diff --git a/Admin/Templates/admin_log.tpl b/Admin/Templates/admin_log.tpl
index 9879ab08..16847284 100644
--- a/Admin/Templates/admin_log.tpl
+++ b/Admin/Templates/admin_log.tpl
@@ -1,55 +1,140 @@
-
-
-
-
- <?php if($_SESSION['access'] == ADMIN){ echo 'Admin Control Panel - TravianX'; } else if($_SESSION['access'] == MULTIHUNTER){ echo 'Multihunter Control Panel - TravianX'; } ?>
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+ <?php echo ($_SESSION['access'] == ADMIN ? 'Admin Control Panel' : 'Multihunter Control Panel'); ?> - TravianZ
+
+
+
+
+
+
+
+
+if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!");
+// 1. Log-uri normale
+$adminLogs = $database->getAdminLog();
+$unified = [];
+
+foreach($adminLogs as $l) {
+ $unified[] = [
+ 'id' => $l['id'],
+ 'time' => $l['time'],
+ 'user' => $l['user'],
+ 'type' => 'admin',
+ 'text' => $l['log']
+ ];
+}
+
+// 2. Ban-uri și Unban-uri din banlist
+$banQ = mysqli_query($GLOBALS["link"], "
+ SELECT id, uid, name, reason, time, end, admin, active
+ FROM ".TB_PREFIX."banlist
+ ORDER BY time DESC
+ LIMIT 300
+");
+while($b = mysqli_fetch_assoc($banQ)) {
+ // BAN
+ $unified[] = [
+ 'id' => 1000000 + $b['id'], // offset ca să nu se amestece ID-urile
+ 'time' => $b['time'],
+ 'user' => $b['admin'] ?: 1,
+ 'type' => 'ban',
+ 'text' => "Banned user {$b['name']} (Reason: {$b['reason']})",
+ 'active' => $b['active']
+ ];
+ // UNBAN - dacă e inactiv, folosim end ca timp de unban
+ if($b['active'] == 0 && $b['end'] > $b['time']) {
+ $unified[] = [
+ 'id' => 2000000 + $b['id'],
+ 'time' => $b['end'],
+ 'user' => $b['admin'] ?: 1,
+ 'type' => 'unban',
+ 'text' => "Unbanned user {$b['name']}",
+ 'active' => 0
+ ];
+ }
+}
+
+// 3. Sortează tot după timp DESC
+usort($unified, function($a,$b){ return $b['time'] <=> $a['time']; });
+$unified = array_slice($unified, 0, 300);
+
+function logCategory($entry) {
+ if($entry['type']=='ban') return ['BAN','cat-ban','🔨'];
+ if($entry['type']=='unban') return ['UNBAN','cat-unban','🔓'];
+ $t = strtolower(strip_tags($entry['text']));
+ if (strpos($t,'mass ban')!==false) return ['BAN','cat-ban','🔨'];
+ if (strpos($t,'mass unban')!==false) return ['UNBAN','cat-unban','🔓'];
+ if (strpos($t,'gold')!==false) return ['GOLD','cat-gold','💰'];
+ if (strpos($t,'plus')!==false && strpos($t,'bonus')===false) return ['PLUS','cat-plus','⭐'];
+ if (strpos($t,'bonus')!==false) return ['BONUS','cat-plus','📈'];
+ if (strpos($t,'reset')!==false) return ['RESET','cat-maint','⚙️'];
+ if (strpos($t,'village')!==false || strpos($t,'buildings')!==false || strpos($t,'renamed')!==false) return ['VILLAGE','cat-village','🏘️'];
+ if (strpos($t,'message')!==false) return ['MESSAGE','cat-msg','✉️'];
+ return ['OTHER','cat-other','📝'];
+}
+?>
+Admin Log Unificat - ultimele 300 acțiuni
+
+
+
+
+ | ID |
+ Admin |
+ Categorie |
+ Detalii |
+ Data |
+
+
+
getUserField($admid, "username", 0);
+ $adminLink = $username ? ''.htmlspecialchars($username).'' : 'SYSTEM';
+ if($username == 'Multihunter') $adminLink = 'CONTROL PANEL';
+
+ list($cat,$class,$icon) = logCategory($e);
+ $date = date("d.m.Y H:i:s", $e['time'] + 3600*2);
+ $details = $e['text'];
+?>
+
+ | # |
+ |
+ |
+ |
+ |
+
+
+
+
- $no = count($database->getAdminLog());
- $log = $database->getAdminLog();
- for($i=0;$i<$no;$i++) {
- $admid = $log[$i]['user']?>
- ------------------------------------
- Log ID:
- Admin: getUserField($admid,"username",0);
- if($user == 'Multihunter') {
- echo 'CONTROL PANEL';
- } else { echo ''.$user.''; }
- ?>
- Log:
- Date:
-
-
-
\ No newline at end of file
+ $limit) { ?>
+Afișate doar ultimele . Pentru istoric complet, exportă din phpMyAdmin tabelul s1_admin_log.
+
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/addABTroops.php b/GameEngine/Admin/Mods/addABTroops.php
index d3477fdd..8c747018 100755
--- a/GameEngine/Admin/Mods/addABTroops.php
+++ b/GameEngine/Admin/Mods/addABTroops.php
@@ -3,29 +3,64 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename addABTroops.php ##
+## Type BACKEND ##
## Developed by: ronix ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2014. All rights reserved. ##
## ##
#################################################################################
-if(!isset($_SESSION)) session_start();
-if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
-include_once("../../Database.php");
-$id = (int) $_POST['id'];
-$village = $database->getVillage($id);
-$user = $database->getUserArray($village['owner'],1);
-$atech="";
-$btech="";
-for($i=1; $i<9; $i++) {
- $atech.="a".$i."=".$database->escape($_POST['a'.$i]).", ";
- $btech.="b".$i."=".$database->escape($_POST['b'.$i]).(($i > 7) ? "" : ", ");
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die("Access Denied: You are not Admin!");
}
-$q = "UPDATE ".TB_PREFIX."abdata SET ".$atech.$btech." WHERE vref = $id";
+include_once __DIR__ . "/../../Database.php";
+
+/* ---------------------------------------------------------------------------
+ * Input
+ * --------------------------------------------------------------------------- */
+$id = (int)($_POST['id'] ?? 0);
+if ($id <= 0) {
+ header("Location: ../../../Admin/admin.php");
+ exit;
+}
+
+$village = $database->getVillage($id);
+
+/* ---------------------------------------------------------------------------
+ * Update a1-a8 / b1-b8
+ * --------------------------------------------------------------------------- */
+$fields = [];
+for ($i = 1; $i <= 8; $i++) {
+ $a = (int)($_POST['a' . $i] ?? 0);
+ $b = (int)($_POST['b' . $i] ?? 0);
+ $fields[] = "a$i = $a";
+ $fields[] = "b$i = $b";
+}
+
+$q = "UPDATE " . TB_PREFIX . "abdata SET " . implode(", ", $fields) . " WHERE vref = $id";
$database->query($q);
-$database->query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Changed troop upgrade levels in village $id ',".time().")");
-header("Location: ../../../Admin/admin.php?p=village&did=".$id."&ab");
+/* ---------------------------------------------------------------------------
+ * Log admin - adaptat pentru structura ta:
+ * CREATE TABLE `s1_admin_log` (`id` int, `user` text, `log` text, `time` int)
+ * --------------------------------------------------------------------------- */
+$adminId = (string)(int)$_SESSION['id'];
+$time = time();
+$logText = "Changed troop upgrade levels in village $id";
+// escapăm corect pentru coloana TEXT
+$adminIdEsc = $database->escape($adminId);
+$logEsc = $database->escape($logText);
+
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminIdEsc', '$logEsc', $time)"
+);
+
+header("Location: ../../../Admin/admin.php?p=village&did=" . $id . "&ab");
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/addTroops.php b/GameEngine/Admin/Mods/addTroops.php
index 87e28a83..5e9d1142 100755
--- a/GameEngine/Admin/Mods/addTroops.php
+++ b/GameEngine/Admin/Mods/addTroops.php
@@ -1,8 +1,10 @@
getVillage($id);
-$user = $database->getUserArray($village['owner'],1);
-$units = "";
-$tribe = $user['tribe'];
-$u = ($tribe - 1) * 10;
-
-for($i = 1; $i < 11; $i++) {
- $units.="u".($u + $i)."=".$database->escape($_POST['u'.($u + $i)].(($i < 10) ? ", " : ""));
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die(defined('ACCESS_DENIED_ADMIN') ? ACCESS_DENIED_ADMIN : 'Access Denied: You are not Admin!');
}
-$q = "UPDATE ".TB_PREFIX."units SET ".$units." WHERE vref = ".$id;
+include_once __DIR__ . "/../../Database.php";
+include_once __DIR__ . "/../../Technology.php";
+include_once __DIR__ . "/../../Data/unitdata.php";
+
+/* ---------------------------------------------------------------------------
+ * Input & validare
+ * --------------------------------------------------------------------------- */
+$id = (int)($_POST['id'] ?? 0);
+if ($id <= 0) {
+ header("Location: ../../../Admin/admin.php");
+ exit;
+}
+
+$village = $database->getVillage($id);
+$user = $database->getUserArray($village['owner'], 1);
+$tribe = (int)$user['tribe'];
+$u = ($tribe - 1) * 10;
+
+/* ---------------------------------------------------------------------------
+ * Construiește SET pentru u1-u10 / u11-u20 etc.
+ * - originalul concatena escape($_POST + ",") greșit
+ * - aici cast la int + implode
+ * --------------------------------------------------------------------------- */
+$fields = [];
+for ($i = 1; $i <= 10; $i++) {
+ $unitId = $u + $i;
+ $val = (int)($_POST['u' . $unitId] ?? 0);
+ $fields[] = "u$unitId = $val";
+}
+
+$q = "UPDATE " . TB_PREFIX . "units SET " . implode(", ", $fields) . " WHERE vref = $id";
$database->query($q);
-$database->query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Changed troop amounts in village $id ',".time().")");
+
+/* ---------------------------------------------------------------------------
+ * Log admin - adaptat pentru tabelul tău
+ * --------------------------------------------------------------------------- */
+$adminId = (string)(int)$_SESSION['id'];
+$time = time();
+$logText = "Changed troop amounts in village $id";
+
+$adminIdEsc = $database->escape($adminId);
+$logEsc = $database->escape($logText);
+
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminIdEsc', '$logEsc', $time)"
+);
+
$database->addStarvationData($id);
-header("Location: ../../../Admin/admin.php?p=village&did=".$id."&d");
+
+header("Location: ../../../Admin/admin.php?p=village&did=" . $id . "&d");
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/addUsers.php b/GameEngine/Admin/Mods/addUsers.php
index f28e6e6d..bba802ae 100755
--- a/GameEngine/Admin/Mods/addUsers.php
+++ b/GameEngine/Admin/Mods/addUsers.php
@@ -1,5 +1,17 @@
Access Denied: You are not Admin!");
+// ---------------------------------------------------------------------------
+// Verificare admin - păstrăm logica originală
+// ---------------------------------------------------------------------------
+$admin = $database->getUserArray($session, 1);
+if (!$admin || (int)$admin['access'] !== 9) {
+ die('Access Denied: You are not Admin!
');
+}
-mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."allimedal set del = 1 WHERE id = ".$delete."");
+// ---------------------------------------------------------------------------
+// Ștergere logică medalie alianță
+// ---------------------------------------------------------------------------
+$database->query("UPDATE ".TB_PREFIX."allimedal SET del = 1 WHERE id = $delete AND allyid = $aid");
-header("Location: ../../../Admin/admin.php?p=alliance&aid=".$aid."");
+// ---------------------------------------------------------------------------
+// Log admin
+// ---------------------------------------------------------------------------
+$adminId = (int)$_SESSION['id'];
+$log = $database->escape("Deleted ally medal #$delete (affected $affected) for ally $aid");
+$database->query("INSERT INTO ".TB_PREFIX."admin_log (`id`,`user`,`log`,`time`) VALUES (0,'$adminId','$log',".time().")");
+
+header("Location: ../../../Admin/admin.php?p=alliance&aid=" . $aid);
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/delallymedalbyaid.php b/GameEngine/Admin/Mods/delallymedalbyaid.php
index 3cd28011..20eb2221 100755
--- a/GameEngine/Admin/Mods/delallymedalbyaid.php
+++ b/GameEngine/Admin/Mods/delallymedalbyaid.php
@@ -8,33 +8,66 @@
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
-if (!isset($_SESSION)) session_start();
-if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
-include_once("../../config.php");
-// go max 5 levels up - we don't have folders that go deeper than that
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die("Access Denied: You are not Admin!");
+}
+
+// ---------------------------------------------------------------------------
+// Autoloader path
+// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
- if (file_exists($autoprefix.'autoloader.php')) {
- // we have our path, let's leave
+ if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
-include_once($autoprefix."GameEngine/Database.php");
+include_once($autoprefix . "GameEngine/config.php");
+include_once($autoprefix . "GameEngine/Database.php");
-$allyid =(int) $_POST['allyid'];
-$aid = (int) $_POST['aid'];
-$session = (int) $_POST['admid'];
+// ---------------------------------------------------------------------------
+// Input - folosim un singur ID pentru alianță
+// ---------------------------------------------------------------------------
+$aid = (int)($_POST['aid'] ?? $_POST['allyid'] ?? 0);
+$session = (int)($_POST['admid'] ?? 0);
-$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
-$access = mysqli_fetch_array($sql);
-$sessionaccess = $access['access'];
+if ($aid <= 0 || $session <= 0) {
+ header("Location: ../../../Admin/admin.php?p=alliance&aid=" . $aid . "&e=bad");
+ exit;
+}
-if($sessionaccess != 9) die("Access Denied: You are not Admin!
