mirror of
https://github.com/Shadowss/TravianZ.git
synced 2026-07-17 10:06:09 +00:00
Add (Admin Panel) : Multi-account detection, Push protection, Heatmap, Gold Shop and Blacklist user names
Add (Admin Panel) : Multi-account detection, Push protection, Heatmap, Gold Shop (redem codes), Blacklist user names and Quest Editor + fix some php notice Fix quest_core for mission 33,36, train 2 units, etc (NEW TRIBE) There are some temporary bugs that will be fixed in next commit (pagination for new heatmap, quest reward)
This commit is contained in:
@@ -0,0 +1,80 @@
|
||||
<?php
|
||||
#################################################################################
|
||||
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
|
||||
## --------------------------------------------------------------------------- ##
|
||||
## Filename blockReg.php ##
|
||||
## Type BACKEND (Registration blocklist add/remove) ##
|
||||
## Developed by: Shadow ##
|
||||
## License: TravianZ Project ##
|
||||
## Copyright: TravianZ (c) 2010-2026. All rights reserved. ##
|
||||
#################################################################################
|
||||
|
||||
require_once(__DIR__ . '/../csrf.php');
|
||||
if (!isset($_SESSION)) session_start();
|
||||
if ($_SESSION['access'] < 9) {
|
||||
admin_deny('You must be signed in as an administrator to do this. '
|
||||
. 'Your session may have expired — please return to the admin panel and sign in again.');
|
||||
}
|
||||
|
||||
csrf_verify();
|
||||
|
||||
include_once("../../config.php");
|
||||
|
||||
$autoprefix = '';
|
||||
for ($i = 0; $i < 5; $i++) {
|
||||
$autoprefix = str_repeat('../', $i);
|
||||
if (file_exists($autoprefix . 'autoloader.php')) break;
|
||||
}
|
||||
include_once($autoprefix . "GameEngine/Database.php");
|
||||
include_once($autoprefix . "GameEngine/RegBlock.php");
|
||||
|
||||
$admid = (int)($_SESSION['id'] ?? 0);
|
||||
|
||||
// Defence in depth: confirm the acting account really is an admin.
|
||||
$check = mysqli_query($GLOBALS['link'],
|
||||
"SELECT access FROM " . TB_PREFIX . "users WHERE id = " . $admid);
|
||||
$acc = $check ? mysqli_fetch_assoc($check) : null;
|
||||
if (!$acc || (int)$acc['access'] < ADMIN) {
|
||||
admin_deny('Your session may have expired — please sign in again.');
|
||||
}
|
||||
|
||||
$do = $_POST['do'] ?? '';
|
||||
|
||||
if ($do === 'add') {
|
||||
$type = $_POST['type'] ?? '';
|
||||
$value = $_POST['value'] ?? '';
|
||||
$note = $_POST['note'] ?? '';
|
||||
list($ok, $msg) = RegBlock::add($type, $value, $note, $admid);
|
||||
|
||||
if ($ok) {
|
||||
$logMsg = 'Registration block added: ' . $type . ' = ' . RegBlock_safe($value);
|
||||
$logMsg = mysqli_real_escape_string($GLOBALS['link'], $logMsg);
|
||||
mysqli_query($GLOBALS['link'],
|
||||
"INSERT INTO " . TB_PREFIX . "admin_log VALUES (0, " . $admid . ", '" . $logMsg . "', " . time() . ")");
|
||||
}
|
||||
header("Location: ../../../Admin/admin.php?p=blockReg&msg=" . urlencode($msg));
|
||||
exit;
|
||||
}
|
||||
|
||||
if ($do === 'remove') {
|
||||
$id = (int)($_POST['id'] ?? 0);
|
||||
if ($id > 0 && RegBlock::remove($id)) {
|
||||
mysqli_query($GLOBALS['link'],
|
||||
"INSERT INTO " . TB_PREFIX . "admin_log VALUES (0, " . $admid . ", 'Registration block removed (id " . $id . ")', " . time() . ")");
|
||||
header("Location: ../../../Admin/admin.php?p=blockReg&msg=" . urlencode('Block removed.'));
|
||||
exit;
|
||||
}
|
||||
header("Location: ../../../Admin/admin.php?p=blockReg&msg=" . urlencode('Could not remove block.'));
