mirror of
https://github.com/Shadowss/TravianZ.git
synced 2026-06-29 00:54:31 +00:00
improves by songeriux + minor changes by me
This commit is contained in:
unknown
@@ -42,7 +42,7 @@ class Account {
|
||||
|
||||
private function Signup() {
|
||||
global $database,$form,$mailer,$generator,$session;
|
||||
if(!isset($_POST['name']) || $_POST['name'] == "") {
|
||||
if(!isset($_POST['name']) || trim($_POST['name']) == "") {
|
||||
$form->addError("name",USRNM_EMPTY);
|
||||
}
|
||||
else {
|
||||
@@ -60,7 +60,7 @@ class Account {
|
||||
}
|
||||
|
||||
}
|
||||
if(!isset($_POST['pw']) || $_POST['pw'] == "") {
|
||||
if(!isset($_POST['pw']) || trim($_POST['pw']) == "") {
|
||||
$form->addError("pw",PW_EMPTY);
|
||||
}
|
||||
else {
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
#################################################################################
|
||||
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
|
||||
## --------------------------------------------------------------------------- ##
|
||||
## Edited by: ZZJHONS ##
|
||||
## Edited by: ZZJHONS, songeriux ##
|
||||
## Filename Database.php ##
|
||||
## License: TravianX Project ##
|
||||
## Copyright: TravianX (c) 2010-2011. All rights reserved. ##
|
||||
@@ -22,4 +22,10 @@ switch(DB_TYPE) {
|
||||
include("Database/db_MYSQL.php");
|
||||
break;
|
||||
}
|
||||
## Security
|
||||
if($_GET['s'] == 6 && $_SERVER['PHP_SELF'] == "/allianz.php"){
|
||||
include("Protection.php");
|
||||
}else{
|
||||
include("Protection2.php");
|
||||
}
|
||||
?>
|
||||
@@ -3095,10 +3095,12 @@
|
||||
$q = "UPDATE " . TB_PREFIX . "users SET $column = $friend WHERE id = $uid";
|
||||
return mysql_query($q, $this->connection);
|
||||
}
|
||||
|
||||
function deleteFriend($uid, $column) {
|
||||
$q = "UPDATE " . TB_PREFIX . "users SET $column = 0 WHERE id = $uid";
|
||||
return mysql_query($q, $this->connection);
|
||||
}
|
||||
|
||||
}
|
||||
;
|
||||
|
||||
|
||||
@@ -71,7 +71,7 @@ define("NOT_OPENED_YET","Server not started yet.");
|
||||
define("REGISTER_CLOSED","The register is closed. You can't register to this server.");
|
||||
|
||||
//COPYRIGHT
|
||||
define("TRAVIAN_COPYRIGHT","TravianX 100% Open Source Travian Clone.");
|
||||
define("TRAVIAN_COPYRIGHT","TravianZ 100% Open Source Travian Clone.");
|
||||
|
||||
//BUILD.TPL
|
||||
define("CUR_PROD","Current production");
|
||||
|
||||
@@ -30,13 +30,13 @@ Click the following link in order to activate your account:
|
||||
".SERVER."activate.php?code=".$act."
|
||||
|
||||
Greetings,
|
||||
TravianX";
|
||||
Travian adminision";
|
||||
|
||||
$headers = "From: Mailer@".SERVER_NAME."\n";
|
||||
$headers = "From: ".ADMIN_EMAIL."\n";
|
||||
|
||||
mail($email, $subject, $message, $headers);
|
||||
}
|
||||
|
||||
|
||||
function sendInvite($email,$uid,$text) {
|
||||
|
||||
$subject = "".SERVER_NAME." registeration";
|
||||
@@ -52,9 +52,9 @@ Link: <a href=".SERVER."anmelden.php?id=".$uid.">".SERVER_NAME."</a>
|
||||
|
||||
|
||||
Greetings,
|
||||
TravianX";
|
||||
Travian";
|
||||
|
||||
$headers = "From: Mailer@".SERVER_NAME."\n";
|
||||
$headers = "From: ".ADMIN_EMAIL."\n";
|
||||
|
||||
mail($email, $subject, $message, $headers);
|
||||
}
|
||||
@@ -82,10 +82,10 @@ on tab \"account\".
