From 850a46ae2dfcd39c7d985f8c3a1ecc6b8a65ea9f Mon Sep 17 00:00:00 2001
From: Catalin Novgorodschi <1140613+Shadowss@users.noreply.github.com>
Date: Fri, 15 May 2026 12:13:01 +0300
Subject: [PATCH] Some fixes & improovements
1. Fix ban access, 2. Fix profile ('"") , 3. Add on vacation Admin/MH and exclude rat from reinforcement.
---
Admin/Templates/ban.tpl | 40 +++++--
GameEngine/Account.php | 45 +++++---
GameEngine/Alliance.php | 14 ++-
GameEngine/Database.php | 199 ++++++++++++++++++++++++---------
GameEngine/Generator.php | 24 ++--
GameEngine/Profile.php | 51 ++++-----
Templates/Profile/profile.tpl | 12 +-
Templates/Profile/vacation.tpl | 5 +-
8 files changed, 253 insertions(+), 137 deletions(-)
diff --git a/Admin/Templates/ban.tpl b/Admin/Templates/ban.tpl
index 8adc8396..dc629ced 100644
--- a/Admin/Templates/ban.tpl
+++ b/Admin/Templates/ban.tpl
@@ -12,7 +12,7 @@ $success = '';
if(isset($_POST['action']) && $_POST['action'] == 'addBan')
{
$uid = isset($_POST['uid']) ? (int)$_POST['uid'] : 0;
- $reason = $_POST['reason'] ?? '';
+ $reason = trim($_POST['reason'] ?? '');
$time = isset($_POST['time']) ? (int)$_POST['time'] : 0;
// =========================
@@ -74,24 +74,46 @@ if(isset($_POST['action']) && $_POST['action'] == 'addBan')
// =========================
// INSERT BAN (ACTIVE)
// =========================
- mysqli_query($database->dblink, "
- INSERT INTO ".TB_PREFIX."banlist
- (uid,name,reason,time,end,admin,active)
+ $currentTime = time();
+
+ $stmt = $database->dblink->prepare("
+ INSERT INTO `".TB_PREFIX."banlist`
+ (uid, name, reason, time, end, admin, active)
VALUES
- ($uid,'$name','$reason',".time().",$end,0,1)
- ");
+ (?, ?, ?, ?, ?, 0, 1)
+ ");
+
+ if ($stmt) {
+ // i = integer, s = string
+ $stmt->bind_param("issii", $uid, $name, $reason, $currentTime, $end);
+ $stmt->execute();
+ $stmt->close();
+ } else {
+ $error = "Database error (ban insert): " . $database->dblink->error;
+ }
// =========================
// BLOCK USER ACCESS
// =========================
- mysqli_query($database->dblink, "
- UPDATE ".TB_PREFIX."users
+ if (empty($error)) {
+ $stmt2 = $database->dblink->prepare("
+ UPDATE `".TB_PREFIX."users`
SET access = 0
- WHERE id = $uid
+ WHERE id = ?