");
+// ---------------------------------------------------------------------------
+// Verificare admin
+// ---------------------------------------------------------------------------
+$admin = $database->getUserArray($session, 1);
+if (!$admin || (int)$admin['access'] !== 9) {
+ die('Access Denied: You are not Admin!
');
+}
-mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."allimedal set del = 1 WHERE allyid = ".$aid."");
+// ---------------------------------------------------------------------------
+// Ștergere logică - toate medaliile alianței
+// ---------------------------------------------------------------------------
+$database->query("UPDATE " . TB_PREFIX . "allimedal SET del = 1 WHERE allyid = $aid AND del = 0");
+$affected = mysqli_affected_rows($database->dblink);
-header("Location: ../../../Admin/admin.php?p=alliance&aid=".$aid."");
+// ---------------------------------------------------------------------------
+// Log admin
+// ---------------------------------------------------------------------------
+$adminId = (int)$_SESSION['id'];
+$time = time();
+$logText = "Deleted all medals ($affected) for alliance $aid";
+$logEsc = $database->escape($logText);
+
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminId', '$logEsc', $time)"
+);
+
+header("Location: ../../../Admin/admin.php?p=alliance&aid=" . $aid . "&deleted=$affected");
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/delallymedalbyweek.php b/GameEngine/Admin/Mods/delallymedalbyweek.php
index c57710a1..8d478186 100755
--- a/GameEngine/Admin/Mods/delallymedalbyweek.php
+++ b/GameEngine/Admin/Mods/delallymedalbyweek.php
@@ -8,32 +8,66 @@
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
-if (!isset($_SESSION)) session_start();
-if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
-include_once("../../config.php");
-// go max 5 levels up - we don't have folders that go deeper than that
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die("Access Denied: You are not Admin!");
+}
+
+// ---------------------------------------------------------------------------
+// Autoloader path
+// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
- if (file_exists($autoprefix.'autoloader.php')) {
- // we have our path, let's leave
+ if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
-include_once($autoprefix."GameEngine/Database.php");
+include_once($autoprefix . "GameEngine/config.php");
+include_once($autoprefix . "GameEngine/Database.php");
-$deleteweek = (int) $_POST['deleteweek'];
-$session = (int) $_POST['admid'];
+// ---------------------------------------------------------------------------
+// Input
+// ---------------------------------------------------------------------------
+$deleteweek = (int)($_POST['deleteweek'] ?? 0);
+$session = (int)($_POST['admid'] ?? 0);
-$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
-$access = mysqli_fetch_array($sql);
-$sessionaccess = $access['access'];
+if ($deleteweek <= 0 || $session <= 0) {
+ header("Location: ../../../Admin/admin.php?p=delallymedal&e=bad");
+ exit;
+}
-if($sessionaccess != 9) die("Access Denied: You are not Admin!
");
+// ---------------------------------------------------------------------------
+// Verificare admin
+// ---------------------------------------------------------------------------
+$admin = $database->getUserArray($session, 1);
+if (!$admin || (int)$admin['access'] !== 9) {
+ die('Access Denied: You are not Admin!
');
+}
-mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."allimedal set del = 1 WHERE week = ".$deleteweek."");
+// ---------------------------------------------------------------------------
+// Ștergere logică pe săptămână
+// ---------------------------------------------------------------------------
+$database->query("UPDATE " . TB_PREFIX . "allimedal SET del = 1 WHERE week = $deleteweek AND del = 0");
+$affected = mysqli_affected_rows($database->dblink);
-header("Location: ../../../Admin/admin.php?p=delallymedal");
+// ---------------------------------------------------------------------------
+// Log admin
+// ---------------------------------------------------------------------------
+$adminId = (int)$_SESSION['id'];
+$time = time();
+$logText = "Deleted all alliance medals for week $deleteweek ($affected rows)";
+$logEsc = $database->escape($logText);
+
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminId', '$logEsc', $time)"
+);
+
+header("Location: ../../../Admin/admin.php?p=delallymedal&week=$deleteweek&deleted=$affected");
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/deletemedalbyweek.php b/GameEngine/Admin/Mods/deletemedalbyweek.php
index 8d25ab02..b12a62f9 100755
--- a/GameEngine/Admin/Mods/deletemedalbyweek.php
+++ b/GameEngine/Admin/Mods/deletemedalbyweek.php
@@ -8,32 +8,66 @@
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
##################################################################################
-if (!isset($_SESSION)) session_start();
-if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
-include_once("../../config.php");
-// go max 5 levels up - we don't have folders that go deeper than that
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die("Access Denied: You are not Admin!");
+}
+
+// ---------------------------------------------------------------------------
+// Autoloader path
+// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
- if (file_exists($autoprefix.'autoloader.php')) {
- // we have our path, let's leave
+ if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
-include_once($autoprefix."GameEngine/Database.php");
+include_once($autoprefix . "GameEngine/config.php");
+include_once($autoprefix . "GameEngine/Database.php");
-$deleteweek = (int) $_POST['medalweek'];
-$session = (int) $_POST['admid'];
+// ---------------------------------------------------------------------------
+// Input
+// ---------------------------------------------------------------------------
+$deleteweek = (int)($_POST['medalweek'] ?? 0);
+$session = (int)($_POST['admid'] ?? 0);
-$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
-$access = mysqli_fetch_array($sql);
-$sessionaccess = $access['access'];
+if ($deleteweek <= 0 || $session <= 0) {
+ header("Location: ../../../Admin/admin.php?p=delmedal&e=bad");
+ exit;
+}
-if($sessionaccess != 9) die("Access Denied: You are not Admin!
");
+// ---------------------------------------------------------------------------
+// Verificare admin
+// ---------------------------------------------------------------------------
+$admin = $database->getUserArray($session, 1);
+if (!$admin || (int)$admin['access'] !== 9) {
+ die('Access Denied: You are not Admin!
');
+}
-mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."medal set del = 1 WHERE week = ".$deleteweek."");
+// ---------------------------------------------------------------------------
+// Ștergere logică - medalii jucători pe săptămână
+// ---------------------------------------------------------------------------
+$database->query("UPDATE " . TB_PREFIX . "medal SET del = 1 WHERE week = $deleteweek AND del = 0");
+$affected = mysqli_affected_rows($database->dblink);
-header("Location: ../../../Admin/admin.php?p=delmedal");
+// ---------------------------------------------------------------------------
+// Log admin
+// ---------------------------------------------------------------------------
+$adminId = (int)$_SESSION['id'];
+$time = time();
+$logText = "Deleted player medals for week $deleteweek ($affected rows)";
+$logEsc = $database->escape($logText);
+
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminId', '$logEsc', $time)"
+);
+
+header("Location: ../../../Admin/admin.php?p=delmedal&week=$deleteweek&deleted=$affected");
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/editBuildings.php b/GameEngine/Admin/Mods/editBuildings.php
index f548688f..11f9c5d6 100755
--- a/GameEngine/Admin/Mods/editBuildings.php
+++ b/GameEngine/Admin/Mods/editBuildings.php
@@ -3,6 +3,7 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename editBuildings.php ##
+## Type BACKEND ##
## Developed by: aggenkeech ##
## Fix by: ronix ##
## License: TravianZ Project ##
@@ -10,113 +11,77 @@
## ##
#################################################################################
-if(!isset($_SESSION)) session_start();
-if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!
");
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die('Access Denied: You are not Admin!
');
+}
include_once("../../config.php");
-// go max 5 levels up - we don't have folders that go deeper than that
+// ---------------------------------------------------------------------------
+// Autoloader path
+// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
- if (file_exists($autoprefix.'autoloader.php')) {
- // we have our path, let's leave
+ if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
-include_once($autoprefix."GameEngine/Database.php");
+include_once($autoprefix . "GameEngine/Database.php");
+include_once($autoprefix . "GameEngine/Automation.php");
-foreach ($_POST as $key => $value) {
- $_POST[$key] = $database->escape($value);
+// ---------------------------------------------------------------------------
+// Input
+// ---------------------------------------------------------------------------
+$id = (int)($_POST['id'] ?? 0);
+if ($id <= 0) {
+ header("Location: ../../../Admin/admin.php?p=admin");
+ exit;
}
-$id = (int) $_POST['id'];
+// ---------------------------------------------------------------------------
+// Construim SET-ul dinamic pentru f1-f40 și f99
+// ---------------------------------------------------------------------------
+$sets = [];
+for ($i = 1; $i <= 40; $i++) {
+ $level = (int)($_POST["id{$i}level"] ?? 0);
+ $gid = (int)($_POST["id{$i}gid"] ?? 0);
+ // limităm la valori rezonabile Travian
+ $level = max(0, min(20, $level));
+ $gid = max(0, min(40, $gid));
+ $sets[] = "f{$i} = $level";
+ $sets[] = "f{$i}t = $gid";
+}
-mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."fdata SET
- f1 = '".$_POST['id1level']."',
- f1t = '".$_POST['id1gid']."',
- f2 = '".$_POST['id2level']."',
- f2t = '".$_POST['id2gid']."',
- f3 = '".$_POST['id3level']."',
- f3t = '".$_POST['id3gid']."',
- f4 = '".$_POST['id4level']."',
- f4t = '".$_POST['id4gid']."',
- f5 = '".$_POST['id5level']."',
- f5t = '".$_POST['id5gid']."',
- f6 = '".$_POST['id6level']."',
- f6t = '".$_POST['id6gid']."',
- f7 = '".$_POST['id7level']."',
- f7t = '".$_POST['id7gid']."',
- f8 = '".$_POST['id8level']."',
- f8t = '".$_POST['id8gid']."',
- f9 = '".$_POST['id9level']."',
- f9t = '".$_POST['id9gid']."',
- f10 = '".$_POST['id10level']."',
- f10t = '".$_POST['id10gid']."',
- f11 = '".$_POST['id11level']."',
- f11t = '".$_POST['id11gid']."',
- f12 = '".$_POST['id12level']."',
- f12t = '".$_POST['id12gid']."',
- f13 = '".$_POST['id13level']."',
- f13t = '".$_POST['id13gid']."',
- f14 = '".$_POST['id14level']."',
- f14t = '".$_POST['id14gid']."',
- f15 = '".$_POST['id15level']."',
- f15t = '".$_POST['id15gid']."',
- f16 = '".$_POST['id16level']."',
- f16t = '".$_POST['id16gid']."',
- f17 = '".$_POST['id17level']."',
- f17t = '".$_POST['id17gid']."',
- f18 = '".$_POST['id18level']."',
- f18t = '".$_POST['id18gid']."',
- f19 = '".$_POST['id19level']."',
- f19t = '".$_POST['id19gid']."',
- f20 = '".$_POST['id20level']."',
- f20t = '".$_POST['id20gid']."',
- f21 = '".$_POST['id21level']."',
- f21t = '".$_POST['id21gid']."',
- f22 = '".$_POST['id22level']."',
- f22t = '".$_POST['id22gid']."',
- f23 = '".$_POST['id23level']."',
- f23t = '".$_POST['id23gid']."',
- f24 = '".$_POST['id24level']."',
- f24t = '".$_POST['id24gid']."',
- f25 = '".$_POST['id25level']."',
- f25t = '".$_POST['id25gid']."',
- f26 = '".$_POST['id26level']."',
- f26t = '".$_POST['id26gid']."',
- f27 = '".$_POST['id27level']."',
- f27t = '".$_POST['id27gid']."',
- f28 = '".$_POST['id28level']."',
- f28t = '".$_POST['id28gid']."',
- f29 = '".$_POST['id29level']."',
- f29t = '".$_POST['id29gid']."',
- f30 = '".$_POST['id30level']."',
- f30t = '".$_POST['id30gid']."',
- f31 = '".$_POST['id31level']."',
- f31t = '".$_POST['id31gid']."',
- f32 = '".$_POST['id32level']."',
- f32t = '".$_POST['id32gid']."',
- f33 = '".$_POST['id33level']."',
- f33t = '".$_POST['id33gid']."',
- f34 = '".$_POST['id34level']."',
- f34t = '".$_POST['id34gid']."',
- f35 = '".$_POST['id35level']."',
- f35t = '".$_POST['id35gid']."',
- f36 = '".$_POST['id36level']."',
- f36t = '".$_POST['id36gid']."',
- f37 = '".$_POST['id37level']."',
- f37t = '".$_POST['id37gid']."',
- f38 = '".$_POST['id38level']."',
- f38t = '".$_POST['id38gid']."',
- f39 = '".$_POST['id39level']."',
- f39t = '".$_POST['id39gid']."',
- f40 = '".$_POST['id40level']."',
- f40t = '".$_POST['id40gid']."',
- f99 = '".$_POST['id99level']."',
- f99t = '".$_POST['id99gid']."'
