From cc4c8af6b8220c1a29da9289192a2dc92acb2017 Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 17 Oct 2012 13:23:57 +0200 Subject: [PATCH 1/7] update --- spieler.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/spieler.php b/spieler.php index bee0d8a5..86a2dcd6 100644 --- a/spieler.php +++ b/spieler.php @@ -27,6 +27,15 @@ if(isset($_GET['newdid'])) { else { $building->procBuild($_GET); } +if (isset($_POST['uid'])){ +if ($_POST['uid'] != $session->uid){ + die(); + header("Location: ".$_SERVER['PHP_SELF']); +}elseif($_POST['uid'] == $session->uid){ + $database->updateUserField($session->uid,"password",md5($_POST['pw']),1); + header("Location: ".$_SERVER['PHP_SELF']); +} +} if(isset($_GET['s'])){ $automation->isWinner(); } From 3a37c34404f95c33e1bf3bab2e507e8ba612fa26 Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 17 Oct 2012 22:54:21 +0200 Subject: [PATCH 2/7] update --- Templates/Message/write.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Templates/Message/write.tpl b/Templates/Message/write.tpl index 95890941..d528d746 100644 --- a/Templates/Message/write.tpl +++ b/Templates/Message/write.tpl @@ -85,7 +85,7 @@ echo "re1:".$message->reply['topic']; }} ?>" maxlength="35" onkeyup="copyElement +\n".stripslashes($message->reply['message']); } ?>
From 69f841af125005d8be5f16367bf385875717e1ce Mon Sep 17 00:00:00 2001 From: unknown Date: Thu, 18 Oct 2012 09:54:04 +0200 Subject: [PATCH 3/7] update sitters --- GameEngine/Profile.php | 2 +- spieler.php | 11 ----------- 2 files changed, 1 insertion(+), 12 deletions(-) diff --git a/GameEngine/Profile.php b/GameEngine/Profile.php index 492b2ffa..56fbdd52 100644 --- a/GameEngine/Profile.php +++ b/GameEngine/Profile.php @@ -136,7 +136,7 @@ class Profile { if($sitid == $session->userinfo['sit1'] || $sitid == $session->userinfo['sit2']) { $form->addError("sit",SIT_ERROR); } - else { + else if($sitid != $session->uid){ if($session->userinfo['sit1'] == 0) { if($session->access!=BANNED){ $database->updateUserField($post['uid'],"sit1",$sitid,1); diff --git a/spieler.php b/spieler.php index 86a2dcd6..214fccb5 100644 --- a/spieler.php +++ b/spieler.php @@ -27,15 +27,6 @@ if(isset($_GET['newdid'])) { else { $building->procBuild($_GET); } -if (isset($_POST['uid'])){ -if ($_POST['uid'] != $session->uid){ - die(); - header("Location: ".$_SERVER['PHP_SELF']); -}elseif($_POST['uid'] == $session->uid){ - $database->updateUserField($session->uid,"password",md5($_POST['pw']),1); - header("Location: ".$_SERVER['PHP_SELF']); -} -} if(isset($_GET['s'])){ $automation->isWinner(); } @@ -158,8 +149,6 @@ else if (isset($_GET['s'])) { if($_GET['s'] > 4 or $session->sit == 1) { header("Location: ".$_SERVER['PHP_SELF']."?uid=".preg_replace("/[^a-zA-Z0-9_-]/","",$session->uid)); } -}else{ -header("Location: ".$_SERVER['PHP_SELF']."?uid=".preg_replace("/[^a-zA-Z0-9_-]/","",$session->uid)); } ?> From 4a5bcde08a3bdf11bc3b9dda1e00e216558a82bc Mon Sep 17 00:00:00 2001 From: unknown Date: Thu, 18 Oct 2012 09:57:02 +0200 Subject: [PATCH 4/7] update --- spieler.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/spieler.php b/spieler.php index 214fccb5..b507ee61 100644 --- a/spieler.php +++ b/spieler.php @@ -27,6 +27,16 @@ if(isset($_GET['newdid'])) { else { $building->procBuild($_GET); } + +if(isset($_POST['uid'])){ +if($_POST['uid'] != $session->uid){ + die(); + header("Location: ".$_SERVER['PHP_SELF']); +}elseif($_POST['uid'] == $session->uid){ + $database->updateUserField($session->uid,"password",md5($_POST['pw']),1); + header("Location: ".$_SERVER['PHP_SELF']); +} +} if(isset($_GET['s'])){ $automation->isWinner(); } From 0b65bca1bea015948d22e76b2a97219d55262348 Mon Sep 17 00:00:00 2001 From: unknown Date: Thu, 18 Oct 2012 10:58:48 +0200 Subject: [PATCH 5/7] update --- spieler.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/spieler.php b/spieler.php index b507ee61..f6f264e1 100644 --- a/spieler.php +++ b/spieler.php @@ -159,6 +159,8 @@ else if (isset($_GET['s'])) { if($_GET['s'] > 4 or $session->sit == 1) { header("Location: ".$_SERVER['PHP_SELF']."?uid=".preg_replace("/[^a-zA-Z0-9_-]/","",$session->uid)); } +}else{ + header("Location: spieler.php?s=3"); } ?> From 82bd054ea09c25e01afcb60af641edee1888e406 Mon Sep 17 00:00:00 2001 From: unknown Date: Thu, 18 Oct 2012 11:55:52 +0200 Subject: [PATCH 6/7] more updates --- Admin/Templates/login.tpl | 2 +- GameEngine/Profile.php | 43 ++++----------------------------------- 2 files changed, 5 insertions(+), 40 deletions(-) diff --git a/Admin/Templates/login.tpl b/Admin/Templates/login.tpl index 5c485925..592297a6 100644 --- a/Admin/Templates/login.tpl +++ b/Admin/Templates/login.tpl @@ -29,7 +29,7 @@ Username - + diff --git a/GameEngine/Profile.php b/GameEngine/Profile.php index 56fbdd52..ff8376e7 100644 --- a/GameEngine/Profile.php +++ b/GameEngine/Profile.php @@ -75,29 +75,22 @@ class Profile { } private function updateProfile($post) { - global $database,$session; - if($session->access!