Alliance fixes part 2

+Public forums are now displayed for every player on the server
+Fixed some security bugs that permitted to create thread and posts to
private forums
+Fixed some general bugs
This commit is contained in:
iopietro
2018-05-19 00:01:50 +02:00
parent b91e27381b
commit 5ecf035cb3
8 changed files with 93 additions and 129 deletions
+3 -3
View File
@@ -87,7 +87,7 @@ class Alliance {
public static function canAct($datas, $mode = 0){
global $database, $session;
return ($database->CheckEditRes($datas['aid']) == 1 && ((($database->isAllianceOwner($session->uid) == $datas['alliance'] ||
return (/*$database->CheckEditRes($datas['aid']) == 1 && */((($database->isAllianceOwner($session->uid) == $datas['alliance'] ||
($datas['forum_perm'] == 1 && $session->alliance == $datas['alliance'])) &&
($mode || (isset($datas['admin']) && !empty($datas['admin']) && $datas['admin'] == "switch_admin"))) ||
$datas['owner'] == $session->uid));
@@ -99,9 +99,9 @@ class Alliance {
* @param array $get Contains the values of a GET request
*/
public function redirect($get)
public function redirect($get = null)
{
header("Location: allianz.php?s=2".(isset($get['fid']) && !empty($get['fid']) ? "&fid=".$get['fid']."" : "").
header("Location: allianz.php?s=2".(isset($get['fid']) && !empty($get['fid']) && $get['admin'] != 'pos' ? "&fid=".$get['fid']."" : "").
(isset($get['admin']) && !empty($get['admin']) ? "&admin=switch_admin" : ""));
exit;
}
+3 -7
View File
@@ -2256,11 +2256,7 @@ class MYSQLi_DB implements IDbConnection {
$q = "SELECT Count(*) as Total FROM " . TB_PREFIX . "forum_cat where alliance = $id";
$result = mysqli_fetch_array(mysqli_query($this->dblink,$q), MYSQLI_ASSOC);
if ($result['Total']) {
return true;
} else {
return false;
}
return $result['Total'] > 0;
}
// no need to refactor this method
@@ -2373,7 +2369,7 @@ class MYSQLi_DB implements IDbConnection {
function ForumCat($id) {
list($id) = $this->escape_input($id);
$q = "SELECT * from " . TB_PREFIX . "forum_cat where alliance = '$id' ORDER BY sorting DESC, id";
$q = "SELECT * from " . TB_PREFIX . "forum_cat where alliance = '$id' OR forum_area = 1 ORDER BY sorting DESC, id";
$result = mysqli_query($this->dblink,$q);
return $this->mysqli_fetch_all($result);
}
@@ -2508,7 +2504,7 @@ class MYSQLi_DB implements IDbConnection {
$q = "UPDATE
".TB_PREFIX."forum_cat
SET
sorting = (SELECT * FROM(SELECT ".(!$mode ? "MIN" : "MAX")."(sorting) FROM ".TB_PREFIX."forum_cat WHERE forum_area = $area AND alliance = $ally AND id != $id) f) ".(!$mode ? "-" : "+")." 1
sorting = (SELECT * FROM(SELECT ".(!$mode ? "MIN" : "MAX")."(sorting) FROM ".TB_PREFIX."forum_cat WHERE forum_area = $area ".($area != 1 ? "AND alliance = $ally" : "")." AND id != $id) f) ".(!$mode ? "-" : "+")." 1
WHERE
id = $id";
return mysqli_query($this->dblink, $q);
-1
View File
@@ -1113,7 +1113,6 @@ define("WORLD_WONDER_NOTCHANGE_NAME","You can not change the name of the World W
define("WORLD_WONDER_NAME_CHANGED","Name changed");
define("HORSEDRINKING","Horse Drinking Trough");
define("EXTRA_BONUS","Extra bonus");
define("HORSEDRINKING_DESC","The horse drinking trough of the Romans decreases the training time of cavalry and the upkeep of these troops as well.");
define("GREATWORKSHOP","Great Workshop");