LIMIT 1
");
+ if ($stmt2) {
+ $stmt2->bind_param("i", $uid);
+ $stmt2->execute();
+ $stmt2->close();
+ } else {
+ $error = "Database error (access update): " . $database->dblink->error;
+ }
+}
+ if (empty($error)) {
$success = "User has been banned successfully!";
+}
}
}
}
diff --git a/GameEngine/Account.php b/GameEngine/Account.php
index 95ca4934..3a6960d2 100755
--- a/GameEngine/Account.php
+++ b/GameEngine/Account.php
@@ -35,6 +35,7 @@ class Account {
function __construct() {
global $session;
if(isset($_POST['ft'])) {
+ $_POST['ft'] = preg_replace('/[^a-z0-9]/i', '', $_POST['ft']);
switch($_POST['ft']) {
case "a1":
$this->Signup();
@@ -121,7 +122,9 @@ class Account {
if ($form->returnErrors() > 0) {
$form->addError("invt", $_POST['invited'] ?? '');
$_SESSION['errorarray'] = $form->getErrors();
- $_SESSION['valuearray'] = $_POST;
+ $tmp = $_POST;
+ unset($tmp['pw']); // nu salva parola
+ $_SESSION['valuearray'] = $tmp;
header("Location: anmelden.php");
exit;
}
@@ -170,8 +173,8 @@ class Account {
$database->updateUserField($uid, 'access', ADMIN, 1);
}
- setcookie("COOKUSR", $_POST['name'], time() + COOKIE_EXPIRE, COOKIE_PATH);
- setcookie("COOKEMAIL", $_POST['email'], time() + COOKIE_EXPIRE, COOKIE_PATH);
+ setcookie("COOKUSR", rawurlencode($_POST['name']), time()+COOKIE_EXPIRE, COOKIE_PATH, '', false, true);
+ setcookie("COOKEMAIL", rawurlencode($_POST['email']), time()+COOKIE_EXPIRE, COOKIE_PATH, '', false, true);
$database->updateUserField(
$uid,
@@ -195,13 +198,16 @@ class Account {
if (START_DATE < date('d.m.Y') || (START_DATE === date('d.m.Y') && START_TIME <= date('H:i'))) {
// Caută codul de activare în tabela activate
- $id = $database->escape($_POST['id'] ?? '');
- $q = "SELECT act, username, password, email, tribe, location
- FROM " . TB_PREFIX . "activate
- WHERE act = '" . $id . "'";
-
- $result = $database->query($q);
- $dbarray = mysqli_fetch_array($result);
+ $code = trim($_POST['id'] ?? '');
+ $stmt = $database->dblink->prepare(
+ "SELECT act, username, password, email, tribe, location
+ FROM `".TB_PREFIX."activate` WHERE act = ? LIMIT 1"
+ );
+ $stmt->bind_param("s", $code);
+ $stmt->execute();
+ $result = $stmt->get_result();
+ $dbarray = $result->fetch_assoc();
+ $stmt->close();
// Verificăm dacă am găsit exact codul trimis
if ($dbarray && $dbarray['act'] === $_POST['id']) {
@@ -240,14 +246,19 @@ class Account {
global $database;
// ==================== VERIFICARE ID & PAROLĂ ====================
- $id = (int)($_POST['id'] ?? 0);
+ $id = (int)($_POST['id'] ?? 0);
- $q = "SELECT password, username
- FROM " . TB_PREFIX . "activate
- WHERE id = " . $id;
-
- $result = $database->query($q);
- $dbarray = mysqli_fetch_array($result);
+ $stmt = $database->dblink->prepare(
+ "SELECT password, username
+ FROM `".TB_PREFIX."activate`
+ WHERE id = ?
