fix: all location headers need to have exit after them!

This commit is contained in:
Martin Ambrus
2017-10-22 13:00:54 +02:00
parent 43a2775ebc
commit 7270a69a63
74 changed files with 367 additions and 78 deletions
+6 -2
View File
@@ -4,8 +4,10 @@ if($_REQUEST["cancel"] == "1") {
if($session->access != BANNED){
$database->delDemolition($village->wid);
header("Location: build.php?gid=15&ty=$ty&cancel=0&demolish=0");
exit;
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
@@ -16,9 +18,11 @@ if($session->access != BANNED){
$database->addDemolition($village->wid,$type);
$session->changeChecker();
header("Location: build.php?gid=15&ty=$type&cancel=0&demolish=0");
exit;
}
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
+1
View File
@@ -266,5 +266,6 @@ function testSum() {
<?php
}else{
header("Location: build.php?id=".$_GET['id']."");
exit;
}
?>
+1
View File
@@ -70,5 +70,6 @@ echo "".TRADE_ROUTE_TO." <a href=karte.php?d=".$route['wid']."&c=".$generator->g
<?php
}}else{
header("Location: build.php?id=".$_GET['id']."");
exit;
}
?>
+22 -11
View File
@@ -45,7 +45,8 @@ if (isset($_POST['name'])) {
if($session->access != BANNED){
echo "<a href=\"build.php?id=".$id."&add=off\">(<b>+</b>)</a>";
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}else {
echo "<span class=\"none\">(+)</span>";
@@ -64,7 +65,8 @@ if (isset($_POST['name'])) {
if($session->access != BANNED){
echo "<a href=\"build.php?id=".$id."&add=deff\">(<b>+</b>)</a>";
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}else {
echo "<span class=\"none\">(+)</span>";
@@ -83,7 +85,8 @@ if (isset($_POST['name'])) {
if($session->access != BANNED){
echo "<a href=\"build.php?id=".$id."&add=obonus\">(<b>+</b>)</a>";
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}else {
@@ -103,7 +106,8 @@ if (isset($_POST['name'])) {
if($session->access != BANNED){
echo "<a href=\"build.php?id=".$id."&add=dbonus\">(<b>+</b>)</a>";
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}else {
@@ -123,7 +127,8 @@ if (isset($_POST['name'])) {
if($session->access != BANNED){
echo "<a href=\"build.php?id=".$id."&add=reg\">(<b>+</b>)</a>";
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}else {
@@ -176,7 +181,8 @@ if (isset($_POST['name'])) {
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `attackbonus` = '0' WHERE `uid` = '" . $database->escape($session->uid) . "'");
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `defencebonus` = '0' WHERE `uid` = '" . $database->escape($session->uid) . "'");
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `regeneration` = '0' WHERE `uid` = '" . $database->escape($session->uid) . "'");
header("Location: build.php?id=".$id."");
header("Location: build.php?id=".$id."");
exit;
}
}
}
@@ -184,35 +190,40 @@ if (isset($_POST['name'])) {
if($hero_info['points'] > 0) {
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `attack` = `attack` + 1 WHERE `uid` = '" . $database->escape($session->uid) . "'");
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `points` = `points` - 1 WHERE `uid` = '" . $database->escape($session->uid) . "'");
header("Location: build.php?id=".$id."");
header("Location: build.php?id=".$id."");
exit;
}
}
if($_GET['add'] == "deff" && $hero_info['defence'] < 100) {
if($hero_info['points'] > 0) {
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `defence` = `defence` + 1 WHERE `uid` = '" . $database->escape($session->uid) . "'");
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `points` = `points` - 1 WHERE `uid` = '" . $database->escape($session->uid) . "'");
header("Location: build.php?id=".$id."");
header("Location: build.php?id=".$id."");
exit;
}
}
if($_GET['add'] == "obonus" && $hero_info['attackbonus'] < 100) {
if($hero_info['points'] > 0) {
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `attackbonus` = `attackbonus` + 1 WHERE `uid` = '" . $database->escape($session->uid) . "'");
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `points` = `points` - 1 WHERE `uid` = '" . $database->escape($session->uid) . "'");
header("Location: build.php?id=".$id."");
header("Location: build.php?id=".$id."");
exit;
}
}
if($_GET['add'] == "dbonus" && $hero_info['defencebonus'] < 100) {
if($hero_info['points'] > 0) {
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `defencebonus` = `defencebonus` + 1 WHERE `uid` = '" . $database->escape($session->uid) . "'");
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `points` = `points` - 1 WHERE `uid` = '" . $database->escape($session->uid) . "'");
header("Location: build.php?id=".$id."");
header("Location: build.php?id=".$id."");
exit;
}
}
if($_GET['add'] == "reg" && $hero_info['regeneration'] < 100) {
if($hero_info['points'] > 0) {
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `regeneration` = `regeneration` + 1 WHERE `uid` = '" . $database->escape($session->uid) . "'");
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "hero SET `points` = `points` - 1 WHERE `uid` = '" . $database->escape($session->uid) . "'");
header("Location: build.php?id=".$id."");
header("Location: build.php?id=".$id."");
