diff --git a/Admin/Templates/gold.tpl b/Admin/Templates/gold.tpl index d0c17606..320c2ea4 100644 --- a/Admin/Templates/gold.tpl +++ b/Admin/Templates/gold.tpl @@ -4,6 +4,7 @@ ## --------------------------------------------------------------------------- ## ## Filename gold.tpl ## ## Developed by: aggenkeech ## +## Refactored by: Shadow ## ## License: TravianZ Project ## ## Copyright: TravianZ (c) 2010-2025. All rights reserved. ## ## ## diff --git a/Admin/Templates/usergold.tpl b/Admin/Templates/usergold.tpl index 4e9fea35..7daf47de 100644 --- a/Admin/Templates/usergold.tpl +++ b/Admin/Templates/usergold.tpl @@ -1,69 +1,36 @@ - +?>
- + - - - - - - - + - - + + - - + + - +
Give Free gold for specific user
Amount
Give Free gold for specific user
-
- How much gold? -
- 		-
-   - Gold -
-
How much gold?
+   + Gold +
-
- For which user (id)? -
- 		-
-   -
-
For which user (id)?
-
- -
-
+ +
-
Gold Added'; - } -?> \ No newline at end of file +
Gold Added'; } ?> \ No newline at end of file diff --git a/GameEngine/Admin/Mods/additional.php b/GameEngine/Admin/Mods/additional.php index d213fde7..966175bf 100755 --- a/GameEngine/Admin/Mods/additional.php +++ b/GameEngine/Admin/Mods/additional.php @@ -1,51 +1,78 @@ getUserField($id, 'gold', 1); +$diffGold = $newGold - $oldGold; + +// --- UPDATE USER (prepared-style, fără escape manual) --- +$database->query(" + UPDATE ".TB_PREFIX."users SET + access = $access, + gold = $newGold, + sit1 = $sit1, + sit2 = $sit2, + protect = $protect, + cp = $cp, + ap = $ap, + dp = $dp, + RR = $rr, + apall = $apall, + dpall = $dpall + WHERE id = $id +"); + +// --- LOG GOLD dacă s-a modificat --- +if($diffGold!== 0){ + $vill = $database->getVillagesID($id); + $wid = $vill[0]?? 0; + $action = $diffGold > 0? 'Admin added Gold' : 'Admin removed Gold'; + $details = 'Admin adjustment by '.($session->username?? 'Admin'); + $now = time(); + + $database->query(" + INSERT INTO ".TB_PREFIX."gold_fin_log + (wid, uid, action, gold, time, details) + VALUES ($wid, $id, '$action', $diffGold, $now, '$details') + "); } -if($_SESSION['access'] != ADMIN) die("

Access Denied: You are not Admin!

