mirror of
https://github.com/Shadowss/TravianZ.git
synced 2026-07-05 12:24:20 +00:00
Alliance fixes part 2
+Public forums are now displayed for every player on the server +Fixed some security bugs that permitted to create thread and posts to private forums +Fixed some general bugs
This commit is contained in:
@@ -87,7 +87,7 @@ class Alliance {
|
||||
public static function canAct($datas, $mode = 0){
|
||||
global $database, $session;
|
||||
|
||||
return ($database->CheckEditRes($datas['aid']) == 1 && ((($database->isAllianceOwner($session->uid) == $datas['alliance'] ||
|
||||
return (/*$database->CheckEditRes($datas['aid']) == 1 && */((($database->isAllianceOwner($session->uid) == $datas['alliance'] ||
|
||||
($datas['forum_perm'] == 1 && $session->alliance == $datas['alliance'])) &&
|
||||
($mode || (isset($datas['admin']) && !empty($datas['admin']) && $datas['admin'] == "switch_admin"))) ||
|
||||
$datas['owner'] == $session->uid));
|
||||
@@ -99,9 +99,9 @@ class Alliance {
|
||||
* @param array $get Contains the values of a GET request
|
||||
*/
|
||||
|
||||
public function redirect($get)
|
||||
public function redirect($get = null)
|
||||
{
|
||||
header("Location: allianz.php?s=2".(isset($get['fid']) && !empty($get['fid']) ? "&fid=".$get['fid']."" : "").
|
||||
header("Location: allianz.php?s=2".(isset($get['fid']) && !empty($get['fid']) && $get['admin'] != 'pos' ? "&fid=".$get['fid']."" : "").
|
||||
(isset($get['admin']) && !empty($get['admin']) ? "&admin=switch_admin" : ""));
|
||||
exit;
|
||||
}
|
||||
|
||||
@@ -2256,11 +2256,7 @@ class MYSQLi_DB implements IDbConnection {
|
||||
|
||||
$q = "SELECT Count(*) as Total FROM " . TB_PREFIX . "forum_cat where alliance = $id";
|
||||
$result = mysqli_fetch_array(mysqli_query($this->dblink,$q), MYSQLI_ASSOC);
|
||||
if ($result['Total']) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
return $result['Total'] > 0;
|
||||
}
|
||||
|
||||
// no need to refactor this method
|
||||
@@ -2373,7 +2369,7 @@ class MYSQLi_DB implements IDbConnection {
|
||||
function ForumCat($id) {
|
||||
list($id) = $this->escape_input($id);
|
||||
|
||||
$q = "SELECT * from " . TB_PREFIX . "forum_cat where alliance = '$id' ORDER BY sorting DESC, id";
|
||||
$q = "SELECT * from " . TB_PREFIX . "forum_cat where alliance = '$id' OR forum_area = 1 ORDER BY sorting DESC, id";
|
||||
$result = mysqli_query($this->dblink,$q);
|
||||
return $this->mysqli_fetch_all($result);
|
||||
}
|
||||
@@ -2508,7 +2504,7 @@ class MYSQLi_DB implements IDbConnection {
|
||||
$q = "UPDATE
|
||||
".TB_PREFIX."forum_cat
|
||||
SET
|
||||
sorting = (SELECT * FROM(SELECT ".(!$mode ? "MIN" : "MAX")."(sorting) FROM ".TB_PREFIX."forum_cat WHERE forum_area = $area AND alliance = $ally AND id != $id) f) ".(!$mode ? "-" : "+")." 1
|
||||
sorting = (SELECT * FROM(SELECT ".(!$mode ? "MIN" : "MAX")."(sorting) FROM ".TB_PREFIX."forum_cat WHERE forum_area = $area ".($area != 1 ? "AND alliance = $ally" : "")." AND id != $id) f) ".(!$mode ? "-" : "+")." 1
|
||||
WHERE
|
||||
id = $id";
|
||||
return mysqli_query($this->dblink, $q);
|
||||
|
||||
@@ -1113,7 +1113,6 @@ define("WORLD_WONDER_NOTCHANGE_NAME","You can not change the name of the World W
|
||||
define("WORLD_WONDER_NAME_CHANGED","Name changed");
|
||||
|
||||
define("HORSEDRINKING","Horse Drinking Trough");
|
||||
define("EXTRA_BONUS","Extra bonus");
|
||||
define("HORSEDRINKING_DESC","The horse drinking trough of the Romans decreases the training time of cavalry and the upkeep of these troops as well.");
|
||||
|
||||
define("GREATWORKSHOP","Great Workshop");
|
||||
|
||||
Reference in New Issue
Block a user