From c3049f7f1ab52ef08e7617de1bb913429ff61ef7 Mon Sep 17 00:00:00 2001
From: Catalin Novgorodschi <1140613+Shadowss@users.noreply.github.com>
Date: Wed, 22 Apr 2026 12:24:26 +0300
Subject: [PATCH] Fix alliance Assign to position and Changepos

Code and Fix alliance Assign to position and Changepos
---
 GameEngine/Alliance.php          | 80 ++++++++++++++++++++++----------
 GameEngine/Database.php          | 19 ++++----
 Templates/Alliance/assignpos.tpl | 80 ++++++++++++++++++--------------
 Templates/Alliance/changepos.tpl |  2 +-
 4 files changed, 111 insertions(+), 70 deletions(-)
diff --git a/GameEngine/Alliance.php b/GameEngine/Alliance.php
index 5ee3dc77..74a2de41 100755
--- a/GameEngine/Alliance.php
+++ b/GameEngine/Alliance.php
@@ -178,6 +178,10 @@ class Alliance {
 			exit;
 		}
 		
+		/*****************************************
+		Function to process of sending Forms
+		*****************************************/
+		
 		public function procAlliForm($post) {
 			if(isset($post['ft'])) {
 				switch($post['ft']) {
@@ -185,9 +189,7 @@ class Alliance {
 						$this->createAlliance($post);
 						break;
 				}
-
-			}
-			
+							}
 			if(isset($post['dipl']) && isset($post['a_name'])) $this->changediplomacy($post);
 
