Alliance fixes part 2

+Public forums are now displayed for every player on the server
+Fixed some security bugs that permitted to create thread and posts to
private forums
+Fixed some general bugs
This commit is contained in:
iopietro
2018-05-19 00:01:50 +02:00
parent b91e27381b
commit 5ecf035cb3
8 changed files with 93 additions and 129 deletions
+8 -7
View File
@@ -14,7 +14,7 @@ $opt = $database->getAlliPermissions($session->uid, $aid);
$displayarray = $database->getUserArray($session->uid, 1);
$forumcat = $database->ForumCat(htmlspecialchars($displayarray['alliance']));
$ally = $session->alliance;
$public = mysqli_fetch_array(mysqli_query($database->dblink, "SELECT Count(*) as Total FROM ".TB_PREFIX."forum_cat WHERE alliance = $ally AND forum_area = 1"), MYSQLI_ASSOC);
$public = mysqli_fetch_array(mysqli_query($database->dblink, "SELECT Count(*) as Total FROM ".TB_PREFIX."forum_cat WHERE forum_area = 1"), MYSQLI_ASSOC);
$confederation = mysqli_fetch_array(mysqli_query($database->dblink, "SELECT Count(*) as Total FROM ".TB_PREFIX."forum_cat WHERE alliance = $ally AND forum_area = 2"), MYSQLI_ASSOC);
$alliance = mysqli_fetch_array(mysqli_query($database->dblink, "SELECT Count(*) as Total FROM ".TB_PREFIX."forum_cat WHERE alliance = $ally AND forum_area = 0"), MYSQLI_ASSOC);
$closed = mysqli_fetch_array(mysqli_query($database->dblink, "SELECT Count(*) as Total FROM ".TB_PREFIX."forum_cat WHERE alliance = $ally AND forum_area = 3"), MYSQLI_ASSOC);
@@ -43,6 +43,9 @@ if($count == 0) echo "<tr><td colspan=\"4\" style=\"text-align: center\">".NO_FO
foreach($forumcat as $arr){
if($arr['forum_area'] != $index) continue;
$checkArray = ['aid' => $aid, 'alliance' => $arr['alliance'], 'forum_perm' => $opt['opt5'],
'owner' => 0, 'admin' => $_GET['admin']];
$countop = $database->CountCat($arr['id']);
$lpost = $owner = "";
if($countop > 0){
@@ -65,13 +68,11 @@ foreach($forumcat as $arr){
}
echo '<tr><td class="ico">';
if($database->CheckEditRes($aid) == 1 && ($database->isAllianceOwner($session->uid) == $arr['alliance'] || $opt['opt5'] == 1) && isset($_GET['admin']) && !empty($_GET['admin']) && $_GET['admin'] == "switch_admin"){
echo '<a class="up_arr" href="allianz.php?s=2&fid='.$arr['id'].'&bid='.$index.'&admin=pos&res=1" title="To top">
if(Alliance::canAct($checkArray)){
echo '<a class="up_arr" href="allianz.php?s=2&fid='.$arr['id'].'&res=1&admin=pos" title="To top">
<img src="img/x.gif" alt="To top" /></a><a class="edit" href="allianz.php?s=2&idf='.$arr['id'].'&admin=editforum" title="edit">
<img src="img/x.gif" alt="edit" /></a><br />
<a class="down_arr" href="allianz.php?s=2&fid='.$arr['id'].'&bid='.$index.'&admin=pos&res=0" title="To bottom">
<img src="img/x.gif" alt="To bottom" /></a>
<a class="fdel" href="allianz.php?s=2&idf='.$arr['id'].'&admin=delforum" onClick="return confirm(\'confirm delete?\');" title="delete">
<img src="img/x.gif" alt="edit" /></a><br /><a class="down_arr" href="allianz.php?s=2&fid='.$arr['id'].'&res=0&admin=pos" title="To bottom">
<img src="img/x.gif" alt="To bottom" /></a><a class="fdel" href="allianz.php?s=2&idf='.$arr['id'].'&admin=delforum" onClick="return confirm(\'confirm delete?\');" title="delete">
<img src="img/x.gif" alt="delete" /></a>';
}
else echo '<img class="folder" src="img/x.gif" title="Thread without new posts" alt="Thread without new posts">';