"); - -foreach ($_POST as $key => $value) { - $_POST[$key] = $database->escape($value); -} - -$access = (int) $_POST['access']; -$dur = (int) $_POST['protect'] * 86400; -$protection = (time() + $dur); - -mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET - access = ".$access.", - gold = ".(int) $_POST['gold'].", - sit1 = '".(int) $_POST['sitter1']."', - sit2 = '".(int) $_POST['sitter2']."', - protect = '".$protection."', - cp = ".(int) $_POST['cp'].", - ap = '".(int) $_POST['off']."', - dp = '".(int) $_POST['def']."', - RR = '".(int) $_POST['res']."', - apall = '".(int) $_POST['ooff']."', - dpall = '".(int) $_POST['odef']."' - WHERE id = ".$id) or die(mysqli_error($database->dblink)); - -header("Location: ../../../Admin/admin.php?p=player&uid=".$id.""); -?> \ No newline at end of file +// --- REDIRECT --- +header("Location:../../../Admin/admin.php?p=player&uid=".$id); +exit; \ No newline at end of file diff --git a/GameEngine/Admin/Mods/gold.php b/GameEngine/Admin/Mods/gold.php index d9255b5b..76597cf7 100755 --- a/GameEngine/Admin/Mods/gold.php +++ b/GameEngine/Admin/Mods/gold.php @@ -2,8 +2,9 @@ ################################################################################# ## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ## ## --------------------------------------------------------------------------- ## -## Filename gold.php ## +## Filename gold.php ## ## Developed by: aggenkeech ## +## Refactored by: Shadow ## ## License: TravianZ Project ## ## Copyright: TravianZ (c) 2010-2025. All rights reserved. ## ## ## @@ -14,28 +15,47 @@ include_once("../../config.php"); error_reporting(E_ALL); -// go max 5 levels up - we don't have folders that go deeper than that +// autoloader $autoprefix = ''; for ($i = 0; $i < 5; $i++) { $autoprefix = str_repeat('../', $i); - if (file_exists($autoprefix.'autoloader.php')) { - // we have our path, let's leave - break; - } + if (file_exists($autoprefix.'autoloader.php')) break; } - include_once($autoprefix."GameEngine/Database.php"); -$session = (int) $_POST['admid']; +$admid = (int)($_POST['admid'] ?? 0); +$amount = (int)($_POST['gold'] ?? 0); -$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); -$access = mysqli_fetch_array($sql); -$sessionaccess = $access['access']; +if($amount == 0){ + header("Location: ../../../Admin/admin.php?p=gold"); + exit; +} -if($sessionaccess != 9) die("

Access Denied: You are not Admin!

"); +// verificare admin +$check = mysqli_query($GLOBALS["link"], "SELECT access, username FROM ".TB_PREFIX."users WHERE id = $admid"); +$acc = mysqli_fetch_assoc($check); +if(!$acc || $acc['access'] != 9) die("

Access Denied

"); -$q = "UPDATE ".TB_PREFIX."users SET gold = gold + ".(int) $_POST['gold']." WHERE id != '0'"; -mysqli_query($GLOBALS["link"], $q) or die(mysqli_error($database->dblink)); +// 1. UPDATE gold la toți (id > 3 = sare peste Natars etc) +mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET gold = gold + $amount WHERE id > 3") or die(mysqli_error($GLOBALS["link"])); + +// 2. LOG în admin_log +mysqli_query($GLOBALS["link"], "INSERT INTO ".TB_PREFIX."admin_log VALUES (0, $admid, 'Added $amount gold to ALL players', ".time().")"); + +// 3. LOG în gold_fin_log pentru fiecare jucător +$users = mysqli_query($GLOBALS["link"], "SELECT id FROM ".TB_PREFIX."users WHERE id > 3"); +$now = time(); +$adminName = $acc['username']; +$details = mysqli_real_escape_string($GLOBALS["link"], 'Mass gift by '.$adminName); + +while($u = mysqli_fetch_assoc($users)){ + $uid = (int)$u['id']; + $vill = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT wref FROM ".TB_PREFIX."vdata WHERE owner = $uid LIMIT 1")); + $wid = (int)($vill['wref'] ?? 0); + + mysqli_query($GLOBALS["link"], "INSERT INTO ".TB_PREFIX."gold_fin_log (wid, uid, action, gold, time, details) VALUES ($wid, $uid, 'Admin added Gold', $amount, $now, '$details')"); +} header("Location: ../../../Admin/admin.php?p=gold&g"); +exit; ?> \ No newline at end of file diff --git a/GameEngine/Admin/Mods/gold_1.php b/GameEngine/Admin/Mods/gold_1.php index e4672caa..710ec24a 100755 --- a/GameEngine/Admin/Mods/gold_1.php +++ b/GameEngine/Admin/Mods/gold_1.php @@ -1,39 +1,47 @@ Access Denied"); -$session = (int) $_POST['admid']; -$id = (int) $_POST['id']; +// 1. UPDATE GOLD +mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET gold = gold + $amount WHERE id = $id") or die(mysqli_error($GLOBALS["link"])); -$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session.""); -$access = mysqli_fetch_array($sql); -$sessionaccess = $access['access']; +// 2. ADMIN LOG +$name = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT username FROM ".TB_PREFIX."users WHERE id = $id"))['username']; +$name = mysqli_real_escape_string($GLOBALS["link"], $name); +mysqli_query($GLOBALS["link"], "INSERT INTO ".TB_PREFIX."admin_log VALUES (0, $admid, 'Added $amount gold to user $name', ".time().")"); -if($sessionaccess != 9) die("

Access Denied: You are not Admin!

