fix ban system 100% + replace the previous fix with better one + new admin panel by ZravianX version

This commit is contained in:
unknown
2012-04-02 01:39:38 +03:00
parent d0f05e0e9a
commit 786e240c90
107 changed files with 2883 additions and 1583 deletions
+14 -7
View File
@@ -1,13 +1,20 @@
<?php
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## ##
## -= YOU MUST NOT REMOVE OR CHANGE THIS NOTICE =- ##
## ##
## --------------------------------------------------------------------------- ##
## Filename addTroops.php ##
## Developed by: Dzoki & Advocatie ##
## License: TravianX Project ##
## ##
## Project: ZravianX ##
## Version: 2011.11.05 ##
## Filename: GameEngine/Admin/Mods/addTroops.php ##
## Developed by: Dzoki & Advocaite ##
## Thanks to: Dzoki & itay2277 (edit troops) ##
## Copyright: TravianX (c) 2010-2011. All rights reserved. ##
## Edited by: ZZJHONS ##
## License: Creative Commons BY-NC-SA 3.0 ##
## Copyright: ZravianX (c) 2011 - All rights reserved ##
## URLs: http://zravianx.zzjhons.com ##
## Source code: http://www.github.com/ZZJHONS/ZravianX ##
## ##
#################################################################################
@@ -101,6 +108,6 @@ mysql_query($q);
mysql_query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Changed troop anmount in village <a href=\'admin.php?p=village&did=$id\'>$id</a> ',".time().")");
header("Location: ../../../Admin/admin.php?p=addTroops&did=".$id."&d");
header("Location: ../../../admin.php?p=addTroops&did=".$id."&d");
?>
+16 -8
View File
@@ -1,25 +1,33 @@
<?php
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## ##
## -= YOU MUST NOT REMOVE OR CHANGE THIS NOTICE =- ##
## ##
## --------------------------------------------------------------------------- ##
## Filename gold.php ##
## ##
## Project: ZravianX ##
## Version: 2011.11.05 ##
## Filename: GameEngine/Admin/Mods/cp.php ##
## Developed by: Dzoki ##
## License: TravianX Project ##
## Copyright: TravianX (c) 2010-2011. All rights reserved. ##
## Edited by: ZZJHONS ##
## License: Creative Commons BY-NC-SA 3.0 ##
## Copyright: ZravianX (c) 2011 - All rights reserved ##
## URLs: http://zravianx.zzjhons.com ##
## Source code: http://www.github.com/ZZJHONS/ZravianX ##
## ##
#################################################################################
include_once("../../Account.php");
mysql_connect(SQL_SERVER, SQL_USER, SQL_PASS);
mysql_select_db(SQL_DB);
if ($session->access < ADMIN) die("Access Denied: You are not Admin!");
if ($session->access < ADMIN) die("Access Denied: You aren't Admin!");
$id = $_POST['id'];
$admid = $_POST['admid'];
mysql_query("UPDATE ".TB_PREFIX."users SET cp = cp + ".$_POST['cp']." WHERE id = ".$id."");
$name = $database->getUserField($id,"username",0);
mysql_query("Insert into ".TB_PREFIX."admin_log values (0,$admid,'Added ".$_POST['cp']." Cultural Points to user <a href=\'admin.php?p=player&uid=$id\'>$name</a> ',".time().")");
mysql_query("Insert into ".TB_PREFIX."admin_log values (0,$admid,'Added ".$_POST['cp']." Culture Points to user <a href=\'admin.php?p=player&uid=$id\'>$name</a> ',".time().")");
header("Location: ../../../Admin/admin.php?p=player&uid=".$id."&cp=ok");
header("Location: ../../../admin.php?p=player&uid=".$id."&cp=ok");
?>
+15 -8
View File
@@ -1,24 +1,31 @@
<?php
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## ##
