diff --git a/GameEngine/Message.php b/GameEngine/Message.php index c8c66eaf..fcd04152 100755 --- a/GameEngine/Message.php +++ b/GameEngine/Message.php @@ -211,7 +211,7 @@ class Message { $post = $database->escape($post); for($i = 1; $i <= 10; $i++) { if(isset($post['n' . $i])) { - $message1 = mysqli_query($GLOBALS['link'],"SELECT * FROM " . TB_PREFIX . "mdata where id = ".$post['n' . $i].""); + $message1 = mysqli_query($GLOBALS['link'],"SELECT * FROM " . TB_PREFIX . "mdata where id = ".(int) $post['n' . $i].""); $message = mysqli_fetch_array($message1); if($message['target'] == $session->uid && $message['owner'] == $session->uid){ $database->getMessage($post['n' . $i], 8); diff --git a/GameEngine/Ranking.php b/GameEngine/Ranking.php index 811a9a26..85509dbb 100755 --- a/GameEngine/Ranking.php +++ b/GameEngine/Ranking.php @@ -293,7 +293,7 @@ public function procRankRaceArray($race) { global $multisort,$database; - $race = $database->escape($race); + $race = $database->escape((int) $race); //$array = $GLOBALS['db']->getRanking(); $holder = array(); //$value['totalvillage'] = count($GLOBALS['db']->getVillagesID($value['id'])); diff --git a/GameEngine/Session.php b/GameEngine/Session.php index 444dd89d..f2792a31 100755 --- a/GameEngine/Session.php +++ b/GameEngine/Session.php @@ -91,12 +91,12 @@ class Session { $_SESSION['qst'] = $database->getUserField($user_sanitized, "quest", 1); $result = mysqli_query($GLOBALS['link'],"SELECT village_select FROM `". TB_PREFIX."users` WHERE `username`='".$user_sanitized."'"); $dbarray = mysqli_fetch_assoc($result); - $selected_village=$dbarray['village_select']; + $selected_village=(int) $dbarray['village_select']; if(!isset($_SESSION['wid'])) { if($selected_village!='') { $query = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'vdata` WHERE `wref` = '.$selected_village); }else{ - $query = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'vdata` WHERE `owner` = ' . $database->getUserField($user_sanitized, "id", 1) . ' LIMIT 1'); + $query = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'vdata` WHERE `owner` = ' . (int) $database->getUserField($user_sanitized, "id", 1) . ' LIMIT 1'); } $data = mysqli_fetch_assoc($query); $_SESSION['wid'] = $data['wref']; @@ -105,7 +105,7 @@ class Session { if($selected_village!='') { $query = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'vdata` WHERE `wref` = '.$selected_village); }else{ - $query = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'vdata` WHERE `owner` = ' . $database->getUserField($user_sanitized, "id", 1) . ' LIMIT 1'); + $query = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'vdata` WHERE `owner` = ' . (int) $database->getUserField($user_sanitized, "id", 1) . ' LIMIT 1'); } $data = mysqli_fetch_assoc($query); $_SESSION['wid'] = $data['wref']; @@ -161,18 +161,18 @@ class Session { global $database,$link; $hero=0; foreach($this->villages as $myvill){ - $q1 = "SELECT SUM(hero) from " . TB_PREFIX . "enforcement where `from` = ".$myvill; // check if hero is send as reinforcement + $q1 = "SELECT SUM(hero) from " . TB_PREFIX . "enforcement where `from` = ".(int) $myvill; // check if hero is send as reinforcement $result1 = mysqli_query($GLOBALS['link'],$q1); if(mysqli_num_rows($result1) != 0) { $he1=mysqli_fetch_array($result1); $hero+=$he1[0]; } - $q2 = "SELECT SUM(hero) from " . TB_PREFIX . "units where `vref` = ".$myvill; // check if hero is on my account (all villages) + $q2 = "SELECT SUM(hero) from " . TB_PREFIX . "units where `vref` = ".(int) $myvill; // check if hero is on my account (all villages) $result2 = mysqli_query($GLOBALS['link'],$q2); $he2=mysqli_fetch_array($result2); $hero+=$he2[0]; - $q3 = "SELECT SUM(t11) from " . TB_PREFIX . "prisoners where `from` = ".$myvill; // check if hero is prisoner + $q3 = "SELECT SUM(t11) from " . TB_PREFIX . "prisoners where `from` = ".(int) $myvill; // check if hero is prisoner $result3 = mysqli_query($GLOBALS['link'],$q3); $he3=mysqli_fetch_array($result3); $hero+=$he3[0]; diff --git a/GameEngine/Technology.php b/GameEngine/Technology.php index b13efa75..092373d8 100755 --- a/GameEngine/Technology.php +++ b/GameEngine/Technology.php @@ -182,7 +182,7 @@ class Technology { global $village,$$unit; $unitarray = $$unit; $res = array(); - $res = mysqli_fetch_assoc(mysqli_query($GLOBALS['link'],"SELECT maxstore, maxcrop, wood, clay, iron, crop FROM ".TB_PREFIX."vdata WHERE wref = ".$village->wid)) or die(mysqli_error($database->dblink)); + $res = mysqli_fetch_assoc(mysqli_query($GLOBALS['link'],"SELECT maxstore, maxcrop, wood, clay, iron, crop FROM ".TB_PREFIX."vdata WHERE wref = ".(int) $village->wid)) or die(mysqli_error($database->dblink)); if ($res['wood'] > $res['maxstore']){$res['wood'] = $res['maxstore'];} if ($res['clay'] > $res['maxstore']){$res['clay'] = $res['maxstore'];} if ($res['iron'] > $res['maxstore']){$res['iron'] = $res['maxstore'];} @@ -208,7 +208,7 @@ class Technology { global $village,$$unit; $unitarray = $$unit; $res = array(); - $res = mysqli_fetch_assoc(mysqli_query($GLOBALS['link'],"SELECT maxstore, maxcrop, wood, clay, iron, crop FROM ".TB_PREFIX."vdata WHERE wref = ".$village->wid)) or die(mysqli_error($database->dblink)); + $res = mysqli_fetch_assoc(mysqli_query($GLOBALS['link'],"SELECT maxstore, maxcrop, wood, clay, iron, crop FROM ".TB_PREFIX."vdata WHERE wref = ".(int) $village->wid)) or die(mysqli_error($database->dblink)); $totalres = $res['wood']+$res['clay']+$res['iron']+$res['crop']; $totalresunit = ($unitarray['wood'] * ($great?3:1))+($unitarray['clay'] * ($great?3:1))+($unitarray['iron'] * ($great?3:1))+($unitarray['crop'] * ($great?3:1)); $max =round($totalres/$totalresunit); diff --git a/GameEngine/Units.php b/GameEngine/Units.php index 413a1b78..c0660c0a 100755 --- a/GameEngine/Units.php +++ b/GameEngine/Units.php @@ -286,7 +286,7 @@ class Units { } } if( intval($enforce['hero']) > 0){ - $q = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".$from['owner'].""; + $q = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".(int) $from['owner'].""; $result = mysqli_query($GLOBALS['link'],$q); $hero_f=mysqli_fetch_array($result); $hero_unit=$hero_f['unit']; @@ -378,13 +378,13 @@ if($session->access != BANNED){ array(0,0,0,0,0,0,0,0,0,0,0) ); - $query1 = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'vdata` WHERE `wref` = ' . mysqli_escape_string($GLOBALS['link'],$data['to_vid'])); + $query1 = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'vdata` WHERE `wref` = ' . mysqli_escape_string($GLOBALS['link'],(int) $data['to_vid'])); $data1 = mysqli_fetch_assoc($query1); - $query2 = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'users` WHERE `id` = ' . $data1['owner']); + $query2 = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'users` WHERE `id` = ' . (int) $data1['owner']); $data2 = mysqli_fetch_assoc($query2); - $query11 = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'vdata` WHERE `wref` = ' . mysqli_escape_string($GLOBALS['link'],$village->wid)); + $query11 = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'vdata` WHERE `wref` = ' . mysqli_escape_string($GLOBALS['link'],(int) $village->wid)); $data11 = mysqli_fetch_assoc($query11); - $query21 = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'users` WHERE `id` = ' . $data11['owner']); + $query21 = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'users` WHERE `id` = ' . (int) $data11['owner']); $data21 = mysqli_fetch_assoc($query21); @@ -445,7 +445,7 @@ if($session->access != BANNED){ // If is a WW village you can target on WW , if is not a WW village catapults will target randomly. // Like it says : Exceptions are the WW which can always be targeted and the treasure chamber which can always be targeted, except with the unique artifact. // Fixed by Advocaite and Shadow - $q = mysqli_query($GLOBALS['link'],"SELECT vref FROM ".TB_PREFIX."fdata WHERE f99t = '40' AND vref = ".$data['to_vid'].""); + $q = mysqli_query($GLOBALS['link'],"SELECT vref FROM ".TB_PREFIX."fdata WHERE f99t = '40' AND vref = ".