"); +// 3. GOLD_FIN_LOG (pentru a2b2.php) +$vill = mysqli_fetch_assoc(mysqli_query($GLOBALS["link"], "SELECT wref FROM ".TB_PREFIX."vdata WHERE owner = $id LIMIT 1")); +$wid = (int)($vill['wref'] ?? 0); +$action = $amount > 0 ? 'Admin added Gold' : 'Admin removed Gold'; +$adminName = $acc['username']; +$details = mysqli_real_escape_string($GLOBALS["link"], 'Admin gift by '.$adminName); +$now = time(); -mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET gold = gold + ".(int) $_POST['gold']." WHERE id = ".$id.""); +mysqli_query($GLOBALS["link"], "INSERT INTO ".TB_PREFIX."gold_fin_log (wid, uid, action, gold, time, details) VALUES ($wid, $id, '$action', $amount, $now, '$details')") or die(mysqli_error($GLOBALS["link"])); header("Location: ../../../Admin/admin.php?p=usergold&g"); +exit; ?> \ No newline at end of file diff --git a/GameEngine/Building.php b/GameEngine/Building.php index 2918277d..896d6856 100755 --- a/GameEngine/Building.php +++ b/GameEngine/Building.php @@ -1748,16 +1748,18 @@ class Building { // gold update if ($countMasterGold || $countPlus2Gold) { + $spent = ($countMasterGold && $countPlus2Gold) ? 3 : 2; + $newgold = $session->gold - $spent; - $newgold = $session->gold - - (($countMasterGold && $countPlus2Gold) ? 3 : 2); + $database->updateUserField($session->uid, 'gold', $newgold, 1); - $database->updateUserField( - $session->uid, - 'gold', - $newgold, - 1 - ); + // LOG complet + $database->query("INSERT INTO ".TB_PREFIX."gold_fin_log + (wid, uid, action, gold, time, details) + VALUES (".$village->wid.", ".$session->uid.", 'Finish all constructions', -".$spent.", ".time().", 'Finish construction and research with gold')"); + + $session->gold = $newgold; + $_SESSION['gold'] = $newgold; } // un singur query diff --git a/a2b.php b/a2b.php index 69205e9e..3299bece 100644 --- a/a2b.php +++ b/a2b.php @@ -14,9 +14,9 @@ $start_timer = $generator->pageLoadTimeStart(); ## Developed by: Dzoki & Advocaite & Donnchadh ## ## Reworked by: Shadow ## ## License: TravianZ Project ## -## Copyright: TravianZ (c) 2010-2018. All rights reserved. ## -## URLs: http://travian.shadowss.ro ## -## Source code: https://github.com/Shadowss/TravianZ ## +## Copyright: TravianZ (c) 2010-2026. All rights reserved. ## +## URLs: https://travianz.org ## +## https://github.com/Shadowss/TravianZ ## ## ## ################################################################################# diff --git a/a2b2.php b/a2b2.php index 43b371c6..eb6d367a 100644 --- a/a2b2.php +++ b/a2b2.php @@ -5,376 +5,290 @@ $start_timer = $generator->pageLoadTimeStart(); ################################################################################# ## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ## ## --------------------------------------------------------------------------- ## -## Project: TravianZ ## -## Filename a2b2.php ## -## Developed by: Dzoki ## -## License: TravianZ Project ## -## Copyright: TravianZ (c) 2010-2026. All rights reserved. ## -## URLs: http://travian.shadowss.ro ## -## Source code: https://github.com/Shadowss/TravianZ ## +## Project: TravianZ ## +## Version: 18.05.2026 ## +## Filename: a2b2.php ## +## Developed by: Dzoki ## +## Refactored by: Shadow ## +## License: TravianZ Project ## +## Copyright: TravianZ (c) 2010-2026. All rights reserved. ## +## URLs: https://travianz.org ## +## https://github.com/Shadowss/TravianZ ## ## ## ################################################################################# use App\Utils\AccessLogger; - include_once("GameEngine/Village.php"); AccessLogger::logRequest(); -$amount = $_SESSION['amount']; -if(isset($_GET['newdid'])) { - $_SESSION['wid'] = $_GET['newdid']; - header("Location: ".$_SERVER['PHP_SELF']); - exit; +$uid = (int)$session->uid; +$amount = (int)($_SESSION['amount'] ?? 0); + +$packages = [ + 199 => 60, + 499 => 120, + 999 => 360, + 1999 => 1000, + 4999 => 2000 +]; + +if (isset($_GET['newdid'])) { + $_SESSION['wid'] = (int)$_GET['newdid']; + header("Location: a2b2.php"); + exit; +} + +$building->procBuild($_GET); + +$transactionProcessed = false; +$oldBalance = 0; +$newBalance = 0; +$goldAdded = 0; + +if (isset($packages[$amount]) && $amount > 0) { + $goldAdded = $packages[$amount]; + + $result = mysqli_query($database->dblink, "SELECT gold FROM " . TB_PREFIX . "users WHERE id = $uid LIMIT 1"); + $user = mysqli_fetch_assoc($result); + $oldBalance = (int)$user['gold']; + + mysqli_query($database->dblink, "UPDATE " . TB_PREFIX . "users SET gold = gold + $goldAdded WHERE id = $uid"); + + $result = mysqli_query($database->dblink, "SELECT gold FROM " . TB_PREFIX . "users WHERE id = $uid LIMIT 1"); + $user = mysqli_fetch_assoc($result); + $newBalance = (int)$user['gold']; + + $transactionProcessed = true; + $_SESSION['amount'] = 0; } -else $building->procBuild($_GET); ?> - + - <?php echo SERVER_NAME . ' - Account transactions' ?> - - - - - - - - - - - - gpack == null || GP_ENABLE == false) { - echo " - - "; - } else { - echo " - - "; - } - ?> - + + + + - window.addEvent('domready', start); - + gpack == null || GP_ENABLE == false) { + echo ''; + echo ''; + } else { + echo ''; + echo ''; + } + ?> + - + +
- -
-
- -
- - -

