fix: all location headers need to have exit after them!

This commit is contained in:
Martin Ambrus
2017-10-22 13:00:54 +02:00
parent 43a2775ebc
commit 7270a69a63
74 changed files with 367 additions and 78 deletions
+9
View File
@@ -109,6 +109,7 @@ class Account {
header("Location: anmelden.php");
exit;
}
else {
if(AUTH_EMAIL){
@@ -119,6 +120,7 @@ class Account {
$mailer->sendActivate($_POST['email'],$_POST['name'],$_POST['pw'],$act);
header("Location: activate.php?id=$uid&q=$act2");
exit;
}
}
else {
@@ -130,6 +132,7 @@ class Account {
$database->updateUserField($uid,"invited",$_POST['invited'],1);
$this->generateBase($_POST['kid'],$uid,$_POST['name']);
header("Location: login.php");
exit;
}
}
}
@@ -148,16 +151,19 @@ class Account {
$database->unreg($dbarray['username']);
$this->generateBase($dbarray['kid'],$uid,$dbarray['username']);
header("Location: activate.php?e=2");
exit;
}
}
else
{
header("Location: activate.php?e=3");
exit;
}
}
else
{
header("Location: activate.php");
exit;
}
}
@@ -170,9 +176,11 @@ class Account {
if(password_verify($_POST['pw'], $dbarray['password'])) {
$database->unreg($dbarray['username']);
header("Location: anmelden.php");
exit;
}
else {
header("Location: activate.php?e=3");
exit;
}
}
@@ -207,6 +215,7 @@ class Account {
$_SESSION['valuearray'] = $_POST;
header("Location: login.php");
exit;
} else {
$userid = $database->getUserArray($_POST['user'], 0);
// Vacation mode by Shadow
+39 -18
View File
@@ -131,7 +131,8 @@
$database->insertAlliNotice($session->alliance, '<a href="spieler.php?uid=' . $session->uid . '">' . addslashes($session->username) . '</a> has invited <a href="spieler.php?uid=' . $UserData['id'] . '">' . addslashes($UserData['username']) . '</a> into the alliance.');
}
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
@@ -147,9 +148,11 @@
$database->insertAlliNotice($invite['alliance'], '<a href="spieler.php?uid=' . $session->uid . '">' . addslashes($session->username) . '</a> has rejected the invitation.');
}
}
header("Location: build.php?id=".$get['id']);
header("Location: build.php?id=".$get['id']);
exit;
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
@@ -167,9 +170,11 @@
$database->insertAlliNotice($session->alliance, '<a href="spieler.php?uid=' . $session->uid . '">' . addslashes($session->username) . '</a> has deleted the invitation for <a href="spieler.php?uid=' . $invitename['id'] . '">' . addslashes($invitename['username']) . '</a>.');
}
}
header("Location: allianz.php?delinvite");
header("Location: allianz.php?delinvite");
exit;
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
@@ -200,10 +205,12 @@
if($accept_error == 1){
$form->addError("ally_accept", "The alliance can contain only ".$max." peoples right now.");
}else{
header("Location: build.php?id=" . $get['id']);
header("Location: build.php?id=" . $get['id']);
exit;
}
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
@@ -230,6 +237,7 @@
$_SESSION['valuearray'] = $post;
header("Location: build.php?id=" . $post['id']);
exit;
} else {
$max = $bid18[$village->resarray['f' . $post['id']]]['attri'];
$aid = $database->createAlliance($post['ally1'], $post['ally2'], $session->uid, $max);
@@ -240,9 +248,11 @@
// log the notice
$database->insertAlliNotice($aid, 'The alliance has been founded by <a href="spieler.php?uid=' . $session->uid . '">' . addslashes($session->username) . '</a>.');
header("Location: build.php?id=" . $post['id']);
exit;
}
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
@@ -277,7 +287,8 @@
$database->insertAlliNotice($session->alliance, '<a href="spieler.php?uid=' . $session->uid . '">' . addslashes($session->username) . '</a> has changed the alliance name.');
}
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
@@ -300,7 +311,8 @@
$database->insertAlliNotice($session->alliance, '<a href="spieler.php?uid=' . $session->uid . '">' . addslashes($session->username) . '</a> has changed the alliance description.');
