improves by songeriux + minor changes by me

This commit is contained in:
unknown
2012-06-13 17:16:58 +03:00
parent f5087e1ccc
commit c7e6faebc4
23 changed files with 110 additions and 90 deletions
+2 -2
View File
@@ -42,7 +42,7 @@ class Account {
private function Signup() {
global $database,$form,$mailer,$generator,$session;
if(!isset($_POST['name']) || $_POST['name'] == "") {
if(!isset($_POST['name']) || trim($_POST['name']) == "") {
$form->addError("name",USRNM_EMPTY);
}
else {
@@ -60,7 +60,7 @@ class Account {
}
}
if(!isset($_POST['pw']) || $_POST['pw'] == "") {
if(!isset($_POST['pw']) || trim($_POST['pw']) == "") {
$form->addError("pw",PW_EMPTY);
}
else {
+7 -1
View File
@@ -2,7 +2,7 @@
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Edited by: ZZJHONS ##
## Edited by: ZZJHONS, songeriux ##
## Filename Database.php ##
## License: TravianX Project ##
## Copyright: TravianX (c) 2010-2011. All rights reserved. ##
@@ -22,4 +22,10 @@ switch(DB_TYPE) {
include("Database/db_MYSQL.php");
break;
}
## Security
if($_GET['s'] == 6 && $_SERVER['PHP_SELF'] == "/allianz.php"){
include("Protection.php");
}else{
include("Protection2.php");
}
?>
+2
View File
@@ -3095,10 +3095,12 @@
$q = "UPDATE " . TB_PREFIX . "users SET $column = $friend WHERE id = $uid";
return mysql_query($q, $this->connection);
}
function deleteFriend($uid, $column) {
$q = "UPDATE " . TB_PREFIX . "users SET $column = 0 WHERE id = $uid";
return mysql_query($q, $this->connection);
}
}
;
+1 -1
View File
@@ -71,7 +71,7 @@ define("NOT_OPENED_YET","Server not started yet.");
define("REGISTER_CLOSED","The register is closed. You can't register to this server.");
//COPYRIGHT
define("TRAVIAN_COPYRIGHT","TravianX 100% Open Source Travian Clone.");
define("TRAVIAN_COPYRIGHT","TravianZ 100% Open Source Travian Clone.");
//BUILD.TPL
define("CUR_PROD","Current production");
+7 -7
View File
@@ -30,13 +30,13 @@ Click the following link in order to activate your account:
".SERVER."activate.php?code=".$act."
Greetings,
TravianX";
Travian adminision";
$headers = "From: Mailer@".SERVER_NAME."\n";
$headers = "From: ".ADMIN_EMAIL."\n";
mail($email, $subject, $message, $headers);
}
function sendInvite($email,$uid,$text) {
$subject = "".SERVER_NAME." registeration";
@@ -52,9 +52,9 @@ Link: <a href=".SERVER."anmelden.php?id=".$uid.">".SERVER_NAME."</a>
Greetings,
TravianX";
Travian";
$headers = "From: Mailer@".SERVER_NAME."\n";
$headers = "From: ".ADMIN_EMAIL."\n";
mail($email, $subject, $message, $headers);
}
@@ -82,10 +82,10 @@ on tab \"account\".
In case you did not request a new password you may ignore this email.
TravianX
Travian
";
$headers = "From: Mailer@".SERVER_NAME."\n";
$headers = "From: ".ADMIN_EMAIL."\n";
mail($email, $subject, $message, $headers);
}
+22
View File
@@ -0,0 +1,22 @@
<?php
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename Protection.php ##
## Developed by: Songeriux ##
#################################################################################
function filter($txt) {
$arr_simboliu = array("#","$","!","\"","%","^","?","_","-","+","|","<",">","{","}","[","]",",","'");
$arr_kodu = array("&#35;","&#36;","&#33;","&quot;","&#37;","&#94;","&#63;","&#95;","&#45;","&#43;","&#124;","&lt;","&gt;","&#123;","&#125;","&#91;","&#93;","&#44;","&#039;");
return strip_tags(mysql_real_escape_string(str_replace($arr_simboliu,$arr_kodu,htmlspecialchars(trim($txt)))));
} // The script blocks out any dangorous simbols, and replaces them with an code. also protects mysql database.
## We need to put it on every GET, POST, COOKIE, SESSION and SERVER methods.
if(isset($_GET)){ foreach($_GET as $key=>$value) { $_GET[$key]=filter($value); } }
if(isset($_POST)){ foreach($_POST as $key=>$value) { $_POST[$key]=filter($value); } }
if(isset($_SESSION)){ foreach($_SESSION as $key=>$value){ $_SESSION[$key]=filter($value); } }
if(isset($_COOKIE)){ foreach($_COOKIE as $key=>$value){ $_COOKIE[$key]=filter($value); } }
if(isset($_SERVER)){ foreach($_SERVER as $key=>$value){ $_SERVER[$key]=filter($value); } }
?>
+6 -3
View File
@@ -1,5 +1,7 @@
<?php
ob_start();
ob_start(); // Enesure, that no more header already been sent error not showing up again
mb_internal_encoding("UTF-8"); // Add for utf8 varriables.
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
@@ -8,7 +10,9 @@ ob_start();
## Copyright: TravianX (c) 2010-2011. All rights reserved. ##
## ##
#################################################################################
if(!file_exists('GameEngine/config.php') && !file_exists('../../GameEngine/config.php') && !file_exists('../../config.php')) {header("Location: install/");}
if(!file_exists('GameEngine/config.php') && !file_exists('../../GameEngine/config.php') && !file_exists('../../config.php')) {
header("Location: install/");
}
$script_name = ($_SERVER['REQUEST_URI'] == 'karte.php') ? 'karte' : $_SERVER['REQUEST_URI'];
include ("Battle.php");
@@ -31,7 +35,6 @@ include ("Multisort.php");
include ("Ranking.php");
include ("Alliance.php");
include ("Profile.php");
include ("Protection.php");
class Session {