-
-
-
-
-
-
-
-
-CheckLogin()){
- if($_POST or $_GET){
- if($_GET['p'] and $_GET['p']!="search"){
- $filename = '../Templates/Admin/'.$_GET['p'].'.tpl';
- if(file_exists($filename)){
- include($filename);
- }else{
- include('../Templates/Admin/404.tpl');
- }
- }else{
- include('../Templates/Admin/search.tpl');
- }
- if($_POST['p'] and $_POST['s']){
- $filename = '../Templates/Admin/results_'.$_POST['p'].'.tpl';
- if(file_exists($filename)){
- include($filename);
- }else{
- include('../Templates/Admin/404.tpl');
- }
- }
- }else{
- include('../Templates/Admin/home.tpl');
- }
- }else{
- include('../Templates/Admin/login.tpl');
- }
-?>
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/Admin/ajax.js b/Admin/ajax.js
deleted file mode 100644
index 18f0b07e..00000000
--- a/Admin/ajax.js
+++ /dev/null
@@ -1,70 +0,0 @@
-var http_request = false;
-
-function macheRequest(url, id)
-{
-
- http_request = false;
-
- if (window.XMLHttpRequest)
- { // Mozilla, Safari,...
- http_request = new XMLHttpRequest();
- if (http_request.overrideMimeType)
- {
- http_request.overrideMimeType('text/xml');
- // zu dieser Zeile siehe weiter unten
- }
- }
- else if (window.ActiveXObject)
- { // IE
- try
- {
- http_request = new ActiveXObject("Msxml2.XMLHTTP");
- }
- catch (e)
- {
- try
- {
- http_request = new ActiveXObject("Microsoft.XMLHTTP");
- }
- catch (e)
- {
- }
- }
- }
-
- if (!http_request)
- {
- alert('Ende :( Kann keine XMLHTTP-Instanz erzeugen');
- return false;
- }
- http_request.onreadystatechange = function()
- {
- alertInhalt2(id);
- };
- http_request.open('GET', url, true);
- http_request.send(null);
-
-}
-
-function alertInhalt2(id)
-{
-
- if (http_request.readyState == 4)
- {
- if (http_request.status == 200)
- {
- // alert(http_request.responseText);
- myElement = document.getElementById(id);
- if (myElement != null)
- {
- myElement.innerHTML = http_request.responseText;
- }
-
- }
- else
- {
- alert('Bei dem Request ist ein Problem aufgetreten.');
- }
- }
-
-}
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/addTroops.php b/GameEngine/Admin/Mods/addTroops.php
index bf9f4f43..8901af93 100644
--- a/GameEngine/Admin/Mods/addTroops.php
+++ b/GameEngine/Admin/Mods/addTroops.php
@@ -1,13 +1,20 @@
$id ',".time().")");
-header("Location: ../../../Admin/admin.php?p=addTroops&did=".$id."&d");
+header("Location: ../../../admin.php?p=addTroops&did=".$id."&d");
?>
diff --git a/GameEngine/Admin/Mods/cp.php b/GameEngine/Admin/Mods/cp.php
index 54c77539..f27ac957 100644
--- a/GameEngine/Admin/Mods/cp.php
+++ b/GameEngine/Admin/Mods/cp.php
@@ -1,25 +1,33 @@
access < ADMIN) die("Access Denied: You are not Admin!");
+if ($session->access < ADMIN) die("Access Denied: You aren't Admin!");
$id = $_POST['id'];
$admid = $_POST['admid'];
mysql_query("UPDATE ".TB_PREFIX."users SET cp = cp + ".$_POST['cp']." WHERE id = ".$id."");
$name = $database->getUserField($id,"username",0);
-mysql_query("Insert into ".TB_PREFIX."admin_log values (0,$admid,'Added ".$_POST['cp']." Cultural Points to user
$name ',".time().")");
+mysql_query("Insert into ".TB_PREFIX."admin_log values (0,$admid,'Added ".$_POST['cp']." Culture Points to user
$name ',".time().")");
-header("Location: ../../../Admin/admin.php?p=player&uid=".$id."&cp=ok");
+header("Location: ../../../admin.php?p=player&uid=".$id."&cp=ok");
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/editUser.php b/GameEngine/Admin/Mods/editUser.php
index a0187c64..c4e52a9b 100644
--- a/GameEngine/Admin/Mods/editUser.php
+++ b/GameEngine/Admin/Mods/editUser.php
@@ -1,24 +1,31 @@
getUserArray($id,1);
mysql_query("UPDATE ".TB_PREFIX."users SET email = '".$_POST['email']."', tribe = ".$_POST['tribe'].", location = '".$_POST['location']."', desc1 = '".$_POST['desc1']."', `desc2` = '".$_POST['desc2']."' WHERE id = ".$_POST['id']."");