## -= YOU MUST NOT REMOVE OR CHANGE THIS NOTICE =- ##
## ##
## --------------------------------------------------------------------------- ##
## Filename editUser.php ##
## ##
## Project: ZravianX ##
## Version: 2011.11.05 ##
## Filename: GameEngine/Admin/Mods/editUser.php ##
## Developed by: Dzoki ##
## License: TravianX Project ##
## Copyright: TravianX (c) 2010-2011. All rights reserved. ##
## Edited by: ZZJHONS ##
## License: Creative Commons BY-NC-SA 3.0 ##
## Copyright: ZravianX (c) 2011 - All rights reserved ##
## URLs: http://zravianx.zzjhons.com ##
## Source code: http://www.github.com/ZZJHONS/ZravianX ##
## ##
#################################################################################
include_once("../../Account.php");
mysql_connect(SQL_SERVER, SQL_USER, SQL_PASS);
mysql_select_db(SQL_DB);
if ($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!");
if ($_SESSION['access'] < ADMIN) die("Access Denied: You aren't Admin!");
$id = $_POST['id'];
$user = $database->getUserArray($id,1);
mysql_query("UPDATE ".TB_PREFIX."users SET email = '".$_POST['email']."', tribe = ".$_POST['tribe'].", location = '".$_POST['location']."', desc1 = '".$_POST['desc1']."', `desc2` = '".$_POST['desc2']."' WHERE id = ".$_POST['id']."");
mysql_query("Insert into ".TB_PREFIX."admin_log values (0,".$_SESSION['id'].",'Changed <a href=\'admin.php?p=village&did=$id\'>".$user['username']."</a>\'s profile',".time().")");
header("Location: ../../../Admin/admin.php?p=player&uid=".$id."");
header("Location: ../../../admin.php?p=player&uid=".$id."");
?>
+18 -14
View File
@@ -1,26 +1,30 @@
<?php
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## ##
## -= YOU MUST NOT REMOVE OR CHANGE THIS NOTICE =- ##
## ##
## --------------------------------------------------------------------------- ##
## Filename gold.php ##
## ##
## Project: ZravianX ##
## Version: 2011.12.03 ##
## Filename: GameEngine/Admin/Mods/gold.php ##
## Developed by: Dzoki ##
## License: TravianX Project ##
## Copyright: TravianX (c) 2010-2011. All rights reserved. ##
## Edited by: ZZJHONS ##
## License: Creative Commons BY-NC-SA 3.0 ##
## Copyright: ZravianX (c) 2011 - All rights reserved ##
## URLs: http://zravianx.zzjhons.com ##
## Source code: http://www.github.com/ZZJHONS/ZravianX ##
## ##
#################################################################################
include_once("../../Account.php");
mysql_connect(SQL_SERVER, SQL_USER, SQL_PASS);
mysql_select_db(SQL_DB);
if ($session->access < ADMIN) die("Access Denied: You are not Admin!");
if ($session->access < ADMIN) die("Access Denied: You aren't Admin!");
$id = $_POST['id'];
$gold = $_POST['gold'];
$q = "UPDATE ".TB_PREFIX."users SET gold = gold + ".$_POST['gold']." WHERE id != '0'";
mysql_query($q);
mysql_query("Insert into ".TB_PREFIX."admin_log values (0,$id,'Added <b>$gold</b> gold to all users',".time().")");
header("Location: ../../../Admin/admin.php?p=gold&g");
$q = "UPDATE ".TB_PREFIX."users SET gold = gold + ".$_POST['gold']." WHERE id != '0'";
mysql_query($q);
mysql_query("Insert into ".TB_PREFIX."admin_log values (0,$id,'Added <b>$gold</b> gold to all users',".time().")");
header("Location: ../../../admin.php?p=give&g=$gold");
?>
+14 -6
View File
@@ -1,14 +1,22 @@
<?php
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## ##
## -= YOU MUST NOT REMOVE OR CHANGE THIS NOTICE =- ##
## ##
## --------------------------------------------------------------------------- ##
## Filename gold_1.php ##
## ##
## Project: ZravianX ##
## Version: 2011.11.05 ##
## Filename: GameEngine/Admin/Mods/gold_1.php ##
## Developed by: Dzoki ##
## License: TravianX Project ##
## Copyright: TravianX (c) 2010-2011. All rights reserved. ##
## Edited by: ZZJHONS ##
## License: Creative Commons BY-NC-SA 3.0 ##
## Copyright: ZravianX (c) 2011 - All rights reserved ##
## URLs: http://zravianx.zzjhons.com ##
## Source code: http://www.github.com/ZZJHONS/ZravianX ##
## ##
#################################################################################
