fix: wrong user ID being selected via getNotice2() & getNotice3()

#313
This commit is contained in:
Martin Ambrus
2017-11-17 23:15:12 +01:00
parent ffeeac3173
commit 8f979deba9
2 changed files with 61 additions and 68 deletions
+6 -19
View File
@@ -1576,30 +1576,17 @@ class MYSQLi_DB implements IDbConnection {
}
function getVillageID($uid, $use_cache = true) {
list($uid) = $this->escape_input((int) $uid);
// first of all, check if we should be using cache and whether the field
// required is already cached
if ($use_cache && ($cachedValue = self::returnCachedContent(self::$villageIDsCache, $uid)) && !is_null($cachedValue)) {
return $cachedValue[0];
}
$q = "SELECT wref FROM " . TB_PREFIX . "vdata WHERE owner = $uid";
$result = mysqli_query($this->dblink,$q);
$dbarray = mysqli_fetch_array($result);
self::$villageIDsCache[$uid] = [$dbarray]['wref'];
return self::$villageIDsCache[$uid][0];
// load cached value
return $this->getVillagesID($uid, $use_cache)[0];
}
function getVillagesID($uid, $use_cache = true) {
list($uid) = $this->escape_input((int) $uid);
// first of all, check if we should be using cache and whether the field
// required is already cached
if ($use_cache && ($cachedValue = self::returnCachedContent(self::$villageIDsCache, $uid)) && !is_null($cachedValue)) {
return $cachedValue[0]['wref'];
return $cachedValue;
}
$q = "SELECT wref from " . TB_PREFIX . "vdata where owner = $uid order by capital DESC,pop DESC";
@@ -3829,8 +3816,8 @@ class MYSQLi_DB implements IDbConnection {
$result = mysqli_query($this->dblink,$q);
$dbarray = mysqli_fetch_array($result);
self::$noticesCacheById[$id] = $dbarray[$field];
return self::$noticesCacheById[$id];
self::$noticesCacheById[$id] = $dbarray;
return self::$noticesCacheById[$id][$field];
}
function getNotice3($uid, $use_cache = true) {
@@ -3839,7 +3826,7 @@ class MYSQLi_DB implements IDbConnection {
// first of all, check if we should be using cache and whether the field
// required is already cached
if ($use_cache && ($cachedValue = self::returnCachedContent(self::$noticesCacheByUId, $uid)) && !is_null($cachedValue)) {
return $cachedValue[$field];
return $cachedValue;
}
$q = "SELECT * FROM " . TB_PREFIX . "ndata where uid = $uid ORDER BY time DESC";
+55 -49
View File
@@ -20,19 +20,19 @@ $message->noticeType($_GET);
$message->procNotice($_POST);
if(isset($_GET['newdid'])) {
$_SESSION['wid'] = $_GET['newdid'];
if(isset($_GET['t'])) {
header("Location: ".$_SERVER['PHP_SELF']."?t=".$_GET['t']);
exit;
}else if(isset($_GET['vill']) && isset($_GET['id'])) {
header("Location: ".$_SERVER['PHP_SELF']."?id=".$_GET['id']."&vill=".$_GET['vill']."");
exit;
}else if($_GET['id']!=0) {
header("Location: ".$_SERVER['PHP_SELF']."?id=".$_GET['id']);
exit;
}else{
header("Location: ".$_SERVER['PHP_SELF']);
exit;
}
if ( isset( $_GET['t'] ) ) {
header( "Location: " . $_SERVER['PHP_SELF'] . "?t=" . $_GET['t'] );
exit;
} else if ( isset( $_GET['vill'] ) && isset( $_GET['id'] ) ) {
header( "Location: " . $_SERVER['PHP_SELF'] . "?id=" . $_GET['id'] . "&vill=" . $_GET['vill'] . "" );
exit;
} else if ( $_GET['id'] != 0 ) {
header( "Location: " . $_SERVER['PHP_SELF'] . "?id=" . $_GET['id'] );
exit;
} else {
header( "Location: " . $_SERVER['PHP_SELF'] );