- WHERE vref = $id") or die(mysqli_error($database->dblink));
+// câmpurile speciale f99 (capcană / zid?)
+$level99 = (int)($_POST['id99level'] ?? 0);
+$gid99 = (int)($_POST['id99gid'] ?? 0);
+$sets[] = "f99 = " . max(0, min(20, $level99));
+$sets[] = "f99t = " . max(0, min(40, $gid99));
-header("Location: ../../../Admin/admin.php?p=village&did=".$id."");
-?>
+$setSql = implode(', ', $sets);
+
+// ---------------------------------------------------------------------------
+// Update
+// ---------------------------------------------------------------------------
+$database->query("UPDATE " . TB_PREFIX . "fdata SET $setSql WHERE vref = $id");
+
+// recalculăm populația după editare
+$automation = new Automation();
+$automation->recountPop($id);
+
+// ---------------------------------------------------------------------------
+// Log admin
+// ---------------------------------------------------------------------------
+$adminId = (int)$_SESSION['id'];
+$time = time();
+$log = $database->escape("Edited buildings for village $id");
+$database->query("INSERT INTO " . TB_PREFIX . "admin_log (`id`,`user`,`log`,`time`) VALUES (0,'$adminId','$log',$time)");
+
+header("Location: ../../../Admin/admin.php?p=village&did=" . $id);
+exit;
+?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/editHero.php b/GameEngine/Admin/Mods/editHero.php
index 97214f48..2caea8ec 100755
--- a/GameEngine/Admin/Mods/editHero.php
+++ b/GameEngine/Admin/Mods/editHero.php
@@ -2,7 +2,8 @@
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
-## Filename addTroops.php ##
+## Filename editHero.php ##
+## Type BACKEND ##
## Developed by: Dzoki & Advocatie ##
## License: TravianZ Project ##
## Reworks by: ronix ##
@@ -10,34 +11,88 @@
## ##
#################################################################################
-if(!isset($_SESSION)) session_start();
-if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
-include_once("../../Database.php");
-$status="&ce=1";
-
-foreach ($_POST as $key => $value) {
- $_POST[$key] = $database->escape($value);
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die("Access Denied: You are not Admin!");
}
-if(isset($_POST['id']) && isset($_POST['hid'])) {
- $_POST['hname'] = trim(stripslashes($_POST['hname']));
- if ($_POST['hname']=="") {
- header("Location: ../../../Admin/admin.php?p=editHero&uid=".$_POST['id']."&e=1");
- exit;
- }
-
- include_once("../../Data/hero_full.php");
-
- $id = (int) $_POST['id'];
- $hid = (int) $_POST['hid'];
-
- $q = "UPDATE ".TB_PREFIX."hero SET unit=".(int) $_POST['hunit'].", name='".$_POST['hname']."', level=".(int) $_POST['hlvl'].", points=".(int) $_POST['exp'].", experience=".(int) $hero_levels[$_POST['hlvl']].", health='".$_POST['hhealth']."',
- attack=".(int) $_POST['hatk'].", defence=".(int) $_POST['hdef'].", attackbonus=".(int) $_POST['hob'].", defencebonus=".(int) $_POST['hdb'].", regeneration=".(int) $_POST['hrege']." WHERE heroid = ".$hid." AND uid = ".$id;
-$return=$database->query($q);
-if($return) {
- $database->query("Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Changed hero info',".time().")");
- $status="&cs=1";
-}
+// ---------------------------------------------------------------------------
+// Autoloader path
+// ---------------------------------------------------------------------------
+$autoprefix = '';
+for ($i = 0; $i < 5; $i++) {
+ $autoprefix = str_repeat('../', $i);
+ if (file_exists($autoprefix . 'autoloader.php')) {
+ break;
+ }
}
-header("Location: ../../../Admin/admin.php?p=player&uid=".$id.$status);
+
+include_once($autoprefix . "GameEngine/config.php");
+include_once($autoprefix . "GameEngine/Database.php");
+include_once($autoprefix . "GameEngine/Data/hero_full.php");
+
+$status = "&ce=1";
+
+if (isset($_POST['id'], $_POST['hid'])) {
+ $id = (int)$_POST['id'];
+ $hid = (int)$_POST['hid'];
+ $hname = trim($_POST['hname'] ?? '');
+
+ if ($hname === '') {
+ header("Location: ../../../Admin/admin.php?p=editHero&uid=$id&e=1");
+ exit;
+ }
+
+ // Input curat - cast individual, NU escape global
+ $hunit = (int)($_POST['hunit'] ?? 0);
+ $hlvl = max(0, min(100, (int)($_POST['hlvl'] ?? 0)));
+ $exp = (int)($_POST['exp'] ?? 0);
+ $hhealth = (float)($_POST['hhealth'] ?? 100);
+ $hatk = (int)($_POST['hatk'] ?? 0);
+ $hdef = (int)($_POST['hdef'] ?? 0);
+ $hob = (int)($_POST['hob'] ?? 0);
+ $hdb = (int)($_POST['hdb'] ?? 0);
+ $hrege = (int)($_POST['hrege'] ?? 0);
+
+ $experience = isset($hero_levels[$hlvl]) ? (int)$hero_levels[$hlvl] : 0;
+ $hnameEsc = $database->escape($hname);
+
+ $q = "UPDATE " . TB_PREFIX . "hero SET
+ unit = $hunit,
+ name = '$hnameEsc',
+ level = $hlvl,
+ points = $exp,
+ experience = $experience,
+ health = '$hhealth',
+ attack = $hatk,
+ defence = $hdef,
+ attackbonus = $hob,
+ defencebonus = $hdb,
+ regeneration = $hrege
+ WHERE heroid = $hid AND uid = $id";
+
+ $return = $database->query($q);
+
+// ---------------------------------------------------------------------------
+// Log admin - adaptat pentru tabelul tău
+// ---------------------------------------------------------------------------
+
+ if ($return) {
+ $adminId = (int)$_SESSION['id'];
+ $time = time();
+ $logText = "Changed hero info for user $id (hero $hid)";
+ $logEsc = $database->escape($logText);
+
+ $database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminId', '$logEsc', $time)"
+ );
+ $status = "&cs=1";
+ }
+}
+
+header("Location: ../../../Admin/admin.php?p=player&uid=" . (int)$id . $status);
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/editOverall.php b/GameEngine/Admin/Mods/editOverall.php
index 67d739e8..170fc7f6 100755
--- a/GameEngine/Admin/Mods/editOverall.php
+++ b/GameEngine/Admin/Mods/editOverall.php
@@ -2,41 +2,75 @@
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
-## Filename editOverall.php ##
+## Filename editOverall.php ##
+## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
-if (!isset($_SESSION)) session_start();
-if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
+
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die("Access Denied: You are not Admin!");
+}
+
include_once("../../config.php");
-// go max 5 levels up - we don't have folders that go deeper than that
+// ---------------------------------------------------------------------------
+// Autoloader path
+// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
- if (file_exists($autoprefix.'autoloader.php')) {
- // we have our path, let's leave
+ if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
-include_once($autoprefix."GameEngine/Database.php");
+include_once($autoprefix . "GameEngine/Database.php");
-$session = (int) $_POST['admid'];
-$id = (int) $_POST['id'];
+// ---------------------------------------------------------------------------
+// Input
+// ---------------------------------------------------------------------------
+$session = (int)($_POST['admid'] ?? 0);
+$id = (int)($_POST['id'] ?? 0);
+$off = (int)($_POST['off'] ?? 0);
+$def = (int)($_POST['def'] ?? 0);
-$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
-$access = mysqli_fetch_array($sql);
-$sessionaccess = $access['access'];
+if ($id <= 0 || $session <= 0) {
+ header("Location: ../../../Admin/admin.php?p=player&uid=$id&e=bad");
+ exit;
+}
-if($sessionaccess != 9) die("Access Denied: You are not Admin!
");
+// ---------------------------------------------------------------------------
+// Verificare admin
+// ---------------------------------------------------------------------------
+$admin = $database->getUserArray($session, 1);
+if (!$admin || (int)$admin['access'] !== 9) {
+ die('Access Denied: You are not Admin!
');
+}
-mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET
- apall = '".(int) $_POST['off']."',
- dpall = '".(int) $_POST['def']."'
- WHERE id = $id") or die(mysqli_error($database->dblink));
+// ---------------------------------------------------------------------------
+// Update
+// ---------------------------------------------------------------------------
+$database->query("UPDATE " . TB_PREFIX . "users SET apall = $off, dpall = $def WHERE id = $id");
-header("Location: ../../../Admin/admin.php?p=player&uid=".$id."");
+// ---------------------------------------------------------------------------
+// Log admin
+// ---------------------------------------------------------------------------
+$adminId = (int)$_SESSION['id'];
+$time = time();
+$logText = "Changed overall stats for user $id (off=$off, def=$def)";
+$logEsc = $database->escape($logText);
+
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminId', '$logEsc', $time)"
+);
+
+header("Location: ../../../Admin/admin.php?p=player&uid=" . $id);
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/editPassword.php b/GameEngine/Admin/Mods/editPassword.php
index 97993b07..07698811 100755
--- a/GameEngine/Admin/Mods/editPassword.php
+++ b/GameEngine/Admin/Mods/editPassword.php
@@ -3,40 +3,79 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename editPassword.php ##
+## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
-if (!isset($_SESSION)) session_start();
-if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
+
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die("Access Denied: You are not Admin!");
+}
+
include_once("../../config.php");
-// go max 5 levels up - we don't have folders that go deeper than that
+// ---------------------------------------------------------------------------
+// Autoloader path
+// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
- if (file_exists($autoprefix.'autoloader.php')) {
- // we have our path, let's leave
+ if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
-include_once($autoprefix."GameEngine/Database.php");
+include_once($autoprefix . "GameEngine/Database.php");
-$session = (int) $_POST['admid'];
-$id = (int) $_POST['uid'];
-$pass = password_hash($_POST['newpw'], PASSWORD_BCRYPT, ['cost' => 12]);
+// ---------------------------------------------------------------------------
+// Input
+// ---------------------------------------------------------------------------
+$session = (int)($_POST['admid'] ?? 0);
+$id = (int)($_POST['uid'] ?? 0);
+$newpw = trim($_POST['newpw'] ?? '');
-$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
-$access = mysqli_fetch_array($sql);
-$sessionaccess = $access['access'];
+if ($id <= 0 || $session <= 0 || $newpw === '') {
+ header("Location: ../../../Admin/admin.php?p=player&uid=$id&e=pw");
+ exit;
+}
-if($sessionaccess != 9) die("Access Denied: You are not Admin!
");
+// ---------------------------------------------------------------------------
+// Verificare admin
+// ---------------------------------------------------------------------------
+$admin = $database->getUserArray($session, 1);
+if (!$admin || (int)$admin['access'] !== 9) {
+ die('Access Denied: You are not Admin!
');
+}
-mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET
- password = '".$pass."'
