i.'\]/', $text) && preg_match('/\[\/alliance'.$i.'\]/', $text)){
+				$alliance1 = preg_replace('/\[message\](.*?)\[\/alliance'.$i.'\]/is', '', $text);
+				if(preg_match('/\[alliance'.$i.'\]/', $alliance1) && preg_match('/\[\/alliance'.$i.'\]/', $alliance1)){
+					$j = $i + 1;
+					$alliance2 = preg_replace('/\[\/alliance'.$i.'\](.*?)\[\/message\]/is', '', $text);
+					$alliance1 = preg_replace('/\[alliance'.$i.'\]/', '[alliance'.$j.']', $alliance1);
+					$alliance1 = preg_replace('/\[\/alliance'.$i.'\]/', '[/alliance'.$j.']', $alliance1);
+					$text = $alliance2."[/alliance".$i."]".$alliance1;
+					$alliances += 1;
 				}
 			}
-			for($i = 0; $i <= $player; $i++){
-				if(preg_match('/\[player'.$i.'\]/', $text) && preg_match('/\[\/player'.$i.'\]/', $text)){
-					$player1 = preg_replace('/\[message\](.*?)\[\/player'.$i.'\]/is', '', $text);
-					if(preg_match('/\[player'.$i.'\]/', $player1) && preg_match('/\[\/player'.$i.'\]/', $player1)){
-						$j = $i + 1;
-						$player2 = preg_replace('/\[\/player'.$i.'\](.*?)\[\/message\]/is', '', $text);
-						$player1 = preg_replace('/\[player'.$i.'\]/', '[player'.$j.']', $player1);
-						$player1 = preg_replace('/\[\/player'.$i.'\]/', '[/player'.$j.']', $player1);
-						$text = $player2."[/player".$i."]".$player1;
-						$player += 1;
-					}
-				}
-			}
-			for($i = 0; $i <= $coor; $i++){
-				if(preg_match('/\[coor'.$i.'\]/', $text) && preg_match('/\[\/coor'.$i.'\]/', $text)){
-					$coor1 = preg_replace('/\[message\](.*?)\[\/coor'.$i.'\]/is', '', $text);
-					if(preg_match('/\[coor'.$i.'\]/', $coor1) && preg_match('/\[\/coor'.$i.'\]/', $coor1)){
-						$j = $i + 1;
-						$coor2 = preg_replace('/\[\/coor'.$i.'\](.*?)\[\/message\]/is', '', $text);
-						$coor1 = preg_replace('/\[coor'.$i.'\]/', '[coor'.$j.']', $coor1);
-						$coor1 = preg_replace('/\[\/coor'.$i.'\]/', '[/coor'.$j.']', $coor1);
-						$text = $coor2."[/coor".$i."]".$coor1;
-						$coor += 1;
-					}
-				}
-			}
-			for($i = 0; $i <= $report; $i++){
-				if(preg_match('/\[report'.$i.'\]/', $text) && preg_match('/\[\/report'.$i.'\]/', $text)){
-					$report1 = preg_replace('/\[message\](.*?)\[\/report'.$i.'\]/is', '', $text);
-					if(preg_match('/\[report'.$i.'\]/', $report1) && preg_match('/\[\/report'.$i.'\]/', $report1)){
-						$j = $i + 1;
-						$report2 = preg_replace('/\[\/report'.$i.'\](.*?)\[\/message\]/is', '', $text);
-						$report1 = preg_replace('/\[report'.$i.'\]/', '[report'.$j.']', $report1);
-						$report1 = preg_replace('/\[\/report'.$i.'\]/', '[/report'.$j.']', $report1);
-						$text = $report2."[/report".$i."]".$report1;
-						$report += 1;
-					}
-				}
-			}
-			$database->UpdatePostDate($tids);
-			$database->CreatPost($text, $tids, $owner, $alliances, $player, $coor, $report, $fid2);
 		}
+		for($i = 0; $i <= $player; $i++){