(int) $data['to_vid'].""); $isThere = mysqli_num_rows($q); if($isThere > 0) { @@ -515,7 +515,7 @@ if($session->access != BANNED){ if($checkexist or $checkoexist){ $database->addMovement(3,$village->wid,$data['to_vid'],$reference,time(),($time+time())); if(($database->hasBeginnerProtection($village->wid)==1)&&($checkexist)){ - mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users SET protect = 0 WHERE id = $session->uid"); + mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users SET protect = 0 WHERE id = ". (int) $session->uid); } } @@ -614,7 +614,7 @@ if($session->access != BANNED){ } if (isset($post['t11'])){ if( $post['t11'] != '' && $post['t11'] > 0){ - $qh = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".$from['owner'].""; + $qh = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".(int) $from['owner'].""; $resulth = mysqli_query($GLOBALS['link'],$qh); $hero_f=mysqli_fetch_array($resulth); $hero_unit=$hero_f['unit']; diff --git a/Templates/Alliance/Forum/forum_2.tpl b/Templates/Alliance/Forum/forum_2.tpl index 14e1de0a..315c1a42 100644 --- a/Templates/Alliance/Forum/forum_2.tpl +++ b/Templates/Alliance/Forum/forum_2.tpl @@ -9,13 +9,13 @@ if($session->access!=BANNED){ $displayarray = $database->getUserArray($session->uid,1); $forumcat = $database->ForumCat(htmlspecialchars($displayarray['alliance'])); $ally = $session->alliance; -$public = mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."forum_cat WHERE alliance = $ally AND forum_area = 1"); +$public = mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."forum_cat WHERE alliance = '$ally' AND forum_area = 1"); $public1 = mysqli_num_rows($public); -$cofederation = mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."forum_cat WHERE alliance = $ally AND forum_area = 2"); +$cofederation = mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."forum_cat WHERE alliance = '$ally' AND forum_area = 2"); $cofederation1 = mysqli_num_rows($cofederation); -$alliance = mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."forum_cat WHERE alliance = $ally AND forum_area = 0"); +$alliance = mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."forum_cat WHERE alliance = '$ally' AND forum_area = 0"); $alliance1 = mysqli_num_rows($alliance); -$closed = mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."forum_cat WHERE alliance = $ally AND forum_area = 3"); +$closed = mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."forum_cat WHERE alliance = '$ally' AND forum_area = 3"); $closed1 = mysqli_num_rows($closed); if($public1 != 0){ ?> diff --git a/Templates/Alliance/attack-attacker.tpl b/Templates/Alliance/attack-attacker.tpl index f59f7211..4e2c9083 100644 --- a/Templates/Alliance/attack-attacker.tpl +++ b/Templates/Alliance/attack-attacker.tpl @@ -1,7 +1,7 @@ alliance AND $limit ORDER BY time DESC LIMIT 20"); +$sql = mysqli_query($GLOBALS['link'],"SELECT * FROM $prefix WHERE ally = ".(int) $session->alliance." AND $limit ORDER BY time DESC LIMIT 20"); $query = mysqli_num_rows($sql); $outputList = ''; $name = 1; diff --git a/Templates/Alliance/attack-defender.tpl b/Templates/Alliance/attack-defender.tpl index ca073c62..d81c253a 100644 --- a/Templates/Alliance/attack-defender.tpl +++ b/Templates/Alliance/attack-defender.tpl @@ -1,7 +1,7 @@ alliance AND $limit ORDER BY time DESC LIMIT 20"); +$sql = mysqli_query($GLOBALS['link'],"SELECT * FROM $prefix WHERE ally = ".(int) $session->alliance." AND $limit ORDER BY time DESC LIMIT 20"); $query = mysqli_num_rows($sql); $outputList = ''; $name = 1; diff --git a/Templates/Alliance/attacks.tpl b/Templates/Alliance/attacks.tpl index 8efc46d9..cececccf 100644 --- a/Templates/Alliance/attacks.tpl +++ b/Templates/Alliance/attacks.tpl @@ -28,7 +28,7 @@ include("alli_menu.tpl"); }else{ $prefix = "".TB_PREFIX."ndata"; $limit = "ntype!=8 AND ntype!=9 AND ntype!=10 AND ntype!=11 AND ntype!=12 AND ntype!=13 AND ntype!=14 AND ntype!=15 AND ntype!=16 AND ntype!=17"; -$sql = mysqli_query($GLOBALS['link'],"SELECT * FROM $prefix WHERE ally = $session->alliance AND $limit ORDER BY time DESC LIMIT 20"); +$sql = mysqli_query($GLOBALS['link'],"SELECT * FROM $prefix WHERE ally = ".(int) $session->alliance." AND $limit ORDER BY time DESC LIMIT 20"); $query = mysqli_num_rows($sql); $outputList = ''; $name = 1; diff --git a/Templates/Build/16_incomming.tpl b/Templates/Build/16_incomming.tpl index 788b190e..b917a2ce 100644 --- a/Templates/Build/16_incomming.tpl +++ b/Templates/Build/16_incomming.tpl @@ -8,7 +8,7 @@ $total_for2 = count($send); for($y=0;$y < $total_for;$y++){ for($i=0;$i < $total_for2;$i++){ if($units[$y]['ref'] == $send[$i]['ref2']){ -$res1 = mysqli_query($GLOBALS['link'],"SELECT * FROM " . TB_PREFIX . "send where id = ".$send[$i]['ref'].""); +$res1 = mysqli_query($GLOBALS['link'],"SELECT * FROM " . TB_PREFIX . "send where id = ".(int) $send[$i]['ref'].""); $res = mysqli_fetch_array($res1); } } diff --git a/Templates/Build/26.tpl b/Templates/Build/26.tpl index 2cb44d74..f6def4bc 100644 --- a/Templates/Build/26.tpl +++ b/Templates/Build/26.tpl @@ -7,32 +7,32 @@ if(time() - $_SESSION['time_p'] > 5) { if($_POST AND $_GET['action'] == 'change_capital') { $pass = mysqli_escape_string($GLOBALS['link'],$_POST['pass']); - $query = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'users` WHERE `id` = ' . $session->uid); + $query = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'users` WHERE `id` = ' . (int) $session->uid); $data = mysqli_fetch_assoc($query); if($data['password'] == md5($pass)) { - $query1 = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'vdata` WHERE `owner` = ' . $session->uid . ' AND `capital` = 1'); + $query1 = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'vdata` WHERE `owner` = ' .(int) $session->uid . ' AND `capital` = 1'); $data1 = mysqli_fetch_assoc($query1); - $query2 = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'fdata` WHERE `vref` = ' . $data1['wref']); + $query2 = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'fdata` WHERE `vref` = ' . (int) $data1['wref']); $data2 = mysqli_fetch_assoc($query2); if($data2['vref'] != $village->wid) { for($i = 1; $i<=18; ++$i) { if($data2['f' . $i] > 10) { - $query2 = mysqli_query($GLOBALS['link'],'UPDATE `' . TB_PREFIX . 'fdata` SET `f' . $i . '` = 10 WHERE `vref` = ' . $data2['vref']) or die(mysqli_error($database->dblink)); + $query2 = mysqli_query($GLOBALS['link'],'UPDATE `' . TB_PREFIX . 'fdata` SET `f' . $i . '` = 10 WHERE `vref` = ' . (int) $data2['vref']) or die(mysqli_error($database->dblink)); } } for($i=19; $i<=40; ++$i) { if($data2['f' . $i . 't'] == 34) { - $query3 = mysqli_query($GLOBALS['link'],'UPDATE `' . TB_PREFIX . 'fdata` SET `f' . $i . 't` = 0, `f' . $i . '` = 0 WHERE `vref` = ' . $data2['vref']) or die(mysqli_error($database->dblink)); + $query3 = mysqli_query($GLOBALS['link'],'UPDATE `' . TB_PREFIX . 'fdata` SET `f' . $i . 't` = 0, `f' . $i . '` = 0 WHERE `vref` = ' . (int) $data2['vref']) or die(mysqli_error($database->dblink)); } } for($i=19; $i<=40; ++$i) { if($data2['f' . $i . 't'] == 29 or $data2['f' . $i . 't'] == 30 or $data2['f' . $i . 't'] == 38 or $data2['f' . $i . 't'] == 39 or $data2['f' . $i . 't'] == 42) { - $query3 = mysqli_query($GLOBALS['link'],'UPDATE `' . TB_PREFIX . 'fdata` SET `f' . $i . 't` = 0, `f' . $i . '` = 0 WHERE `vref` = ' . $village->wid) or die(mysqli_error($database->dblink)); + $query3 = mysqli_query($GLOBALS['link'],'UPDATE `' . TB_PREFIX . 'fdata` SET `f' . $i . 't` = 0, `f' . $i . '` = 0 WHERE `vref` = ' . (int) $village->wid) or die(mysqli_error($database->dblink)); } } -$query3 = mysqli_query($GLOBALS['link'],'UPDATE `' . TB_PREFIX . 'vdata` SET `capital` = 0 WHERE `wref` = ' . $data1['wref']); -$query4 = mysqli_query($GLOBALS['link'],'UPDATE `' . TB_PREFIX . 'vdata` SET `capital` = 1 WHERE `wref` = ' . $village->wid); +$query3 = mysqli_query($GLOBALS['link'],'UPDATE `' . TB_PREFIX . 'vdata` SET `capital` = 0 WHERE `wref` = ' . (int) $data1['wref']); +$query4 = mysqli_query($GLOBALS['link'],'UPDATE `' . TB_PREFIX . 'vdata` SET `capital` = 1 WHERE `wref` = ' . (int) $village->wid); } } else { $error = '
'.LOGIN_PW_ERROR.'