 			if(isset($post['s'])) {
@@ -424,30 +426,58 @@ class Alliance {
 		/*****************************************
 		Function to change the user permissions
 		*****************************************/
-		private function changeUserPermissions($post)
-		{
+		private function changeUserPermissions($post){
 			global $database, $session, $form;
-
-			if($this->userPermArray['opt1'] == 0) $form->addError("perm", NO_PERMISSION);	
-			elseif($database->getUserField($post['a_user'], "alliance", 0) != $session->alliance) $form->addError("perm", USER_NOT_IN_YOUR_ALLY);		
-			elseif($post['a_user'] == $session->uid) $form->addError("perm", CANT_EDIT_YOUR_PERMISSIONS);
-			elseif($database->isAllianceOwner($_POST['a_user'])) $form->addError("perm", CANT_EDIT_LEADER_PERMISSIONS);
-			else 
-			{
-			    $database->updateAlliPermissions($post['a_user'], $session->alliance, $post['a_titel'], $post['e1'], $post['e2'], $post['e3'], $post['e4'], $post['e5'], $post['e6'], $post['e7']);
-				// log the notice
-			    $database->insertAlliNotice($session->alliance, '<a href="spieler.php?uid='.$session->uid.'">'.addslashes($session->username).'</a> has changed permissions of <a href="spieler.php?uid='.$post['a_user'].'">'.addslashes($database->getUserField($post['a_user'], "username", 0)).'</a>.');
-			    $form->addError("perm", ALLY_PERMISSIONS_UPDATED);
-			}
-			
-			if($form->returnErrors() > 0) 
-			{
-			    $_SESSION['errorarray'] = $form->getErrors();
-			    $_SESSION['valuearray'] = $post;
-			    header("Location: allianz.php?s=5");
-			    exit;
-			}
+		if($this->userPermArray['opt1'] == 0) {
+        $form->addError("perm", NO_PERMISSION);
 		}
+		elseif($database->getUserField($post['a_user'], "alliance", 0) != $session->alliance) {
+        $form->addError("perm", USER_NOT_IN_YOUR_ALLY);
+		}
+		elseif($post['a_user'] == $session->uid) {
+        $form->addError("perm", CANT_EDIT_YOUR_PERMISSIONS);
+		}
+		elseif($database->isAllianceOwner($post['a_user'])) {
+        $form->addError("perm", CANT_EDIT_LEADER_PERMISSIONS);
+		}
+		else
+		{
+        // normalize checkbox values (CRITICAL FIX)
+        $opt1 = isset($post['e1']) ? 1 : 0;
+        $opt2 = isset($post['e2']) ? 1 : 0;
+        $opt3 = isset($post['e3']) ? 1 : 0;
+        $opt4 = isset($post['e4']) ? 1 : 0;
+        $opt5 = isset($post['e5']) ? 1 : 0;
+        $opt6 = isset($post['e6']) ? 1 : 0;
+        $opt7 = isset($post['e7']) ? 1 : 0;
+        $rank = isset($post['a_titel']) ? $post['a_titel'] : '';
+        $ok = $database->updateAlliPermissions(
+            (int)$post['a_user'],
+            (int)$session->alliance,
+            $rank,
+            $opt1,$opt2,$opt3,$opt4,$opt5,$opt6,$opt7
+        );
+        if(!$ok) {
+            $form->addError("perm", "DB UPDATE FAILED");
+        } else {
+            $database->insertAlliNotice(
+                $session->alliance,
+                '<a href="spieler.php?uid='.$session->uid.'">'.
+                addslashes($session->username).
+                '</a> has changed permissions of '.
+                addslashes($database->getUserField($post['a_user'], "username", 0)).'.'
+            );
+            $_SESSION['success'] = ALLY_PERMISSIONS_UPDATED;
+        }
+    }
+    if($form->returnErrors() > 0)
+    {
+        $_SESSION['errorarray'] = $form->getErrors();
+        $_SESSION['valuearray'] = $post;
+        header("Location: allianz.php?s=5");
+        exit;
+    }
+}
 		/*****************************************
 		Function to kick a user from alliance
 		*****************************************/
diff --git a/GameEngine/Database.php b/GameEngine/Database.php
index 84a1c607..71b1d5a4 100755
--- a/GameEngine/Database.php
+++ b/GameEngine/Database.php
@@ -3309,10 +3309,10 @@ public function getBestOasisCropBonus($x, $y) {
 	Function to update alliance permissions
 	References:
 	*****************************************/
-	function updateAlliPermissions($uid, $aid, $rank, $opt1, $opt2, $opt3, $opt4, $opt5, $opt6, $opt7) {
-	    list($uid, $aid, $rank, $opt1, $opt2, $opt3, $opt4, $opt5, $opt6, $opt7) = $this->escape_input((int) $uid, (int) $aid, $rank, $opt1, $opt2, $opt3, $opt4, $opt5, $opt6, $opt7);
-
-        // update cache
+	
+	function updateAlliPermissions($uid, $aid, $rank, $opt1, $opt2, $opt3, $opt4, $opt5, $opt6, $opt7){
+		list($uid, $aid, $rank, $opt1, $opt2, $opt3, $opt4, $opt5, $opt6, $opt7) = $this->escape_input((int)$uid, (int)$aid, $rank, $opt1, $opt2, $opt3, $opt4, $opt5, $opt6, $opt7);
+		        // update cache
         if (isset(self::$alliancePermissionsCache[$uid.$aid])) {
             self::$alliancePermissionsCache[ $uid . $aid ]['rank'] = $rank;
             self::$alliancePermissionsCache[ $uid . $aid ]['opt1'] = $opt1;
@@ -3324,11 +3324,14 @@ public function getBestOasisCropBonus($x, $y) {
             self::$alliancePermissionsCache[ $uid . $aid ]['opt7'] = $opt7;
             self::$alliancePermissionsCache[ $uid . $aid ]['opt8'] = $opt8;
         }
-
-		$q = "UPDATE " . TB_PREFIX . "ali_permission SET rank = '$rank', opt1 = '$opt1', opt2 = '$opt2', opt3 = '$opt3', opt4 = '$opt4', opt5 = '$opt5', opt6 = '$opt6', opt7 = '$opt7' where uid = $uid && alliance =$aid";
-		return mysqli_query($this->dblink,$q);
+	$q = "UPDATE " . TB_PREFIX . "ali_permission SET `rank` = '$rank',opt1 = '$opt1', opt2 = '$opt2', opt3 = '$opt3', opt4 = '$opt4', opt5 = '$opt5', opt6 = '$opt6', opt7 = '$opt7' WHERE uid = $uid AND alliance = $aid LIMIT 1";
+    $result = mysqli_query($this->dblink, $q);
+    if(!$result) {
+        die("SQL ERROR: " . mysqli_error($this->dblink) . "<br><br>" . $q);
+    }
+    return true;
 	}
-
+	
 	/*****************************************
 	Function to read alliance permissions
 	References: ID, notice, description
diff --git a/Templates/Alliance/assignpos.tpl b/Templates/Alliance/assignpos.tpl
index f7858da3..2eda6fdc 100644
--- a/Templates/Alliance/assignpos.tpl
+++ b/Templates/Alliance/assignpos.tpl
@@ -1,43 +1,51 @@
 <?php
-if(!isset($aid)) $aid = $session->alliance;
+
+if (!isset($aid)) {
+    $aid = $session->alliance;
+}
 