+1 -1
View File
@@ -32,7 +32,7 @@ $title = stripslashes($showTopic['title']);
<td>Move topic</td>
<td><select class="dropdown" name="fid">
<?php
$show_cat = $database->ForumCat($session->alliance);
$show_cat = $database->ForumCat($session->alliance);
foreach($show_cat as $cats) {
if($cats['id'] == $_GET['fid']) echo '<option value="'.$cats['id'].'" selected>'.stripslashes($cats['forum_name']).'</option>';
else echo '<option value="'.$cats['id'].'">'.stripslashes($cats['forum_name']).'</option>';
+1 -1
View File
@@ -47,7 +47,7 @@ if($ChckTopic){
$post_dates = date('m/d/y, H:i a',$arrs['date']);
$owner_topics = $database->getUserArray($arrs['owner'],1);
}
echo '<tr><td class="ico">';
if(Alliance::canAct($checkArray))
{
+71 -75
View File
@@ -30,11 +30,13 @@ if(isset($_POST['new']) && $opt['opt5'] == 1 &&
$database->CreatForum($forum_owner, $aid, $forum_name, $forum_des, $forum_area);
}
if(isset($_POST['edittopic']) && $opt['opt5'] == 1 &&
if(isset($_POST['edittopic']) &&
isset($_POST['fid']) && !empty($_POST['fid']) &&
isset($_POST['tid']) && !empty($_POST['tid']) &&
isset($_POST['thema']) && !empty($_POST['thema']) &&
$database->ForumCatAlliance($_POST['fid']) == $session->alliance)
Alliance::canAct(['aid' => $aid, 'alliance' => ($topic = reset($database->ShowTopic($_POST['tid'])))['alliance'],
'forum_perm' => $opt['opt5'], 'admin' => $_GET['admin'], 'owner' => $topic['owner']], 1) &&
(($forumData = reset($database->ForumCatEdit($_POST['fid'])))['alliance'] == $session->alliance || $forumData['forum_area'] == 1))
{
$topic_name = $_POST['thema'];
$topic_cat = $_POST['fid'];
@@ -57,7 +59,8 @@ if(isset($_POST['editforum']) && $opt['opt5'] == 1 &&
}
if(isset($_POST['newtopic']) && isset($_POST['thema']) && isset($_POST['text']) && isset($_POST['fid'])
&& !empty($_POST['thema']) && !empty($_POST['text']) && !empty($_POST['fid'])){
&& !empty($_POST['thema']) && !empty($_POST['text']) && !empty($_POST['fid']) &&
(($forumData = reset($database->ForumCatEdit($_POST['fid'])))['alliance'] == $session->alliance || $forumData['forum_area'] == 1)){
$title = $_POST['thema'];
$text = $_POST['text'];
$cat = $_POST['fid'];
@@ -140,70 +143,72 @@ if(isset($_POST['newtopic']) && isset($_POST['thema']) && isset($_POST['text'])
}
}
if(isset($_POST['newpost'])){
$text = $_POST['text'];
if(isset($_POST['newpost']) && isset($_POST['text']) && !empty($_POST['text']) &&
isset($_POST['tid']) && !empty($_POST['tid']) &&
isset($_POST['fid2']) && !empty($_POST['fid2']) &&
(($forumData = reset($database->ForumCatEdit($_POST['fid2'])))['alliance'] == $session->alliance || $forumData['forum_area'] == 1))
{
$text = $_POST['text'];
$tids = $_POST['tid'];
$fid2 = $_POST['fid2'];
$owner = $session->uid;
if(!empty($text)){
if(!preg_match('/\[message\]/', $text) && !preg_match('/\[\/message\]/', $text)){
$text = "[message]".$text."[/message]";
$alliances = $player = $coor = $report = 0;
for($i = 0; $i <= $alliances; $i++){
if(preg_match('/\[alliance'.$i.'\]/', $text) && preg_match('/\[\/alliance'.$i.'\]/', $text)){
$alliance1 = preg_replace('/\[message\](.*?)\[\/alliance'.$i.'\]/is', '', $text);
if(preg_match('/\[alliance'.$i.'\]/', $alliance1) && preg_match('/\[\/alliance'.$i.'\]/', $alliance1)){
$j = $i + 1;