'; @@ -68,7 +68,7 @@ else{ ?> uid . ' AND `capital` = 1'); +$query = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'vdata` WHERE `owner` = ' . (int) $session->uid . ' AND `capital` = 1'); $data = mysqli_fetch_assoc($query); if($data['wref'] == $village->wid) { ?> diff --git a/Templates/Build/27_1.tpl b/Templates/Build/27_1.tpl index 9f3ea35f..69eaf0c6 100644 --- a/Templates/Build/27_1.tpl +++ b/Templates/Build/27_1.tpl @@ -105,7 +105,7 @@ if(mysqli_num_rows(mysqli_query($GLOBALS['link'],"SELECT * FROM " . TB_PREFIX . $arts = mysqli_query($GLOBALS['link'],"SELECT * FROM " . TB_PREFIX . "artefacts"); $rows = array(); while($row = mysqli_fetch_array($arts)) { - $query = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'wdata` WHERE `id` = ' . $row['vref']); + $query = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'wdata` WHERE `id` = ' . (int) $row['vref']); $coor2 = mysqli_fetch_assoc($query); diff --git a/Templates/Build/37.tpl b/Templates/Build/37.tpl index e709187a..484d1fcd 100644 --- a/Templates/Build/37.tpl +++ b/Templates/Build/37.tpl @@ -8,7 +8,7 @@ | Copyright: TravianX Project All rights reserved | \*-------------------------------------------------------*/ - $hero = mysqli_query($GLOBALS['link'],"SELECT * FROM " . TB_PREFIX . "hero WHERE `uid` = " . $session->uid . ""); + $hero = mysqli_query($GLOBALS['link'],"SELECT * FROM " . TB_PREFIX . "hero WHERE `uid` = " . (int) $session->uid . ""); $hero_info = mysqli_fetch_array($hero); $define['reset_level'] = 3; // Until which level you are able to reset your points diff --git a/Templates/Build/37_hero.tpl b/Templates/Build/37_hero.tpl index 82c4b88c..1a62b9f9 100644 --- a/Templates/Build/37_hero.tpl +++ b/Templates/Build/37_hero.tpl @@ -14,8 +14,8 @@ global $database; if (isset($_POST['name'])) { $_POST['name'] = stripslashes($_POST['name']); - mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."hero SET `name`='".($database->escape($_POST['name']))."' where `uid`='".$session->uid."'") or die("ERROR:".mysqli_error($database->dblink)); - $hero = mysqli_query("SELECT * FROM " . TB_PREFIX . "hero WHERE `uid` = " . $session->uid . ""); + mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."hero SET `name`='".($database->escape($_POST['name']))."' where `uid`='".$database->escape($session->uid)."'") or die("ERROR:".mysqli_error($database->dblink)); + $hero = mysqli_query("SELECT * FROM " . TB_PREFIX . "hero WHERE `uid` = " . (int) $session->uid . ""); $hero_info = mysqli_fetch_array($hero); echo "".NAME_CHANGED.""; } @@ -170,48 +170,48 @@ if (isset($_POST['name'])) { if($_GET['add'] == "reset") { if($hero_info['level'] <= 3){ if($hero_info['attack'] != 0 OR $hero_info['defence'] != 0 OR $hero_info['attackbonus'] != 0 OR $hero_info['defencebonus'] != 0 OR $hero_info['regeneration'] != 0){ - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `points` = '".(($hero_info['level']*5)+5)."' WHERE `uid` = '" . $session->uid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `attack` = '0' WHERE `uid` = '" . $session->uid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `defence` = '0' WHERE `uid` = '" . $session->uid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `attackbonus` = '0' WHERE `uid` = '" . $session->uid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `defencebonus` = '0' WHERE `uid` = '" . $session->uid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `regeneration` = '0' WHERE `uid` = '" . $session->uid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `points` = '".(($hero_info['level']*5)+5)."' WHERE `uid` = '" . $database->escape($session->uid) . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `attack` = '0' WHERE `uid` = '" . $database->escape($session->uid) . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `defence` = '0' WHERE `uid` = '" . $database->escape($session->uid) . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `attackbonus` = '0' WHERE `uid` = '" . $database->escape($session->uid) . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `defencebonus` = '0' WHERE `uid` = '" . $database->escape($session->uid) . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `regeneration` = '0' WHERE `uid` = '" . $database->escape($session->uid) . "'"); header("Location: build.php?id=".$id.""); } } } if($_GET['add'] == "off" && $hero_info['attack'] < 100) { if($hero_info['points'] > 0) { - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `attack` = `attack` + 1 WHERE `uid` = '" . $session->uid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `points` = `points` - 1 WHERE `uid` = '" . $session->uid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `attack` = `attack` + 1 WHERE `uid` = '" . $database->escape($session->uid) . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `points` = `points` - 1 WHERE `uid` = '" . $database->escape($session->uid) . "'"); header("Location: build.php?id=".$id.""); } } if($_GET['add'] == "deff" && $hero_info['defence'] < 100) { if($hero_info['points'] > 0) { - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `defence` = `defence` + 1 WHERE `uid` = '" . $session->uid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `points` = `points` - 1 WHERE `uid` = '" . $session->uid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `defence` = `defence` + 1 WHERE `uid` = '" . $database->escape($session->uid) . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `points` = `points` - 1 WHERE `uid` = '" . $database->escape($session->uid) . "'"); header("Location: build.php?id=".$id.""); } } if($_GET['add'] == "obonus" && $hero_info['attackbonus'] < 100) { if($hero_info['points'] > 0) { - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `attackbonus` = `attackbonus` + 1 WHERE `uid` = '" . $session->uid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `points` = `points` - 1 WHERE `uid` = '" . $session->uid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `attackbonus` = `attackbonus` + 1 WHERE `uid` = '" . $database->escape($session->uid) . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `points` = `points` - 1 WHERE `uid` = '" . $database->escape($session->uid) . "'"); header("Location: build.php?id=".$id.""); } } if($_GET['add'] == "dbonus" && $hero_info['defencebonus'] < 100) { if($hero_info['points'] > 0) { - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `defencebonus` = `defencebonus` + 1 WHERE `uid` = '" . $session->uid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `points` = `points` - 1 WHERE `uid` = '" . $session->uid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `defencebonus` = `defencebonus` + 1 WHERE `uid` = '" . $database->escape($session->uid) . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `points` = `points` - 1 WHERE `uid` = '" . $database->escape($session->uid) . "'"); header("Location: build.php?id=".$id.""); } } if($_GET['add'] == "reg" && $hero_info['regeneration'] < 100) { if($hero_info['points'] > 0) { - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `regeneration` = `regeneration` + 1 WHERE `uid` = '" . $session->uid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `points` = `points` - 1 WHERE `uid` = '" . $session->uid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `regeneration` = `regeneration` + 1 WHERE `uid` = '" . $database->escape($session->uid) . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `points` = `points` - 1 WHERE `uid` = '" . $database->escape($session->uid) . "'"); header("Location: build.php?id=".$id.""); } } diff --git a/Templates/Build/37_revive.tpl b/Templates/Build/37_revive.tpl index 39ae80be..9fd10d82 100644 --- a/Templates/Build/37_revive.tpl +++ b/Templates/Build/37_revive.tpl @@ -171,11 +171,11 @@ if($_GET['revive'] == 1 && $hero_info['inrevive'] == 0 && $hero_info['intraining'] == 0 && $hero_info['dead'] == 1){ if($session->access != BANNED){ - mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."hero SET `inrevive` = '1', `trainingtime` = '".$training_time2."', `wref` = '".$village->wid."' WHERE `uid` = '".$session->uid."'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$wood." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".$clay." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".$iron." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".$crop." WHERE `wref` = '" . $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."hero SET `inrevive` = '1', `trainingtime` = '".(int) $training_time2."', `wref` = '".(int) $village->wid."' WHERE `uid` = '".(int) $session->uid."'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".(int) $wood." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".(int) $clay." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".(int) $iron ." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $crop." WHERE `wref` = '" . (int) $village->wid . "'"); header("Location: build.php?id=".