exit;
}
}
}
+2
View File
@@ -7,8 +7,10 @@ if($_GET['gid']==37 && isset($_GET['del'])){
if($session->access != BANNED){
$database->removeOases($_GET['del']);
header("Location: build.php?id=".$id."&land");
exit;
}else{
header("Location: banned.php");
exit;
}
}
?>
+3 -1
View File
@@ -177,8 +177,10 @@
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".(int) $iron ." WHERE `wref` = '" . (int) $village->wid . "'");
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $crop." WHERE `wref` = '" . (int) $village->wid . "'");
header("Location: build.php?id=".$id."");
exit;
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
if($hero_info['inrevive'] == 0 && $hero_info['intraining'] == 0) {
+45 -15
View File
@@ -543,8 +543,10 @@ $output.="<tr>
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u1['crop']." WHERE `wref` = '" . (int) $village->wid . "'");
}
header("Location: build.php?id=".$id."");
exit;
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
if($_GET['train'] == 2){
@@ -559,8 +561,10 @@ $output.="<tr>
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u2['crop']." WHERE `wref` = '" . (int) $village->wid . "'");
}
header("Location: build.php?id=".$id."");
exit;
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
if($_GET['train'] == 3){
@@ -573,8 +577,10 @@ $output.="<tr>
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `iron` = `iron` - ".(int) $u3['iron']." WHERE `wref` = '" . (int) $village->wid . "'");
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u3['crop']." WHERE `wref` = '" . (int) $village->wid . "'");
header("Location: build.php?id=".$id."");
exit;
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
if($_GET['train'] == 5){
@@ -589,8 +595,10 @@ $output.="<tr>
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u5['crop']." WHERE `wref` = '" . (int) $village->wid . "'");
}
header("Location: build.php?id=".$id."");
exit;
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
if($_GET['train'] == 6){
@@ -605,8 +613,10 @@ $output.="<tr>
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u6['crop']." WHERE `wref` = '" . (int) $village->wid . "'");
}
header("Location: build.php?id=".$id."");
exit;
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
}
@@ -623,8 +633,10 @@ $output.="<tr>
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u11['crop']." WHERE `wref` = '" . (int) $village->wid . "'");
}
header("Location: build.php?id=".$id."");
exit;
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
if($_GET['train'] == 12){
@@ -639,8 +651,10 @@ $output.="<tr>
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u12['crop']." WHERE `wref` = '" . (int) $village->wid . "'");
}
header("Location: build.php?id=".$id."");
exit;
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
if($_GET['train'] == 13){
@@ -655,8 +669,10 @@ $output.="<tr>
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u13['crop']." WHERE `wref` = '" . (int) $village->wid . "'");
}
header("Location: build.php?id=".$id."");
exit;
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
if($_GET['train'] == 15){
@@ -671,8 +687,10 @@ $output.="<tr>
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u15['crop']." WHERE `wref` = '" . (int) $village->wid . "'");
}
header("Location: build.php?id=".$id."");
exit;
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
if($_GET['train'] == 16){
@@ -687,8 +705,10 @@ $output.="<tr>
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u16['crop']." WHERE `wref` = '" . (int) $village->wid . "'");
}
header("Location: build.php?id=".$id."");
exit;
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
}
@@ -705,8 +725,10 @@ $output.="<tr>
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u21['crop']." WHERE `wref` = '" . (int) $village->wid . "'");
}
header("Location: build.php?id=".$id."");
exit;
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
if($_GET['train'] == 22){
@@ -721,8 +743,10 @@ $output.="<tr>
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u22['crop']." WHERE `wref` = '" . (int) $village->wid . "'");
}
header("Location: build.php?id=".$id."");
exit;
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
if($_GET['train'] == 24){
@@ -737,8 +761,10 @@ $output.="<tr>
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u24['crop']." WHERE `wref` = '" . (int) $village->wid . "'");
}
header("Location: build.php?id=".$id."");
exit;
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
if($_GET['train'] == 25){
@@ -753,8 +779,10 @@ $output.="<tr>
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u25['crop']." WHERE `wref` = '" . (int) $village->wid . "'");
}
header("Location: build.php?id=".$id."");
exit;
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
if($_GET['train'] == 26){
@@ -769,8 +797,10 @@ $output.="<tr>
mysqli_query($GLOBALS['link'],"UPDATE " . TB_PREFIX . "vdata SET `crop` = `crop` - ".(int) $u26['crop']." WHERE `wref` = '" . (int) $village->wid . "'");
}
header("Location: build.php?id=".$id."");
exit;
}else{
header("Location: banned.php");
header("Location: banned.php");
exit;
}
}
}