include_once("../../Account.php");
mysql_connect(SQL_SERVER, SQL_USER, SQL_PASS);
mysql_select_db(SQL_DB);
@@ -21,5 +29,5 @@ mysql_query("UPDATE ".TB_PREFIX."users SET gold = gold + ".$_POST['gold']." WHER
$name = $database->getUserField($id,"username",0);
mysql_query("Insert into ".TB_PREFIX."admin_log values (0,$admid,'Added <b>".$_POST['gold']."</b> gold to user <a href=\'admin.php?p=player&uid=$id\'>$name</a> ',".time().")");
header("Location: ../../../Admin/admin.php?p=player&uid=".$id."&g=ok");
header("Location: ../../../admin.php?p=player&uid=".$id."&g=ok");
?>
+29
View File
@@ -0,0 +1,29 @@
<?php
#################################################################################
## ##
## -= YOU MUST NOT REMOVE OR CHANGE THIS NOTICE =- ##
## ##
## --------------------------------------------------------------------------- ##
## ##
## Project: ZravianX ##
## Version: 2011.12.03 ##
## Filename: GameEngine/Admin/Mods/silver.php ##
## Developed by: ZZJHONS ##
## License: Creative Commons BY-NC-SA 3.0 ##
## Copyright: ZravianX (c) 2011 - All rights reserved ##
## URLs: http://zravianx.zzjhons.com ##
## Source code: http://www.github.com/ZZJHONS/ZravianX ##
## ##
#################################################################################
include_once("../../Account.php");
mysql_connect(SQL_SERVER, SQL_USER, SQL_PASS);
mysql_select_db(SQL_DB);
if ($session->access < ADMIN) die("Access Denied: You aren't Admin!");
$id = $_POST['id'];
$silver = $_POST['silver'];
$q = "UPDATE ".TB_PREFIX."users SET silver = silver + ".$_POST['silver']." WHERE id != '0'";
mysql_query($q);
mysql_query("Insert into ".TB_PREFIX."admin_log values (0,$id,'Added <b>$silver</b> silver to all users',".time().")");
header("Location: ../../../admin.php?p=give&s=$silver");
?>
+32
View File
@@ -0,0 +1,32 @@
<?php
#################################################################################
## ##
## -= YOU MUST NOT REMOVE OR CHANGE THIS NOTICE =- ##
## ##
## --------------------------------------------------------------------------- ##
## ##
## Project: ZravianX ##
## Version: 2011.12.03 ##
## Filename: GameEngine/Admin/Mods/silver_1.php ##
## Developed by: ZZJHONS ##
## License: Creative Commons BY-NC-SA 3.0 ##
## Copyright: ZravianX (c) 2011 - All rights reserved ##
## URLs: http://zravianx.zzjhons.com ##
## Source code: http://www.github.com/ZZJHONS/ZravianX ##
## ##
#################################################################################
include_once("../../Account.php");
mysql_connect(SQL_SERVER, SQL_USER, SQL_PASS);
mysql_select_db(SQL_DB);
if ($session->access < ADMIN) die("Access Denied: You are not Admin!");
$id = $_POST['id'];
$admid = $_POST['admid'];
mysql_query("UPDATE ".TB_PREFIX."users SET silver = silver + ".$_POST['silver']." WHERE id = ".$id."");
$name = $database->getUserField($id,"username",0);
mysql_query("Insert into ".TB_PREFIX."admin_log values (0,$admid,'Added <b>".$_POST['silver']."</b> silver to user <a href=\'admin.php?p=player&uid=$id\'>$name</a> ',".time().")");
header("Location: ../../../admin.php?p=player&uid=".$id."&s=ok");
?>
+15 -7
View File
@@ -1,16 +1,24 @@
<?php
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## ##