$alliance2 = preg_replace('/\[\/alliance'.$i.'\](.*?)\[\/message\]/is', '', $text);
$alliance1 = preg_replace('/\[alliance'.$i.'\]/', '[alliance'.$j.']', $alliance1);
$alliance1 = preg_replace('/\[\/alliance'.$i.'\]/', '[/alliance'.$j.']', $alliance1);
$text = $alliance2."[/alliance".$i."]".$alliance1;
$alliances += 1;
}
if(!preg_match('/\[message\]/', $text) && !preg_match('/\[\/message\]/', $text)){
$text = "[message]".$text."[/message]";
$alliances = $player = $coor = $report = 0;
for($i = 0; $i <= $alliances; $i++){
if(preg_match('/\[alliance'.$i.'\]/', $text) && preg_match('/\[\/alliance'.$i.'\]/', $text)){
$alliance1 = preg_replace('/\[message\](.*?)\[\/alliance'.$i.'\]/is', '', $text);
if(preg_match('/\[alliance'.$i.'\]/', $alliance1) && preg_match('/\[\/alliance'.$i.'\]/', $alliance1)){
$j = $i + 1;
$alliance2 = preg_replace('/\[\/alliance'.$i.'\](.*?)\[\/message\]/is', '', $text);
$alliance1 = preg_replace('/\[alliance'.$i.'\]/', '[alliance'.$j.']', $alliance1);
$alliance1 = preg_replace('/\[\/alliance'.$i.'\]/', '[/alliance'.$j.']', $alliance1);
$text = $alliance2."[/alliance".$i."]".$alliance1;
$alliances += 1;
}
}
for($i = 0; $i <= $player; $i++){
if(preg_match('/\[player'.$i.'\]/', $text) && preg_match('/\[\/player'.$i.'\]/', $text)){
$player1 = preg_replace('/\[message\](.*?)\[\/player'.$i.'\]/is', '', $text);
if(preg_match('/\[player'.$i.'\]/', $player1) && preg_match('/\[\/player'.$i.'\]/', $player1)){
$j = $i + 1;
$player2 = preg_replace('/\[\/player'.$i.'\](.*?)\[\/message\]/is', '', $text);
$player1 = preg_replace('/\[player'.$i.'\]/', '[player'.$j.']', $player1);
$player1 = preg_replace('/\[\/player'.$i.'\]/', '[/player'.$j.']', $player1);
$text = $player2."[/player".$i."]".$player1;
$player += 1;
}
}
}
for($i = 0; $i <= $coor; $i++){
if(preg_match('/\[coor'.$i.'\]/', $text) && preg_match('/\[\/coor'.$i.'\]/', $text)){
$coor1 = preg_replace('/\[message\](.*?)\[\/coor'.$i.'\]/is', '', $text);
if(preg_match('/\[coor'.$i.'\]/', $coor1) && preg_match('/\[\/coor'.$i.'\]/', $coor1)){
$j = $i + 1;
$coor2 = preg_replace('/\[\/coor'.$i.'\](.*?)\[\/message\]/is', '', $text);
$coor1 = preg_replace('/\[coor'.$i.'\]/', '[coor'.$j.']', $coor1);
$coor1 = preg_replace('/\[\/coor'.$i.'\]/', '[/coor'.$j.']', $coor1);
$text = $coor2."[/coor".$i."]".$coor1;
$coor += 1;
}
}
}
for($i = 0; $i <= $report; $i++){
if(preg_match('/\[report'.$i.'\]/', $text) && preg_match('/\[\/report'.$i.'\]/', $text)){
$report1 = preg_replace('/\[message\](.*?)\[\/report'.$i.'\]/is', '', $text);
if(preg_match('/\[report'.$i.'\]/', $report1) && preg_match('/\[\/report'.$i.'\]/', $report1)){
$j = $i + 1;
$report2 = preg_replace('/\[\/report'.$i.'\](.*?)\[\/message\]/is', '', $text);
$report1 = preg_replace('/\[report'.$i.'\]/', '[report'.$j.']', $report1);
$report1 = preg_replace('/\[\/report'.$i.'\]/', '[/report'.$j.']', $report1);
$text = $report2."[/report".$i."]".$report1;
$report += 1;
}
}
}
$database->UpdatePostDate($tids);
$database->CreatPost($text, $tids, $owner, $alliances, $player, $coor, $report, $fid2);
}
for($i = 0; $i <= $player; $i++){
if(preg_match('/\[player'.$i.'\]/', $text) && preg_match('/\[\/player'.$i.'\]/', $text)){
$player1 = preg_replace('/\[message\](.*?)\[\/player'.$i.'\]/is', '', $text);
if(preg_match('/\[player'.$i.'\]/', $player1) && preg_match('/\[\/player'.$i.'\]/', $player1)){