|
||||
exit;
|
||||
}
|
||||
|
||||
header("Location: ../../../Admin/admin.php?p=blockReg");
|
||||
exit;
|
||||
|
||||
/** Small helper: keep the admin-log message readable/short. */
|
||||
function RegBlock_safe($v)
|
||||
{
|
||||
$v = strtolower(trim((string)$v));
|
||||
return strlen($v) > 80 ? substr($v, 0, 77) . '...' : $v;
|
||||
}
|
||||
?>
|
||||
@@ -0,0 +1,81 @@
|
||||
<?php
|
||||
#################################################################################
|
||||
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
|
||||
## --------------------------------------------------------------------------- ##
|
||||
## Filename goldPromo.php ##
|
||||
## Type BACKEND (Gold shop / promo codes) ##
|
||||
## Developed by: Shadow ##
|
||||
## License: TravianZ Project ##
|
||||
## Copyright: TravianZ (c) 2010-2026. All rights reserved. ##
|
||||
#################################################################################
|
||||
|
||||
require_once(__DIR__ . '/../csrf.php');
|
||||
if (!isset($_SESSION)) session_start();
|
||||
if ($_SESSION['access'] < ADMIN) {
|
||||
admin_deny('You must be signed in as an administrator to do this. '
|
||||
. 'Your session may have expired — please return to the admin panel and sign in again.');
|
||||
}
|
||||
|
||||
csrf_verify();
|
||||
|
||||
include_once("../../config.php");
|
||||
|
||||
$autoprefix = '';
|
||||
for ($i = 0; $i < 5; $i++) {
|
||||
$autoprefix = str_repeat('../', $i);
|
||||
if (file_exists($autoprefix . 'autoloader.php')) break;
|
||||
}
|
||||
include_once($autoprefix . "GameEngine/Database.php");
|
||||
include_once($autoprefix . "GameEngine/GoldShop.php");
|
||||
|
||||
$admid = (int)($_SESSION['id'] ?? 0);
|
||||
|
||||
$check = mysqli_query($GLOBALS['link'],
|
||||
"SELECT access FROM " . TB_PREFIX . "users WHERE id = " . $admid);
|
||||
$acc = $check ? mysqli_fetch_assoc($check) : null;
|
||||
if (!$acc || (int)$acc['access'] < ADMIN) {
|
||||
admin_deny('Your session may have expired — please sign in again.');
|
||||
}
|
||||
|
||||
$do = $_POST['do'] ?? '';
|
||||
$msg = '';
|
||||
|
||||
if ($do === 'create') {
|
||||
$code = $_POST['code'] ?? '';
|
||||
$gold = (int)($_POST['gold'] ?? 0);
|
||||
$maxUses = (int)($_POST['max_uses'] ?? 0);
|
||||
$perUser = isset($_POST['per_user']) ? 1 : 0;
|
||||
|
||||
// Optional expiry: number of days from now (0/empty = never).
|
||||
$expDays = (int)($_POST['expires_days'] ?? 0);
|
||||
$expires = $expDays > 0 ? time() + $expDays * 86400 : 0;
|
||||
|
||||
$note = $_POST['note'] ?? '';
|
||||
|
||||
list($ok, $msg) = GoldShop::createCode($code, $gold, $maxUses, $perUser, $expires, $note, $admid);
|
||||
if ($ok) {
|
||||
$logMsg = mysqli_real_escape_string($GLOBALS['link'],
|
||||
'Promo code created: ' . GoldShop::normCode($code) . ' (' . (int)$gold . ' gold)');
|
||||
mysqli_query($GLOBALS['link'],
|
||||
"INSERT INTO " . TB_PREFIX . "admin_log VALUES (0, " . $admid . ", '" . $logMsg . "', " . time() . ")");
|
||||
}
|
||||
} elseif ($do === 'toggle') {
|
||||
$id = (int)($_POST['id'] ?? 0);
|
||||
$active = (int)($_POST['active'] ?? 0);
|
||||
if ($id > 0) {
|
||||
GoldShop::setActive($id, $active);
|
||||
$msg = $active ? 'Code enabled.' : 'Code disabled.';
|
||||
}
|
||||
} elseif ($do === 'delete') {
|
||||
$id = (int)($_POST['id'] ?? 0);
|
||||
if ($id > 0) {
|
||||
GoldShop::deleteCode($id);
|
||||
mysqli_query($GLOBALS['link'],
|
||||