}
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
@@ -323,7 +335,8 @@
$database->insertAlliNotice($session->alliance, '<a href="spieler.php?uid=' . $session->uid . '">' . addslashes($session->username) . '</a> has changed permissions.');
}
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
/*****************************************
@@ -351,7 +364,8 @@
}
}
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
/*****************************************
@@ -362,10 +376,12 @@
if($session->access != BANNED){
if(isset($post['f_link'])){
$database->setAlliForumdblink($session->alliance, $post['f_link']);
header("Location: allianz.php?s=5");
header("Location: allianz.php?s=5");
exit;
}
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
/*****************************************
@@ -379,9 +395,11 @@
$text = ''.$survey['voted'].','.$session->uid.',';
$database->Vote($post['tid'], $post['vote'], $text);
}
header("Location: allianz.php?s=2&fid2=".$post['fid2']."&pid=".$post['pid']."&tid=".$post['tid']);
header("Location: allianz.php?s=2&fid2=".$post['fid2']."&pid=".$post['pid']."&tid=".$post['tid']);
exit;
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
/*****************************************
@@ -409,9 +427,11 @@
$database->deleteAlliance($session->alliance);
$database->insertAlliNotice($session->alliance, '<a href="spieler.php?uid=' . $session->uid . '">' . addslashes($session->username) . '</a> has quit the alliance.');
header("Location: spieler.php?uid=".$session->uid);
exit;
}
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
@@ -448,7 +468,8 @@
$form->addError("name", "Alliance does not exist");
}
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
+4 -1
View File
@@ -35,7 +35,8 @@ class Automation {
$isThere = mysqli_num_rows($q);
if($isThere > 0)
{
header('Location: winner.php');
header('Location: winner.php');
exit;
}else{
## there is no winner
}
@@ -3100,6 +3101,7 @@ $wallimg = "<img src=\"".GP_LOCATE."img/g/g3".$targettribe."Icon.gif\" height=\"
$_SESSION['errorarray'] = $form->getErrors();
$_SESSION['valuearray'] = $_POST;
header("Location: a2b.php");
exit;
} else {
//change units
@@ -3176,6 +3178,7 @@ $wallimg = "<img src=\"".GP_LOCATE."img/g/g3".$targettribe."Icon.gif\" height=\"
$technology->checkReinf($post['ckey']);
header("Location: build.php?id=39");
exit;
}
}
+21 -6
View File
@@ -47,14 +47,16 @@ class Building {
global $session;
if($session->access==BANNED){
header("Location: banned.php");
exit;
exit;
} else {
if ($this->checkResource($id,$tid)!=4) {
if($tid >= 19) {
header("Location: dorf2.php");
exit;
}
else {
header("Location: dorf1.php");
exit;
}
exit;
}
@@ -85,8 +87,10 @@ class Building {
$database->modifyGold($session->uid,1,0);
if($get['id'] > 18) {
header("Location: dorf2.php");
exit;
} else {
header("Location: dorf1.php");
exit;
}
}
if(isset($get['a']) && $get['c'] == $session->checker && isset($get['id'])) {
@@ -319,9 +323,11 @@ class Building {
}
if($jobs['field'] >= 19) {
header("Location: dorf2.php");
exit;
}
else {
header("Location: dorf1.php");
exit;
}
}
}
@@ -370,13 +376,16 @@ class Building {
$logging->addBuildLog($village->wid,$this->procResType($village->resarray['f'.$id.'t']),($village->resarray['f'.$id]+($loopsame>0?2:1)),0);
if($id >= 19) {
header("Location: dorf2.php");
exit;
}
else {
header("Location: dorf1.php");
exit;
}
}
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
}
@@ -413,9 +422,11 @@ class Building {
if($database->addBuilding($village->wid,$id,$village->resarray['f'.$id.'t'],$loop,$time,0,0,$level['f'.$id] + 1 + count($database->getBuildingByField($village->wid,$id)))) {
$logging->addBuildLog($village->wid,$this->procResType($village->resarray['f'.$id.'t']),($village->resarray['f'.$id]-1),2);
header("Location: dorf2.php");
exit;
}
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