- WHERE id = $id") or die(mysqli_error($database->dblink));
+// ---------------------------------------------------------------------------
+// Hash parolă
+// ---------------------------------------------------------------------------
+$pass = password_hash($newpw, PASSWORD_BCRYPT, ['cost' => 12]);
+$passEsc = $database->escape($pass);
-header("Location: ../../../Admin/admin.php?p=player&uid=".$id."");
+// ---------------------------------------------------------------------------
+// Update
+// ---------------------------------------------------------------------------
+$database->query("UPDATE " . TB_PREFIX . "users SET password = '$passEsc' WHERE id = $id");
+
+// ---------------------------------------------------------------------------
+// Log admin
+// ---------------------------------------------------------------------------
+$adminId = (int)$_SESSION['id'];
+$time = time();
+$logText = "Changed password for user $id";
+$logEsc = $database->escape($logText);
+
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminId', '$logEsc', $time)"
+);
+
+header("Location: ../../../Admin/admin.php?p=player&uid=" . $id . "&pw=1");
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/editPlus.php b/GameEngine/Admin/Mods/editPlus.php
index 50384b3e..5ba776e6 100755
--- a/GameEngine/Admin/Mods/editPlus.php
+++ b/GameEngine/Admin/Mods/editPlus.php
@@ -3,45 +3,82 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename editPlus.php ##
+## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
-if (!isset($_SESSION)) session_start();
-if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
+
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die("Access Denied: You are not Admin!");
+}
+
include_once("../../config.php");
-// go max 5 levels up - we don't have folders that go deeper than that
+// ---------------------------------------------------------------------------
+// Autoloader path
+// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
- if (file_exists($autoprefix.'autoloader.php')) {
- // we have our path, let's leave
+ if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
-include_once($autoprefix."GameEngine/Database.php");
+include_once($autoprefix . "GameEngine/Database.php");
-$id = (int) $_POST['id'];
+// ---------------------------------------------------------------------------
+// Input
+// ---------------------------------------------------------------------------
+$id = (int)($_POST['id'] ?? 0);
+if ($id <= 0) {
+ header("Location: ../../../Admin/admin.php?p=search");
+ exit;
+}
-$bonusDuration = [];
$time = time();
-$bonusDuration['plus'] = (int) $_POST['plus'] * 86400; //Plus
-$bonusDuration['b1'] = (int) $_POST['wood'] * 86400; //+25% Wood
-$bonusDuration['b2'] = (int) $_POST['clay'] * 86400; //+25% Clay
-$bonusDuration['b3'] = (int) $_POST['iron'] * 86400; //+25% Iron
-$bonusDuration['b4'] = (int) $_POST['crop'] * 86400; //+25% Crop
+$bonusDuration = [
+ 'plus' => (int)($_POST['plus'] ?? 0) * 86400,
+ 'b1' => (int)($_POST['wood'] ?? 0) * 86400,
+ 'b2' => (int)($_POST['clay'] ?? 0) * 86400,
+ 'b3' => (int)($_POST['iron'] ?? 0) * 86400,
+ 'b4' => (int)($_POST['crop'] ?? 0) * 86400,
+];
$user = $database->getUserArray($id, 1);
+if (!$user) {
+ header("Location: ../../../Admin/admin.php?p=player&uid=$id&e=notfound");
+ exit;
+}
-foreach($bonusDuration as $index => $bonus){
- $bonusDuration[$index] = $bonusDuration[$index] + ($user[$index] < $time ? $time : $user[$index]);
- if($bonusDuration[$index] < $time) $bonusDuration[$index] = 0;
+foreach ($bonusDuration as $key => $add) {
+ $current = (int)($user[$key] ?? 0);
+ $base = $current < $time ? $time : $current;
+ $bonusDuration[$key] = $add > 0 ? $base + $add : $current;
+ if ($bonusDuration[$key] < $time) {
+ $bonusDuration[$key] = 0;
+ }
}
$database->updateUserField($id, array_keys($bonusDuration), array_values($bonusDuration), 1);
-header("Location: ../../../Admin/admin.php?p=player&uid=".$id."");
+// ---------------------------------------------------------------------------
+// Log admin
+// ---------------------------------------------------------------------------
+$adminId = (int)$_SESSION['id'];
+$logText = "Updated Plus/bonuses for user $id (plus={$_POST['plus']}d, wood={$_POST['wood']}d, clay={$_POST['clay']}d, iron={$_POST['iron']}d, crop={$_POST['crop']}d)";
+$logEsc = $database->escape($logText);
+
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminId', '$logEsc', $time)"
+);
+
+header("Location: ../../../Admin/admin.php?p=player&uid=" . $id);
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/editProtection.php b/GameEngine/Admin/Mods/editProtection.php
index e8971051..cb3ef32e 100755
--- a/GameEngine/Admin/Mods/editProtection.php
+++ b/GameEngine/Admin/Mods/editProtection.php
@@ -2,43 +2,76 @@
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
-## Filename editProtection ##
+## Filename editProtection.php ##
+## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
-if (!isset($_SESSION)) session_start();
-if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
+
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die("Access Denied: You are not Admin!");
+}
+
include_once("../../config.php");
-// go max 5 levels up - we don't have folders that go deeper than that
+// ---------------------------------------------------------------------------
+// Autoloader path
+// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
- if (file_exists($autoprefix.'autoloader.php')) {
- // we have our path, let's leave
+ if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
-include_once($autoprefix."GameEngine/Database.php");
+include_once($autoprefix . "GameEngine/Database.php");
-$session = (int) $_POST['admid'];
-$id = (int) $_POST['id'];
+// ---------------------------------------------------------------------------
+// Input
+// ---------------------------------------------------------------------------
+$session = (int)($_POST['admid'] ?? 0);
+$id = (int)($_POST['id'] ?? 0);
+$days = (int)($_POST['protect'] ?? 0);
-$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
-$access = mysqli_fetch_array($sql);
-$sessionaccess = $access['access'];
+if ($id <= 0 || $session <= 0) {
+ header("Location: ../../../Admin/admin.php?p=player&uid=$id&e=bad");
+ exit;
+}
-if($sessionaccess != 9) die("Access Denied: You are not Admin!
");
+// ---------------------------------------------------------------------------
+// Verificare admin
+// ---------------------------------------------------------------------------
+$admin = $database->getUserArray($session, 1);
+if (!$admin || (int)$admin['access'] !== 9) {
+ die('Access Denied: You are not Admin!
');
+}
-$dur = (int) $_POST['protect'] * 86400;
-$protection = (time() + $dur);
+// ---------------------------------------------------------------------------
+// Calcul protecție
+// ---------------------------------------------------------------------------
+$time = time();
+$protection = $days > 0 ? $time + ($days * 86400) : 0;
-mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET
- protect = '".$protection."'
- WHERE id = $id") or die(mysqli_error($database->dblink));
+$database->query("UPDATE " . TB_PREFIX . "users SET protect = $protection WHERE id = $id");
-header("Location: ../../../Admin/admin.php?p=player&uid=".$id."");
+// ---------------------------------------------------------------------------
+// Log admin
+// ---------------------------------------------------------------------------
+$adminId = (int)$_SESSION['id'];
+$logText = "Set protection for user $id to $days days";
+$logEsc = $database->escape($logText);
+
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminId', '$logEsc', $time)"
+);
+
+header("Location: ../../../Admin/admin.php?p=player&uid=" . $id);
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/editResources.php b/GameEngine/Admin/Mods/editResources.php
index bcf1511b..09d3a08f 100755
--- a/GameEngine/Admin/Mods/editResources.php
+++ b/GameEngine/Admin/Mods/editResources.php
@@ -3,44 +3,91 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename editResources.php ##
+## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
-if (!isset($_SESSION)) session_start();
-if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
+
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die("Access Denied: You are not Admin!");
+}
+
include_once("../../config.php");
-// go max 5 levels up - we don't have folders that go deeper than that
+// ---------------------------------------------------------------------------
+// Autoloader path
+// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
- if (file_exists($autoprefix.'autoloader.php')) {
- // we have our path, let's leave
+ if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
-include_once($autoprefix."GameEngine/Database.php");
+include_once($autoprefix . "GameEngine/Database.php");
-$session = (int) $_POST['admid'];
-$id = (int) $_POST['did'];
+// ---------------------------------------------------------------------------
+// Input
+// ---------------------------------------------------------------------------
+$session = (int)($_POST['admid'] ?? 0);
+$id = (int)($_POST['did'] ?? 0);
-$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
-$access = mysqli_fetch_array($sql);
-$sessionaccess = $access['access'];
+if ($id <= 0 || $session <= 0) {
+ header("Location: ../../../Admin/admin.php?p=admin&e=bad");
+ exit;
+}
-if($sessionaccess != 9) die("Access Denied: You are not Admin!
");
+// ---------------------------------------------------------------------------
+// Verificare admin
+// ---------------------------------------------------------------------------
+$admin = $database->getUserArray($session, 1);
+if (!$admin || (int)$admin['access'] !== 9) {
+ die('Access Denied: You are not Admin!
');
+}
-mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."vdata SET
- wood = '".(int) $_POST['wood']."',
- clay = '".(int) $_POST['clay']."',
- iron = '".(int) $_POST['iron']."',
- crop = '".(int) $_POST['crop']."',
- maxstore = '".(int) $_POST['maxstore']."',
- maxcrop = '".(int) $_POST['maxcrop']."'
- WHERE wref = '".$id."'") or die(mysqli_error($database->dblink));
+// ---------------------------------------------------------------------------
+// Valori
+// ---------------------------------------------------------------------------
+$wood = max(0, (int)($_POST['wood'] ?? 0));
+$clay = max(0, (int)($_POST['clay'] ?? 0));
+$iron = max(0, (int)($_POST['iron'] ?? 0));
+$crop = max(0, (int)($_POST['crop'] ?? 0));
+$maxstore = max(0, (int)($_POST['maxstore'] ?? 0));
+$maxcrop = max(0, (int)($_POST['maxcrop'] ?? 0));
-header("Location: ../../../Admin/admin.php?p=village&did=".$id."");
+// ---------------------------------------------------------------------------
+// Update
+// ---------------------------------------------------------------------------
+$database->query(
+ "UPDATE " . TB_PREFIX . "vdata SET
+ wood = $wood,
+ clay = $clay,
+ iron = $iron,
+ crop = $crop,
+ maxstore = $maxstore,
+ maxcrop = $maxcrop
+ WHERE wref = $id"
+);
+
+// ---------------------------------------------------------------------------
+// Log admin
+// ---------------------------------------------------------------------------
+$adminId = (int)$_SESSION['id'];
+$time = time();
+$logText = "Edited resources for village $id (w:$wood c:$clay i:$iron cr:$crop)";
+$logEsc = $database->escape($logText);
+
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminId', '$logEsc', $time)"
+);
+
+header("Location: ../../../Admin/admin.php?p=village&did=" . $id);
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/editSitter.php b/GameEngine/Admin/Mods/editSitter.php
index 77eef259..511d52a7 100755
--- a/GameEngine/Admin/Mods/editSitter.php
+++ b/GameEngine/Admin/Mods/editSitter.php
@@ -3,40 +3,74 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename editSitter.php ##
+## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
-if (!isset($_SESSION)) session_start();
-if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
+
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die("Access Denied: You are not Admin!");
+}
+
include_once("../../config.php");
-// go max 5 levels up - we don't have folders that go deeper than that
+// ---------------------------------------------------------------------------
+// Autoloader path
+// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
- if (file_exists($autoprefix.'autoloader.php')) {
- // we have our path, let's leave
+ if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
-include_once($autoprefix."GameEngine/Database.php");
+include_once($autoprefix . "GameEngine/Database.php");
-$session = (int) $_POST['admid'];
-$id = (int) $_POST['id'];
+// ---------------------------------------------------------------------------
+// Input
+// ---------------------------------------------------------------------------
+$session = (int)($_POST['admid'] ?? 0);
+$id = (int)($_POST['id'] ?? 0);
+$sit1 = (int)($_POST['sitter1'] ?? 0);
+$sit2 = (int)($_POST['sitter2'] ?? 0);
-$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
-$access = mysqli_fetch_array($sql);
-$sessionaccess = $access['access'];
+if ($id <= 0 || $session <= 0) {
+ header("Location: ../../../Admin/admin.php?p=player&uid=$id&e=bad");
+ exit;
+}
-if($sessionaccess != 9) die("Access Denied: You are not Admin!
");
+// ---------------------------------------------------------------------------
+// Verificare admin
+// ---------------------------------------------------------------------------
+$admin = $database->getUserArray($session, 1);
+if (!$admin || (int)$admin['access'] !== 9) {
+ die('Access Denied: You are not Admin!
');
+}
-mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET
- sit1 = '".$_POST['sitter1']."',
- sit2 = '".$_POST['sitter2']."'