$id.""); }else{ header("Location: banned.php"); diff --git a/Templates/Build/37_train.tpl b/Templates/Build/37_train.tpl index fe3423e7..a04379ed 100644 --- a/Templates/Build/37_train.tpl +++ b/Templates/Build/37_train.tpl @@ -34,7 +34,7 @@ //check if there is unit needed in the village -$result = mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."units WHERE `vref` = ".$village->wid.""); +$result = mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."units WHERE `vref` = ".(int) $village->wid.""); $units = mysqli_fetch_array($result); $output=" @@ -529,18 +529,18 @@ $output.=" //HERO TRAINING - $count_hero = mysqli_num_rows(mysqli_query($GLOBALS['link'],"SELECT * FROM " . TB_PREFIX . "hero WHERE `uid` = " . $session->uid . "")); + $count_hero = mysqli_num_rows(mysqli_query($GLOBALS['link'],"SELECT * FROM " . TB_PREFIX . "hero WHERE `uid` = " . $database->escape($session->uid) . "")); if($session->tribe == 1){ if($_GET['train'] == 1){ if($session->access != BANNED){ - mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'"); + mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $database->escape($session->uid) . "'"); if($count_hero == 0){ - mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '1', '".addslashes($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u1['time'] / SPEED)*3))."', '50', '1')"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u1` = `u1` - 1 WHERE `vref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u1['wood']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".$u1['clay']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".$u1['iron']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".$u1['crop']." WHERE `wref` = '" . $village->wid . "'"); + mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$database->escape($session->uid)."', '" . (int) $village->wid . "', '0', '1', '".$database-escape($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u1['time'] / SPEED)*3))."', '50', '1')"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u1` = `u1` - 1 WHERE `vref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".(int) $u1['wood']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".(int) $u1['clay']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".(int) $u1['iron']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u1['crop']." WHERE `wref` = '" . (int) $village->wid . "'"); } header("Location: build.php?id=".$id.""); }else{ @@ -549,14 +549,14 @@ $output.=" } if($_GET['train'] == 2){ if($session->access != BANNED){ - mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'"); + mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $database->escape($session->uid) . "'"); if($count_hero == 0){ - mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '2', '".addslashes($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u1['time'] / SPEED)*3))."', '50', '1')"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u2` = `u2` - 1 WHERE `vref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u2['wood']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".$u2['clay']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".$u2['iron']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".$u2['crop']." WHERE `wref` = '" . $village->wid . "'"); + mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$database->escape($session->uid)."', '" . (int) $village->wid . "', '0', '2', '".$database-escape($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u1['time'] / SPEED)*3))."', '50', '1')"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u2` = `u2` - 1 WHERE `vref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".(int) $u2['wood']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".(int) $u2['clay']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".(int) $u2['iron']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u2['crop']." WHERE `wref` = '" . (int) $village->wid . "'"); } header("Location: build.php?id=".$id.""); }else{ @@ -565,13 +565,13 @@ $output.=" } if($_GET['train'] == 3){ if($session->access != BANNED){ - mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'"); - mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '3', '".addslashes($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u3['time'] / SPEED)*3))."', '50', '1')"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u3` = `u3` - 1 WHERE `vref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u3['wood']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".$u3['clay']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".$u3['iron']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".$u3['crop']." WHERE `wref` = '" . $village->wid . "'"); + mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $database->escape($session->uid) . "'"); + mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$database->escape($session->uid)."', '" . (int) $village->wid . "', '0', '3', '".$database-escape($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u3['time'] / SPEED)*3))."', '50', '1')"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u3` = `u3` - 1 WHERE `vref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".(int) $u3['wood']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".(int) $u3['clay']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".(int) $u3['iron']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u3['crop']." WHERE `wref` = '" . (int) $village->wid . "'"); header("Location: build.php?id=".$id.""); }else{ header("Location: banned.php"); @@ -579,14 +579,14 @@ $output.=" } if($_GET['train'] == 5){ if($session->access != BANNED){ - mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'"); + mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $database->escape($session->uid) . "'"); if($count_hero == 0){ - mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '5', '".addslashes($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u5['time'] / SPEED)*3))."', '50', '1')"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u5` = `u5` - 1 WHERE `vref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u5['wood']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".$u5['clay']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".$u5['iron']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".$u5['crop']." WHERE `wref` = '" . $village->wid . "'"); + mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$database->escape($session->uid)."', '" . (int) $village->wid . "', '0', '5', '".$database-escape($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u5['time'] / SPEED)*3))."', '50', '1')"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u5` = `u5` - 1 WHERE `vref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".(int) $u5['wood']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".(int) $u5['clay']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".(int) $u5['iron']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u5['crop']." WHERE `wref` = '" . (int) $village->wid . "'"); } header("Location: build.php?id=".$id.""); }else{ @@ -595,14 +595,14 @@ $output.=" } if($_GET['train'] == 6){ if($session->access != BANNED){ - mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'"); + mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $database->escape($session->uid) . "'"); if($count_hero == 0){ - mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '6', '".addslashes($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u6['time'] / SPEED)*3))."', '50', '1')"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u6` = `u6` - 1 WHERE `vref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u6['wood']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".$u6['clay']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".$u6['iron']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".$u6['crop']." WHERE `wref` = '" . $village->wid . "'"); + mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$database->escape($session->uid)."', '" . (int) $village->wid . "', '0', '6', '".$database-escape($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u6['time'] / SPEED)*3))."', '50', '1')"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u6` = `u6` - 1 WHERE `vref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".(int) $u6['wood']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".(int) $u6['clay']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".(int) $u6['iron']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u6['crop']." WHERE `wref` = '" . (int) $village->wid . "'"); } header("Location: build.php?id=".$id.""); }else{ @@ -613,14 +613,14 @@ $output.=" if($session->tribe == 2){ if($_GET['train'] == 11){ if($session->access != BANNED){ - mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'"); + mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $database->escape($session->uid) . "'"); if($count_hero == 0){ - mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '11', '".addslashes($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u11['time'] / SPEED)*3))."', '50', '1')"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u11` = `u11` - 1 WHERE `vref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u11['wood']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".