+ LIMIT 1"
+ );
+ $stmt->bind_param("i", $id);
+ $stmt->execute();
+ $result = $stmt->get_result();
+ $dbarray = $result->fetch_assoc();
+ $stmt->close();
// Verificăm dacă înregistrarea există și parola este corectă
// (protejează împotriva notice-urilor PHP dacă nu există rândul)
diff --git a/GameEngine/Alliance.php b/GameEngine/Alliance.php
index 7cb4447e..37f92f7d 100755
--- a/GameEngine/Alliance.php
+++ b/GameEngine/Alliance.php
@@ -45,7 +45,12 @@ class Alliance {
public $userPermArray = [];
public function procAlliance($get) {
- global $session, $database;
+ global $session, $database;
+
+ // ==================== SANITIZARE GET ====================
+ $get['a'] = isset($get['a']) ? (int)$get['a'] : 0;
+ $get['o'] = isset($get['o']) ? (int)$get['o'] : 0;
+ $get['d'] = isset($get['d']) ? (int)$get['d'] : 0; // dacă folosești și 'd'
// ==================== ÎNCĂRCARE DATE ALIANȚĂ SAU INVITAȚII ====================
if ($session->alliance > 0) {
@@ -53,9 +58,6 @@ class Alliance {
$this->allianceArray = $database->getAlliance($session->alliance);
// Permissions Array
- // [id] => id [uid] => uid [alliance] => alliance
- // [opt1] => X [opt2] => X [opt3] => X [opt4] => X
- // [opt5] => X [opt6] => X [opt7] => X [opt8] => X
$this->userPermArray = $database->getAlliPermissions($session->uid, $session->alliance);
} else {
// Utilizatorul NU este într-o alianță → încarcă invitațiile primite
@@ -64,7 +66,7 @@ class Alliance {
}
// ==================== PROCESARE ACȚIUNI DIN URL (GET) ====================
- if (isset($get['a'])) {
+ if ($get['a'] > 0) {
switch ($get['a']) {
case 2:
$this->rejectInvite($get);
@@ -74,7 +76,7 @@ class Alliance {
break;
}
}
- if (isset($get['o'])) {
+ if ($get['o'] > 0) {
switch ($get['o']) {
case 4:
$this->delInvite($get);
diff --git a/GameEngine/Database.php b/GameEngine/Database.php
index 403c5302..cb8bdf7a 100755
--- a/GameEngine/Database.php
+++ b/GameEngine/Database.php
@@ -802,34 +802,73 @@ class MYSQLi_DB implements IDbConnection {
}
function register($username, $password, $email, $tribe, $act, $uid = 0, $desc = null) {
- list($username, $password, $email, $tribe, $act, $uid, $desc) = $this->escape_input($username, $password, $email, (int) $tribe, $act, (int) $uid, $desc);
+ $username = trim($username);
+ $email = filter_var($email, FILTER_VALIDATE_EMAIL) ?: '';
+ $tribe = (int)$tribe;
+ $uid = (int)$uid;
+ $desc = $desc ?? '';
+ $time = time();
+ $access = USER;
+
+ $startTime = strtotime(START_DATE) - strtotime(date('d.m.Y')) + strtotime(START_TIME);
+ $protectionTime = $uid != 3 ? (($startTime > $time) ? $startTime : $time) + PROTECTION : 0;
- $time = time();
- $startTime = strtotime(START_DATE) - strtotime(date('d.m.Y')) + strtotime(START_TIME);
+ // încercăm varianta cu is_bcrypt (PHP 8.3)
+ $stmt = $this->dblink->prepare(
+ "INSERT INTO `".TB_PREFIX."users`
+ (id, username, password, access, email, timestamp, tribe, act, protect, lastupdate, regtime, desc2, is_bcrypt)
+ VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?)"
+ );
+ $is_bcrypt = 1;
+ $stmt->bind_param("issisiiiiiisi", $uid, $username, $password, $access, $email, $time, $tribe, $act, $protectionTime, $time, $time, $desc, $is_bcrypt);
+
+ if($stmt->execute()){
+ $id = $stmt->insert_id ?: $uid;
+ $stmt->close();
+ return $id;
+ }
+ $stmt->close();
- //If we're registering the Natars tribe, the protection must be 0
- $protectionTime = $uid != 3 ? (($startTime > $time) ? $stime : $time) + PROTECTION : 0;
-
- $q = "INSERT INTO " . TB_PREFIX . "users (id, username, password, access, email, timestamp, tribe, act, protect, lastupdate, regtime, desc2, is_bcrypt) VALUES ($uid, '$username', '$password', " . USER . ", '$email', $time, $tribe, '$act', $protectionTime, $time, $time, '$desc', 1)";
-
- if(mysqli_query($this->dblink, $q)) return mysqli_insert_id($this->dblink);
- else
- {
- // if an error has occured, we probably don't have DB converted to handle bcrypt passwords yet
- $q = "INSERT INTO " . TB_PREFIX . "users (id, username, password, access, email, timestamp, tribe, act, protect, lastupdate, regtime, desc2) VALUES ($uid, '$username', '$password', " . USER . ", '$email', $time, $tribe, '$act', $protectionTime, $time, $time, '$desc')";
- if(mysqli_query($this->dblink, $q)) return mysqli_insert_id($this->dblink);
- else return false;
- }
- }
+ // fallback pentru DB vechi fără coloana is_bcrypt
+ $stmt2 = $this->dblink->prepare(
+ "INSERT INTO `".TB_PREFIX."users`
+ (id, username, password, access, email, timestamp, tribe, act, protect, lastupdate, regtime, desc2)
+ VALUES (?,?,?,?,?,?,?,?,?,?,?,?)"