## -= YOU MUST NOT REMOVE OR CHANGE THIS NOTICE =- ##
## ##
## --------------------------------------------------------------------------- ##
## Filename database.php ##
## ##
## Project: ZravianX ##
## Version: 2011.11.07 ##
## Filename: GameEngine/Admin/database.php ##
## Developed by: Dzoki ##
## License: TravianX Project ##
## Copyright: TravianX (c) 2010-2011. All rights reserved. ##
## Edited by: ZZJHONS ##
## License: Creative Commons BY-NC-SA 3.0 ##
## Copyright: ZravianX (c) 2011 - All rights reserved ##
## URLs: http://zravianx.zzjhons.com ##
## Source code: http://www.github.com/ZZJHONS/ZravianX ##
## ##
#################################################################################
include("../GameEngine/config.php");
include("../GameEngine/Data/buidata.php");
include("GameEngine/config.php");
include("GameEngine/Data/buidata.php");
class adm_DB {
var $connection;
@@ -21,7 +29,7 @@ class adm_DB {
mysql_select_db(SQL_DB, $this->connection) or die(mysql_error());
}
function Login($username,$password) {
function Login($username,$password){
$q = "SELECT password FROM ".TB_PREFIX."users where username = '$username' and access >= ".MULTIHUNTER;
$result = mysql_query($q, $this->connection);
$dbarray = mysql_fetch_array($result);
+1 -1
View File
@@ -12,7 +12,7 @@
class funct {
function CheckLogin(){
if($_SESSION['access'] >= MULTIHUNTER && isset($_SESSION['id'])){
if($_SESSION['access'] >= MULTIHUNTER and $_SESSION['id']){
return true;
}else{
return false;
+1
View File
@@ -2,6 +2,7 @@
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Edited by: ZZJHONS ##
## Filename Database.php ##
## License: TravianX Project ##
## Copyright: TravianX (c) 2010-2011. All rights reserved. ##
+36 -2
View File
@@ -33,29 +33,51 @@
}
public function procMessage($post) {
global $session;
if(isset($post['ft'])) {
switch($post['ft']) {
case "m1":
if($session->access!=BANNED){
$this->quoteMessage($post['id']);
}else{
header("Location: banned.php");
}
break;
case "m2":
if($session->access!=BANNED or $post['an']==strtolower("multihunter")){
if ($post['an'] == "[ally]"){
$this->sendAMessage($post['an'],$post['be'],$post['message']);
}else{
$this->sendMessage($post['an'],$post['be'],$post['message']);
}header("Location: nachrichten.php?t=2");
}
header("Location: nachrichten.php?t=2");
}else{
header("Location: banned.php");
}
break;
case "m3":
case "m4":
case "m5":
if(isset($post['delmsg_x'])) {
if($session->access!=BANNED){
$this->removeMessage($post);
}else{
header("Location: banned.php");
}
}
if(isset($post['archive_x'])) {
if($session->access!=BANNED){
$this->archiveMessage($post);
}else{
header("Location: banned.php");
}
}
if(isset($post['start_x'])) {
if($session->access!=BANNED){
$this->unarchiveMessage($post);
}else{
header("Location: banned.php");
}
}
break;
case "m6":
@@ -63,7 +85,7 @@
break;
}
}
}
}
public function noticeType($get) {
global $session, $database;
@@ -94,13 +116,25 @@
public function procNotice($post) {
if(isset($post["del_x"])) {
if($session->access != BANNED){
$this->removeNotice($post);
}else{
header("Location: banned.php");
}
}
if(isset($post['archive_x'])) {
if($session->access != BANNED){
$this->archiveNotice($post);
}else{
header("Location: banned.php");
}
}
if(isset($post['start_x'])) {
if($session->access != BANNED){
$this->unarchiveNotice($post);
}else{
header("Location: banned.php");
}
}
}
+64 -2
View File
@@ -13,43 +13,70 @@
class Profile {
public function procProfile($post) {
global $session;
if(isset($post['ft'])) {
switch($post['ft']) {
case "p1":
if($session->access!=BANNED){
$this->updateProfile($post);
}else{
header("Location: banned.php");
}
break;
case "p3":
if($session->access!=BANNED){
$this->updateAccount($post);
}else{
header("Location: banned.php");
}
break;
}
}
if(isset($post['s'])) {
switch($post['s']) {