Account transactions

-
-dblink,"SELECT * FROM ".TB_PREFIX."users WHERE `id`='".$session->uid."'") or die(mysqli_error($database->dblink)); -$golds = mysqli_fetch_array($MyGold); -$goldnow = $golds['6'] + 60; -mysqli_query($database->dblink,"UPDATE ".TB_PREFIX."users set gold = '".$goldnow."' where `id`='".$session->uid."'") or die(mysqli_error($database->dblink)); -$MyGold = mysqli_query($database->dblink,"SELECT * FROM ".TB_PREFIX."users WHERE `id`='".$session->uid."'") or die(mysqli_error($database->dblink)); -$golds1 = mysqli_fetch_array($MyGold); -?>

Thank you for your purchase here at

Below you see the entry record. Out of it, you can observe your old as well as your new account balance.

- - - + +
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Record of
DescriptionGoldActionGoldDate
  Account Balance (old)
 
 
 
 
 
Package
60 Gold
 
  Account Balance (new)
 
 
-

Please verify the information.
It will let us know if the data is incorrect.

-

Please mail your username, package, order time and email used to our billing address.

- - -} -if ($amount == 499) { -// Statement retrieve Gold Package B -$MyGold = mysqli_query($database->dblink,"SELECT * FROM ".TB_PREFIX."users WHERE `id`='".$session->uid."'") or die(mysqli_error($database->dblink)); -$golds = mysqli_fetch_array($MyGold); -$goldnow = $golds['6'] + 120; -mysqli_query($database->dblink,"UPDATE ".TB_PREFIX."users set gold = '".$goldnow."' where `id`='".$session->uid."'") or die(mysqli_error($database->dblink)); -$MyGold = mysqli_query($database->dblink,"SELECT * FROM ".TB_PREFIX."users WHERE `id`='".$session->uid."'") or die(mysqli_error($database->dblink)); -$golds1 = mysqli_fetch_array($MyGold); -?>

Thank you for your purchase here at .