+ );
+ $stmt2->bind_param("issisiiiiiis", $uid, $username, $password, $access, $email, $time, $tribe, $act, $protectionTime, $time, $time, $desc);
+
+ if($stmt2->execute()){
+ $id = $stmt2->insert_id ?: $uid;
+ $stmt2->close();
+ return $id;
+ }
+ $stmt2->close();
+ return false;
+}
function activate($username, $password, $email, $tribe, $locate, $act, $act2) {
- list($username, $password, $email, $tribe, $locate, $act, $act2) = $this->escape_input($username, $password, $email, $tribe, $locate, $act, $act2);
+ $username = trim($username);
+ $email = filter_var($email, FILTER_VALIDATE_EMAIL) ?: '';
+ $tribe = (int)$tribe;
+ $locate = (int)$locate;
+ $time = time();
+ $access = USER;
- $time = time();
- $q = "INSERT INTO " . TB_PREFIX . "activate (username,password,access,email,tribe,timestamp,location,act,act2) VALUES ('$username', '$password', " . USER . ", '$email', " . (int) $tribe .", $time, $locate, '$act', '$act2')";
- if(mysqli_query($this->dblink,$q)) return mysqli_insert_id($this->dblink);
- else return false;
- }
+ $stmt = $this->dblink->prepare(
+ "INSERT INTO `".TB_PREFIX."activate`
+ (username,password,access,email,tribe,timestamp,location,act,act2)
+ VALUES (?,?,?,?,?,?,?,?,?)"
+ );
+ $stmt->bind_param("ssisiiiss", $username, $password, $access, $email, $tribe, $time, $locate, $act, $act2);
+
+ if($stmt->execute()){
+ $id = $stmt->insert_id;
+ $stmt->close();
+ return $id;
+ }
+ $stmt->close();
+ return false;
+}
function unreg($username) {
list($username) = $this->escape_input($username);
@@ -1223,19 +1262,23 @@ class MYSQLi_DB implements IDbConnection {
}
}
- function submitProfile($uid, $gender, $location, $birthday, $des1, $des2) {
- // temporarily replace newlines with placeholders, so they don't get escaped and backslashed stripped out of them
- $des1 = str_replace(['\\r', '\\n'], ['[!RETURN_CARRIAGE!]','[!NEW_LINE!]'], $des1);
- $des2 = str_replace(['\\r', '\\n'], ['[!RETURN_CARRIAGE!]','[!NEW_LINE!]'], $des2);
+ function submitProfile($uid, $gender, $location, $birthday, $desc1, $desc2) {
+ $uid = (int)$uid;
+ $gender = (int)$gender;
+ $location = mb_substr(trim($location), 0, 30, 'UTF-8');
+ $birthday = trim($birthday);
+ $desc1 = trim($desc1);
+ $desc2 = trim($desc2);
- list($uid, $gender, $location, $birthday, $des1, $des2) = $this->escape_input((int) $uid, (int) $gender, $location, $birthday, $des1, $des2);
-
- // return new lines and return carriages to descriptions
- $des1 = str_replace(['[!RETURN_CARRIAGE!]','[!NEW_LINE!]'], ['\\r', '\\n'], $des1);
- $des2 = str_replace(['[!RETURN_CARRIAGE!]','[!NEW_LINE!]'], ['\\r', '\\n'], $des2);
-
- $q = "UPDATE " . TB_PREFIX . "users set gender = $gender, location = '$location', birthday = '$birthday', desc1 = '$des1', desc2 = '$des2' where id = $uid";
- return mysqli_query($this->dblink,$q);
+ $stmt = $this->dblink->prepare(
+ "UPDATE `".TB_PREFIX."users`
+ SET gender = ?, location = ?, birthday = ?, desc1 = ?, desc2 = ?