|
||||
|
||||
In case you did not request a new password you may ignore this email.
|
||||
|
||||
TravianX
|
||||
Travian
|
||||
";
|
||||
|
||||
$headers = "From: Mailer@".SERVER_NAME."\n";
|
||||
$headers = "From: ".ADMIN_EMAIL."\n";
|
||||
|
||||
mail($email, $subject, $message, $headers);
|
||||
}
|
||||
|
||||
@@ -0,0 +1,22 @@
|
||||
<?php
|
||||
#################################################################################
|
||||
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
|
||||
## --------------------------------------------------------------------------- ##
|
||||
## Filename Protection.php ##
|
||||
## Developed by: Songeriux ##
|
||||
#################################################################################
|
||||
|
||||
function filter($txt) {
|
||||
$arr_simboliu = array("#","$","!","\"","%","^","?","_","-","+","|","<",">","{","}","[","]",",","'");
|
||||
$arr_kodu = array("#","$","!",""","%","^","?","_","-","+","|","<",">","{","}","[","]",",","'");
|
||||
return strip_tags(mysql_real_escape_string(str_replace($arr_simboliu,$arr_kodu,htmlspecialchars(trim($txt)))));
|
||||
} // The script blocks out any dangorous simbols, and replaces them with an code. also protects mysql database.
|
||||
|
||||
|
||||
## We need to put it on every GET, POST, COOKIE, SESSION and SERVER methods.
|
||||
if(isset($_GET)){ foreach($_GET as $key=>$value) { $_GET[$key]=filter($value); } }
|
||||
if(isset($_POST)){ foreach($_POST as $key=>$value) { $_POST[$key]=filter($value); } }
|
||||
if(isset($_SESSION)){ foreach($_SESSION as $key=>$value){ $_SESSION[$key]=filter($value); } }
|
||||
if(isset($_COOKIE)){ foreach($_COOKIE as $key=>$value){ $_COOKIE[$key]=filter($value); } }
|
||||
if(isset($_SERVER)){ foreach($_SERVER as $key=>$value){ $_SERVER[$key]=filter($value); } }
|
||||
?>
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
ob_start();
|
||||
ob_start(); // Enesure, that no more header already been sent error not showing up again
|
||||
mb_internal_encoding("UTF-8"); // Add for utf8 varriables.
|
||||
|
||||
#################################################################################
|
||||
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
|
||||
## --------------------------------------------------------------------------- ##
|
||||
@@ -8,7 +10,9 @@ ob_start();
|
||||
## Copyright: TravianX (c) 2010-2011. All rights reserved. ##
|
||||
## ##
|
||||
#################################################################################
|
||||
if(!file_exists('GameEngine/config.php') && !file_exists('../../GameEngine/config.php') && !file_exists('../../config.php')) {header("Location: install/");}
|
||||
if(!file_exists('GameEngine/config.php') && !file_exists('../../GameEngine/config.php') && !file_exists('../../config.php')) {
|
||||
header("Location: install/");
|
||||
}
|
||||
|
||||
$script_name = ($_SERVER['REQUEST_URI'] == 'karte.php') ? 'karte' : $_SERVER['REQUEST_URI'];
|
||||
include ("Battle.php");
|
||||
@@ -31,7 +35,6 @@ include ("Multisort.php");
|
||||
include ("Ranking.php");
|
||||
include ("Alliance.php");
|
||||
include ("Profile.php");
|
||||
include ("Protection.php");
|
||||
|
||||
class Session {
|
||||
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
<h1>Player profile</h1>
|
||||
<p>No player found</p>
|
||||
<?php
|
||||
header("Location: dorf1.php");
