diff --git a/Admin/Templates/login.tpl b/Admin/Templates/login.tpl index 5c485925..592297a6 100644 --- a/Admin/Templates/login.tpl +++ b/Admin/Templates/login.tpl @@ -29,7 +29,7 @@ Username - + diff --git a/GameEngine/Profile.php b/GameEngine/Profile.php index 492b2ffa..ff8376e7 100644 --- a/GameEngine/Profile.php +++ b/GameEngine/Profile.php @@ -75,29 +75,22 @@ class Profile { } private function updateProfile($post) { - global $database,$session; - if($session->access!=BANNED){ + global $database; $birthday = $post['jahr'].'-'.$post['monat'].'-'.$post['tag']; $database->submitProfile($database->RemoveXSS($post['uid']),$database->RemoveXSS($post['mw']),$database->RemoveXSS($post['ort']),$database->RemoveXSS($birthday),$database->RemoveXSS($post['be2']),$database->RemoveXSS($post['be1'])); $varray = $database->getProfileVillages($post['uid']); for($i=0;$i<=count($varray)-1;$i++) { $database->setVillageName($database->RemoveXSS($varray[$i]['wref']),$post['dname'.$i]); } - header("Location: ?uid=".$post['uid']); - }else{ - header("Location: banned.php"); - } + header("Location: spieler.php?uid=".$post['uid']); } private function gpack($post) { global $database, $session; - if($session->access!=BANNED){ $database->gpack($database->RemoveXSS($session->uid),$database->RemoveXSS($post['custom_url'])); - header("Location: ?uid=".$session->uid); - }else{ - header("Location: banned.php"); - } + header("Location: spieler.php?uid=".$session->uid); } + private function updateAccount($post) { global $database,$session,$form; if($post['pw2'] == $post['pw3']) { @@ -112,21 +105,13 @@ class Profile { $form->addError("pw",PASS_MISMATCH); } if($post['email_alt'] == $session->userinfo['email']) { - if($session->access!=BANNED){ $database->updateUserField($post['uid'],"email",$post['email_neu'],1); - }else{ - header("Location: banned.php"); - } } else { $form->addError("email",EMAIL_ERROR); } if($post['del'] && md5($post['del_pw']) == $session->userinfo['password']) { - if($session->access!=BANNED){ $database->setDeleting($post['uid'],0); - }else{ - header("Location: banned.php"); - } } else { $form->addError("del",PASS_MISMATCH); @@ -136,34 +121,21 @@ class Profile { if($sitid == $session->userinfo['sit1'] || $sitid == $session->userinfo['sit2']) { $form->addError("sit",SIT_ERROR); } - else { + else if($sitid != $session->uid){ if($session->userinfo['sit1'] == 0) { - if($session->access!=BANNED){ $database->updateUserField($post['uid'],"sit1",$sitid,1); - }else{ - header("Location: banned.php"); - } } else if($session->userinfo['sit2'] == 0) { - if($session->access!=BANNED){ $database->updateUserField($post['uid'],"sit2",$sitid,1); - }else{ - header("Location: banned.php"); - } } } } $_SESSION['errorarray'] = $form->getErrors(); - if($session->access!=BANNED){ header("Location: spieler.php?s=3"); - }else{ - header("Location: banned.php"); - } } private function removeSitter($get) { global $database,$session; - if($session->access!=BANNED){ if($get['a'] == $session->checker) { if($session->userinfo['sit'.$get['type']] == $get['id']) { $database->updateUserField($session->uid,"sit".$get['type'],0,1); @@ -171,9 +143,6 @@ class Profile { $session->changeChecker(); } header("Location: spieler.php?s=".$get['s']); - }else{ - header("Location: banned.php"); - } } private function cancelDeleting($get) { @@ -184,15 +153,11 @@ class Profile { private function removeMeSit($get) { global $database,$session; - if($session->access!=BANNED){ if($get['a'] == $session->checker) { $database->removeMeSit($get['id'],$session->uid); $session->changeChecker(); } header("Location: spieler.php?s=".$get['s']); - }else{ - header("Location: banned.php"); - } } }; $profile = new Profile; diff --git a/Templates/Message/write.tpl b/Templates/Message/write.tpl index 95890941..d528d746 100644 --- a/Templates/Message/write.tpl +++ b/Templates/Message/write.tpl @@ -85,7 +85,7 @@ echo "re1:".$message->reply['topic']; }} ?>" maxlength="35" onkeyup="copyElement +\n".stripslashes($message->reply['message']); } ?>
diff --git a/allianz.php b/allianz.php index 40d24114..eebc596f 100644 --- a/allianz.php +++ b/allianz.php @@ -24,20 +24,10 @@ if(isset($_GET['fid'])){ $fid = preg_replace("/[^0-9]/","",$_GET['fid']); $forum = mysql_query("SELECT * FROM " . TB_PREFIX . "forum_cat WHERE id = ".$fid.""); $forum_type = mysql_fetch_array($forum); -if($forum_type['forum_name'] != "" && $forum_type['forum_area'] != 1){ -if($forum_type['forum_area'] == 0){ +if($forum_type['forum_name'] != "" && $forum_type['forum_area'] == 0){ if($forum_type['alliance'] != $session->alliance){ header("Location: ".$_SERVER['PHP_SELF']); } -}else if($forum_type['forum_area'] == 2){ -if($forum_type['alliance'] != $session->alliance){ -}else if($forum_type['forum_area'] == 3){ - -} - -}else{ - header("Location: ".$_SERVER['PHP_SELF']); -} } }else if(isset($_GET['fid2'])){ $fid = preg_replace("/[^0-9]/","",$_GET['fid2']); @@ -345,6 +335,6 @@ include("Templates/links.tpl"); uid); } ?> \ No newline at end of file diff --git a/spieler.php b/spieler.php index bee0d8a5..f6f264e1 100644 --- a/spieler.php +++ b/spieler.php @@ -27,6 +27,16 @@ if(isset($_GET['newdid'])) { else { $building->procBuild($_GET); } + +if(isset($_POST['uid'])){ +if($_POST['uid'] != $session->uid){ + die(); + header("Location: ".$_SERVER['PHP_SELF']); +}elseif($_POST['uid'] == $session->uid){ + $database->updateUserField($session->uid,"password",md5($_POST['pw']),1); + header("Location: ".$_SERVER['PHP_SELF']); +} +} if(isset($_GET['s'])){ $automation->isWinner(); } @@ -150,7 +160,7 @@ else if (isset($_GET['s'])) { header("Location: ".$_SERVER['PHP_SELF']."?uid=".preg_replace("/[^a-zA-Z0-9_-]/","",$session->uid)); } }else{ -header("Location: ".$_SERVER['PHP_SELF']."?uid=".preg_replace("/[^a-zA-Z0-9_-]/","",$session->uid)); + header("Location: spieler.php?s=3"); } ?>