 $allianceinfo = $database->getAlliance($aid);
 $memberlist = $database->getAllMember($aid);
 
-echo "<h1>".$allianceinfo['tag']." - ".$allianceinfo['name']."</h1>";
+echo "<h1>" . htmlspecialchars($allianceinfo['tag']) . " - " . htmlspecialchars($allianceinfo['name']) . "</h1>";
+
 include("alli_menu.tpl");
+
 ?>
-			<form method="post" action="allianz.php">
-				<table cellpadding="1" cellspacing="1" id="position" class="small_option">
-					<thead>
-						<tr>
-							<th colspan="2">Assign to position</th>
-						</tr>
-					</thead>
-					<tbody>
-						<tr>
-							<th colspan="2">Here you can grant the players from your alliance rights & positions.</th>
-						</tr>
-						<tr>
-							<th>Name</th>
-							<td>
-								<select name="a_user" class="name dropdown">
-								<?php
-                                foreach($memberlist as $member){
-                                    //Activate line below but still not working to give permission to other users in alliace
-									if($member['id'] != $session->uid && !$database->isAllianceOwner($member['id'])){
-                                        echo "<option value=".$member['id'].">".$member['username']."</option>";
-                                    }
-                                }
-                                ?>
-                                </select>
-							</td>
-						</tr>
-					</tbody>
-				</table>
-				<p>
-					<input type="hidden" name="o" value="1">
-					<input type="hidden" name="s" value="5">
-					<button value="ok" name="s1" id="btn_ok" class="trav_buttons">OK</button>
-				</p>
-			</form>
+
+<form method="post" action="allianz.php">
+    <table cellpadding="1" cellspacing="1" id="position" class="small_option">
+        <thead>
+            <tr>
+                <th colspan="2">Assign to position</th>
+            </tr>
+        </thead>
+
+        <tbody>
+            <tr>
+                <th colspan="2">
+                    Here you can grant the players from your alliance rights & positions.
+                </th>
+            </tr>
+
+            <tr>
+                <th>Name</th>
+                <td>
+                    <select name="a_user" class="name dropdown">
+                        <?php
+                        foreach ($memberlist as $member) {
+                            echo "<option value='" . (int)$member['id'] . "'>" . htmlspecialchars($member['username']) . "</option>";
+                        }
+                        ?>
+                    </select>
+                </td>
+            </tr>
+        </tbody>
+    </table>
+
+    <p>
+        <input type="hidden" name="o" value="1">
+        <input type="hidden" name="s" value="5">
+        <button type="submit" name="s1" id="btn_ok" class="trav_buttons">OK</button>
+    </p>
+</form>
\ No newline at end of file
diff --git a/Templates/Alliance/changepos.tpl b/Templates/Alliance/changepos.tpl
index dc1d2b26..20bc87cf 100644
--- a/Templates/Alliance/changepos.tpl
+++ b/Templates/Alliance/changepos.tpl
@@ -93,7 +93,7 @@ include("alli_menu.tpl");
 						<input type="hidden" name="a" value="1">
 						<input type="hidden" name="o" value="1">
 						<input type="hidden" name="s" value="5">
-					  <input type="hidden" name="a_user" value="<?php echo (isset($_POST['a_user']) ? $_POST['a_user'] : ''); ?>">
+					    <input type="hidden" name="a_user" value="<?php echo (isset($_POST['a_user']) ? $_POST['a_user'] : ''); ?>">
 						<input type="image" value="ok" name="s1" id="btn_ok" class="dynamic_img" src="img/x.gif" alt="OK" />
   </p>
 				</form>
\ No newline at end of file

Assign to position
Here you can grant the players from your alliance rights & positions.
Name	- -
Assign to position
+ Here you can grant the players from your alliance rights & positions. +
Name	+ +