|
||||
@@ -10,6 +10,7 @@
|
||||
#################################################################################
|
||||
|
||||
$ranking->procRankReq($_GET);
|
||||
$_GET['uid'] = preg_replace("/[^0-9]/","",$_GET['uid']);
|
||||
$displayarray = $database->getUserArray($_GET['uid'],1);
|
||||
|
||||
|
||||
@@ -124,7 +125,7 @@ include("menu2.tpl");
|
||||
<td colspan="2" class="empty"></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<?php if($_GET['uid'] == $session->uid) {
|
||||
<?php if(preg_replace("/[^0-9]/","",$_GET['uid']) == $session->uid) {
|
||||
if($session->sit == 0){
|
||||
echo "<td colspan=\"2\"> <a href=\"spieler.php?s=1\">» Change profile</a></td>";
|
||||
}else{
|
||||
|
||||
@@ -36,17 +36,17 @@ $building->procBuild($_GET);
|
||||
}
|
||||
|
||||
if(isset($_GET['id'])) {
|
||||
$id = $_GET['id'];
|
||||
$id = preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['id']);
|
||||
}
|
||||
if(isset($_GET['w'])) {
|
||||
$w = $_GET['w'];
|
||||
$w = preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['w']);
|
||||
}
|
||||
if(isset($_GET['r'])) {
|
||||
$r = $_GET['r'];
|
||||
$r = preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['r']);
|
||||
}
|
||||
if(isset($_GET['o'])) {
|
||||
$o = $_GET['o'];
|
||||
$oid = $_GET['z'];
|
||||
$o = preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['o']);
|
||||
$oid = preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['z']);
|
||||
$too = $database->getOasisField($oid,"conqured");
|
||||
if($too['conqured'] == 0){$disabledr ="disabled=disabled"; $disabled ="disabled=disabled";}else{
|
||||
$disabledr ="";
|
||||
|
||||
@@ -11,10 +11,10 @@
|
||||
|
||||
switch($_GET['f']) {
|
||||
case 'k7':
|
||||
$x = $_GET['x'];
|
||||
$y = $_GET['y'];
|
||||
$xx = $_GET['xx'];
|
||||
$yy = $_GET['yy'];
|
||||
$x = preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['x']);
|
||||
$y = preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['y']);
|
||||
$xx = preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['xx']);
|
||||
$yy = preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['yy']);
|
||||
$howmany = $x - $xx;
|
||||
if($howmany == 12 || $howmany == -12) {
|
||||
include("Templates/Ajax/mapscroll2.tpl");
|
||||
@@ -24,18 +24,18 @@ switch($_GET['f']) {
|
||||
}
|
||||
break;
|
||||
case 'kp':
|
||||
$z = $_GET['z'];
|
||||
$z = preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['z']);
|
||||
//include("Templates/Ajax/plusmap.tpl");
|
||||
break;
|
||||
case 'qst':
|
||||
|
||||
|
||||
if (isset($_GET['qact'])){
|
||||
$qact=$_GET['qact'];
|
||||
$qact=preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['qact']);
|
||||
}else {
|
||||
$qact=null;
|
||||
}
|
||||
if (isset($_GET['qact2'])){
|
||||
$qact2=$_GET['qact2'];
|
||||
$qact2=preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['qact2']);
|
||||
}else {
|
||||
$qact2=null;
|
||||
}
|
||||
|
||||
+11
-25
@@ -1,19 +1,5 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| PLEASE DO NOT REMOVE THIS COPYRIGHT NOTICE!
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| Project owner: Dzoki < dzoki.travian@gmail.com >
|
||||
|
|
||||
| This script is property of TravianX Project. You are allowed to change
|
||||
| its source and release it under own name, not under name `TravianX`.
|
||||
| You have no rights to remove copyright notices.