$j = $i + 1;
$player2 = preg_replace('/\[\/player'.$i.'\](.*?)\[\/message\]/is', '', $text);
$player1 = preg_replace('/\[player'.$i.'\]/', '[player'.$j.']', $player1);
$player1 = preg_replace('/\[\/player'.$i.'\]/', '[/player'.$j.']', $player1);
$text = $player2."[/player".$i."]".$player1;
$player += 1;
}
}
}
for($i = 0; $i <= $coor; $i++){
if(preg_match('/\[coor'.$i.'\]/', $text) && preg_match('/\[\/coor'.$i.'\]/', $text)){
$coor1 = preg_replace('/\[message\](.*?)\[\/coor'.$i.'\]/is', '', $text);
if(preg_match('/\[coor'.$i.'\]/', $coor1) && preg_match('/\[\/coor'.$i.'\]/', $coor1)){
$j = $i + 1;
$coor2 = preg_replace('/\[\/coor'.$i.'\](.*?)\[\/message\]/is', '', $text);
$coor1 = preg_replace('/\[coor'.$i.'\]/', '[coor'.$j.']', $coor1);
$coor1 = preg_replace('/\[\/coor'.$i.'\]/', '[/coor'.$j.']', $coor1);
$text = $coor2."[/coor".$i."]".$coor1;
$coor += 1;
}
}
}
for($i = 0; $i <= $report; $i++){
if(preg_match('/\[report'.$i.'\]/', $text) && preg_match('/\[\/report'.$i.'\]/', $text)){
$report1 = preg_replace('/\[message\](.*?)\[\/report'.$i.'\]/is', '', $text);
if(preg_match('/\[report'.$i.'\]/', $report1) && preg_match('/\[\/report'.$i.'\]/', $report1)){
$j = $i + 1;
$report2 = preg_replace('/\[\/report'.$i.'\](.*?)\[\/message\]/is', '', $text);
$report1 = preg_replace('/\[report'.$i.'\]/', '[report'.$j.']', $report1);
$report1 = preg_replace('/\[\/report'.$i.'\]/', '[/report'.$j.']', $report1);
$text = $report2."[/report".$i."]".$report1;
$report += 1;
}
}
}
$database->UpdatePostDate($tids);
$database->CreatPost($text, $tids, $owner, $alliances, $player, $coor, $report, $fid2);
}
}
@@ -396,8 +401,10 @@ if($_GET['admin'] == "switch_admin"){
}
}
if($_GET['admin'] == "pos" && isset($_GET['res']) && isset($_GET['bid']) && isset($_GET['fid']) && !empty($_GET['fid']) && $opt['opt5'] == 1){
$database->moveForum($_GET['fid'], $_GET['bid'], $session->alliance, $_GET['res']); //Move the forum to the top/bottom of the list
if($_GET['admin'] == "pos" && isset($_GET['res']) && isset($_GET['fid']) && !empty($_GET['fid']) && $opt['opt5'] == 1 &&
($forumData = reset($database->ForumCatEdit($_GET['fid'])))['alliance'] == $session->alliance)
{
$database->moveForum($_GET['fid'], $forumData['forum_area'], $session->alliance, $_GET['res']); //Move the forum to the top/bottom of the list
$alliance->redirect($_GET);
}
elseif(isset($_GET['admin']) && !empty($_GET['admin']) && isset($_GET['idt']) && !empty($_GET['idt'])){
@@ -478,17 +485,6 @@ elseif($_GET['admin'] == "editforum" && $opt['opt5'] == 1) include("Forum/forum_
elseif(isset($_GET['tid'])){
if(isset($_GET['ac'])) include ("Forum/forum_7.tpl"); //New post
else include ("Forum/forum_6.tpl"); //Showtopic
}else{
if($database->CheckForum($aid)) include("Forum/forum_2.tpl");
else if($opt['opt5'] == 1){
if($session->access == BANNED){
echo '<p class="error">Forum is not created yet</p><p>
<a href="banned.php"><img id="fbtn_newforum" class="dynamic_img" src="img/x.gif" alt="New forum" /></a></p>';
}else{
echo '<p class="error">Forum is not created yet</p><p>
<a href="allianz.php?s=2&admin=newforum"><img id="fbtn_newforum" class="dynamic_img" src="img/x.gif" alt="New forum" /></a></p>';
}
}
else echo '<p class="error">Forum is not created yet</p>';
}
else include("Forum/forum_2.tpl");
?>