mysql_query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Changed
".$user['username']."\'s profile',".time().")");
-
-header("Location: ../../../Admin/admin.php?p=player&uid=".$id."");
+header("Location: ../../../admin.php?p=player&uid=".$id."");
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/gold.php b/GameEngine/Admin/Mods/gold.php
index a2656428..b40c2946 100644
--- a/GameEngine/Admin/Mods/gold.php
+++ b/GameEngine/Admin/Mods/gold.php
@@ -1,26 +1,30 @@
access < ADMIN) die("Access Denied: You are not Admin!");
-
+if ($session->access < ADMIN) die("Access Denied: You aren't Admin!");
$id = $_POST['id'];
$gold = $_POST['gold'];
-
- $q = "UPDATE ".TB_PREFIX."users SET gold = gold + ".$_POST['gold']." WHERE id != '0'";
- mysql_query($q);
- mysql_query("Insert into ".TB_PREFIX."admin_log values (0,$id,'Added
$gold gold to all users',".time().")");
-
-
-header("Location: ../../../Admin/admin.php?p=gold&g");
+$q = "UPDATE ".TB_PREFIX."users SET gold = gold + ".$_POST['gold']." WHERE id != '0'";
+mysql_query($q);
+mysql_query("Insert into ".TB_PREFIX."admin_log values (0,$id,'Added
$gold gold to all users',".time().")");
+header("Location: ../../../admin.php?p=give&g=$gold");
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/gold_1.php b/GameEngine/Admin/Mods/gold_1.php
index 0f71d61a..ae04e287 100644
--- a/GameEngine/Admin/Mods/gold_1.php
+++ b/GameEngine/Admin/Mods/gold_1.php
@@ -1,14 +1,22 @@
getUserField($id,"username",0);
mysql_query("Insert into ".TB_PREFIX."admin_log values (0,$admid,'Added
".$_POST['gold']." gold to user
$name ',".time().")");
-header("Location: ../../../Admin/admin.php?p=player&uid=".$id."&g=ok");
+header("Location: ../../../admin.php?p=player&uid=".$id."&g=ok");
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/silver.php b/GameEngine/Admin/Mods/silver.php
new file mode 100644
index 00000000..d3d6c80e
--- /dev/null
+++ b/GameEngine/Admin/Mods/silver.php
@@ -0,0 +1,29 @@
+access < ADMIN) die("Access Denied: You aren't Admin!");
+$id = $_POST['id'];
+$silver = $_POST['silver'];
+$q = "UPDATE ".TB_PREFIX."users SET silver = silver + ".$_POST['silver']." WHERE id != '0'";
+mysql_query($q);
+mysql_query("Insert into ".TB_PREFIX."admin_log values (0,$id,'Added
$silver silver to all users',".time().")");
+header("Location: ../../../admin.php?p=give&s=$silver");
+?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/silver_1.php b/GameEngine/Admin/Mods/silver_1.php
new file mode 100644
index 00000000..2223be9c
--- /dev/null
+++ b/GameEngine/Admin/Mods/silver_1.php
@@ -0,0 +1,32 @@
+access < ADMIN) die("Access Denied: You are not Admin!");
+
+$id = $_POST['id'];
+$admid = $_POST['admid'];
+mysql_query("UPDATE ".TB_PREFIX."users SET silver = silver + ".$_POST['silver']." WHERE id = ".$id."");
+
+$name = $database->getUserField($id,"username",0);
+mysql_query("Insert into ".TB_PREFIX."admin_log values (0,$admid,'Added
".$_POST['silver']." silver to user
$name ',".time().")");
+
+header("Location: ../../../admin.php?p=player&uid=".$id."&s=ok");
+?>
\ No newline at end of file
diff --git a/GameEngine/Admin/database.php b/GameEngine/Admin/database.php
index 5c5fe2ae..e032514c 100644
--- a/GameEngine/Admin/database.php
+++ b/GameEngine/Admin/database.php
@@ -1,16 +1,24 @@
connection) or die(mysql_error());
}
- function Login($username,$password) {
+ function Login($username,$password){
$q = "SELECT password FROM ".TB_PREFIX."users where username = '$username' and access >= ".MULTIHUNTER;
$result = mysql_query($q, $this->connection);
$dbarray = mysql_fetch_array($result);
diff --git a/GameEngine/Admin/function.php b/GameEngine/Admin/function.php
index d8cda2ff..69971d89 100644
--- a/GameEngine/Admin/function.php
+++ b/GameEngine/Admin/function.php
@@ -12,7 +12,7 @@