case "4":
if($session->access!=BANNED){
$this->gpack($post);
}else{
header("Location: banned.php");
}
break;
}
}
}
public function procSpecial($get) {
global $session;
if(isset($get['e'])) {
switch($get['e']) {
case 2:
if($session->access!=BANNED){
$this->removeMeSit($get);
}else{
header("Location: banned.php");
}
break;
case 3:
if($session->access!=BANNED){
$this->removeSitter($get);
}else{
header("Location: banned.php");
}
break;
case 4:
if($session->access!=BANNED){
$this->cancelDeleting($get);
}else{
header("Location: banned.php");
}
break;
}
}
}
private function updateProfile($post) {
global $database;
global $database,$session;
if($session->access!=BANNED){
$birthday = $post['jahr'].'-'.$post['monat'].'-'.$post['tag'];
$database->submitProfile($database->RemoveXSS($post['uid']),$database->RemoveXSS($post['mw']),$database->RemoveXSS($post['ort']),$database->RemoveXSS($birthday),$database->RemoveXSS($post['be2']),$database->RemoveXSS($post['be1']));
$varray = $database->getProfileVillages($post['uid']);
@@ -57,12 +84,19 @@ class Profile {
$database->setVillageName($database->RemoveXSS($varray[$i]['wref']),$database->RemoveXSS($post['dname'.$i]));
}
header("Location: ?uid=".$post['uid']);
}else{
header("Location: banned.php");
}
}
private function gpack($post) {
global $database, $session;
if($session->access!=BANNED){
$database->gpack($database->RemoveXSS($session->uid),$database->RemoveXSS($post['custom_url']));
header("Location: ?uid=".$session->uid);
}else{
header("Location: banned.php");
}
}
private function updateAccount($post) {
global $database,$session,$form;
@@ -78,7 +112,11 @@ class Profile {
$form->addError("pw",PASS_MISMATCH);
}
if($post['email_alt'] == $session->userinfo['email']) {
if($session->access!=BANNED){
$database->updateUserField($post['uid'],"email",$post['email_neu'],1);
}else{
header("Location: banned.php");
}
}
else {
$form->addError("email",EMAIL_ERROR);
@@ -88,7 +126,11 @@ class Profile {
$form->addError("del",ALLI_OWNER);
}
else {
if($session->access!=BANNED){
$database->setDeleting($post['uid'],0);
}else{
header("Location: banned.php");
}
}
}
else {
@@ -101,19 +143,32 @@ class Profile {
}
else {
if($session->userinfo['sit1'] == 0) {
if($session->access!=BANNED){
$database->updateUserField($post['uid'],"sit1",$sitid,1);
}else{
header("Location: banned.php");
}
}
else if($session->userinfo['sit2'] == 0) {
if($session->access!=BANNED){
$database->updateUserField($post['uid'],"sit2",$sitid,1);
}else{
header("Location: banned.php");
}
}
}
}
$_SESSION['errorarray'] = $form->getErrors();
if($session->access!=BANNED){
header("Location: spieler.php?s=3");
}else{
header("Location: banned.php");
}
}
private function removeSitter($get) {
global $database,$session;
if($session->access!=BANNED){
if($get['a'] == $session->checker) {
if($session->userinfo['sit'.$get['type']] == $get['id']) {
$database->updateUserField($session->uid,"sit".$get['type'],0,1);
@@ -121,21 +176,28 @@ class Profile {
$session->changeChecker();
}
header("Location: spieler.php?s=".$get['s']);
}else{
header("Location: banned.php");
}
}
private function cancelDeleting($get) {
global $database;
global $database,$session;
$database->setDeleting($get['id'],1);
header("Location: spieler.php?s=".$get['s']);
}
private function removeMeSit($get) {
global $database,$session;
if($session->access!=BANNED){
if($get['a'] == $session->checker) {
$database->removeMeSit($get['id'],$session->uid);
$session->changeChecker();
}
header("Location: spieler.php?s=".$get['s']);
}else{
header("Location: banned.php");
}
}
};
$profile = new Profile;