$u11['clay']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".$u11['iron']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".$u11['crop']." WHERE `wref` = '" . $village->wid . "'"); + mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$database->escape($session->uid)."', '" . (int) $village->wid . "', '0', '11', '".$database-escape($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u11['time'] / SPEED)*3))."', '50', '1')"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u11` = `u11` - 1 WHERE `vref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".(int) $u11['wood']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".(int) $u11['clay']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".(int) $u11['iron']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u11['crop']." WHERE `wref` = '" . (int) $village->wid . "'"); } header("Location: build.php?id=".$id.""); }else{ @@ -629,14 +629,14 @@ $output.=" } if($_GET['train'] == 12){ if($session->access != BANNED){ - mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'"); + mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $database->escape($session->uid) . "'"); if($count_hero == 0){ - mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '12', '".addslashes($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u12['time'] / SPEED)*3))."', '50', '1')"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u12` = `u12` - 1 WHERE `vref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u12['wood']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".$u12['clay']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".$u12['iron']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".$u12['crop']." WHERE `wref` = '" . $village->wid . "'"); + mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$database->escape($session->uid)."', '" . (int) $village->wid . "', '0', '12', '".$database-escape($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u12['time'] / SPEED)*3))."', '50', '1')"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u12` = `u12` - 1 WHERE `vref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".(int) $u12['wood']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".(int) $u12['clay']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".(int) $u12['iron']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u12['crop']." WHERE `wref` = '" . (int) $village->wid . "'"); } header("Location: build.php?id=".$id.""); }else{ @@ -645,14 +645,14 @@ $output.=" } if($_GET['train'] == 13){ if($session->access != BANNED){ - mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'"); + mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $database->escape($session->uid) . "'"); if($count_hero == 0){ - mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '13', '".addslashes($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u13['time'] / SPEED)*3))."', '50', '1')"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u13` = `u13` - 1 WHERE `vref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u13['wood']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".$u13['clay']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".$u13['iron']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".$u13['crop']." WHERE `wref` = '" . $village->wid . "'"); + mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$database->escape($session->uid)."', '" . (int) $village->wid . "', '0', '13', '".$database-escape($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u13['time'] / SPEED)*3))."', '50', '1')"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u13` = `u13` - 1 WHERE `vref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".(int) $u13['wood']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".(int) $u13['clay']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".(int) $u13['iron']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u13['crop']." WHERE `wref` = '" . (int) $village->wid . "'"); } header("Location: build.php?id=".$id.""); }else{ @@ -661,14 +661,14 @@ $output.=" } if($_GET['train'] == 15){ if($session->access != BANNED){ - mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'"); + mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $database->escape($session->uid) . "'"); if($count_hero == 0){ - mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '15', '".addslashes($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u15['time'] / SPEED)*3))."', '50', '1')"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u15` = `u15` - 1 WHERE `vref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u15['wood']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".$u15['clay']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".$u15['iron']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".$u15['crop']." WHERE `wref` = '" . $village->wid . "'"); + mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$database->escape($session->uid)."', '" . (int) $village->wid . "', '0', '15', '".$database-escape($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u15['time'] / SPEED)*3))."', '50', '1')"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u15` = `u15` - 1 WHERE `vref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".(int) $u15['wood']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".(int) $u15['clay']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".(int) $u15['iron']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u15['crop']." WHERE `wref` = '" . (int) $village->wid . "'"); } header("Location: build.php?id=".$id.""); }else{ @@ -677,14 +677,14 @@ $output.=" } if($_GET['train'] == 16){ if($session->access != BANNED){ - mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'"); + mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $database->escape($session->uid) . "'"); if($count_hero == 0){ - mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '16', '".addslashes($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u16['time'] / SPEED)*3))."', '50', '1')"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u16` = `u16` - 1 WHERE `vref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u16['wood']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".$u16['clay']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".$u16['iron']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".$u16['crop']." WHERE `wref` = '" . $village->wid . "'"); + mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$database->escape($session->uid)."', '" . (int) $village->wid . "', '0', '16', '".$database-escape($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u16['time'] / SPEED)*3))."', '50', '1')"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u16` = `u16` - 1 WHERE `vref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".(int) $u16['wood']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".(int) $u16['clay']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".(int) $u16['iron']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u16['crop']." WHERE `wref` = '" . (int) $village->wid . "'"); } header("Location: build.php?id=".$id.""); }else{ @@ -695,14 +695,14 @@ $output.=" if($session->tribe == 3){ if($_GET['train'] == 21){ if($session->access != BANNED){ - mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'"); + mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $database->escape($session->uid) . "'"); if($count_hero == 0){ - mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '21', '".addslashes($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u21['time'] / SPEED)*3))."', '50', '1')"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u21` = `u21` - 1 WHERE `vref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u21['wood']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".$u21['clay']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".$u21['iron']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".$u21['crop']." WHERE `wref` = '" . $village->wid . "'"); + mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$database->escape($session->uid)."', '" . (int) $village->wid . "', '0', '21', '".$database-escape($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u21['time'] / SPEED)*3))."', '50', '1')"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u21` = `u21` - 1 WHERE `vref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".(int) $u21['wood']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".(int) $u21['clay']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".(int) $u21['iron']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u21['crop']." WHERE `wref` = '" . (int) $village->wid . "'"); } header("Location: build.php?id=".