+ WHERE id = ? LIMIT 1"
+ );
+ $stmt->bind_param("issssi", $gender, $location, $birthday, $desc1, $desc2, $uid);
+ $stmt->execute();
+ $stmt->close();
+ return true;
}
function gpack($uid, $gpack) {
@@ -1383,8 +1426,9 @@ class MYSQLi_DB implements IDbConnection {
* @return array Returns the created villages ID
*/
- function generateVillages($villageArrays, $uid, $username, $troopsArray = null, $buildingsArray = null){
- list($villageArrays, $uid, $username, $troopsArray, $buildingsArray) = $this->escape_input($villageArrays, (int) $uid, $username, $troopsArray, $buildingsArray);
+ function generateVillages($villageArrays, $uid, $username, $troopsArray = null, $buildingsArray = null){
+ $uid = (int)$uid;
+ $username = trim($username);
$wids = $takenWids = $countedWids = $generatedWids = $i = [];
@@ -1441,15 +1485,36 @@ class MYSQLi_DB implements IDbConnection {
*/
function addVillage($wid, $uid, $username, $capital, $pop = 2, $villageName = null, $isNatar = 0) {
- list($wid, $uid, $username, $capital, $pop, $villageName, $isNatar) = $this->escape_input((int) $wid, (int) $uid, $username, (int) $capital, (int) $pop, $villageName, (int) $isNatar);
+ $wid = (int)$wid;
+ $uid = (int)$uid;
+ $capital = (int)$capital;
+ $pop = (int)$pop;
+ $isNatar = (int)$isNatar;
+ $username = trim($username);
- $total = count($this->getVillagesID($uid));
- if($villageName == null) $villageName = $username."\'s village ".($total >= 1 ? $total + 1 : "");
+ $total = count($this->getVillagesID($uid));
+ if (empty($villageName)) {
+ // fără backslash, fără htmlentities – doar text curat
+ $villageName = $username . "'s village" . ($total >= 1 ? " " . ($total + 1) : "");
+ }
- $time = time();
- $q = "INSERT into " . TB_PREFIX . "vdata (wref, owner, name, capital, pop, cp, celebration, wood, clay, iron, maxstore, crop, maxcrop, lastupdate, created, natar) values ($wid, $uid, '$villageName', $capital, $pop, 1, 0, 750, 750, 750, ".STORAGE_BASE.", 750, ".STORAGE_BASE.", $time, $time, $isNatar)";
- return mysqli_query($this->dblink,$q);
- }
+ $time = time();
+ $storage = STORAGE_BASE;
+
+ $stmt = $this->dblink->prepare(
+ "INSERT INTO `".TB_PREFIX."vdata`
+ (wref, owner, name, capital, pop, cp, celebration, wood, clay, iron, maxstore, crop, maxcrop, lastupdate, created, natar)
+ VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)"
+ );
+ $cp = 1; $celebration = 0; $wood = 750; $clay = 750; $iron = 750; $crop = 750;
+ $stmt->bind_param("iisiiiiiiiiiiiii",
+ $wid, $uid, $villageName, $capital, $pop, $cp, $celebration,
+ $wood, $clay, $iron, $storage, $crop, $storage, $time, $time, $isNatar
+ );
+ $result = $stmt->execute();
+ $stmt->close();
+ return $result;
+}
/**
*
@@ -3928,14 +3993,20 @@ class MYSQLi_DB implements IDbConnection {
return mysqli_query($this->dblink,$q);
}
- function setVillageName($vid, $name) {