- WHERE id = $id") or die(mysqli_error($database->dblink));
+// ---------------------------------------------------------------------------
+// Update
+// ---------------------------------------------------------------------------
+$database->query("UPDATE " . TB_PREFIX . "users SET sit1 = $sit1, sit2 = $sit2 WHERE id = $id");
-header("Location: ../../../Admin/admin.php?p=player&uid=".$id."");
+// ---------------------------------------------------------------------------
+// Log admin
+// ---------------------------------------------------------------------------
+$adminId = (int)$_SESSION['id'];
+$time = time();
+$logText = "Changed sitters for user $id (sit1=$sit1, sit2=$sit2)";
+$logEsc = $database->escape($logText);
+
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminId', '$logEsc', $time)"
+);
+
+header("Location: ../../../Admin/admin.php?p=player&uid=" . $id);
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/editUser.php b/GameEngine/Admin/Mods/editUser.php
index 49377dc6..502d1720 100755
--- a/GameEngine/Admin/Mods/editUser.php
+++ b/GameEngine/Admin/Mods/editUser.php
@@ -3,48 +3,91 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename editUser.php ##
+## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
-if (!isset($_SESSION)) session_start();
-if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
+
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die("Access Denied: You are not Admin!");
+}
+
include_once("../../config.php");
-// go max 5 levels up - we don't have folders that go deeper than that
+// ---------------------------------------------------------------------------
+// Autoloader path
+// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
- if (file_exists($autoprefix.'autoloader.php')) {
- // we have our path, let's leave
+ if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
-include_once($autoprefix."GameEngine/Database.php");
+include_once($autoprefix . "GameEngine/Database.php");
-foreach ($_POST as $key => $value) {
- $_POST[$key] = $database->escape($value);
+// ---------------------------------------------------------------------------
+// Input
+// ---------------------------------------------------------------------------
+$session = (int)($_POST['admid'] ?? 0);
+$id = (int)($_POST['id'] ?? 0);
+
+if ($id <= 0 || $session <= 0) {
+ header("Location: ../../../Admin/admin.php?p=player&uid=$id&e=bad");
+ exit;
}
-$session = (int) $_POST['admid'];
-$id = (int) $_POST['id'];
+// ---------------------------------------------------------------------------
+// Verificare admin
+// ---------------------------------------------------------------------------
+$admin = $database->getUserArray($session, 1);
+if (!$admin || (int)$admin['access'] !== 9) {
+ die('Access Denied: You are not Admin!
');
+}
-$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
-$access = mysqli_fetch_array($sql);
-$sessionaccess = $access['access'];
+// ---------------------------------------------------------------------------
+// Câmpuri
+// ---------------------------------------------------------------------------
+$email = $database->escape(trim($_POST['email'] ?? ''));
+$tribe = max(1, min(5, (int)($_POST['tribe'] ?? 1)));
+$location = $database->escape(trim($_POST['location'] ?? ''));
+$desc1 = $database->escape($_POST['desc1'] ?? '');
+$desc2 = $database->escape($_POST['desc2'] ?? '');
+$quest = $database->escape($_POST['quest'] ?? '');
-if($sessionaccess != 9) die("Access Denied: You are not Admin!
");
+// ---------------------------------------------------------------------------
+// Update
+// ---------------------------------------------------------------------------
+$database->query(
+ "UPDATE " . TB_PREFIX . "users SET
+ email = '$email',
+ tribe = $tribe,
+ location = '$location',
+ desc1 = '$desc1',
+ desc2 = '$desc2',
+ quest = '$quest'
+ WHERE id = $id"
+);
-mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET
- email = '".$_POST['email']."',
- tribe = ".(int) $_POST['tribe'].",
- location = '".$_POST['location']."',
- desc1 = '".$_POST['desc1']."',
- desc2 = '".$_POST['desc2']."',
- quest = '".$_POST['quest']."'
- WHERE id = $id") or die(mysqli_error($database->dblink));
+// ---------------------------------------------------------------------------
+// Log admin
+// ---------------------------------------------------------------------------
+$adminId = (int)$_SESSION['id'];
+$time = time();
+$logText = "Edited profile for user $id";
+$logEsc = $database->escape($logText);
-header("Location: ../../../Admin/admin.php?p=player&uid=".$id."");
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminId', '$logEsc', $time)"
+);
+
+header("Location: ../../../Admin/admin.php?p=player&uid=" . $id);
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/editUsername.php b/GameEngine/Admin/Mods/editUsername.php
index bf9a4eb0..3f7c1dca 100755
--- a/GameEngine/Admin/Mods/editUsername.php
+++ b/GameEngine/Admin/Mods/editUsername.php
@@ -3,41 +3,90 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename editUsername.php ##
+## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
-if (!isset($_SESSION)) session_start();
-if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
+
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die("Access Denied: You are not Admin!");
+}
+
include_once("../../config.php");
-// go max 5 levels up - we don't have folders that go deeper than that
+// ---------------------------------------------------------------------------
+// Autoloader path
+// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
- if (file_exists($autoprefix.'autoloader.php')) {
- // we have our path, let's leave
+ if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
-include_once($autoprefix."GameEngine/Database.php");
+include_once($autoprefix . "GameEngine/Database.php");
-foreach ($_POST as $key => $value) {
- $_POST[$key] = $database->escape($value);
+// ---------------------------------------------------------------------------
+// Input
+// ---------------------------------------------------------------------------
+$uid = (int)($_POST['uid'] ?? 0);
+$session = (int)($_POST['admid'] ?? 0);
+$username = trim($_POST['username'] ?? '');
+
+if ($uid <= 0 || $session <= 0 || $username === '') {
+ header("Location: ../../../Admin/admin.php?p=player&uid=$uid&e=user");
+ exit;
}
-$uid = (int) $_POST['uid'];
-$session = (int) $_POST['admid'];
+// ---------------------------------------------------------------------------
+// Verificare admin
+// ---------------------------------------------------------------------------
+$admin = $database->getUserArray($session, 1);
+if (!$admin || (int)$admin['access'] !== 9) {
+ die('Access Denied: You are not Admin!
');
+}
-$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
-$access = mysqli_fetch_array($sql);
-$sessionaccess = $access['access'];
+// ---------------------------------------------------------------------------
+// Validare username
+// ---------------------------------------------------------------------------
+if (strlen($username) < 3 || strlen($username) > 20 || !preg_match('/^[a-zA-Z0-9_]+$/', $username)) {
+ header("Location: ../../../Admin/admin.php?p=player&uid=$uid&e=invalid");
+ exit;
+}
-if($sessionaccess != 9) die("Access Denied: You are not Admin!
");
+// verificare duplicat
+$check = $database->query("SELECT id FROM " . TB_PREFIX . "users WHERE username = '" . $database->escape($username) . "' AND id != $uid LIMIT 1");
+if (mysqli_num_rows($check) > 0) {
+ header("Location: ../../../Admin/admin.php?p=player&uid=$uid&e=taken");
+ exit;
+}
-mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET username = '".$_POST['username']."' WHERE id = ".$uid."");
+$usernameEsc = $database->escape($username);
-header("Location: ../../../Admin/admin.php?p=player&uid=".$uid."");
+// ---------------------------------------------------------------------------
+// Update
+// ---------------------------------------------------------------------------
+$database->query("UPDATE " . TB_PREFIX . "users SET username = '$usernameEsc' WHERE id = $uid");
+
+// ---------------------------------------------------------------------------
+// Log admin
+// ---------------------------------------------------------------------------
+$adminId = (int)$_SESSION['id'];
+$time = time();
+$logText = "Changed username for user $uid to '$usernameEsc'";
+$logEsc = $database->escape($logText);
+
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminId', '$logEsc', $time)"
+);
+
+header("Location: ../../../Admin/admin.php?p=player&uid=" . $uid . "&name=1");
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/editVillageOwner.php b/GameEngine/Admin/Mods/editVillageOwner.php
index fb2698b3..8c99d0e7 100755
--- a/GameEngine/Admin/Mods/editVillageOwner.php
+++ b/GameEngine/Admin/Mods/editVillageOwner.php
@@ -3,39 +3,93 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename editVillageOwner.php ##
+## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
-if (!isset($_SESSION)) session_start();
-if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
+
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die("Access Denied: You are not Admin!");
+}
+
include_once("../../config.php");
-// go max 5 levels up - we don't have folders that go deeper than that
+// ---------------------------------------------------------------------------
+// Autoloader path
+// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
- if (file_exists($autoprefix.'autoloader.php')) {
- // we have our path, let's leave
+ if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
-include_once($autoprefix."GameEngine/Database.php");
+include_once($autoprefix . "GameEngine/Database.php");
-$session = (int) $_POST['admid'];
-$id = (int) $_POST['did'];
+// ---------------------------------------------------------------------------
+// Input
+// ---------------------------------------------------------------------------
+$session = (int)($_POST['admid'] ?? 0);
+$did = (int)($_POST['did'] ?? 0);
+$newowner = (int)($_POST['newowner'] ?? 0);
-$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
-$access = mysqli_fetch_array($sql);
-$sessionaccess = $access['access'];
+if ($did <= 0 || $session <= 0 || $newowner <= 0) {
+ header("Location: ../../../Admin/admin.php?p=admin&e=owner");
+ exit;
+}
-if($sessionaccess != 9) die("Access Denied: You are not Admin!
");
+// ---------------------------------------------------------------------------
+// Verificare admin
+// ---------------------------------------------------------------------------
+$admin = $database->getUserArray($session, 1);
+if (!$admin || (int)$admin['access'] !== 9) {
+ die('Access Denied: You are not Admin!
');
+}
-mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."vdata SET
- owner = '".$_POST['newowner']."'
- WHERE wref = $id") or die(mysqli_error($database->dblink));
+// ---------------------------------------------------------------------------
+// Verifică sat și noul owner
+// ---------------------------------------------------------------------------
+$village = $database->getVillage($did);
+if (!$village) {
+ header("Location: ../../../Admin/admin.php?p=admin&e=novillage");
+ exit;
+}
-header("Location: ../../../Admin/admin.php?p=player&uid=".$_POST['newowner']."");
+$newUser = $database->getUserArray($newowner, 1);
+if (!$newUser) {
+ header("Location: ../../../Admin/admin.php?p=village&did=$did&e=nouser");
+ exit;
+}
+
+$oldOwner = (int)$village['owner'];
+
+// ---------------------------------------------------------------------------
+// Update
+// ---------------------------------------------------------------------------
+$database->query("UPDATE " . TB_PREFIX . "vdata SET owner = $newowner WHERE wref = $did");
+
+// actualizează și owner în oaze ocupate de sat (opțional dar recomandat)
+$database->query("UPDATE " . TB_PREFIX . "odata SET owner = $newowner WHERE conqured = $did");
+
+// ---------------------------------------------------------------------------
+// Log admin
+// ---------------------------------------------------------------------------
+$adminId = (int)$_SESSION['id'];
+$time = time();
+$logText = "Changed owner for village $did from $oldOwner to $newowner";
+$logEsc = $database->escape($logText);
+
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminId', '$logEsc', $time)"
+);
+
+header("Location: ../../../Admin/admin.php?p=player&uid=" . $newowner);
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/editWeek.php b/GameEngine/Admin/Mods/editWeek.php
index 2cef96bc..380f30bb 100755
--- a/GameEngine/Admin/Mods/editWeek.php
+++ b/GameEngine/Admin/Mods/editWeek.php
@@ -3,41 +3,79 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename editWeek.php ##
+## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
-if (!isset($_SESSION)) session_start();
-if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
+
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die("Access Denied: You are not Admin!");
+}
+
include_once("../../config.php");
-// go max 5 levels up - we don't have folders that go deeper than that
+// ---------------------------------------------------------------------------
+// Autoloader path
+// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
- if (file_exists($autoprefix.'autoloader.php')) {
- // we have our path, let's leave
+ if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
-include_once($autoprefix."GameEngine/Database.php");
+include_once($autoprefix . "GameEngine/Database.php");
-$session = (int) $_POST['admid'];
-$id = (int) $_POST['id'];
+// ---------------------------------------------------------------------------
+// Input
+// ---------------------------------------------------------------------------
+$session = (int)($_POST['admid'] ?? 0);
+$id = (int)($_POST['id'] ?? 0);
-$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
-$access = mysqli_fetch_array($sql);
-$sessionaccess = $access['access'];
+if ($id <= 0 || $session <= 0) {
+ header("Location: ../../../Admin/admin.php?p=player&uid=$id&e=bad");
+ exit;
+}
-if($sessionaccess != 9) die("Access Denied: You are not Admin!
");
+// ---------------------------------------------------------------------------
+// Verificare admin
+// ---------------------------------------------------------------------------
+$admin = $database->getUserArray($session, 1);
+if (!$admin || (int)$admin['access'] !== 9) {
+ die('Access Denied: You are not Admin!
');
+}
-mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET
- ap = '".(int) $_POST['off']."',
- dp = '".(int) $_POST['def']."',
- RR = '".(int) $_POST['res']."'