exit;
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
@@ -92,44 +92,50 @@ if(isset($_GET['t'])) {
?>
</div>
<?php
if(isset($_GET['aid'])){
if($_GET['aid']!=0){
if($session->alliance==$_GET['aid']){
if ( isset( $_GET['aid'] ) ) {
if(isset($_GET['id'])) {
$ally = $database->getNotice2(preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['id']), 'ally');
if($session->alliance==$ally){
$type = $database->getNotice2(preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['id']), 'ntype');
if($type!=10 or $type!=11 or $type!=12 or $type!=13 or $type!=14 or $type!=15 or $type!=16 or $type!=17){
include("Templates/Notice/".$type."x.tpl");
}
}
}
}
if ( $_GET['aid'] != 0 ) {
if ( $session->alliance == $_GET['aid'] ) {
if ( isset( $_GET['id'] ) ) {
$ally = $database->getNotice2( preg_replace( "/[^a-zA-Z0-9_-]/", "", $_GET['id'] ), 'ally' );
if ( $session->alliance == $ally ) {
$type = $database->getNotice2( preg_replace( "/[^a-zA-Z0-9_-]/", "", $_GET['id'] ), 'ntype' );
if ( $type != 10 or $type != 11 or $type != 12 or $type != 13 or $type != 14 or $type != 15 or $type != 16 or $type != 17 ) {
include( "Templates/Notice/" . $type . "x.tpl" );
}
}
}
}
}
} else if ( isset( $_GET['vill'] ) ) {
if ( isset( $_GET['id'] ) ) {
$ally = $database->getNotice2( $_GET['id'], 'ally' );
if ( $database->getNotice2( preg_replace( "/[^a-zA-Z0-9_-]/", "", $_GET['id'] ), 'uid' ) == $session->uid ) {
$type = ( $message->readingNotice['ntype'] == 9 ) ? $message->readingNotice['archive'] : $message->readingNotice['ntype'];
include( "Templates/Notice/" . $type . ".tpl" );
} else if ( $session->alliance == $ally ) {
$type = $database->getNotice2( $_GET['id'], 'ntype' );
if ( $type != 10 or $type != 11 or $type != 12 or $type != 13 or $type != 14 or $type != 15 or $type != 16 or $type != 17 ) {
include( "Templates/Notice/" . $type . "x.tpl" );
}
}
}
} else if ( isset( $_GET['id'] ) ) {
if ( $database->getNotice2( preg_replace( "/[^a-zA-Z0-9_-]/", "", $_GET['id'] ), 'uid' ) == $session->uid ) {
$type = ( $message->readingNotice['ntype'] == 9 ) ? $message->readingNotice['archive'] : $message->readingNotice['ntype'];
include( "Templates/Notice/" . $type . ".tpl" );
}
} else {
include( "Templates/Notice/all.tpl" );
}
}else if(isset($_GET['vill'])){
if(isset($_GET['id'])) {
$ally = $database->getNotice2($_GET['id'], 'ally');
if($database->getNotice2(preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['id']), 'uid') == $session->uid){
$type = ($message->readingNotice['ntype'] == 9)? $message->readingNotice['archive'] : $message->readingNotice['ntype'];
include("Templates/Notice/".$type.".tpl");
}else if($session->alliance==$ally){
$type = $database->getNotice2($_GET['id'], 'ntype');
if($type!=10 or $type!=11 or $type!=12 or $type!=13 or $type!=14 or $type!=15 or $type!=16 or $type!=17){
include("Templates/Notice/".$type."x.tpl");
}
}
}
}else if(isset($_GET['id'])) {
if($database->getNotice2(preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['id']), 'uid') == $session->uid){
$type = ($message->readingNotice['ntype'] == 9)? $message->readingNotice['archive'] : $message->readingNotice['ntype'];
include("Templates/Notice/".$type.".tpl");
}
} else {
include("Templates/Notice/all.tpl");
}
?>
</div>