}
@@ -449,9 +460,11 @@ class Building {
$logging->addBuildLog($village->wid,$this->procResType($tid),($village->resarray['f'.$id]+1),1);
$database->modifyResource($village->wid,$uprequire['wood'],$uprequire['clay'],$uprequire['iron'],$uprequire['crop'],0);
header("Location: dorf2.php");
exit;
}
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
}
@@ -819,9 +832,11 @@ class Building {
}
}
}
header("Location: ".$session->referrer);
header("Location: ".$session->referrer);
exit;
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
+30 -15
View File
@@ -50,7 +50,8 @@ class Market
$vref = $village->wid;
$database->getResourcesBack($vref,$type,$amt);
$database->addMarket($village->wid,$get['del'],0,0,0,0,0,0,1);
header("Location: build.php?id=".$get['id']."&t=2");
header("Location: build.php?id=".$get['id']."&t=2");
exit;
}
if(isset($get['t']) && $get['t'] == 1 && isset($get['a']) && $get['a'] == $session->mchecker && !isset($get['del']))
{
@@ -100,7 +101,8 @@ class Market
$availableCrop = $database->getCropAvailable($village->wid);
if($session->access == BANNED)
{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
else if($availableWood >= $post['r1'] AND $availableClay >= $post['r2'] AND $availableIron >= $post['r3'] AND $availableCrop >= $post['r4'])
{
@@ -124,7 +126,8 @@ class Market
}
}
}
header("Location: build.php?id=".$post['id']);
header("Location: build.php?id=".$post['id']);
exit;
}
else
{
@@ -140,17 +143,20 @@ class Market
if($post['rid1'] == $post['rid2'])
{
// Trading res for res of same type (invalid)
header("Location: build.php?id=".$post['id']."&t=2&e2");
header("Location: build.php?id=".$post['id']."&t=2&e2");
exit;
}
elseif($post['m1'] > (2 * $post['m2']))
{
// Trade is for more than 2x (invalid)
header("Location: build.php?id=".$post['id']."&t=2&e2");
header("Location: build.php?id=".$post['id']."&t=2&e2");
exit;
}
elseif($post['m2'] > (2 * $post['m1']))
{
// Trade is for less than 0.5x (invalid)
header("Location: build.php?id=".$post['id']."&t=2&e2");
header("Location: build.php?id=".$post['id']."&t=2&e2");
exit;
}
else
{
@@ -165,7 +171,8 @@ class Market
if($session->access == BANNED)
{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
elseif($availableWood >= $wood AND $availableClay >= $clay AND $availableIron >= $iron AND $availableCrop >= $crop)
@@ -194,18 +201,21 @@ class Market
$database->addMarket($village->wid,$post['rid1'],$post['m1'],$post['rid2'],$post['m2'],$time,$alliance,$reqMerc,0);
}
// Enough merchants
header("Location: build.php?id=".$post['id']."&t=2");
header("Location: build.php?id=".$post['id']."&t=2");
exit;
}
else
{
// Not enough merchants
header("Location: build.php?id=".$post['id']."&t=2&e3");
header("Location: build.php?id=".$post['id']."&t=2&e3");
exit;
}
}
else
{
// not enough resources
header("Location: build.php?id=".$post['id']."&t=2&e1");
header("Location: build.php?id=".$post['id']."&t=2&e1");
exit;
}
}
}
@@ -241,7 +251,8 @@ class Market
$database->setMarketAcc($get['g']);
$database->removeAcceptedOffer($get['g']);
$logging->addMarketLog($village->wid,2,array($infoarray['vref'],$get['g']));
header("Location: build.php?id=".$get['id']);
header("Location: build.php?id=".$get['id']);
exit;
}
private function loadOnsale()
@@ -330,7 +341,8 @@ class Market
//kijken of ze niet meer gs invoeren dan ze hebben
if($session->access == BANNED)
{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
else if (($post['m2'][0]+$post['m2'][1]+$post['m2'][2]+$post['m2'][3])<=(round($village->awood)+round($village->aclay)+round($village->airon)+round($village->acrop)))
{
@@ -339,16 +351,19 @@ class Market
$database->setVillageField($village->wid,"iron",$post['m2'][2]);
$database->setVillageField($village->wid,"crop",$post['m2'][3]);
$database->modifyGold($session->uid,3,0);
header("Location: build.php?id=".$post['id']."&t=3&c");;
header("Location: build.php?id=".$post['id']."&t=3&c");;