$id.""); }else{ @@ -711,14 +711,14 @@ $output.=" } if($_GET['train'] == 22){ if($session->access != BANNED){ - mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'"); + mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $database->escape($session->uid) . "'"); if($count_hero == 0){ - mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '22', '".addslashes($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u22['time'] / SPEED)*3))."', '50', '1')"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u22` = `u22` - 1 WHERE `vref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u22['wood']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".$u22['clay']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".$u22['iron']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".$u22['crop']." WHERE `wref` = '" . $village->wid . "'"); + mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$database->escape($session->uid)."', '" . (int) $village->wid . "', '0', '22', '".$database-escape($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u22['time'] / SPEED)*3))."', '50', '1')"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u22` = `u22` - 1 WHERE `vref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".(int) $u22['wood']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".(int) $u22['clay']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".(int) $u22['iron']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u22['crop']." WHERE `wref` = '" . (int) $village->wid . "'"); } header("Location: build.php?id=".$id.""); }else{ @@ -727,14 +727,14 @@ $output.=" } if($_GET['train'] == 24){ if($session->access != BANNED){ - mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'"); + mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $database->escape($session->uid) . "'"); if($count_hero == 0){ - mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '24', '".addslashes($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u24['time'] / SPEED)*3))."', '50', '1')"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u24` = `u24` - 1 WHERE `vref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u24['wood']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".$u24['clay']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".$u24['iron']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".$u24['crop']." WHERE `wref` = '" . $village->wid . "'"); + mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$database->escape($session->uid)."', '" . (int) $village->wid . "', '0', '24', '".$database-escape($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u24['time'] / SPEED)*3))."', '50', '1')"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u24` = `u24` - 1 WHERE `vref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".(int) $u24['wood']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".(int) $u24['clay']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".(int) $u24['iron']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u24['crop']." WHERE `wref` = '" . (int) $village->wid . "'"); } header("Location: build.php?id=".$id.""); }else{ @@ -743,14 +743,14 @@ $output.=" } if($_GET['train'] == 25){ if($session->access != BANNED){ - mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'"); + mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $database->escape($session->uid) . "'"); if($count_hero == 0){ - mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '25', '".addslashes($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u25['time'] / SPEED)*3))."', '50', '1')"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u25` = `u25` - 1 WHERE `vref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u25['wood']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".$u25['clay']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".$u25['iron']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".$u25['crop']." WHERE `wref` = '" . $village->wid . "'"); + mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$database->escape($session->uid)."', '" . (int) $village->wid . "', '0', '25', '".$database-escape($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u25['time'] / SPEED)*3))."', '50', '1')"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u25` = `u25` - 1 WHERE `vref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".(int) $u25['wood']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".(int) $u25['clay']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".(int) $u25['iron']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u25['crop']." WHERE `wref` = '" . (int) $village->wid . "'"); } header("Location: build.php?id=".$id.""); }else{ @@ -759,14 +759,14 @@ $output.=" } if($_GET['train'] == 26){ if($session->access != BANNED){ - mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $session->uid . "'"); + mysqli_query($GLOBALS['link'],"DELETE from " . TB_PREFIX . "hero WHERE `dead` = 1 AND `uid` = '" . $database->escape($session->uid) . "'"); if($count_hero == 0){ - mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$session->uid."', '" . $village->wid . "', '0', '26', '".addslashes($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u26['time'] / SPEED)*3))."', '50', '1')"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u26` = `u26` - 1 WHERE `vref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".$u26['wood']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".$u26['clay']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".$u26['iron']." WHERE `wref` = '" . $village->wid . "'"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".$u26['crop']." WHERE `wref` = '" . $village->wid . "'"); + mysqli_query($GLOBALS['link'],"INSERT INTO ".TB_PREFIX."hero (`uid`, `wref`, `regeneration`, `unit`, `name`, `level`, `points`, `experience`, `dead`, `health`, `attack`, `defence`, `attackbonus`, `defencebonus`, `trainingtime`, `autoregen`, `intraining`) VALUES ('".$database->escape($session->uid)."', '" . (int) $village->wid . "', '0', '26', '".$database-escape($session->username)."', '0', '5', '0', '0', '100', '0', '0', '0', '0', '".round((time() + ($u26['time'] / SPEED)*3))."', '50', '1')"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET `u26` = `u26` - 1 WHERE `vref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `wood` = `wood` - ".(int) $u26['wood']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `clay` = `clay` - ".(int) $u26['clay']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".(int) $u26['iron']." WHERE `wref` = '" . (int) $village->wid . "'"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u26['crop']." WHERE `wref` = '" . (int) $village->wid . "'"); } header("Location: build.php?id=".$id.""); }else{ diff --git a/Templates/Build/avaliable.tpl b/Templates/Build/avaliable.tpl index 1354b84d..2354989f 100644 --- a/Templates/Build/avaliable.tpl +++ b/Templates/Build/avaliable.tpl @@ -164,11 +164,11 @@ $user = $session->uid; //loop search village user -$query = mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."vdata WHERE owner = ".$user.""); +$query = mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."vdata WHERE owner = ".(int) $user.""); while($villaggi_array = mysqli_fetch_array($query)){ //loop structure village - $query1 = mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."fdata WHERE vref = ".$villaggi_array['wref'].""); + $query1 = mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."fdata WHERE vref = ".(int) $villaggi_array['wref'].""); $strutture= mysqli_fetch_array($query1); if($strutture == false) $strutture = []; @@ -288,11 +288,11 @@ $user = $session->uid; //mysqli_select_db(SQL_DB); //loop search village user -$query = mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."vdata WHERE owner = ".$user.""); +$query = mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."vdata WHERE owner = ".(int) $user.""); while($villaggi_array = mysqli_fetch_array($query)){ //loop structure village - $query1 = mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."fdata WHERE vref = ".$villaggi_array['wref'].""); + $query1 = mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."fdata WHERE vref = ".(int) $villaggi_array['wref'].""); $strutture= mysqli_fetch_array($query1); //search Castle in array structure village diff --git a/Templates/Message/inbox.tpl b/Templates/Message/inbox.tpl index 50201a33..7b55cc71 100644 --- a/Templates/Message/inbox.tpl +++ b/Templates/Message/inbox.tpl @@ -11,7 +11,7 @@ x