- WHERE id = $id") or die(mysqli_error($database->dblink));
+// ---------------------------------------------------------------------------
+// Valori
+// ---------------------------------------------------------------------------
+$ap = (int)($_POST['off'] ?? 0);
+$dp = (int)($_POST['def'] ?? 0);
+$rr = (int)($_POST['res'] ?? 0);
-header("Location: ../../../Admin/admin.php?p=player&uid=".$id."");
+// ---------------------------------------------------------------------------
+// Update
+// ---------------------------------------------------------------------------
+$database->query("UPDATE " . TB_PREFIX . "users SET ap = $ap, dp = $dp, RR = $rr WHERE id = $id");
+
+// ---------------------------------------------------------------------------
+// Log admin
+// ---------------------------------------------------------------------------
+$adminId = (int)$_SESSION['id'];
+$time = time();
+$logText = "Changed weekly stats for user $id (ap=$ap, dp=$dp, RR=$rr)";
+$logEsc = $database->escape($logText);
+
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminId', '$logEsc', $time)"
+);
+
+header("Location: ../../../Admin/admin.php?p=player&uid=" . $id);
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/givePlus.php b/GameEngine/Admin/Mods/givePlus.php
index c5c9388b..46b33021 100755
--- a/GameEngine/Admin/Mods/givePlus.php
+++ b/GameEngine/Admin/Mods/givePlus.php
@@ -1,52 +1,72 @@
data_seek($row);
- $datarow = $res->fetch_array();
- return $datarow[$field];
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die("Access Denied: You are not Admin!");
}
-// go max 5 levels up - we don't have folders that go deeper than that
+include_once("../../config.php");
+
+// ---------------------------------------------------------------------------
+// Autoloader path
+// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
- if (file_exists($autoprefix.'autoloader.php')) {
- // we have our path, let's leave
+ if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
-include_once($autoprefix."GameEngine/Database.php");
+include_once($autoprefix . "GameEngine/Database.php");
-$sql = "SELECT id FROM ".TB_PREFIX."users ORDER BY ID DESC LIMIT 1";
-$loops = mysqli_result(mysqli_query($GLOBALS["link"], $sql), 0);
-
-$plusdur = $_POST['plus'] * 86400;
-
-for($i = 0; $i < $loops + 1; $i++)
-{
- $query = "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$i."";
- $result = mysqli_query($GLOBALS["link"], $query);
- while($row = mysqli_fetch_assoc($result))
- {
- if($row['plus'] < time()) { $plusbefore = time(); $addplus = $plusbefore + $plusdur; } elseif($row['plus'] > time()) { $plusbefore = $row['plus']; $addplus = $plusbefore + $plusdur; }
- mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET
- plus = '".$addplus."'
- WHERE id = '".$row['id']."'");
- }
+// ---------------------------------------------------------------------------
+// Input
+// ---------------------------------------------------------------------------
+$days = (int)($_POST['plus'] ?? 0);
+if ($days <= 0) {
+ header("Location: ../../../Admin/admin.php?p=givePlus&e=0");
+ exit;
}
-header("Location: ../../../Admin/admin.php?p=givePlus&g");
+$plusdur = $days * 86400;
+$time = time();
+
+// ---------------------------------------------------------------------------
+// Update în masă – fără loop
+// ---------------------------------------------------------------------------
+// Dacă plus < now, pornește de acum, altfel adaugă la timpul existent
+$database->query(
+ "UPDATE " . TB_PREFIX . "users
+ SET plus = IF(plus < $time, $time + $plusdur, plus + $plusdur)
+ WHERE id > 3"
+);
+
+// ---------------------------------------------------------------------------
+// Log admin
+// ---------------------------------------------------------------------------
+$adminId = (int)$_SESSION['id'];
+$logText = "Gave $days days Plus to all players";
+$logEsc = $database->escape($logText);
+
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminId', '$logEsc', $time)"
+);
+
+header("Location: ../../../Admin/admin.php?p=givePlus&g=1");
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/givePlusRes.php b/GameEngine/Admin/Mods/givePlusRes.php
index 7743277d..b15eddb4 100755
--- a/GameEngine/Admin/Mods/givePlusRes.php
+++ b/GameEngine/Admin/Mods/givePlusRes.php
@@ -3,67 +3,84 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename givePlusRes.php ##
+## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
-if (!isset($_SESSION)) session_start();
-if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
-include_once("../../config.php");
-function mysqli_result($res, $row, $field=0) {
- $res->data_seek($row);
- $datarow = $res->fetch_array();
- return $datarow[$field];
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die("Access Denied: You are not Admin!");
}
-// go max 5 levels up - we don't have folders that go deeper than that
+include_once("../../config.php");
+
+// ---------------------------------------------------------------------------
+// Autoloader path
+// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
- if (file_exists($autoprefix.'autoloader.php')) {
- // we have our path, let's leave
+ if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
-include_once($autoprefix."GameEngine/Database.php");
+include_once($autoprefix . "GameEngine/Database.php");
-$session = (int) $_POST['admid'];
-
-$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
-$access = mysqli_fetch_array($sql);
-$sessionaccess = $access['access'];
-
-if($sessionaccess != 9) die("Access Denied: You are not Admin!
");
-
-$sql = "SELECT id FROM ".TB_PREFIX."users ORDER BY ID DESC LIMIT 1";
-$loops = mysqli_result(mysqli_query($GLOBALS["link"], $sql), 0);
-
-$wood = (int) $_POST['wood'] * 86400;
-$clay = (int) $_POST['clay'] * 86400;
-$iron = (int) $_POST['iron'] * 86400;
-$crop = (int) $_POST['crop'] * 86400;
-
-for($i = 0; $i < $loops + 1; $i++)
-{
- $query = "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$i."";
- $result = mysqli_query($GLOBALS["link"], $query);
- while($row = mysqli_fetch_assoc($result))
- {
- if($row['b1'] < time()) { $b1before = time(); $addb1 = $b1before + $wood; } elseif($row['b1'] > time()) { $b1before = $row['b1']; $addb1 = $b1before + $wood; }
- if($row['b2'] < time()) { $b2before = time(); $addb2 = $b1before + $clay; } elseif($row['b2'] > time()) { $b2before = $row['b2']; $addb2 = $b1before + $clay; }
- if($row['b3'] < time()) { $b3before = time(); $addb3 = $b1before + $iron; } elseif($row['b3'] > time()) { $b3before = $row['b3']; $addb3 = $b1before + $iron; }
- if($row['b4'] < time()) { $b4before = time(); $addb4 = $b1before + $crop; } elseif($row['b4'] > time()) { $b4before = $row['b4']; $addb4 = $b1before + $crop; }
- mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET
- b1 = '".$addb1."',
- b2 = '".$addb2."',
- b3 = '".$addb3."',
- b4 = '".$addb4."'
- WHERE id = '".$row['id']."'");
- }
+// ---------------------------------------------------------------------------
+// Input
+// ---------------------------------------------------------------------------
+$session = (int)($_POST['admid'] ?? 0);
+$admin = $database->getUserArray($session, 1);
+if (!$admin || (int)$admin['access'] !== 9) {
+ die('Access Denied: You are not Admin!
');
}
-header("Location: ../../../Admin/admin.php?p=givePlusRes&g");
+$wood = (int)($_POST['wood'] ?? 0) * 86400;
+$clay = (int)($_POST['clay'] ?? 0) * 86400;
+$iron = (int)($_POST['iron'] ?? 0) * 86400;
+$crop = (int)($_POST['crop'] ?? 0) * 86400;
+
+if ($wood + $clay + $iron + $crop == 0) {
+ header("Location: ../../../Admin/admin.php?p=givePlusRes&e=0");
+ exit;
+}
+
+$time = time();
+
+// ---------------------------------------------------------------------------
+// Update în masă
+// ---------------------------------------------------------------------------
+if ($wood > 0) {
+ $database->query("UPDATE " . TB_PREFIX . "users SET b1 = IF(b1 < $time, $time + $wood, b1 + $wood) WHERE id > 3");
+}
+if ($clay > 0) {
+ $database->query("UPDATE " . TB_PREFIX . "users SET b2 = IF(b2 < $time, $time + $clay, b2 + $clay) WHERE id > 3");
+}
+if ($iron > 0) {
+ $database->query("UPDATE " . TB_PREFIX . "users SET b3 = IF(b3 < $time, $time + $iron, b3 + $iron) WHERE id > 3");
+}
+if ($crop > 0) {
+ $database->query("UPDATE " . TB_PREFIX . "users SET b4 = IF(b4 < $time, $time + $crop, b4 + $crop) WHERE id > 3");
+}
+
+// ---------------------------------------------------------------------------
+// Log admin
+// ---------------------------------------------------------------------------
+$adminId = (int)$_SESSION['id'];
+$logText = "Gave res bonuses to all: wood=" . ($_POST['wood'] ?? 0) . "d, clay=" . ($_POST['clay'] ?? 0) . "d, iron=" . ($_POST['iron'] ?? 0) . "d, crop=" . ($_POST['crop'] ?? 0) . "d";
+$logEsc = $database->escape($logText);
+
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminId', '$logEsc', $time)"
+);
+
+header("Location: ../../../Admin/admin.php?p=givePlusRes&g=1");
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/giveResBonus.php b/GameEngine/Admin/Mods/giveResBonus.php
index 0a6e3d14..1fd67ee4 100755
--- a/GameEngine/Admin/Mods/giveResBonus.php
+++ b/GameEngine/Admin/Mods/giveResBonus.php
@@ -3,39 +3,72 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename giveResBonus.php ##
+## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
-if (!isset($_SESSION)) session_start();
-if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
+
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die("Access Denied: You are not Admin!");
+}
+
include_once("../../config.php");
-error_reporting(E_ALL);
-
-// go max 5 levels up - we don't have folders that go deeper than that
+// ---------------------------------------------------------------------------
+// Autoloader path
+// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
- if (file_exists($autoprefix.'autoloader.php')) {
- // we have our path, let's leave
+ if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
-include_once($autoprefix."GameEngine/Database.php");
+include_once($autoprefix . "GameEngine/Database.php");
-$session = (int) $_POST['admid'];
+// ---------------------------------------------------------------------------
+// Verificare admin
+// ---------------------------------------------------------------------------
+$session = (int)($_POST['admid'] ?? 0);
+$admin = $database->getUserArray($session, 1);
+if (!$admin || (int)$admin['access'] !== 9) {
+ die('Access Denied: You are not Admin!
');
+}
-$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
-$access = mysqli_fetch_array($sql);
-$sessionaccess = $access['access'];
+// ---------------------------------------------------------------------------
+// Input
+// ---------------------------------------------------------------------------
+$gold = (int)($_POST['gold'] ?? 0);
+if ($gold <= 0) {
+ header("Location: ../../../Admin/admin.php?p=maintenenceResetPlusBonus&e=0");
+ exit;
+}
-if($sessionaccess != 9) die("Access Denied: You are not Admin!
");
+$time = time();
-$q = "UPDATE ".TB_PREFIX."users SET gold = gold + ".(int) $_POST['gold']." WHERE id != '0'";
-mysqli_query($GLOBALS["link"], $q) or die(mysqli_error($database->dblink));
+// ---------------------------------------------------------------------------
+// Update
+// ---------------------------------------------------------------------------
+$database->query("UPDATE " . TB_PREFIX . "users SET gold = gold + $gold WHERE id > 3");
-header("Location: ../../../Admin/admin.php?p=maintenenceResetPlusBonus&g");
+// ---------------------------------------------------------------------------
+// Log admin
+// ---------------------------------------------------------------------------
+$adminId = (int)$_SESSION['id'];
+$logText = "Gave $gold gold to all players";
+$logEsc = $database->escape($logText);
+
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminId', '$logEsc', $time)"
+);
+
+header("Location: ../../../Admin/admin.php?p=maintenenceResetPlusBonus&g=1");
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/gold.php b/GameEngine/Admin/Mods/gold.php
index 76597cf7..7b106443 100755
--- a/GameEngine/Admin/Mods/gold.php
+++ b/GameEngine/Admin/Mods/gold.php
@@ -3,6 +3,7 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename gold.php ##
+## Type BACKEND ##
## Developed by: aggenkeech ##
## Refactored by: Shadow ##
## License: TravianZ Project ##
diff --git a/GameEngine/Admin/Mods/gold_1.php b/GameEngine/Admin/Mods/gold_1.php
index 710ec24a..aeab4e15 100755
--- a/GameEngine/Admin/Mods/gold_1.php
+++ b/GameEngine/Admin/Mods/gold_1.php
@@ -1,9 +1,17 @@
$value) {
- $_POST[$key] = $database->escape($value);
+// ---------------------------------------------------------------------------
+// Verificare admin
+// ---------------------------------------------------------------------------
+$session = (int)($_POST['admid'] ?? 0);
+$admin = $database->getUserArray($session, 1);
+if (!$admin || (int)$admin['access'] !== 9) {
+ die('Access Denied: You are not Admin!