- list($vid, $name) = $this->escape_input((int) $vid, $name);
+ function setVillageName($vid, $name) {
+ $vid = (int)$vid;
+ $name = trim($name);
+ if ($name === '') return false;
+ $name = mb_substr($name, 0, 30, 'UTF-8');
- if(!empty($name)){
- $q = "UPDATE " . TB_PREFIX . "vdata set name = '$name' where wref = $vid";
- return mysqli_query($this->dblink, $q);
- }
- }
+ $stmt = $this->dblink->prepare(
+ "UPDATE `".TB_PREFIX."vdata` SET name = ? WHERE wref = ? LIMIT 1"
+ );
+ $stmt->bind_param("si", $name, $vid);
+ $result = $stmt->execute();
+ $stmt->close();
+ return $result;
+ }
function modifyPop($vid, $pop, $mode) {
list($vid, $pop, $mode) = $this->escape_input((int) $vid, (int) $pop, $mode);
@@ -8389,7 +8460,18 @@ References: User ID/Message ID, Mode
FROM ".TB_PREFIX."enforcement e
JOIN ".TB_PREFIX."vdata v ON v.wref = e.vref
WHERE v.owner = $uid
- AND e.from != e.vref";
+ AND e.from != e.vref
+ AND (
+ (e.u1 + e.u2 + e.u3 + e.u4 + e.u5 +
+ e.u6 + e.u7 + e.u8 + e.u9 + e.u10 +
+ e.u11 + e.u12 + e.u13 + e.u14 + e.u15 +
+ e.u16 + e.u17 + e.u18 + e.u19 + e.u20 +
+ e.u21 + e.u22 + e.u23 + e.u24 + e.u25 +
+ e.u26 + e.u27 + e.u28 + e.u29 + e.u30 +
+ e.u41 + e.u42 + e.u43 + e.u44 + e.u45 +
+ e.u46 + e.u47 + e.u48 + e.u49 + e.u50
+ ) > 0
+ )";
$res = mysqli_query($this->dblink,$q);
if(!$res){ die("SQL ERROR (REINFORCEMENTS): ".mysqli_error($this->dblink)); }
@@ -8511,6 +8593,19 @@ References: User ID/Message ID, Mode
if(!empty($row['timestamp']) && $row['timestamp'] > $time){
$errors[] = "ACCOUNT_DELETION";
}
+
+ // 10. Admin / Multihunter restriction
+ $q = "SELECT access FROM ".TB_PREFIX."users WHERE id=$uid";
+ $res = mysqli_query($this->dblink,$q);
+ if(!$res){ die("SQL ERROR (ACCESS): ".mysqli_error($this->dblink)); }
+
+ $row = mysqli_fetch_assoc($res);
+ $access = (int)$row['access'];
+
+ // 0 = user, 1 = sitter, 2 = mh, 3 = admin (depinde de serverul tău)
+ if($access >= 2){
+ $errors[] = "NO_VACATION_ACCESS";
+ }
return empty($errors) ? true : $errors;
}
diff --git a/GameEngine/Generator.php b/GameEngine/Generator.php
index 5af5f920..632026e0 100755
--- a/GameEngine/Generator.php
+++ b/GameEngine/Generator.php
@@ -192,27 +192,19 @@ class MyGenerator
/**
* Page load start time
*/
- public function pageLoadTimeStart()
- {
- if (isset($_SERVER["REQUEST_TIME_FLOAT"])) {
- return $_SERVER["REQUEST_TIME_FLOAT"];
- }
-
- $starttime = microtime(true);
- $startarray = explode(" ", $starttime);
-
- return $startarray[0];
+ public function pageLoadTimeStart() {
+
+ return $_SERVER["REQUEST_TIME_FLOAT"]?? microtime(true);
+
}
/**
* Page load end time
*/
- public function pageLoadTimeEnd()
- {
- $endtime = microtime(true);
- $endarray = explode(" ", $endtime);
-
- return $endarray[0];
+ public function pageLoadTimeEnd() {
+
+ return microtime(true);
+
}
}
diff --git a/GameEngine/Profile.php b/GameEngine/Profile.php