exit;
}
else
{
header("Location: build.php?id=".$post['id']."&t=3");
header("Location: build.php?id=".$post['id']."&t=3");
exit;
}
}
else
{
header("Location: build.php?id=".$post['id']."&t=3");
header("Location: build.php?id=".$post['id']."&t=3");
exit;
}
}
}
+10
View File
@@ -45,6 +45,7 @@ class Message {
$this->sendMessage($post['an'],$post['be'],addslashes($post['message']));
}
header("Location: nachrichten.php?t=2");
exit;
break;
case "m3":
case "m4":
@@ -88,6 +89,7 @@ class Message {
if($get['t'] == 5) {
if(!$session->plus){
header("Location: berichte.php");
exit;
} else {
$type = 9;
}
@@ -136,6 +138,7 @@ class Message {
}
$this->reply = $_SESSION['reply'] = $message;
header("Location: nachrichten.php?t=1&id=" . $message['owner']);
exit;
}
}
}
@@ -223,6 +226,7 @@ class Message {
}
}
header("Location: nachrichten.php");
exit;
}
private function archiveMessage($post) {
@@ -233,6 +237,7 @@ class Message {
}
}
header("Location: nachrichten.php");
exit;
}
private function unarchiveMessage($post) {
@@ -243,6 +248,7 @@ class Message {
}
}
header("Location: nachrichten.php");
exit;
}
private function removeNotice($post) {
@@ -253,6 +259,7 @@ class Message {
}
}
header("Location: berichte.php");
exit;
}
private function archiveNotice($post) {
@@ -263,6 +270,7 @@ class Message {
}
}
header("Location: berichte.php");
exit;
}
private function unarchiveNotice($post) {
@@ -273,6 +281,7 @@ class Message {
}
}
header("Location: berichte.php");
exit;
}
private function getReadNotice($id) {
@@ -593,6 +602,7 @@ class Message {
}
}
header("Location: nachrichten.php?t=1");
exit;
}
}
+15
View File
@@ -21,6 +21,7 @@ class Profile {
$this->updateProfile($post);
}else{
header("Location: banned.php");
exit;
}
break;
case "p3":
@@ -28,6 +29,7 @@ class Profile {
$this->updateAccount($post);
}else{
header("Location: banned.php");
exit;
}
break;
case "p4":
@@ -36,6 +38,7 @@ class Profile {
$this->setvactionmode($post);
}else{
header("Location: banned.php");
exit;
}
break;
}
@@ -47,6 +50,7 @@ class Profile {
$this->gpack($post);
}else{
header("Location: banned.php");
exit;
}
break;
}
@@ -62,6 +66,7 @@ class Profile {
$this->removeMeSit($get);
}else{
header("Location: banned.php");
exit;
}
break;
case 3:
@@ -69,6 +74,7 @@ class Profile {
$this->removeSitter($get);
}else{
header("Location: banned.php");
exit;
}
break;
case 4:
@@ -76,6 +82,7 @@ class Profile {
$this->cancelDeleting($get);
}else{
header("Location: banned.php");
exit;
}
break;
}
@@ -94,12 +101,14 @@ class Profile {
$database->setVillageName($database->RemoveXSS($varray[$i]['wref']),$k);
}
header("Location: spieler.php?uid=".$post['uid']);
exit;
}
private function gpack($post) {
global $database, $session;
$database->gpack($database->RemoveXSS($session->uid),$database->RemoveXSS($post['custom_url']));
header("Location: spieler.php?uid=".$session->uid);
exit;
}
/*******************************************************
@@ -123,8 +132,10 @@ class Profile {
$database->UpdateOnline("logout") or die(mysqli_error($database->dblink));
$session->Logout();
header("Location: login.php");
exit;
}else{
header("Location: spieler.php?s=5");
exit;
}
}
@@ -178,6 +189,7 @@ class Profile {
}
$_SESSION['errorarray'] = $form->getErrors();
header("Location: spieler.php?s=3");
exit;
}
private function removeSitter($get) {
@@ -189,12 +201,14 @@ class Profile {
$session->changeChecker();
}
header("Location: spieler.php?s=".$get['s']);
exit;
}
private function cancelDeleting($get) {
global $database,$session;
$database->setDeleting($get['id'],1);
header("Location: spieler.php?s=".$get['s']);
exit;
}
private function removeMeSit($get) {
@@ -204,6 +218,7 @@ class Profile {
$session->changeChecker();
}
header("Location: spieler.php?s=".$get['s']);
exit;
}
};
$profile = new Profile;
+6
View File
@@ -21,6 +21,7 @@ mb_internal_encoding("UTF-8"); // Add for utf8 varriables.