');
}
-$session = (int) $_POST['admid'];
+// ---------------------------------------------------------------------------
+// Input
+// ---------------------------------------------------------------------------
+$duration = (int)($_POST['duration'] ?? 0) * 3600;
+$start = trim($_POST['start'] ?? '');
+$reason = trim($_POST['reason'] ?? 'Maintenance ban');
+$access = 2; // jucători normali
-$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
-$access = mysqli_fetch_array($sql);
-$sessionaccess = $access['access'];
+$startts = $start ? strtotime($start) : time();
+if ($startts === false) $startts = time();
-if($sessionaccess != 9) die("Access Denied: You are not Admin!
");
-
-$users = mysqli_num_rows(mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users"));
-
-$duration = (int) $_POST['duration'] * 3600;
-$start = $_POST['start'];
-$startts = strtotime($start);
$endts = $startts + $duration;
-$reason = $_POST['reason'];
-$admin = $session;
-$active = '1';
-$access = '2';
+if ($duration <= 0) $endts = $startts + 86400; // default 1 zi
-function mysqli_result($res, $row, $field=0) {
- $res->data_seek($row);
- $datarow = $res->fetch_array();
- return $datarow[$field];
-}
+$reasonEsc = $database->escape($reason);
+$adminId = (int)$session;
-$sql = "SELECT id FROM ".TB_PREFIX."users ORDER BY ID DESC LIMIT 1";
-$loops = mysqli_result(mysqli_query($GLOBALS["link"], $sql), 0);
+// ---------------------------------------------------------------------------
+// Ban în masă – un singur query
+// ---------------------------------------------------------------------------
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "banlist (uid, name, reason, time, end, admin, active)
+ SELECT id, username, '$reasonEsc', $startts, $endts, $adminId, 1
+ FROM " . TB_PREFIX . "users
+ WHERE access = $access AND id > 3
+ ON DUPLICATE KEY UPDATE
+ reason = VALUES(reason),
+ time = VALUES(time),
+ end = VALUES(end),
+ admin = VALUES(admin),
+ active = 1"
+);
-for($i = 0; $i < $loops + 1; $i++)
-{
- $query = "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$i." AND access = ".$access."";
- $result = mysqli_query($GLOBALS["link"], $query);
- while($row = mysqli_fetch_assoc($result))
- {
- mysqli_query($GLOBALS["link"], "INSERT INTO ".TB_PREFIX."banlist VALUES('', ".(int) $row['id'].", '".$row['username']."', '".$reason."', ".(int) $startts.", ".(int) $endts.", ".(int) $admin.", ".(int) $active.")");
- ##mysqli_query($GLOBALS["link"], "INSERT INTO ".TB_PREFIX."banlist (`uid`, `name`, `reason`, `time`, `end`, `admin`, `active`) VALUES (".$row['id'].", '".$row['username']."' , '$reason', '$startts', '$endts', '$admin', '1')");
- }
-}
+// ---------------------------------------------------------------------------
+// Log admin
+// ---------------------------------------------------------------------------
+$time = time();
+$logText = "Mass ban for access=$access, duration=" . ($duration/3600) . "h, reason='$reasonEsc'";
+$logEsc = $database->escape($logText);
-header("Location: ../../../Admin/admin.php?p=ban");
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminId', '$logEsc', $time)"
+);
+
+header("Location: ../../../Admin/admin.php?p=ban&m=1");
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/mainteneceCleanBanData.php b/GameEngine/Admin/Mods/mainteneceCleanBanData.php
index 32848872..52e6648a 100755
--- a/GameEngine/Admin/Mods/mainteneceCleanBanData.php
+++ b/GameEngine/Admin/Mods/mainteneceCleanBanData.php
@@ -8,31 +8,56 @@
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
-if (!isset($_SESSION)) session_start();
-if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
+
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die("Access Denied: You are not Admin!");
+}
+
include_once("../../config.php");
-// go max 5 levels up - we don't have folders that go deeper than that
+// ---------------------------------------------------------------------------
+// Autoloader path
+// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
- if (file_exists($autoprefix.'autoloader.php')) {
- // we have our path, let's leave
+ if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
-include_once($autoprefix."GameEngine/Database.php");
+include_once($autoprefix . "GameEngine/Database.php");
-$session = (int) $_POST['admid'];
+// ---------------------------------------------------------------------------
+// Verificare admin
+// ---------------------------------------------------------------------------
+$session = (int)($_POST['admid'] ?? 0);
+$admin = $database->getUserArray($session, 1);
+if (!$admin || (int)$admin['access'] !== 9) {
+ die('Access Denied: You are not Admin!
');
+}
-$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
-$access = mysqli_fetch_array($sql);
-$sessionaccess = $access['access'];
+// ---------------------------------------------------------------------------
+// Truncate banlist
+// ---------------------------------------------------------------------------
+$database->query("TRUNCATE TABLE " . TB_PREFIX . "banlist");
-if($sessionaccess != 9) die("Access Denied: You are not Admin!
");
+// ---------------------------------------------------------------------------
+// Log admin
+// ---------------------------------------------------------------------------
+$adminId = (int)$_SESSION['id'];
+$time = time();
+$logText = "Cleared banlist (TRUNCATE)";
+$logEsc = $database->escape($logText);
-mysqli_query($GLOBALS["link"], "TRUNCATE ".TB_PREFIX."banlist");
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminId', '$logEsc', $time)"
+);
-header("Location: ../../../Admin/admin.php?p=ban");
+header("Location: ../../../Admin/admin.php?p=ban&c=1");
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/mainteneceResetGold.php b/GameEngine/Admin/Mods/mainteneceResetGold.php
index f2dee0c0..c899d66a 100755
--- a/GameEngine/Admin/Mods/mainteneceResetGold.php
+++ b/GameEngine/Admin/Mods/mainteneceResetGold.php
@@ -3,36 +3,62 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename mainteneceResetGold.php ##
+## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
-if (!isset($_SESSION)) session_start();
-if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
+
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die("Access Denied: You are not Admin!");
+}
+
include_once("../../config.php");
-// go max 5 levels up - we don't have folders that go deeper than that
+// ---------------------------------------------------------------------------
+// Autoloader path
+// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
- if (file_exists($autoprefix.'autoloader.php')) {
- // we have our path, let's leave
+ if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
-include_once($autoprefix."GameEngine/Database.php");
+include_once($autoprefix . "GameEngine/Database.php");
-$session = (int) $_POST['admid'];
+// ---------------------------------------------------------------------------
+// Verificare admin
+// ---------------------------------------------------------------------------
+$session = (int)($_POST['admid'] ?? 0);
+$admin = $database->getUserArray($session, 1);
+if (!$admin || (int)$admin['access'] !== 9) {
+ die('Access Denied: You are not Admin!
');
+}
-$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
-$access = mysqli_fetch_array($sql);
-$sessionaccess = $access['access'];
+// ---------------------------------------------------------------------------
+// Reset gold
+// ---------------------------------------------------------------------------
+$database->query("UPDATE " . TB_PREFIX . "users SET gold = 0 WHERE id > 0");
-if($sessionaccess != 9) die("Access Denied: You are not Admin!
");
+// ---------------------------------------------------------------------------
+// Log admin
+// ---------------------------------------------------------------------------
+$adminId = (int)$_SESSION['id'];
+$time = time();
+$logText = "Reset gold to 0 for all users";
+$logEsc = $database->escape($logText);
-mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET gold = '0' WHERE id !=0");
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminId', '$logEsc', $time)"
+);
-header("Location: ../../../Admin/admin.php?p=maintenenceResetGold&g");
+header("Location: ../../../Admin/admin.php?p=maintenenceResetGold&g=1");
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/mainteneceResetPlus.php b/GameEngine/Admin/Mods/mainteneceResetPlus.php
index 77210721..6108d41b 100755
--- a/GameEngine/Admin/Mods/mainteneceResetPlus.php
+++ b/GameEngine/Admin/Mods/mainteneceResetPlus.php
@@ -3,36 +3,62 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename mainteneceResetPlus.php ##
+## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
-if (!isset($_SESSION)) session_start();
-if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
+
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die("Access Denied: You are not Admin!");
+}
+
include_once("../../config.php");
-// go max 5 levels up - we don't have folders that go deeper than that
+// ---------------------------------------------------------------------------
+// Autoloader path
+// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
- if (file_exists($autoprefix.'autoloader.php')) {
- // we have our path, let's leave
+ if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
-include_once($autoprefix."GameEngine/Database.php");
+include_once($autoprefix . "GameEngine/Database.php");
-$session = (int) $_POST['admid'];
+// ---------------------------------------------------------------------------
+// Verificare admin
+// ---------------------------------------------------------------------------
+$session = (int)($_POST['admid'] ?? 0);
+$admin = $database->getUserArray($session, 1);
+if (!$admin || (int)$admin['access'] !== 9) {
+ die('Access Denied: You are not Admin!
');
+}
-$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
-$access = mysqli_fetch_array($sql);
-$sessionaccess = $access['access'];
+// ---------------------------------------------------------------------------
+// Reset Plus
+// ---------------------------------------------------------------------------
+$database->query("UPDATE " . TB_PREFIX . "users SET plus = 0 WHERE id > 0");
-if($sessionaccess != 9) die("Access Denied: You are not Admin!
");
+// ---------------------------------------------------------------------------
+// Log admin
+// ---------------------------------------------------------------------------
+$adminId = (int)$_SESSION['id'];
+$time = time();
+$logText = "Reset Plus to 0 for all users";
+$logEsc = $database->escape($logText);
-mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET plus = '0' WHERE id !=0");
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminId', '$logEsc', $time)"
+);
-header("Location: ../../../Admin/admin.php?p=maintenenceResetPlus&g");
+header("Location: ../../../Admin/admin.php?p=maintenenceResetPlus&g=1");
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/mainteneceResetPlusBonus.php b/GameEngine/Admin/Mods/mainteneceResetPlusBonus.php
index 04b93e45..414d4f75 100755
--- a/GameEngine/Admin/Mods/mainteneceResetPlusBonus.php
+++ b/GameEngine/Admin/Mods/mainteneceResetPlusBonus.php
@@ -3,36 +3,62 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename mainteneceResetPlusBonus.php ##
+## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
-if (!isset($_SESSION)) session_start();
-if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
+
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die("Access Denied: You are not Admin!");
+}
+
include_once("../../config.php");
-// go max 5 levels up - we don't have folders that go deeper than that
+// ---------------------------------------------------------------------------
+// Autoloader path
+// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
- if (file_exists($autoprefix.'autoloader.php')) {
- // we have our path, let's leave
+ if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
-include_once($autoprefix."GameEngine/Database.php");
+include_once($autoprefix . "GameEngine/Database.php");
-$session = (int) $_POST['admid'];
+// ---------------------------------------------------------------------------
+// Verificare admin
+// ---------------------------------------------------------------------------
+$session = (int)($_POST['admid'] ?? 0);
+$admin = $database->getUserArray($session, 1);
+if (!$admin || (int)$admin['access'] !== 9) {
+ die('Access Denied: You are not Admin!
');
+}
-$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
-$access = mysqli_fetch_array($sql);
-$sessionaccess = $access['access'];
+// ---------------------------------------------------------------------------
+// Reset bonusuri
+// ---------------------------------------------------------------------------
+$database->query("UPDATE " . TB_PREFIX . "users SET b1 = 0, b2 = 0, b3 = 0, b4 = 0 WHERE id > 0");
-if($sessionaccess != 9) die("Access Denied: You are not Admin!
");
+// ---------------------------------------------------------------------------
+// Log admin
+// ---------------------------------------------------------------------------
+$adminId = (int)$_SESSION['id'];
+$time = time();
+$logText = "Reset resource bonuses (b1-b4) to 0 for all users";
+$logEsc = $database->escape($logText);
-mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET b1 = '0', b2 = '0', b3='0', b4='0' WHERE id !=0");
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminId', '$logEsc', $time)"
+);
-header("Location: ../../../Admin/admin.php?p=maintenenceResetPlusBonus&g");
+header("Location: ../../../Admin/admin.php?p=maintenenceResetPlusBonus&g=1");
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/mainteneceUnban.php b/GameEngine/Admin/Mods/mainteneceUnban.php
index 142b8635..e0cfee06 100755
--- a/GameEngine/Admin/Mods/mainteneceUnban.php
+++ b/GameEngine/Admin/Mods/mainteneceUnban.php
@@ -3,60 +3,77 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename mainteneceUnban.php ##
+## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
-if (!isset($_SESSION)) session_start();
-if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
+
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die("Access Denied: You are not Admin!");
+}
+
include_once("../../config.php");
-// go max 5 levels up - we don't have folders that go deeper than that
+// ---------------------------------------------------------------------------
+// Autoloader path
+// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
- if (file_exists($autoprefix.'autoloader.php')) {
- // we have our path, let's leave
+ if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
-include_once($autoprefix."GameEngine/Database.php");
+include_once($autoprefix . "GameEngine/Database.php");
-foreach ($_POST as $key => $value) {
- $_POST[$key] = $database->escape($value);
+// ---------------------------------------------------------------------------
+// Verificare admin
+// ---------------------------------------------------------------------------
+$session = (int)($_POST['admid'] ?? 0);
+$admin = $database->getUserArray($session, 1);
+if (!$admin || (int)$admin['access'] !== 9) {
+ die('Access Denied: You are not Admin!