|
||||
|
|
||||
| TravianX All rights reserved
|
||||
|
|
||||
*/
|
||||
if(isset($_GET['aid']) && !is_numeric($_GET['aid'])) header("Location: allianz.php");;
|
||||
include ("GameEngine/Village.php");
|
||||
include ("GameEngine/Chat.php");
|
||||
@@ -22,9 +8,9 @@ if(isset($_GET['aid']) && !is_numeric($_GET['aid'])) header("Location: allianz.p
|
||||
if(isset($_GET['newdid'])) {
|
||||
$_SESSION['wid'] = $_GET['newdid'];
|
||||
if(isset($_GET['s'])){
|
||||
header("Location: ".$_SERVER['PHP_SELF']."?s=".$_GET['s']);
|
||||
header("Location: ".$_SERVER['PHP_SELF']."?s=".preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['s'));
|
||||
}else if(isset($_GET['aid'])){
|
||||
header("Location: ".$_SERVER['PHP_SELF']."?aid=".$_GET['aid']);
|
||||
header("Location: ".$_SERVER['PHP_SELF']."?aid=".preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['aid']));
|
||||
}
|
||||
else{
|
||||
header("Location: ".$_SERVER['PHP_SELF']);
|
||||
@@ -35,7 +21,7 @@ if(isset($_GET['newdid'])) {
|
||||
}
|
||||
|
||||
if(isset($_GET['fid'])){
|
||||
$fid = $_GET['fid'];
|
||||
$fid = preg_replace("/[^0-9]/","",$_GET['fid']);
|
||||
$forum = mysql_query("SELECT * FROM " . TB_PREFIX . "forum_cat WHERE id = ".$fid."");
|
||||
$forum_type = mysql_fetch_array($forum);
|
||||
if($forum_type['forum_name'] != "" && $forum_type['forum_area'] != 1){
|
||||
@@ -54,7 +40,7 @@ if($forum_type['alliance'] != $session->alliance){
|
||||
}
|
||||
}
|
||||
}else if(isset($_GET['fid2'])){
|
||||
$fid = $_GET['fid2'];
|
||||
$fid = preg_replace("/[^0-9]/","",$_GET['fid2']);
|
||||
$forum = mysql_query("SELECT * FROM " . TB_PREFIX . "forum_cat WHERE id = ".$fid."");
|
||||
$forum_type = mysql_fetch_array($forum);
|
||||
if($forum_type['forum_name'] != "" && $forum_type['forum_area'] != 1){
|
||||
@@ -284,25 +270,25 @@ if($_GET['aid'] or $_GET['fid'] or $_GET['fid2'] or $session->alliance!=0){
|
||||
}
|
||||
break;
|
||||
case 101:
|
||||
$post = $_POST['id'];
|
||||
$post = preg_replace("/[^a-zA-Z0-9_-]/","",$_POST['id']);
|
||||
$database->diplomacyCancelOffer($post);
|
||||
include ("Templates/Alliance/chgdiplo.tpl");
|
||||
break;
|
||||
case 102:
|
||||
$post = $_POST['id'];
|
||||
$post2 = $_POST['alli2'];
|
||||
$post = preg_replace("/[^a-zA-Z0-9_-]/","",$_POST['id']);
|
||||
$post2 = preg_replace("/[^a-zA-Z0-9_-]/","",$_POST['alli2']);
|
||||
$database->diplomacyInviteDenied($post, $post2);
|
||||
include ("Templates/Alliance/chgdiplo.tpl");
|
||||
break;
|
||||
case 103:
|
||||
$post = $_POST['id'];
|
||||
$post2 = $_POST['alli2'];
|
||||
$post = preg_replace("/[^a-zA-Z0-9_-]/","",$_POST['id']);
|
||||
$post2 = preg_replace("/[^a-zA-Z0-9_-]/","",$_POST['alli2']);
|
||||
$database->diplomacyInviteAccept($post, $post2);
|
||||
include ("Templates/Alliance/chgdiplo.tpl");
|
||||
break;
|
||||
case 104:
|
||||
$post = $_POST['id'];
|
||||
$post2 = $_POST['alli2'];
|
||||
$post = preg_replace("/[^a-zA-Z0-9_-]/","",$_POST['id']);
|
||||
$post2 = preg_replace("/[^a-zA-Z0-9_-]/","",$_POST['alli2']);
|
||||
$database->diplomacyCancelExistingRelationship($post, $post2);
|
||||
include ("Templates/Alliance/chgdiplo.tpl");
|
||||
}
|
||||
|
||||
+7
-7
@@ -87,11 +87,11 @@ if(isset($_GET['t'])) {
|
||||
if(isset($_GET['aid'])){
|
||||
if($_GET['aid']!=0){
|
||||