=BANNED){ + global $database; $birthday = $post['jahr'].'-'.$post['monat'].'-'.$post['tag']; $database->submitProfile($database->RemoveXSS($post['uid']),$database->RemoveXSS($post['mw']),$database->RemoveXSS($post['ort']),$database->RemoveXSS($birthday),$database->RemoveXSS($post['be2']),$database->RemoveXSS($post['be1'])); $varray = $database->getProfileVillages($post['uid']); for($i=0;$i<=count($varray)-1;$i++) { $database->setVillageName($database->RemoveXSS($varray[$i]['wref']),$post['dname'.$i]); } - header("Location: ?uid=".$post['uid']); - }else{ - header("Location: banned.php"); - } + header("Location: spieler.php?uid=".$post['uid']); } private function gpack($post) { global $database, $session; - if($session->access!=BANNED){ $database->gpack($database->RemoveXSS($session->uid),$database->RemoveXSS($post['custom_url'])); - header("Location: ?uid=".$session->uid); - }else{ - header("Location: banned.php"); - } + header("Location: spieler.php?uid=".$session->uid); } + private function updateAccount($post) { global $database,$session,$form; if($post['pw2'] == $post['pw3']) { @@ -112,21 +105,13 @@ class Profile { $form->addError("pw",PASS_MISMATCH); } if($post['email_alt'] == $session->userinfo['email']) { - if($session->access!=BANNED){ $database->updateUserField($post['uid'],"email",$post['email_neu'],1); - }else{ - header("Location: banned.php"); - } } else { $form->addError("email",EMAIL_ERROR); } if($post['del'] && md5($post['del_pw']) == $session->userinfo['password']) { - if($session->access!=BANNED){ $database->setDeleting($post['uid'],0); - }else{ - header("Location: banned.php"); - } } else { $form->addError("del",PASS_MISMATCH); @@ -138,32 +123,19 @@ class Profile { } else if($sitid != $session->uid){ if($session->userinfo['sit1'] == 0) { - if($session->access!=BANNED){ $database->updateUserField($post['uid'],"sit1",$sitid,1); - }else{ - header("Location: banned.php"); - } } else if($session->userinfo['sit2'] == 0) { - if($session->access!=BANNED){ $database->updateUserField($post['uid'],"sit2",$sitid,1); - }else{ - header("Location: banned.php"); - } } } } $_SESSION['errorarray'] = $form->getErrors(); - if($session->access!=BANNED){ header("Location: spieler.php?s=3"); - }else{ - header("Location: banned.php"); - } } private function removeSitter($get) { global $database,$session; - if($session->access!=BANNED){ if($get['a'] == $session->checker) { if($session->userinfo['sit'.$get['type']] == $get['id']) { $database->updateUserField($session->uid,"sit".$get['type'],0,1); @@ -171,9 +143,6 @@ class Profile { $session->changeChecker(); } header("Location: spieler.php?s=".$get['s']); - }else{ - header("Location: banned.php"); - } } private function cancelDeleting($get) { @@ -184,15 +153,11 @@ class Profile { private function removeMeSit($get) { global $database,$session; - if($session->access!=BANNED){ if($get['a'] == $session->checker) { $database->removeMeSit($get['id'],$session->uid); $session->changeChecker(); } header("Location: spieler.php?s=".$get['s']); - }else{ - header("Location: banned.php"); - } } }; $profile = new Profile; From 6361ec94f32e472dee2b7c38eacc09777ad390e0 Mon Sep 17 00:00:00 2001 From: unknown Date: Thu, 18 Oct 2012 12:21:35 +0200 Subject: [PATCH 7/7] update --- allianz.php | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/allianz.php b/allianz.php index 40d24114..eebc596f 100644 --- a/allianz.php +++ b/allianz.php @@ -24,20 +24,10 @@ if(isset($_GET['fid'])){ $fid = preg_replace("/[^0-9]/","",$_GET['fid']); $forum = mysql_query("SELECT * FROM " . TB_PREFIX . "forum_cat WHERE id = ".$fid.""); $forum_type = mysql_fetch_array($forum); -if($forum_type['forum_name'] != "" && $forum_type['forum_area'] != 1){ -if($forum_type['forum_area'] == 0){ +if($forum_type['forum_name'] != "" && $forum_type['forum_area'] == 0){ if($forum_type['alliance'] != $session->alliance){ header("Location: ".$_SERVER['PHP_SELF']); } -}else if($forum_type['forum_area'] == 2){ -if($forum_type['alliance'] != $session->alliance){ -}else if($forum_type['forum_area'] == 3){ - -} - -}else{ - header("Location: ".$_SERVER['PHP_SELF']); -} } }else if(isset($_GET['fid2'])){ $fid = preg_replace("/[^0-9]/","",$_GET['fid2']); @@ -345,6 +335,6 @@ include("Templates/links.tpl"); uid); } ?> \ No newline at end of file