From c271b32f61037360a849114c070f65940921cd77 Mon Sep 17 00:00:00 2001
From: cosme12 <aaadiego502@gmail.com>
Date: Sat, 29 Aug 2015 14:38:16 -0300
Subject: [PATCH] Quest exploit fix

---
 Templates/Ajax/quest_core25.tpl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Templates/Ajax/quest_core25.tpl b/Templates/Ajax/quest_core25.tpl
index ac83f032..4beaeee6 100644
--- a/Templates/Ajax/quest_core25.tpl
+++ b/Templates/Ajax/quest_core25.tpl
@@ -47,6 +47,7 @@ if (isset($qact)){
 	if ($check_quest==$qact) {
 		//avoid hacking gold, resources or reward -- added by Ronix
 	}else {
+		if ($qact > $_SESSION['qst'] || !is_numeric($qact)){
 		switch($qact) {
 		case 'enter':
 			$database->updateUserField($_SESSION['username'],'quest','1',0);
@@ -400,7 +401,7 @@ if (isset($qact)){
 			$gold+=20;
 			$database->updateUserField($_SESSION['username'],'gold',$gold,0);
 			break;
-		}	
+		}}	
 	}
 }