if(file_exists('GameEngine/config.php') || file_exists('../../GameEngine/config.php') || file_exists('../../config.php') || file_exists('../GameEngine/config.php')) {
}else{
header("Location: install/");
exit;
}
$script_name = ($_SERVER['REQUEST_URI'] == 'karte.php') ? 'karte' : $_SERVER['REQUEST_URI'];
@@ -123,8 +124,10 @@ class Session {
if ($dbarray['id'] == 1) {
header("Location: nachrichten.php");
exit;
} else {
header("Location: dorf1.php");
exit;
}
}
@@ -257,13 +260,16 @@ class Session {
if(!$this->logged_in) {
if(!in_array($page, $pagearray) || $page == "logout.php") {
header("Location: login.php");
exit;
}
} else {
if(in_array($page, $pagearray)) {
if ($this->uid == 1) {
header("Location: nachrichten.php");
exit;
} else {
header("Location: dorf1.php");
exit;
}
}
+5
View File
@@ -401,8 +401,10 @@ class Technology {
}
}
header("Location: build.php?id=".$post['id']);
exit;
}else{
header("Location: banned.php");
exit;
}
}
@@ -678,6 +680,7 @@ private function trainUnit($unit,$amt,$great=false) {
}
$session->changeChecker();
header("Location: build.php?id=".$get['id']);
exit;
}
private function upgradeSword($get) {
@@ -696,6 +699,7 @@ private function trainUnit($unit,$amt,$great=false) {
}
$session->changeChecker();
header("Location: build.php?id=".$get['id']);
exit;
}
private function upgradeArmour($get) {
@@ -714,6 +718,7 @@ private function trainUnit($unit,$amt,$great=false) {
}
$session->changeChecker();
header("Location: build.php?id=".$get['id']);
exit;
}
public function getUnitName($i) {
+15
View File
@@ -202,6 +202,7 @@ class Units {
$_SESSION['errorarray'] = $form->getErrors();
$_SESSION['valuearray'] = $_POST;
header("Location: a2b.php");
exit;
}else{
// We must return an array with $ post, which contains all the data more
// another variable that will define the flag is raised and is being sent and the type of shipping
@@ -218,6 +219,7 @@ class Units {
$_SESSION['errorarray'] = $form->getErrors();
$_SESSION['valuearray'] = $_POST;
header("Location: a2b.php");
exit;
}else{
$villageName = $database->getOasisField($id,"name");
@@ -364,6 +366,7 @@ class Units {
$_SESSION['errorarray'] = $form->getErrors();
$_SESSION['valuearray'] = $_POST;
header("Location: a2b.php");
exit;
} else {
if($session->access != BANNED){
@@ -523,11 +526,14 @@ if($session->access != BANNED){
$_SESSION['errorarray'] = $form->getErrors();
$_SESSION['valuearray'] = $_POST;
header("Location: a2b.php");
exit;
}
header("Location: build.php?id=39");
exit;
}else{
header("Location: banned.php");
exit;
}
}}
@@ -578,6 +584,7 @@ if($session->access != BANNED){
$_SESSION['errorarray'] = $form->getErrors();
$_SESSION['valuearray'] = $_POST;
header("Location: a2b.php");
exit;
} else {
//change units
@@ -654,6 +661,7 @@ if($session->access != BANNED){
$technology->checkReinf($post['ckey']);
header("Location: build.php?id=39");
exit;
}
} else {
@@ -662,10 +670,12 @@ if($session->access != BANNED){
$_SESSION['errorarray'] = $form->getErrors();
$_SESSION['valuearray'] = $_POST;
header("Location: a2b.php");
exit;
}
}
}else{
header("Location: banned.php");
exit;
}
}
@@ -684,20 +694,25 @@ header("Location: banned.php");
$database->modifyUnit($village->wid,array($unit),array(3),array(0));
$database->addMovement(5,$village->wid,$post['s'],0,time(),time()+$post['timestamp']);
header("Location: build.php?id=39");
exit;
if($form->returnErrors() > 0) {
$_SESSION['errorarray'] = $form->getErrors();
$_SESSION['valuearray'] = $_POST;
header("Location: a2b.php");
exit;
}
} else {
header("Location: build.php?id=39");
exit;
}
}else{
header("Location: dorf1.php");
exit;
}
}else{
header("Location: banned.php");
exit;
}
}
+1
View File
@@ -293,6 +293,7 @@ class Village {
if($page == "build.php" && $session->uid != $this->infoarray['owner']) {
unset($_SESSION['wid']);
header("Location: dorf1.php");
exit;
}
}