xinyin025/TravianZ
1
0
Fork 0
mirror of https://github.com/Shadowss/TravianZ.git synced 2026-06-28 00:24:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix alliance possition in overview

Browse Source 
Fix alliance possition in overview
This commit is contained in:
Catalin Novgorodschi
2026-04-22 10:15:49 +03:00
parent f3591e7281
commit ca541d2204
2 changed files with 30 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files
GameEngine/Database.php
+23 -30
View File
@@ -3022,42 +3022,35 @@ public function getBestOasisCropBonus($x, $y) {
}
// no need to cache this method
function getAlliancePermission($ref, $field, $mode) {
list($ref, $field, $mode) = $this->escape_input($ref, $field, $mode);
$mode = (int)$mode;
$ref = (int)$ref;
function getAlliancePermission($uid, $field, $alliance) {
$uid = (int)$uid;
$alliance = (int)$alliance;
// 🔒 Field validation (indirect SQL injection prevention)
$allowed_fields = ['ap1', 'ap2', 'ap3', 'ap4', 'ap5', 'ap6', 'ap7', 'ap8', 'ap9', 'ap10', 'owner', 'admin'];
if (!in_array($field, $allowed_fields)) {
error_log("Invalid field in getAlliancePermission: $field");
return false;
}
// whitelist câmpuri permise
$allowed_fields = ['ap1','ap2','ap3','ap4','ap5','ap6','ap7','ap8','ap9','ap10','owner','admin','rank'];
// Build the query
if (!$mode) {
$q = "SELECT `$field` FROM " . TB_PREFIX . "ali_permission WHERE uid = $ref LIMIT 1";
} else {
$q = "SELECT `$field` FROM " . TB_PREFIX . "ali_permission WHERE username = '$ref' LIMIT 1";
}
if (!in_array($field, $allowed_fields)) {
error_log("Invalid field in getAlliancePermission: $field");
return false;
}
// Run query
$result = mysqli_query($this->dblink, $q);
$q = "SELECT `$field` FROM " . TB_PREFIX . "ali_permission WHERE uid = $uid AND alliance = $alliance LIMIT 1";
// 🔴 Query error check
if (!$result) {
error_log("SQL Error in getAlliancePermission: " . mysqli_error($this->dblink) . " | Query: $q");
return false;
}
$result = mysqli_query($this->dblink, $q);
// 🔍 No results?
if (mysqli_num_rows($result) == 0) {
return false;
}
if (!$result) {
error_log("SQL Error in getAlliancePermission: " . mysqli_error($this->dblink) . " | Query: $q");
return false;
}
// ✅ Extract and return the value
$row = mysqli_fetch_array($result);
return $row[$field];
if (mysqli_num_rows($result) == 0) {
return false;
}
$row = mysqli_fetch_assoc($result);
return $row[$field];
}
function getAlliance($id, $use_cache = true) {
Templates/Alliance/overview.tpl
+7 -10
View File
@@ -73,11 +73,11 @@ include("alli_menu.tpl");
</tr><tr>
<td colspan="2" class="empty"></td>
</tr>
<?php
<?php
foreach($memberlist as $member) {
//rank name
$rank = $database->getAlliancePermission($member['id'],"rank",0);
$rank = $database->getAlliancePermission($member['id'], "rank", $aid);
//username
$name = $database->getUserField($member['id'],"username",0);
@@ -86,24 +86,21 @@ include("alli_menu.tpl");
if($rank == ''){
echo '';
}
//if there is user rank defined, user will be printed
else if($rank != ''){
echo "<tr>";
echo "<th>".stripslashes($rank)."</th>";
echo "<td><a href='spieler.php?uid=".$member['id']."'>".$name."</td>";
echo "<td><a href='spieler.php?uid=".$member['id']."'>".$name."</a></td>";
echo "</tr>";
}
}
if($allianceinfo['forumlink'] != '' && $allianceinfo['forumlink'] != '0'){
if($allianceinfo['forumlink'] != '' && $allianceinfo['forumlink'] != '0'){
echo "<tr>";
echo "<td><a href='".$allianceinfo['forumlink']."'>» to the forum</td>";
echo "<td><a href='".$allianceinfo['forumlink']."'>» to the forum</a></td>";
echo "</tr>";
}else{
?>
<tr>
<td colspan="2" class="emmty"></td>
</tr>
?>
<?php } ?>
<tr>
<td class="desc2" colspan="2">