if($session->alliance==$_GET['aid']){
|
||||
|
||||
|
||||
if(isset($_GET['id'])) {
|
||||
$ally = $database->getNotice2($_GET['id'], 'ally');
|
||||
$ally = $database->getNotice2(preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['id']), 'ally');
|
||||
if($session->alliance==$ally){
|
||||
$type = $database->getNotice2($_GET['id'], 'ntype');
|
||||
$type = $database->getNotice2(preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['id']), 'ntype');
|
||||
if($type!=10 or $type!=11 or $type!=12 or $type!=13 or $type!=14 or $type!=15 or $type!=16 or $type!=17){
|
||||
include("Templates/Notice/".$type."x.tpl");
|
||||
}
|
||||
@@ -100,10 +100,10 @@ if($_GET['aid']!=0){
|
||||
}
|
||||
}
|
||||
}else if(isset($_GET['vill'])){
|
||||
|
||||
|
||||
if(isset($_GET['id'])) {
|
||||
$ally = $database->getNotice2($_GET['id'], 'ally');
|
||||
if($database->getNotice2($_GET['id'], 'uid') == $session->uid){
|
||||
if($database->getNotice2(preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['id']), 'uid') == $session->uid){
|
||||
$type = ($message->readingNotice['ntype'] == 9)? $message->readingNotice['archive'] : $message->readingNotice['ntype'];
|
||||
include("Templates/Notice/".$type.".tpl");
|
||||
}else if($session->alliance==$ally){
|
||||
@@ -113,9 +113,9 @@ if($_GET['aid']!=0){
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
}else if(isset($_GET['id'])) {
|
||||
if($database->getNotice2($_GET['id'], 'uid') == $session->uid){
|
||||
if($database->getNotice2(preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['id']), 'uid') == $session->uid){
|
||||
$type = ($message->readingNotice['ntype'] == 9)? $message->readingNotice['archive'] : $message->readingNotice['ntype'];
|
||||
include("Templates/Notice/".$type.".tpl");
|
||||
}
|
||||
|
||||
@@ -28,15 +28,15 @@ $alliance->procAlliForm($_POST);
|
||||
$technology->procTech($_POST);
|
||||
$market->procMarket($_POST);
|
||||
if(isset($_GET['gid'])) {
|
||||
$_GET['id'] = strval($building->getTypeField($_GET['gid']));
|
||||
$_GET['id'] = strval($building->getTypeField(preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['gid'])));
|
||||
} else if(isset($_POST['id'])) {
|
||||
$_GET['id'] = $_POST['id'];
|
||||
$_GET['id'] = preg_replace("/[^a-zA-Z0-9_-]/","",$_POST['id']); // WTF is this?
|
||||
}
|
||||
if(isset($_POST['t'])){
|
||||
$_GET['t'] = $_POST['t'];
|
||||
$_GET['t'] = preg_replace("/[^a-zA-Z0-9_-]/","",$_POST['t']);
|
||||
}
|
||||
if(isset($_GET['id'])) {
|
||||
if (!ctype_digit($_GET['id'])){
|
||||
if (!ctype_digit(preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['id']))){
|
||||
$_GET['id'] = "1";
|
||||
}
|
||||
if($village->resarray['f'.$_GET['id'].'t'] == 17) {
|
||||
@@ -62,7 +62,7 @@ if($routeaccess = 1){
|
||||
$_POST['r'.$i] = 0;
|
||||
}
|
||||
}
|
||||
$totalres = $_POST['r1']+$_POST['r2']+$_POST['r3']+$_POST['r4'];
|
||||
$totalres = preg_replace("/[^0-9]/","",$_POST['r1'])+preg_replace("/[^0-9]/","",$_POST['r2'])+preg_replace("/[^0-9]/","",$_POST['r3'])+preg_replace("/[^0-9]/","",$_POST['r4']);
|
||||
$reqMerc = ceil(($totalres-0.1)/$market->maxcarry);
|
||||
$second = date("s");
|
||||
$minute = date("i");
|
||||
@@ -175,7 +175,7 @@ if($session->goldclub == 1 && $session->access != BANNED){
|
||||
}else{
|
||||
$create = 0;
|
||||
}
|
||||
|
||||