"INSERT INTO " . TB_PREFIX . "admin_log VALUES (0, " . $admid . ", 'Promo code deleted (id " . $id . ")', " . time() . ")");
|
||||
$msg = 'Code deleted.';
|
||||
}
|
||||
}
|
||||
|
||||
header("Location: ../../../Admin/admin.php?p=goldShop&msg=" . urlencode($msg));
|
||||
exit;
|
||||
?>
|
||||
@@ -0,0 +1,75 @@
|
||||
<?php
|
||||
#################################################################################
|
||||
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
|
||||
## --------------------------------------------------------------------------- ##
|
||||
## Filename questSave.php ##
|
||||
## Type BACKEND (Quest editor save/reset) ##
|
||||
## Developed by: Shadow ##
|
||||
## License: TravianZ Project ##
|
||||
## Copyright: TravianZ (c) 2010-2026. All rights reserved. ##
|
||||
#################################################################################
|
||||
|
||||
require_once(__DIR__ . '/../csrf.php');
|
||||
if (!isset($_SESSION)) session_start();
|
||||
if ($_SESSION['access'] < ADMIN) {
|
||||
admin_deny('You must be signed in as an administrator to do this. '
|
||||
. 'Your session may have expired — please return to the admin panel and sign in again.');
|
||||
}
|
||||
|
||||
csrf_verify();
|
||||
|
||||
include_once("../../config.php");
|
||||
|
||||
$autoprefix = '';
|
||||
for ($i = 0; $i < 5; $i++) {
|
||||
$autoprefix = str_repeat('../', $i);
|
||||
if (file_exists($autoprefix . 'autoloader.php')) break;
|
||||
}
|
||||
include_once($autoprefix . "GameEngine/Database.php");
|
||||
include_once($autoprefix . "GameEngine/QuestConfig.php");
|
||||
|
||||
$admid = (int)($_SESSION['id'] ?? 0);
|
||||
|
||||
$check = mysqli_query($GLOBALS['link'],
|
||||
"SELECT access FROM " . TB_PREFIX . "users WHERE id = " . $admid);
|
||||
$acc = $check ? mysqli_fetch_assoc($check) : null;
|
||||
if (!$acc || (int)$acc['access'] < ADMIN) {
|
||||
admin_deny('Your session may have expired — please sign in again.');
|
||||
}
|
||||
|
||||
$do = $_POST['do'] ?? '';
|
||||
$variant = QuestConfig::normVariant($_POST['variant'] ?? 'standard');
|
||||
$msg = '';
|
||||
|
||||
if ($do === 'save' && isset($_POST['q']) && is_array($_POST['q'])) {
|
||||
$n = 0;
|
||||
foreach ($_POST['q'] as $qid => $fields) {
|
||||
if (!is_array($fields)) {
|
||||
continue;
|
||||
}
|
||||
QuestConfig::setQuest($variant, (int)$qid, [
|
||||
'enabled' => !empty($fields['enabled']),
|
||||
'wood' => $fields['wood'] ?? 0,
|
||||
'clay' => $fields['clay'] ?? 0,
|
||||
'iron' => $fields['iron'] ?? 0,
|
||||
'crop' => $fields['crop'] ?? 0,
|
||||
'gold' => $fields['gold'] ?? 0,
|
||||
'plus_days' => $fields['plus_days'] ?? 0,
|
||||
'req_level' => $fields['req_level'] ?? 0,
|
||||
'note' => $fields['note'] ?? '',
|
||||
]);
|
||||
$n++;
|
||||
}
|
||||
mysqli_query($GLOBALS['link'],
|
||||
"INSERT INTO " . TB_PREFIX . "admin_log VALUES (0, " . $admid . ", 'Quest editor: saved " . $n . " " . $variant . " quests', " . time() . ")");
|
||||
$msg = $n . ' quests saved (' . $variant . ').';
|
||||
} elseif ($do === 'reset') {
|
||||
QuestConfig::resetVariant($variant);
|
||||
mysqli_query($GLOBALS['link'],
|
||||
"INSERT INTO " . TB_PREFIX . "admin_log VALUES (0, " . $admid . ", 'Quest editor: reset " . $variant . " to defaults', " . time() . ")");
|
||||
$msg = $variant . ' quests reset to defaults.';
|
||||
}
|
||||
|
||||
header("Location: ../../../Admin/admin.php?p=questEditor&variant=" . urlencode($variant) . "&msg=" . urlencode($msg));
|
||||
exit;
|
||||
?>
|
||||
Reference in New Issue
Block a user