+			if(preg_match('/\[player'.$i.'\]/', $text) && preg_match('/\[\/player'.$i.'\]/', $text)){
+				$player1 = preg_replace('/\[message\](.*?)\[\/player'.$i.'\]/is', '', $text);
+				if(preg_match('/\[player'.$i.'\]/', $player1) && preg_match('/\[\/player'.$i.'\]/', $player1)){
+					$j = $i + 1;
+					$player2 = preg_replace('/\[\/player'.$i.'\](.*?)\[\/message\]/is', '', $text);
+					$player1 = preg_replace('/\[player'.$i.'\]/', '[player'.$j.']', $player1);
+					$player1 = preg_replace('/\[\/player'.$i.'\]/', '[/player'.$j.']', $player1);
+					$text = $player2."[/player".$i."]".$player1;
+					$player += 1;
+				}
+			}
+		}
+		for($i = 0; $i <= $coor; $i++){
+			if(preg_match('/\[coor'.$i.'\]/', $text) && preg_match('/\[\/coor'.$i.'\]/', $text)){
+				$coor1 = preg_replace('/\[message\](.*?)\[\/coor'.$i.'\]/is', '', $text);
+				if(preg_match('/\[coor'.$i.'\]/', $coor1) && preg_match('/\[\/coor'.$i.'\]/', $coor1)){
+					$j = $i + 1;
+					$coor2 = preg_replace('/\[\/coor'.$i.'\](.*?)\[\/message\]/is', '', $text);
+					$coor1 = preg_replace('/\[coor'.$i.'\]/', '[coor'.$j.']', $coor1);
+					$coor1 = preg_replace('/\[\/coor'.$i.'\]/', '[/coor'.$j.']', $coor1);
+					$text = $coor2."[/coor".$i."]".$coor1;
+					$coor += 1;
+				}
+			}
+		}
+		for($i = 0; $i <= $report; $i++){
+			if(preg_match('/\[report'.$i.'\]/', $text) && preg_match('/\[\/report'.$i.'\]/', $text)){
+				$report1 = preg_replace('/\[message\](.*?)\[\/report'.$i.'\]/is', '', $text);
+				if(preg_match('/\[report'.$i.'\]/', $report1) && preg_match('/\[\/report'.$i.'\]/', $report1)){
+					$j = $i + 1;
+					$report2 = preg_replace('/\[\/report'.$i.'\](.*?)\[\/message\]/is', '', $text);
+					$report1 = preg_replace('/\[report'.$i.'\]/', '[report'.$j.']', $report1);
+					$report1 = preg_replace('/\[\/report'.$i.'\]/', '[/report'.$j.']', $report1);
+					$text = $report2."[/report".$i."]".$report1;
+					$report += 1;
+				}
+			}
+		}
+		$database->UpdatePostDate($tids);
+		$database->CreatPost($text, $tids, $owner, $alliances, $player, $coor, $report, $fid2);
 	}
 }
 
@@ -396,8 +401,10 @@ if($_GET['admin'] == "switch_admin"){
 	}
 }
 
-if($_GET['admin'] == "pos" && isset($_GET['res']) && isset($_GET['bid']) && isset($_GET['fid']) && !empty($_GET['fid']) && $opt['opt5'] == 1){
-	$database->moveForum($_GET['fid'], $_GET['bid'], $session->alliance, $_GET['res']); //Move the forum to the top/bottom of the list
+if($_GET['admin'] == "pos" && isset($_GET['res']) && isset($_GET['fid']) && !empty($_GET['fid']) && $opt['opt5'] == 1 &&
+   ($forumData = reset($database->ForumCatEdit($_GET['fid'])))['alliance'] == $session->alliance)
+{
+	$database->moveForum($_GET['fid'], $forumData['forum_area'], $session->alliance, $_GET['res']); //Move the forum to the top/bottom of the list
 	$alliance->redirect($_GET);
 }
 elseif(isset($_GET['admin']) && !empty($_GET['admin']) && isset($_GET['idt']) && !empty($_GET['idt'])){