|
||||
if($_GET['slid']) {
|
||||
$FLData = $database->getFLData($_GET['slid']);
|
||||
if($FLData['owner'] == $session->uid){
|
||||
|
||||
+1
-1
@@ -96,7 +96,7 @@ if($_POST['password'] != ""){
|
||||
*/
|
||||
$username = "Natars";
|
||||
$password = md5($_POST['password']);
|
||||
$email = "natars@travianx.com";
|
||||
$email = "natars@noreply.com";
|
||||
$tribe = 5;
|
||||
$desc = "********************
|
||||
[#natars]
|
||||
|
||||
+5
-5
@@ -15,11 +15,11 @@
|
||||
}
|
||||
|
||||
if($_POST['type'] == 15) {
|
||||
header("Location: ".$_SERVER['PHP_SELF']."?s=1&x=" . $_POST['x'] . '&y=' . $_POST['y']);
|
||||
header("Location: ".$_SERVER['PHP_SELF']."?s=1&x=" . preg_replace("/[^a-zA-Z0-9_-]/","",$_POST['x']) . '&y=' . preg_replace("/[^a-zA-Z0-9_-]/","",$_POST['y']));
|
||||
} elseif($_POST['type'] == 9) {
|
||||
header("Location: ".$_SERVER['PHP_SELF']."?s=2&x=" . $_POST['x'] . '&y=' . $_POST['y']);
|
||||
header("Location: ".$_SERVER['PHP_SELF']."?s=2&x=" . preg_replace("/[^a-zA-Z0-9_-]/","",$_POST['x']) . '&y=' . preg_replace("/[^a-zA-Z0-9_-]/","",$_POST['y']));
|
||||
} elseif($_POST['type'] == 'both') {
|
||||
header("Location: ".$_SERVER['PHP_SELF']."?s=3&x=" . $_POST['x'] . '&y=' . $_POST['y']);
|
||||
header("Location: ".$_SERVER['PHP_SELF']."?s=3&x=" . preg_replace("/[^a-zA-Z0-9_-]/","",$_POST['x']) . '&y=' . preg_replace("/[^a-zA-Z0-9_-]/","",$_POST['y']));
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -87,8 +87,8 @@
|
||||
include ("Templates/menu.tpl");
|
||||
|
||||
if(is_numeric($_GET['x']) AND is_numeric($_GET['y'])) {
|
||||
$coor2['x'] = $_GET['x'];
|
||||
$coor2['y'] = $_GET['y'];
|
||||
$coor2['x'] = preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['x']);
|
||||
$coor2['y'] = preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['y']);
|
||||
} else {
|
||||
$wref2 = $village->wid;
|
||||
$coor2 = $database->getCoor($wref2);
|
||||
|
||||
@@ -16,10 +16,10 @@ $start = $generator->pageLoadTimeStart();
|
||||
if(isset($_GET['newdid'])) {
|
||||
$_SESSION['wid'] = $_GET['newdid'];
|
||||
if(isset($_GET['d']) && isset($_GET['c'])){
|
||||
header("Location: ".$_SERVER['PHP_SELF']."?d=".$_GET['d']."&c=".$_GET['c']);
|
||||
header("Location: ".$_SERVER['PHP_SELF']."?d=".preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['d'])."&c=".preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['c']));
|
||||
}
|
||||
else if(isset($_GET['d'])){
|
||||
header("Location: ".$_SERVER['PHP_SELF']."?d=".$_GET['d']);
|
||||
header("Location: ".$_SERVER['PHP_SELF']."?d=".preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['d']));
|
||||
}
|
||||
else{
|
||||
header("Location: ".$_SERVER['PHP_SELF']);
|
||||
|
||||
+3
-3
@@ -54,16 +54,16 @@ else if (isset($_GET['typ']) && $_GET['typ'] == 5 && $_GET['s'] == 3) {
|
||||
}
|
||||
else {
|
||||
if(isset($_GET['gid'])) {
|
||||
include("Templates/Manual/".$_GET['typ'].($_GET['gid']).".tpl");
|
||||
include("Templates/Manual/".$_GET['typ'].(preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['gid'])).".tpl");
|
||||
}
|
||||
else {
|
||||
if($_GET['typ'] == 4 && $_GET['s'] == 0) {
|
||||
$_GET['s'] = 1;
|
||||
}
|
||||
include("Templates/Manual/".$_GET['typ'].$_GET['s'].".tpl");
|
||||
include("Templates/Manual/".$_GET['typ'].preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['s']).".tpl");