Below you see the entry record. Out of it, you can observe your old as well as your new account balance.

- - - +
+ + -
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
Record of
DescriptionGoldActionGoldDate
  Account Balance (old)
 
 
 
 
 
Package
60 Gold
 
  Account Balance (new)
 
 
-

Please verify the information.
It will let us know if the data is incorrect.

-

Please mail your username, package, order time and email used to our billing address.

-dblink,"SELECT * FROM ".TB_PREFIX."users WHERE `id`='".$session->uid."'") or die(mysqli_error($database->dblink)); -$golds = mysqli_fetch_array($MyGold); -$goldnow = $golds['6'] + 360; -mysqli_query($database->dblink,"UPDATE ".TB_PREFIX."users set gold = '".$goldnow."' where `id`='".$session->uid."'") or die(mysqli_error($database->dblink)); -$MyGold = mysqli_query($database->dblink,"SELECT * FROM ".TB_PREFIX."users WHERE `id`='".$session->uid."'") or die(mysqli_error($database->dblink)); -$golds1 = mysqli_fetch_array($MyGold); -?>

Thank you for your purchase here at .

Below you see the entry record. Out of it, you can observe your old as well as your new account balance.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Record of
DescriptionGoldActionGoldDate
  Account Balance (old)
 
 
 
 
 
Package
60 Gold
 
  Account Balance (new)
 
 
-

Please verify the information.
It will let us know if the data is incorrect.

-

Please mail your username, package, order time and email used to our billing address.

-dblink,"SELECT * FROM ".TB_PREFIX."users WHERE `id`='".$session->uid."'") or die(mysqli_error($database->dblink)); -$golds = mysqli_fetch_array($MyGold); -$goldnow = $golds['6'] + 1000; -mysqli_query($database->dblink,"UPDATE ".TB_PREFIX."users set gold = '".$goldnow."' where `id`='".$session->uid."'") or die(mysqli_error($database->dblink)); -$MyGold = mysqli_query($database->dblink,"SELECT * FROM ".TB_PREFIX."users WHERE `id`='".$session->uid."'") or die(mysqli_error($database->dblink)); -$golds1 = mysqli_fetch_array($MyGold); -?>

Thank you for your purchase here at .

Below you see the entry record. Out of it, you can observe your old as well as your new account balance.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Record of
DescriptionGoldActionGoldDate
  Account Balance (old)
 
 
 
 
 
Package
60 Gold
 
  Account Balance (new)
 
 
-

Please verify the information.
It will let us know if the data is incorrect.

-

Please mail your username, package, order time and email used to our billing address.

-dblink,"SELECT * FROM ".TB_PREFIX."users WHERE `id`='".$session->uid."'") or die(mysqli_error($database->dblink)); -$golds = mysqli_fetch_array($MyGold); -$goldnow = $golds['6'] + 2000; -mysqli_query($database->dblink,"UPDATE ".TB_PREFIX."users set gold = '".$goldnow."' where `id`='".$session->uid."'") or die(mysqli_error($database->dblink)); -$MyGold = mysqli_query($database->dblink,"SELECT * FROM ".TB_PREFIX."users WHERE `id`='".$session->uid."'") or die(mysqli_error($database->dblink)); -$golds1 = mysqli_fetch_array($MyGold); -?>

Thank you for your purchase here at .

Below you see the entry record. Out of it, you can observe your old as well as your new account balance.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Record of
DescriptionGoldActionGoldDate
  Account Balance (old)
 
 
 
 
 
Package
60 Gold
 
  Account Balance (new)
 
 
-

Please verify the information.
It will let us know if the data is incorrect.