class funct {
function CheckLogin(){
- if($_SESSION['access'] >= MULTIHUNTER && isset($_SESSION['id'])){
+ if($_SESSION['access'] >= MULTIHUNTER and $_SESSION['id']){
return true;
}else{
return false;
diff --git a/GameEngine/Database.php b/GameEngine/Database.php
index 9ec37f9d..1b1dd341 100644
--- a/GameEngine/Database.php
+++ b/GameEngine/Database.php
@@ -2,6 +2,7 @@
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
+## Edited by: ZZJHONS ##
## Filename Database.php ##
## License: TravianX Project ##
## Copyright: TravianX (c) 2010-2011. All rights reserved. ##
diff --git a/GameEngine/Message.php b/GameEngine/Message.php
index 5f0e4d3d..231bc51f 100644
--- a/GameEngine/Message.php
+++ b/GameEngine/Message.php
@@ -33,29 +33,51 @@
}
public function procMessage($post) {
+ global $session;
if(isset($post['ft'])) {
switch($post['ft']) {
case "m1":
+ if($session->access!=BANNED){
$this->quoteMessage($post['id']);
+ }else{
+ header("Location: banned.php");
+ }
break;
case "m2":
+ if($session->access!=BANNED or $post['an']==strtolower("multihunter")){
if ($post['an'] == "[ally]"){
$this->sendAMessage($post['an'],$post['be'],$post['message']);
}else{
$this->sendMessage($post['an'],$post['be'],$post['message']);
- }header("Location: nachrichten.php?t=2");
+ }
+ header("Location: nachrichten.php?t=2");
+ }else{
+ header("Location: banned.php");
+ }
break;
case "m3":
case "m4":
case "m5":
if(isset($post['delmsg_x'])) {
+ if($session->access!=BANNED){
$this->removeMessage($post);
+ }else{
+ header("Location: banned.php");
+ }
}
if(isset($post['archive_x'])) {
+ if($session->access!=BANNED){
$this->archiveMessage($post);
+ }else{
+ header("Location: banned.php");
+ }
}
if(isset($post['start_x'])) {
+ if($session->access!=BANNED){
$this->unarchiveMessage($post);
+ }else{
+ header("Location: banned.php");
+ }
}
break;
case "m6":
@@ -63,7 +85,7 @@
break;
}
}
- }
+ }
public function noticeType($get) {
global $session, $database;
@@ -94,13 +116,25 @@
public function procNotice($post) {
if(isset($post["del_x"])) {
+ if($session->access != BANNED){
$this->removeNotice($post);
+ }else{
+ header("Location: banned.php");
+ }
}
if(isset($post['archive_x'])) {
+ if($session->access != BANNED){
$this->archiveNotice($post);
+ }else{
+ header("Location: banned.php");
+ }
}
if(isset($post['start_x'])) {
+ if($session->access != BANNED){
$this->unarchiveNotice($post);
+ }else{
+ header("Location: banned.php");
+ }
}
}
diff --git a/GameEngine/Profile.php b/GameEngine/Profile.php
index 9241f126..0fa03ace 100644
--- a/GameEngine/Profile.php
+++ b/GameEngine/Profile.php
@@ -13,43 +13,70 @@
class Profile {
public function procProfile($post) {
+ global $session;
if(isset($post['ft'])) {
switch($post['ft']) {
case "p1":
+ if($session->access!=BANNED){
$this->updateProfile($post);
+ }else{
+ header("Location: banned.php");
+ }
break;
case "p3":
+ if($session->access!=BANNED){
$this->updateAccount($post);
+ }else{
+ header("Location: banned.php");
+ }
break;
}
}
if(isset($post['s'])) {
switch($post['s']) {
case "4":
+ if($session->access!=BANNED){
$this->gpack($post);
+ }else{
+ header("Location: banned.php");
+ }
break;
}
}
}
public function procSpecial($get) {
+ global $session;
if(isset($get['e'])) {
switch($get['e']) {
case 2:
+ if($session->access!=BANNED){
$this->removeMeSit($get);
+ }else{
+ header("Location: banned.php");
+ }
break;
case 3:
+ if($session->access!=BANNED){
$this->removeSitter($get);
+ }else{
+ header("Location: banned.php");
+ }
break;
case 4:
+ if($session->access!=BANNED){
$this->cancelDeleting($get);
+ }else{
+ header("Location: banned.php");
+ }
break;
}
}
}
private function updateProfile($post) {
- global $database;
+ global $database,$session;
+ if($session->access!=BANNED){
$birthday = $post['jahr'].'-'.$post['monat'].'-'.$post['tag'];