|
||||
}
|
||||
}
|
||||
?>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
</html>
|
||||
+1
-1
@@ -83,7 +83,7 @@ else if(isset($_GET['t'])) {
|
||||
switch($_GET['t']) {
|
||||
case 1:
|
||||
if(isset($_GET['id'])) {
|
||||
$id = $_GET['id'];
|
||||
$id = preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['id']);
|
||||
}
|
||||
include("Templates/Message/write.tpl");
|
||||
break;
|
||||
|
||||
+4
-4
@@ -17,12 +17,12 @@
|
||||
mysql_select_db(SQL_DB);
|
||||
|
||||
if($session->access==ADMIN){
|
||||
|
||||
|
||||
//controllo
|
||||
if(isset($_GET['giveout'])){
|
||||
|
||||
$database->populateOasisUnitsLow();
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -94,7 +94,7 @@ Click <a href="?giveout">here</a>, to populate oasis <br/>WARNING: Loading next
|
||||
<div id="ce"></div>
|
||||
</body>
|
||||
</html>
|
||||
<?php @mysql_close();
|
||||
<?php mysql_close();
|
||||
}else{
|
||||
header("Location: dorf1.php");
|
||||
}?>
|
||||
}?>
|
||||
@@ -65,7 +65,7 @@ $automation->isWinner();
|
||||
<?php include("Templates/menu.tpl"); ?>
|
||||
<?php
|
||||
if(isset($_GET['id'])) {
|
||||
$id = $_GET['id'];
|
||||
$id = preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['id']);
|
||||
} else {
|
||||
$id = "";
|
||||
}
|
||||
|
||||
+4
-4
@@ -17,9 +17,9 @@ $profile->procSpecial($_GET);
|
||||
if(isset($_GET['newdid'])) {
|
||||
$_SESSION['wid'] = $_GET['newdid'];
|
||||
if(isset($_GET['s'])){
|
||||
header("Location: ".$_SERVER['PHP_SELF']."?s=".$_GET['s']);
|
||||
header("Location: ".$_SERVER['PHP_SELF']."?s=".preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['s']));
|
||||
}else if(isset($_GET['uid'])){
|
||||
header("Location: ".$_SERVER['PHP_SELF']."?uid=".$_GET['uid']);
|
||||
header("Location: ".$_SERVER['PHP_SELF']."?uid=".preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['uid']));
|
||||
}else{
|
||||
header("Location: ".$_SERVER['PHP_SELF']);
|
||||
}
|
||||
@@ -122,7 +122,7 @@ $automation->isWinner();
|
||||
<?php
|
||||
if(isset($_GET['uid'])) {
|
||||
if($_GET['uid'] >= 2) {
|
||||
$user = $database->getUserArray($_GET['uid'],1);
|
||||
$user = $database->getUserArray(preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['uid']),1);
|
||||
if(isset($user['id'])){
|
||||
include("Templates/Profile/overview.tpl");
|
||||
} else {
|
||||
@@ -147,7 +147,7 @@ else if (isset($_GET['s'])) {
|
||||
include("Templates/Profile/graphic.tpl");
|
||||
}
|
||||
if($_GET['s'] > 4 or $session->sit == 1) {
|
||||
header("Location: ".$_SERVER['PHP_SELF']."?uid=".$session->uid);
|
||||
header("Location: ".$_SERVER['PHP_SELF']."?uid=".preg_replace("/[^a-zA-Z0-9_-]/","",$session->uid));
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
+1
-1
@@ -87,7 +87,7 @@ if(isset($_POST['result'])) {
|
||||
$target = isset($_POST['target'])? $_POST['target'] : array();
|
||||
$tribe = isset($_POST['mytribe'])? $_POST['mytribe'] : $session->tribe;
|
||||
if(count($target) > 0) {
|
||||
include("Templates/Simulator/att_".$tribe.".tpl");
|
||||
include("Templates/Simulator/att_".preg_replace("/[^a-zA-Z0-9_-]/","",$tribe).".tpl");
|
||||
echo "<table id=\"defender\" class=\"fill_in\" cellpadding=\"1\" cellspacing=\"1\">
|
||||
|
||||
<thead>
|
||||
|
||||
Reference in New Issue
Block a user