@@ -478,17 +485,6 @@ elseif($_GET['admin'] == "editforum" && $opt['opt5'] == 1) include("Forum/forum_
 elseif(isset($_GET['tid'])){
 	if(isset($_GET['ac'])) include ("Forum/forum_7.tpl"); //New post
 	else include ("Forum/forum_6.tpl"); //Showtopic
-}else{
-	if($database->CheckForum($aid)) include("Forum/forum_2.tpl");	
-	else if($opt['opt5'] == 1){
-		if($session->access == BANNED){
-			echo '<p class="error">Forum is not created yet</p><p>
-			<a href="banned.php"><img id="fbtn_newforum" class="dynamic_img" src="img/x.gif" alt="New forum" /></a></p>';
-		}else{
-			echo '<p class="error">Forum is not created yet</p><p>
-			<a href="allianz.php?s=2&admin=newforum"><img id="fbtn_newforum" class="dynamic_img" src="img/x.gif" alt="New forum" /></a></p>';
-		}
-	}
-	else echo '<p class="error">Forum is not created yet</p>';
 }
+else include("Forum/forum_2.tpl");
 ?>
\ No newline at end of file
diff --git a/allianz.php b/allianz.php
index b55f3d17..779b3f27 100644
--- a/allianz.php
+++ b/allianz.php
@@ -29,42 +29,14 @@ if(isset($_GET['newdid'])) {
 		exit;
 	}
 }
-if(isset($_GET['s'])){
-	$automation->isWinner();
-}
+if(isset($_GET['s'])) $automation->isWinner();
 
-if(isset($_GET['fid'])){
-	$fid = preg_replace("/[^0-9]/","",$_GET['fid']);
-	$forum = mysqli_query($database->dblink,"SELECT * FROM " . TB_PREFIX . "forum_cat WHERE id = ".(int) $fid."");
-	$forum_type = mysqli_fetch_array($forum);
-	if(!empty($forum_type['forum_name']) && $forum_type['forum_area'] == 0){
-		if($forum_type['alliance'] != $session->alliance){
-			header("Location: ".$_SERVER['PHP_SELF']);
-			exit;
-		}
-	}
-}else if(isset($_GET['fid2'])){
-	$fid = preg_replace("/[^0-9]/","",$_GET['fid2']);
-	$forum = mysqli_query($database->dblink,"SELECT * FROM " . TB_PREFIX . "forum_cat WHERE id = ".(int) $fid."");
-	if (!empty($forum)) {
-		$forum_type = mysqli_fetch_array($forum);
+if(isset($_GET['fid']) || isset($_GET['fid2'])){
+	$fid = preg_replace("/[^0-9]/","",!empty($_GET['fid']) ? $_GET['fid'] : $_GET['fid2']);
+	$forum_type = reset($database->ForumCatEdit($fid));
+	if (!empty($forum_type)) {
 		if(!empty($forum_type['forum_name']) && $forum_type['forum_area'] != 1){
-			if($forum_type['forum_area'] == 0){
-				if($forum_type['alliance'] != $session->alliance){
-					header("Location: ".$_SERVER['PHP_SELF']);
-					exit;
-				}
-			}else if($forum_type['forum_area'] == 2){
-				if($forum_type['alliance'] != $session->alliance){
-					header("Location: ".$_SERVER['PHP_SELF']);
-					exit;
-				}
-			}else if($forum_type['forum_area'] == 3){
-				if($forum_type['alliance'] != $session->alliance){
-					header("Location: ".$_SERVER['PHP_SELF']);
-					exit;
-				}
-			}else{
+			if($forum_type['alliance'] != $session->alliance){
 				header("Location: ".$_SERVER['PHP_SELF']);
 				exit;
 			}