-

Please mail your username, package, order time and email used to our billing address.

-dblink,"SELECT * FROM ".TB_PREFIX."users WHERE `id`='".$session->uid."'") or die(mysqli_error($database->dblink)); - $golds = mysqli_fetch_array($MyGold); - ?> +

Account transactions

+ +
+ + +

Thank you for your purchase here at .

+

Below you see the entry record. Out of it, you can observe your old as well as your new account balance.

-

Here you can see your current account statement.

- - - +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Record of
DescriptionGoldActionGoldDate
  Account Balance (old)
 
 
 
 
 
Package
Gold
 
  Account Balance (new)
 
 
- Record of - - - DescriptionGoldActionGoldDate - - - - Current account balance -
     
-
Account inquiry
-
-
- - -

Please verify the information.
It will let us know if the data is incorrect.

-

Please mail your username, package, order time and email used to our billing address.

- Please verify the information.
It will let us know if the data is incorrect.

+

Please mail your username, package, order time and email used to + our billing address.

-?> - + + + dblink, "SELECT gold FROM ".TB_PREFIX."users WHERE id = $uid LIMIT 1"); + $golds = mysqli_fetch_assoc($result); + + $stats = mysqli_fetch_assoc(mysqli_query($database->dblink, " + SELECT + SUM(CASE WHEN gold > 0 THEN gold ELSE 0 END) as received, + SUM(CASE WHEN gold < 0 THEN -gold ELSE 0 END) as spent + FROM ".TB_PREFIX."gold_fin_log WHERE uid = $uid + ")); + + $received = (int)($stats['received'] ?? 0); + $spent = (int)($stats['spent'] ?? 0); + ?> +

Here you can see your current account statement.

+

Current balance: Gold +   |   Total received: + +   |   Total spent: -

+ + + + + + + + + + + + + + + + + + + dblink, + "SELECT l.*, v.name as vname + FROM ".TB_PREFIX."gold_fin_log l + LEFT JOIN ".TB_PREFIX."vdata v ON v.wref = l.wid + WHERE l.uid = $uid + ORDER BY l.time DESC + LIMIT 200" + ); + + $balance = (int)$golds['gold']; + + if (mysqli_num_rows($q) > 0) { + while ($r = mysqli_fetch_assoc($q)) { + $date = date('d.m.Y H:i:s', $r['time']); + $villageName = !empty($r['vname']) ? htmlspecialchars($r['vname'], ENT_QUOTES, 'UTF-8') : '-'; + $action = htmlspecialchars($r['action'], ENT_QUOTES, 'UTF-8'); + $details = htmlspecialchars(($r['details'] ?? ''), ENT_QUOTES, 'UTF-8'); + $gold = (int)$r['gold']; + + if (stripos($details, 'Mass gift') !== false) { + $action = 'Admin Gift (All)'; + $details = str_replace('Mass gift by ', 'by ', $details); + } elseif (stripos($details, 'gift by') !== false) { + $action = 'Admin Gift'; + } + + $color = $gold < 0 ? '#FF6F0F' : '#71D000'; + $sign = $gold > 0 ? '+' : ''; + + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + + $balance -= $gold; + } + } else { + echo ' + + + '; + } + ?> + + +
Gold history
Date & TimeVillageActionDetails + Gold + Balance
'.$date.'
'.$villageName.'
'.$action.'
'.$details.'
'.$sign.$gold.'
'.$balance.'
+
+ No transactions yet. +
+
+ +

Please verify the information.
It will let us know if the data is incorrect.

+

Please mail your username, package, order time and email used to + our billing address.

+ +
+
+ +



+ +
+


"; + include("Templates/links.tpl"); + } + ?> +
+ +
+
-
- -



-


"; - include("Templates/links.tpl"); -} -?> -
-
-
-
-
-
- pageLoadTimeEnd()-$start_timer)*1000); -?> ms -
-
-
+
+
+
+ pageLoadTimeEnd() - $start_timer) * 1000); ?> ms +
+
+
- + \ No newline at end of file