There is not any raid list.'; @@ -192,7 +192,7 @@ $vdata = $database->getVillage($towref); uid." ORDER BY time DESC Limit 1"); +$getnotice = mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."ndata WHERE $limits AND toWref = ".(int) $towref." AND uid = ".(int) $session->uid." ORDER BY time DESC Limit 1"); if(mysqli_num_rows($getnotice) > 0){ while($row2 = mysqli_fetch_array($getnotice)){ $dataarray = explode(",",$row2['data']); @@ -313,7 +313,7 @@ if(!$database->getVilFarmlist($village->wid)){ { Travian.Game.RaidList.setData({ wid.''); +$result = mysqli_query($GLOBALS['link'],'SELECT * FROM '.TB_PREFIX.'farmlist WHERE wref = '.(int) $village->wid.''); $query1 = mysqli_num_rows($result); $NUM1 = 1; while($row = mysqli_fetch_array($result)){ @@ -324,7 +324,7 @@ $lid = $row['id']; "troops":{"1":,"2":,"3":,"4":,"5":,"6":,"7":,"8":,"9":,"10":,"11":}, "directions":{"village":"none","ew":"none","distance":"asc","troops":"none","lastRaid":"none"}, "slots":{getVillage($Wref); escape($_GET['lid']).""; +$getwref = "SELECT * FROM ".TB_PREFIX."raidlist WHERE lid = ".$database->escape((int) $_GET['lid']).""; $arraywref = $database->query_return($getwref); echo ''; if(mysqli_num_rows(mysqli_query($GLOBALS['link'],$getwref)) != 0){ diff --git a/Templates/goldClub/farmlist_editraid.tpl b/Templates/goldClub/farmlist_editraid.tpl index ff284d95..7d33a33f 100644 --- a/Templates/goldClub/farmlist_editraid.tpl +++ b/Templates/goldClub/farmlist_editraid.tpl @@ -92,7 +92,7 @@ $lid2 = $getlid['lid'];
Sent
uid."'") or die(mysqli_error($database->dblink)); + $MyGold = mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."users WHERE `id`='".(int) $session->uid."'") or die(mysqli_error($database->dblink)); $golds = mysqli_fetch_array($MyGold); $date2=strtotime("NOW"); if ($golds['plus'] <= $date2) { ?> diff --git a/Templates/Message/sent.tpl b/Templates/Message/sent.tpl index 88aaf95b..3b70f9c7 100644 --- a/Templates/Message/sent.tpl +++ b/Templates/Message/sent.tpl @@ -22,7 +22,7 @@ Recipient Sent
uid."'") or die(mysqli_error($database->dblink)); + $MyGold = mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."users WHERE `id`='".(int) $session->uid."'") or die(mysqli_error($database->dblink)); $golds = mysqli_fetch_array($MyGold); $date2=strtotime("NOW"); if ($golds['plus'] <= $date2) { ?> diff --git a/Templates/Notice/all.tpl b/Templates/Notice/all.tpl index 3e1697e2..16c7af19 100644 --- a/Templates/Notice/all.tpl +++ b/Templates/Notice/all.tpl @@ -12,7 +12,7 @@ $noticeClass = array("Scout Report","Won as attacker without losses","Won as att
uid."'") or die(mysqli_error($database->dblink)); + $MyGold = mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."users WHERE `id`='".(int) $session->uid."'") or die(mysqli_error($database->dblink)); $golds = mysqli_fetch_array($MyGold); $date2=strtotime("NOW"); if ($golds['plus'] <= $date2) { ?> diff --git a/Templates/Profile/preference.tpl b/Templates/Profile/preference.tpl index 86aaf989..fb703385 100644 --- a/Templates/Profile/preference.tpl +++ b/Templates/Profile/preference.tpl @@ -50,7 +50,7 @@ if($_POST) { if(trim($link['nr']) != '' AND trim($link['linkname']) != '' AND trim($link['linkziel']) != '' AND trim($link['id']) == '') { // Add new link - $userid = $session->uid; + $userid = (int) $session->uid; if($session->access!=BANNED){ $query = mysqli_query($GLOBALS['link'],'INSERT INTO `' . TB_PREFIX . 'links` (`userid`, `name`, `url`, `pos`) VALUES (' . $userid . ', \'' . $link['linkname'] . '\', \'' . $link['linkziel'] . '\', ' . $link['nr'] . ')'); }else{ @@ -82,7 +82,7 @@ if($_POST) { // Fetch all links -$query = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'links` WHERE `userid` = ' . $session->uid . ' ORDER BY `pos` ASC') or die(mysqli_error($database->dblink)); +$query = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'links` WHERE `userid` = ' . (int) $session->uid . ' ORDER BY `pos` ASC') or die(mysqli_error($database->dblink)); $links = array(); while($data = mysqli_fetch_assoc($query)) { $links[] = $data; diff --git a/Templates/a2b/attack.tpl b/Templates/a2b/attack.tpl index 346d7958..f5d855ee 100644 --- a/Templates/a2b/attack.tpl +++ b/Templates/a2b/attack.tpl @@ -380,7 +380,7 @@ $end = ($tribe*10); else { //$uid - $q = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = $uid"; + $q = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".(int) $uid; $result = mysqli_query($GLOBALS['link'],$q); $hero_f=mysqli_fetch_array($result); $hero_unit=$hero_f['unit']; diff --git a/Templates/a2b/sendback_1.tpl b/Templates/a2b/sendback_1.tpl index e493fba3..f5e1a8dc 100644 --- a/Templates/a2b/sendback_1.tpl +++ b/Templates/a2b/sendback_1.tpl @@ -137,7 +137,7 @@ $tocoor = $database->getCoor($enforce['vref']); } } if ($enforce['hero']>0){ - $qh = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".$to['owner'].""; + $qh = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".(int) $to['owner'].""; $resulth = mysqli_query($GLOBALS['link'],$qh); $hero_f=mysqli_fetch_array($resulth); $hero_unit=$hero_f['unit']; diff --git a/Templates/a2b/sendback_2.tpl b/Templates/a2b/sendback_2.tpl index 64de6af8..b22ab41a 100644 --- a/Templates/a2b/sendback_2.tpl +++ b/Templates/a2b/sendback_2.tpl @@ -138,7 +138,7 @@ $tocoor = $database->getCoor($enforce['vref']); } } if ($enforce['hero']>0){ - $qh = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".$to['owner'].""; + $qh = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".(int) $to['owner'].""; $resulth = mysqli_query($GLOBALS['link'],$qh); $hero_f=mysqli_fetch_array($resulth); $hero_unit=$hero_f['unit']; diff --git a/Templates/a2b/sendback_3.tpl b/Templates/a2b/sendback_3.tpl index 5423a23b..27274d05 100644 --- a/Templates/a2b/sendback_3.tpl +++ b/Templates/a2b/sendback_3.tpl @@ -137,7 +137,7 @@ $tocoor = $database->getCoor($enforce['vref']); } } if ($enforce['hero']>0){ - $qh = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".$to['owner'].""; + $qh = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".(int) $to['owner'].""; $resulth = mysqli_query($GLOBALS['link'],$qh); $hero_f=mysqli_fetch_array($resulth); $hero_unit=$hero_f['unit']; diff --git a/Templates/a2b/sendback_4.tpl b/Templates/a2b/sendback_4.tpl index 1b9c4445..3c9671da 100644 --- a/Templates/a2b/sendback_4.tpl +++ b/Templates/a2b/sendback_4.tpl @@ -138,7 +138,7 @@ $tocoor = $database->getCoor($enforce['vref']); } } if ($enforce['hero']>0){ - $qh = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".$to['owner'].""; + $qh = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".(int) $to['owner'].""; $resulth = mysqli_query($GLOBALS['link'],$qh); $hero_f=mysqli_fetch_array($resulth); $hero_unit=$hero_f['unit']; diff --git a/Templates/a2b/sendback_5.tpl b/Templates/a2b/sendback_5.tpl index 4f5e907a..d16e1a8a 100644 --- a/Templates/a2b/sendback_5.tpl +++ b/Templates/a2b/sendback_5.tpl @@ -137,7 +137,7 @@ $tocoor = $database->getCoor($enforce['vref']); } } if ($enforce['hero']>0){ - $qh = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".$to['owner'].""; + $qh = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".(int) $to['owner'].""; $resulth = mysqli_query($GLOBALS['link'],$qh); $hero_f=mysqli_fetch_array($resulth); $hero_unit=$hero_f['unit']; diff --git a/Templates/a2b/startRaid.tpl b/Templates/a2b/startRaid.tpl index 32712209..759e7155 100644 --- a/Templates/a2b/startRaid.tpl +++ b/Templates/a2b/startRaid.tpl @@ -7,7 +7,7 @@ $sql = "SELECT * FROM ".TB_PREFIX."raidlist WHERE lid = ".$database->escape($lid)." order by id asc"; $array = $database->query_return($sql); foreach($array as $row){ - $sql1 = mysqli_fetch_array(mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."units WHERE vref = ".$getFLData['wref'])); + $sql1 = mysqli_fetch_array(mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."units WHERE vref = ".(int) $getFLData['wref'])); $sid = $row['id']; $wref = $row['towref']; $t1 = $row['t1'];$t2 = $row['t2'];$t3 = $row['t3'];$t4 = $row['t4'];$t5 = $row['t5']; diff --git a/Templates/goldClub/farmlist.tpl b/Templates/goldClub/farmlist.tpl index f1ffe97f..da04163b 100644 --- a/Templates/goldClub/farmlist.tpl +++ b/Templates/goldClub/farmlist.tpl @@ -8,7 +8,7 @@ if(isset($_GET['t'])==99 && isset($_POST['action'])=='addList' && $_POST['did']! header("Location: build.php?gid=16&t=99&action=addList"); } -$sql = mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."farmlist WHERE owner = $session->uid ORDER BY wref = $village->wid DESC"); +$sql = mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."farmlist WHERE owner = ".(int) $session->uid." ORDER BY wref = $village->wid DESC"); $query = mysqli_num_rows($sql); while($row = mysqli_fetch_array($sql)){ $lid = $row["id"]; @@ -50,7 +50,7 @@ while($row = mysqli_fetch_array($sql)){