$database->submitProfile($database->RemoveXSS($post['uid']),$database->RemoveXSS($post['mw']),$database->RemoveXSS($post['ort']),$database->RemoveXSS($birthday),$database->RemoveXSS($post['be2']),$database->RemoveXSS($post['be1']));
$varray = $database->getProfileVillages($post['uid']);
@@ -57,12 +84,19 @@ class Profile {
$database->setVillageName($database->RemoveXSS($varray[$i]['wref']),$database->RemoveXSS($post['dname'.$i]));
}
header("Location: ?uid=".$post['uid']);
+ }else{
+ header("Location: banned.php");
+ }
}
private function gpack($post) {
global $database, $session;
+ if($session->access!=BANNED){
$database->gpack($database->RemoveXSS($session->uid),$database->RemoveXSS($post['custom_url']));
header("Location: ?uid=".$session->uid);
+ }else{
+ header("Location: banned.php");
+ }
}
private function updateAccount($post) {
global $database,$session,$form;
@@ -78,7 +112,11 @@ class Profile {
$form->addError("pw",PASS_MISMATCH);
}
if($post['email_alt'] == $session->userinfo['email']) {
+ if($session->access!=BANNED){
$database->updateUserField($post['uid'],"email",$post['email_neu'],1);
+ }else{
+ header("Location: banned.php");
+ }
}
else {
$form->addError("email",EMAIL_ERROR);
@@ -88,7 +126,11 @@ class Profile {
$form->addError("del",ALLI_OWNER);
}
else {
+ if($session->access!=BANNED){
$database->setDeleting($post['uid'],0);
+ }else{
+ header("Location: banned.php");
+ }
}
}
else {
@@ -101,19 +143,32 @@ class Profile {
}
else {
if($session->userinfo['sit1'] == 0) {
+ if($session->access!=BANNED){
$database->updateUserField($post['uid'],"sit1",$sitid,1);
+ }else{
+ header("Location: banned.php");
+ }
}
else if($session->userinfo['sit2'] == 0) {
+ if($session->access!=BANNED){
$database->updateUserField($post['uid'],"sit2",$sitid,1);
+ }else{
+ header("Location: banned.php");
+ }
}
}
}
$_SESSION['errorarray'] = $form->getErrors();
+ if($session->access!=BANNED){
header("Location: spieler.php?s=3");
+ }else{
+ header("Location: banned.php");
+ }
}
private function removeSitter($get) {
global $database,$session;
+ if($session->access!=BANNED){
if($get['a'] == $session->checker) {
if($session->userinfo['sit'.$get['type']] == $get['id']) {
$database->updateUserField($session->uid,"sit".$get['type'],0,1);
@@ -121,21 +176,28 @@ class Profile {
$session->changeChecker();
}
header("Location: spieler.php?s=".$get['s']);
+ }else{
+ header("Location: banned.php");
+ }
}
private function cancelDeleting($get) {
- global $database;
+ global $database,$session;
$database->setDeleting($get['id'],1);
header("Location: spieler.php?s=".$get['s']);
}
private function removeMeSit($get) {
global $database,$session;
+ if($session->access!=BANNED){
if($get['a'] == $session->checker) {
$database->removeMeSit($get['id'],$session->uid);
$session->changeChecker();
}
header("Location: spieler.php?s=".$get['s']);
+ }else{
+ header("Location: banned.php");
+ }
}
};
$profile = new Profile;
diff --git a/Templates/Admin/404.tpl b/Templates/Admin/404.tpl
index 9ef1b867..bcd9d501 100644
--- a/Templates/Admin/404.tpl
+++ b/Templates/Admin/404.tpl
@@ -1,24 +1,26 @@
-
-
-
404 - File not found
-
- This system is not finished yet or page does not exist.
-
+ This admin system is not finished yet or page doesn't exist.
-
-
\ No newline at end of file
diff --git a/Templates/Admin/addTroops.tpl b/Templates/Admin/addTroops.tpl
index 0c343ff9..7e9c78b9 100644
--- a/Templates/Admin/addTroops.tpl
+++ b/Templates/Admin/addTroops.tpl
@@ -9,10 +9,8 @@
## Copyright: TravianX (c) 2010-2011. All rights reserved. ##
## ##
#################################################################################
-?>
-getVillageType($village['wref']);
$fdata = $database->getResourceLevel($village['wref']);
$units = $database->getUnit($village['wref']);
-
?>
-
-