index 5a8519fc..4107d605 100755
--- a/GameEngine/Profile.php
+++ b/GameEngine/Profile.php
@@ -76,40 +76,35 @@ class Profile {
* Update player profile + village names
*/
private function updateProfile($post) {
- global $database, $session;
+ global $database, $session;
- $birthday = $post['jahr'] . '-' . $post['monat'] . '-' . $post['tag'];
+ $birthday = $post['jahr'] . '-' . $post['monat'] . '-' . $post['tag'];
+ $birthday = preg_match('/^\d{4}-\d{1,2}-\d{1,2}$/', $birthday) ? $birthday : '0';
- $database->submitProfile(
- $session->uid,
- $database->RemoveXSS($post['mw']),
- $database->RemoveXSS($post['ort']),
- $database->RemoveXSS($birthday),
- $database->RemoveXSS($post['be2']),
- $database->RemoveXSS($post['be1'])
- );
+ $mw = (int)($post['mw'] ?? 0);
+ $ort = trim($post['ort'] ?? '');
+ $be2 = trim($post['be2'] ?? ''); // descrierea stânga
+ $be1 = trim($post['be1'] ?? ''); // descrierea dreapta
- // Cache villages per request
- if (!isset(self::$cache['villages'][$session->uid])) {
- self::$cache['villages'][$session->uid] = $database->getProfileVillages($session->uid);
- }
+ $database->submitProfile($session->uid, $mw, $ort, $birthday, $be2, $be1);
- $varray = self::$cache['villages'][$session->uid];
- $cnt = count($varray);
+ // Cache villages
+ if (!isset(self::$cache['villages'][$session->uid])) {
+ self::$cache['villages'][$session->uid] = $database->getProfileVillages($session->uid);
+ }
+ $varray = self::$cache['villages'][$session->uid];
+ $cnt = count($varray);
- for ($i = 0; $i < $cnt; $i++) {
- if (!isset($post['dname' . $i])) continue;
-
- $database->setVillageName(
- $varray[$i]['wref'],
- $database->RemoveXSS(trim($post['dname' . $i]))
- );
- }
-
- header("Location: spieler.php?uid=" . $session->uid);
- exit;
- }
+ for ($i = 0; $i < $cnt; $i++) {
+ if (!isset($post['dname' . $i])) continue;
+ $newName = trim($post['dname' . $i]);
+ if ($newName === '') continue;
+ $database->setVillageName($varray[$i]['wref'], $newName);
+ }
+ header("Location: spieler.php?uid=" . $session->uid);
+ exit;
+}
/**
* Gpack settings
*/
diff --git a/Templates/Profile/profile.tpl b/Templates/Profile/profile.tpl
index 757c7149..e50dc3b5 100644
--- a/Templates/Profile/profile.tpl
+++ b/Templates/Profile/profile.tpl
@@ -95,9 +95,7 @@ maxlength="4" class="text year">
|
-
+
|
@@ -125,7 +123,7 @@ echo $session->userinfo['desc2'] ?? '';
Location |
|
@@ -145,7 +143,7 @@ for ($i = 0; $i < count($varray); $i++):
|
@@ -154,9 +152,7 @@ maxlength="30" class="text">
|
-
+
|
diff --git a/Templates/Profile/vacation.tpl b/Templates/Profile/vacation.tpl
index 808fd380..1abf3b29 100644
--- a/Templates/Profile/vacation.tpl
+++ b/Templates/Profile/vacation.tpl
@@ -132,7 +132,10 @@ function vac_ok($key, $errors)
Account is not scheduled for deletion
-
+
+
+ Account is Admin or MH
+