query_return($getwref); echo ''; if(mysqli_num_rows(mysqli_query($GLOBALS['link'],$getwref)) != 0){ diff --git a/a2b.php b/a2b.php index 58b6bd27..d22d180f 100644 --- a/a2b.php +++ b/a2b.php @@ -185,7 +185,7 @@ if(isset($_GET['o'])) { } if ($prisoner['t11']>0){ - $p_qh = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".$p_owner.""; + $p_qh = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".(int) $p_owner.""; $p_resulth = mysqli_query($GLOBALS['link'],$p_qh); $p_hero_f=mysqli_fetch_array($p_resulth); $p_hero_unit=$p_hero_f['unit']; diff --git a/allianz.php b/allianz.php index 5fd2c691..0da26ef9 100644 --- a/allianz.php +++ b/allianz.php @@ -21,7 +21,7 @@ if(isset($_GET['s'])){ if(isset($_GET['fid'])){ $fid = preg_replace("/[^0-9]/","",$_GET['fid']); - $forum = mysqli_query($GLOBALS['link'],"SELECT * FROM " . TB_PREFIX . "forum_cat WHERE id = ".$fid.""); + $forum = mysqli_query($GLOBALS['link'],"SELECT * FROM " . TB_PREFIX . "forum_cat WHERE id = ".(int) $fid.""); $forum_type = mysqli_fetch_array($forum); if($forum_type['forum_name'] != "" && $forum_type['forum_area'] == 0){ if($forum_type['alliance'] != $session->alliance){ @@ -30,7 +30,7 @@ if(isset($_GET['fid'])){ } }else if(isset($_GET['fid2'])){ $fid = preg_replace("/[^0-9]/","",$_GET['fid2']); - $forum = mysqli_query($GLOBALS['link'],"SELECT * FROM " . TB_PREFIX . "forum_cat WHERE id = ".$fid.""); + $forum = mysqli_query($GLOBALS['link'],"SELECT * FROM " . TB_PREFIX . "forum_cat WHERE id = ".(int) $fid.""); if (!empty($forum)) { $forum_type = mysqli_fetch_array($forum); if($forum_type['forum_name'] != "" && $forum_type['forum_area'] != 1){ diff --git a/create_account.php b/create_account.php index 2a86b1b6..89af78e6 100644 --- a/create_account.php +++ b/create_account.php @@ -157,26 +157,26 @@ if($_POST['password'] != ""){ $database->updateUserField($uid, "access", USER, 1); } - $wid = mysqli_fetch_assoc(mysqli_query($GLOBALS['link'],"SELECT * FROM " . TB_PREFIX . "vdata WHERE owner = $uid")); - $q = "UPDATE " . TB_PREFIX . "vdata SET pop = 834 WHERE owner = $uid"; + $wid = mysqli_fetch_assoc(mysqli_query($GLOBALS['link'],"SELECT * FROM " . TB_PREFIX . "vdata WHERE owner = ".(int) $uid)); + $q = "UPDATE " . TB_PREFIX . "vdata SET pop = 834 WHERE owner = ".(int) $uid; mysqli_query($GLOBALS['link'],$q) or die(mysqli_error($database->dblink)); - $q2 = "UPDATE " . TB_PREFIX . "users SET access = 2 WHERE id = $uid"; + $q2 = "UPDATE " . TB_PREFIX . "users SET access = 2 WHERE id = ".(int) $uid; mysqli_query($GLOBALS['link'],$q2) or die(mysqli_error($database->dblink)); if(SPEED > 3) { $speed = 5; } else { $speed = SPEED; } - $q3 = "UPDATE " . TB_PREFIX . "units SET u41 = " . (64700 * $speed) . ", u42 = " . (295231 * $speed) . ", u43 = " . (180747 * $speed) . ", u44 = " . (20000 * $speed) . ", u45 = " . (364401 * $speed) . ", u46 = " . (217602 * $speed) . ", u47 = " . (2034 * $speed) . ", u48 = " . (1040 * $speed) . " , u49 = " . (1 * $speed) . ", u50 = " . (9 * $speed) . " WHERE vref = " . $wid['wref'] . ""; + $q3 = "UPDATE " . TB_PREFIX . "units SET u41 = " . (64700 * $speed) . ", u42 = " . (295231 * $speed) . ", u43 = " . (180747 * $speed) . ", u44 = " . (20000 * $speed) . ", u45 = " . (364401 * $speed) . ", u46 = " . (217602 * $speed) . ", u47 = " . (2034 * $speed) . ", u48 = " . (1040 * $speed) . " , u49 = " . (1 * $speed) . ", u50 = " . (9 * $speed) . " WHERE vref = " . (int) $wid['wref'] . ""; mysqli_query($GLOBALS['link'],$q3) or die(mysqli_error($database->dblink)); - $q4 = "UPDATE " . TB_PREFIX . "users SET desc2 = '$desc' WHERE id = $uid"; + $q4 = "UPDATE " . TB_PREFIX . "users SET desc2 = '$desc' WHERE id = ".(int) $uid; mysqli_query($GLOBALS['link'],$q4) or die(mysqli_error($database->dblink)); /** * SCOUTING ALL PLAYERS FIX BY MisterX */ - $natar = mysqli_fetch_array(mysqli_query($GLOBALS['link'],"SELECT * FROM " . TB_PREFIX . "vdata WHERE owner = $uid and capital = 1")); + $natar = mysqli_fetch_array(mysqli_query($GLOBALS['link'],"SELECT * FROM " . TB_PREFIX . "vdata WHERE owner = ".(int) $uid." and capital = 1")); $multiplier = NATARS_UNITS; $q = "SELECT * FROM " . TB_PREFIX . "vdata WHERE capital = '1' and owner > '5'"; $array = $database->query_return($q); @@ -200,22 +200,22 @@ if($_POST['password'] != ""){ $database->addUnits($wid); $database->addTech($wid); $database->addABTech($wid); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET pop = 163 WHERE wref = $wid"); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET name = '$village_name' WHERE wref = $wid"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET pop = 163 WHERE wref = ".(int) $wid); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET name = '$village_name' WHERE wref = ".(int) $wid); if(SPEED > 3) { $speed = 5; } else { $speed = SPEED; } if($size == 1) { - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET u41 = " . (rand(1000, 2000) * $speed) . ", u42 = " . (rand(1500, 2000) * $speed) . ", u43 = " . (rand(2300, 2800) * $speed) . ", u44 = " . (rand(25, 75) * $speed) . ", u45 = " . (rand(1200, 1900) * $speed) . ", u46 = " . (rand(1500, 2000) * $speed) . ", u47 = " . (rand(500, 900) * $speed) . ", u48 = " . (rand(100, 300) * $speed) . " , u49 = " . (rand(1, 5) * $speed) . ", u50 = " . (rand(1, 5) * $speed) . " WHERE vref = " . $wid . ""); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "fdata SET f22t = 27, f22 = 10, f28t = 25, f28 = 10, f19t = 23, f19 = 10, f32t = 23, f32 = 10 WHERE vref = $wid"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET u41 = " . (rand(1000, 2000) * $speed) . ", u42 = " . (rand(1500, 2000) * $speed) . ", u43 = " . (rand(2300, 2800) * $speed) . ", u44 = " . (rand(25, 75) * $speed) . ", u45 = " . (rand(1200, 1900) * $speed) . ", u46 = " . (rand(1500, 2000) * $speed) . ", u47 = " . (rand(500, 900) * $speed) . ", u48 = " . (rand(100, 300) * $speed) . " , u49 = " . (rand(1, 5) * $speed) . ", u50 = " . (rand(1, 5) * $speed) . " WHERE vref = " . (int) $wid . ""); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "fdata SET f22t = 27, f22 = 10, f28t = 25, f28 = 10, f19t = 23, f19 = 10, f32t = 23, f32 = 10 WHERE vref = ".(int) $wid); } elseif($size == 2) { - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET u41 = " . (rand(2000, 4000) * $speed) . ", u42 = " . (rand(3000, 4000) * $speed) . ", u43 = " . (rand(4600, 5600) * $speed) . ", u44 = " . (rand(50, 150) * $speed) . ", u45 = " . (rand(2400, 3800) * $speed) . ", u46 = " . (rand(3000, 4000) * $speed) . ", u47 = " . (rand(1000, 1800) * $speed) . ", u48 = " . (rand(200, 600) * $speed) . " , u49 = " . (rand(2, 10) * $speed) . ", u50 = " . (rand(2, 10) * $speed) . " WHERE vref = " . $wid . ""); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "fdata SET f22t = 27, f22 = 10, f28t = 25, f28 = 20, f19t = 23, f19 = 10, f32t = 23, f32 = 10 WHERE vref = $wid"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET u41 = " . (rand(2000, 4000) * $speed) . ", u42 = " . (rand(3000, 4000) * $speed) . ", u43 = " . (rand(4600, 5600) * $speed) . ", u44 = " . (rand(50, 150) * $speed) . ", u45 = " . (rand(2400, 3800) * $speed) . ", u46 = " . (rand(3000, 4000) * $speed) . ", u47 = " . (rand(1000, 1800) * $speed) . ", u48 = " . (rand(200, 600) * $speed) . " , u49 = " . (rand(2, 10) * $speed) . ", u50 = " . (rand(2, 10) * $speed) . " WHERE vref = " . (int) $wid . ""); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "fdata SET f22t = 27, f22 = 10, f28t = 25, f28 = 20, f19t = 23, f19 = 10, f32t = 23, f32 = 10 WHERE vref = ".(int) $wid); } elseif($size == 3) { - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET u41 = " . (rand(4000, 8000) * $speed) . ", u42 = " . (rand(6000, 8000) * $speed) . ", u43 = " . (rand(9200, 11200) * $speed) . ", u44 = " . (rand(100, 300) * $speed) . ", u45 = " . (rand(4800, 7600) * $speed) . ", u46 = " . (rand(6000, 8000) * $speed) . ", u47 = " . (rand(2000, 3600) * $speed) . ", u48 = " . (rand(400, 1200) * $speed) . " , u49 = " . (rand(4, 20) * $speed) . ", u50 = " . (rand(4, 20) * $speed) . " WHERE vref = " . $wid . ""); - mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "fdata SET f22t = 27, f22 = 10, f28t = 25, f28 = 20, f19t = 23, f19 = 10, f32t = 23, f32 = 10 WHERE vref = $wid"); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "units SET u41 = " . (rand(4000, 8000) * $speed) . ", u42 = " . (rand(6000, 8000) * $speed) . ", u43 = " . (rand(9200, 11200) * $speed) . ", u44 = " . (rand(100, 300) * $speed) . ", u45 = " . (rand(4800, 7600) * $speed) . ", u46 = " . (rand(6000, 8000) * $speed) . ", u47 = " . (rand(2000, 3600) * $speed) . ", u48 = " . (rand(400, 1200) * $speed) . " , u49 = " . (rand(4, 20) * $speed) . ", u50 = " . (rand(4, 20) * $speed) . " WHERE vref = " . (int) $wid . ""); + mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "fdata SET f22t = 27, f22 = 10, f28t = 25, f28 = 20, f19t = 23, f19 = 10, f32t = 23, f32 = 10 WHERE vref = ".(int) $wid); } } diff --git a/massmessage.php b/massmessage.php index 81a20e13..cd6f455f 100644 --- a/massmessage.php +++ b/massmessage.php @@ -13,7 +13,7 @@ include_once("GameEngine/Account.php"); $max_per_pass = 1000; -if (mysqli_num_rows(mysqli_query($GLOBALS['link'],"SELECT id FROM ".TB_PREFIX."users WHERE access = 9 AND id = ".$session->uid)) != '1') die("Hacking attemp!"); +if (mysqli_num_rows(mysqli_query($GLOBALS['link'],"SELECT id FROM ".TB_PREFIX."users WHERE access = 9 AND id = ".(int) $session->uid)) != '1') die("Hacking attemp!"); if (@$_POST['submit'] == "Send") {