');
}
-$session = (int) $_POST['admid'];
-
-$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
-$access = mysqli_fetch_array($sql);
-$sessionaccess = $access['access'];
-
-if($sessionaccess != 9) die("Access Denied: You are not Admin!
");
-
-$users = mysqli_fetch_array(mysqli_query($GLOBALS["link"], "SELECT Count(*) as Total FROM ".TB_PREFIX."users"), MYSQLI_ASSOC);
-$users = $users['Total'];
-
-$reason = $_POST['unbanreason'];
-$admin = $session;
-$active = '0';
-$access = '2';
-$actualend = time();
-
-$sql = "SELECT id FROM ".TB_PREFIX."users ORDER BY ID DESC LIMIT 1";
-$loops = mysqli_result(mysqli_query($GLOBALS["link"], $sql), 0);
-
-for($i = 0; $i < $loops + 1; $i++)
-{
- $query = "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$i." AND access = ".$access."";
- $result = mysqli_query($GLOBALS["link"], $query);
- while($row = mysqli_fetch_assoc($result))
- {
- mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."banlist SET active = '".$active."', end = '".$actualend."' WHERE reason = '".$reason."'");
- }
+// ---------------------------------------------------------------------------
+// Input
+// ---------------------------------------------------------------------------
+$reason = trim($_POST['unbanreason'] ?? '');
+if ($reason === '') {
+ header("Location: ../../../Admin/admin.php?p=ban&e=noreason");
+ exit;
}
-header("Location: ../../../Admin/admin.php?p=ban");
+$reasonEsc = $database->escape($reason);
+$time = time();
+$adminId = (int)$session;
+
+// ---------------------------------------------------------------------------
+// Unban
+// ---------------------------------------------------------------------------
+$database->query(
+ "UPDATE " . TB_PREFIX . "banlist
+ SET active = 0, end = $time
+ WHERE reason = '$reasonEsc' AND active = 1"
+);
+
+// ---------------------------------------------------------------------------
+// Log admin
+// ---------------------------------------------------------------------------
+$logText = "Mass unban for reason='$reasonEsc'";
+$logEsc = $database->escape($logText);
+
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminId', '$logEsc', $time)"
+);
+
+header("Location: ../../../Admin/admin.php?p=ban&u=1");
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/recalcWH.php b/GameEngine/Admin/Mods/recalcWH.php
index 26de3c91..e95077ab 100755
--- a/GameEngine/Admin/Mods/recalcWH.php
+++ b/GameEngine/Admin/Mods/recalcWH.php
@@ -2,123 +2,81 @@
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
-## Filename editBuildings.php ##
+## Filename recalcWH.php (salvează clădirile (f1-f40) ##
+## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
-if (!isset($_SESSION)) session_start();
-if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
-include_once("../../config.php");
-foreach ($_POST as $key => $value) {
- $_POST[$key] = $database->escape($value);
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die("Access Denied: You are not Admin!");
}
-// go max 5 levels up - we don't have folders that go deeper than that
+include_once("../../config.php");
+
+// ---------------------------------------------------------------------------
+// Autoloader path
+// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
- if (file_exists($autoprefix.'autoloader.php')) {
- // we have our path, let's leave
+ if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
-include_once($autoprefix."GameEngine/Database.php");
+include_once($autoprefix . "GameEngine/Database.php");
-$session = (int) $_POST['admid'];
-$id = (int) $_POST['id'];
+// ---------------------------------------------------------------------------
+// Verificare admin
+// ---------------------------------------------------------------------------
+$session = (int)($_POST['admid'] ?? 0);
+$id = (int)($_POST['id'] ?? 0);
-$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
-$access = mysqli_fetch_array($sql);
-$sessionaccess = $access['access'];
+$admin = $database->getUserArray($session, 1);
+if (!$admin || (int)$admin['access'] !== 9) {
+ die('Access Denied: You are not Admin!
');
+}
-if($sessionaccess != 9) die("Access Denied: You are not Admin!
");
+if ($id <= 0) {
+ header("Location: ../../../Admin/admin.php?p=villages");
+ exit;
+}
-mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."fdata SET
- f1 = '".$_POST['id1level']."',
- f1t = '".$_POST['id1gid']."',
- f2 = '".$_POST['id2level']."',
- f2t = '".$_POST['id2gid']."',
- f3 = '".$_POST['id3level']."',
- f3t = '".$_POST['id3gid']."',
- f4 = '".$_POST['id4level']."',
- f4t = '".$_POST['id4gid']."',
- f5 = '".$_POST['id5level']."',
- f5t = '".$_POST['id5gid']."',
- f6 = '".$_POST['id6level']."',
- f6t = '".$_POST['id6gid']."',
- f7 = '".$_POST['id7level']."',
- f7t = '".$_POST['id7gid']."',
- f8 = '".$_POST['id8level']."',
- f8t = '".$_POST['id8gid']."',
- f9 = '".$_POST['id9level']."',
- f9t = '".$_POST['id9gid']."',
- f10 = '".$_POST['id10level']."',
- f10t = '".$_POST['id10gid']."',
- f11 = '".$_POST['id11level']."',
- f11t = '".$_POST['id11gid']."',
- f12 = '".$_POST['id12level']."',
- f12t = '".$_POST['id12gid']."',
- f13 = '".$_POST['id13level']."',
- f13t = '".$_POST['id13gid']."',
- f14 = '".$_POST['id14level']."',
- f14t = '".$_POST['id14gid']."',
- f15 = '".$_POST['id15level']."',
- f15t = '".$_POST['id15gid']."',
- f16 = '".$_POST['id16level']."',
- f16t = '".$_POST['id16gid']."',
- f17 = '".$_POST['id17level']."',
- f17t = '".$_POST['id17gid']."',
- f18 = '".$_POST['id18level']."',
- f18t = '".$_POST['id18gid']."',
- f19 = '".$_POST['id19level']."',
- f19t = '".$_POST['id19gid']."',
- f20 = '".$_POST['id20level']."',
- f20t = '".$_POST['id20gid']."',
- f21 = '".$_POST['id21level']."',
- f21t = '".$_POST['id21gid']."',
- f22 = '".$_POST['id22level']."',
- f22t = '".$_POST['id22gid']."',
- f23 = '".$_POST['id23level']."',
- f23t = '".$_POST['id23gid']."',
- f24 = '".$_POST['id24level']."',
- f24t = '".$_POST['id24gid']."',
- f25 = '".$_POST['id25level']."',
- f25t = '".$_POST['id25gid']."',
- f26 = '".$_POST['id26level']."',
- f26t = '".$_POST['id26gid']."',
- f27 = '".$_POST['id27level']."',
- f27t = '".$_POST['id27gid']."',
- f28 = '".$_POST['id28level']."',
- f28t = '".$_POST['id28gid']."',
- f29 = '".$_POST['id29level']."',
- f29t = '".$_POST['id29gid']."',
- f30 = '".$_POST['id30level']."',
- f30t = '".$_POST['id30gid']."',
- f31 = '".$_POST['id31level']."',
- f31t = '".$_POST['id31gid']."',
- f32 = '".$_POST['id32level']."',
- f32t = '".$_POST['id32gid']."',
- f33 = '".$_POST['id33level']."',
- f33t = '".$_POST['id33gid']."',
- f34 = '".$_POST['id34level']."',
- f34t = '".$_POST['id34gid']."',
- f35 = '".$_POST['id35level']."',
- f35t = '".$_POST['id35gid']."',
- f36 = '".$_POST['id36level']."',
- f36t = '".$_POST['id36gid']."',
- f37 = '".$_POST['id37level']."',
- f37t = '".$_POST['id37gid']."',
- f38 = '".$_POST['id38level']."',
- f38t = '".$_POST['id38gid']."',
- f39 = '".$_POST['id39level']."',
- f39t = '".$_POST['id39gid']."',
- f40 = '".$_POST['id40level']."',
- f40t = '".$_POST['id40gid']."'
- WHERE vref = $id") or die(mysqli_error($database->dblink));
+// ---------------------------------------------------------------------------
+// Construiește SET dinamic f1-f40
+// ---------------------------------------------------------------------------
+$sets = [];
+for ($i = 1; $i <= 40; $i++) {
+ $lvl = (int)($_POST["id{$i}level"] ?? 0);
+ $gid = (int)($_POST["id{$i}gid"] ?? 0);
+ $sets[] = "f$i = $lvl, f{$i}t = $gid";
+}
+$setSql = implode(", ", $sets);
-header("Location: ../../../Admin/admin.php?action=recountPop&did=".$id."");
+// ---------------------------------------------------------------------------
+// Update
+// ---------------------------------------------------------------------------
+$database->query("UPDATE " . TB_PREFIX . "fdata SET $setSql WHERE vref = $id");
+
+// ---------------------------------------------------------------------------
+// Log admin
+// ---------------------------------------------------------------------------
+$adminId = (int)$_SESSION['id'];
+$time = time();
+$logText = "Recalculated buildings for village $id";
+$logEsc = $database->escape($logText);
+
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminId', '$logEsc', $time)"
+);
+
+header("Location: ../../../Admin/admin.php?action=recountPop&did=" . $id);
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/renameVillage.php b/GameEngine/Admin/Mods/renameVillage.php
index 2388cb7a..9332d109 100755
--- a/GameEngine/Admin/Mods/renameVillage.php
+++ b/GameEngine/Admin/Mods/renameVillage.php
@@ -3,45 +3,74 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename renameVillage.php ##
+## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
-if (!isset($_SESSION)) session_start();
-if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
+
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die("Access Denied: You are not Admin!");
+}
+
include_once("../../config.php");
-// go max 5 levels up - we don't have folders that go deeper than that
+// ---------------------------------------------------------------------------
+// Autoloader path
+// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
- if (file_exists($autoprefix.'autoloader.php')) {
- // we have our path, let's leave
+ if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
-include_once($autoprefix."GameEngine/Database.php");
+include_once($autoprefix . "GameEngine/Database.php");
-$nameorig = $_POST['villagename'];
+// ---------------------------------------------------------------------------
+// Input
+// ---------------------------------------------------------------------------
+$session = (int)($_POST['admid'] ?? 0);
+$did = (int)($_POST['did'] ?? 0);
+$nameOrig = trim($_POST['villagename'] ?? '');
-foreach ($_POST as $key => $value) {
- $_POST[$key] = $database->escape($value);
+if ($did <= 0 || $nameOrig === '') {
+ header("Location: ../../../Admin/admin.php?p=village&did=$did&e=1");
+ exit;
}
-$did = (int) $_POST['did'];
-$name = $_POST['villagename'];
-$session = (int) $_POST['admid'];
+// ---------------------------------------------------------------------------
+// Verificare admin
+// ---------------------------------------------------------------------------
+$admin = $database->getUserArray($session, 1);
+if (!$admin || (int)$admin['access'] !== 9) {
+ die('Access Denied: You are not Admin!
');
+}
-$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
-$access = mysqli_fetch_array($sql);
-$sessionaccess = $access['access'];
+// ---------------------------------------------------------------------------
+// Update
+// ---------------------------------------------------------------------------
+$nameEsc = $database->escape($nameOrig);
+$database->query("UPDATE " . TB_PREFIX . "vdata SET name = '$nameEsc' WHERE wref = $did");
-if($sessionaccess != 9) die("Access Denied: You are not Admin!
");
+// ---------------------------------------------------------------------------
+// Log admin
+// ---------------------------------------------------------------------------
+$adminId = (int)$_SESSION['id'];
+$time = time();
+$logText = "Renamed village $did to '$nameEsc'";
+$logEsc = $database->escape($logText);
-$sql = "UPDATE ".TB_PREFIX."vdata SET name = '$name' WHERE wref = $did";
-mysqli_query($GLOBALS["link"], $sql);
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminId', '$logEsc', $time)"
+);
-header("Location: ../../../Admin/admin.php?p=village&did=".$did."&name=".$nameorig."");
+header("Location: ../../../Admin/admin.php?p=village&did=" . $did);
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/Mods/sendMessage.php b/GameEngine/Admin/Mods/sendMessage.php
index 81a02b6c..7d9f4651 100755
--- a/GameEngine/Admin/Mods/sendMessage.php
+++ b/GameEngine/Admin/Mods/sendMessage.php
@@ -3,39 +3,81 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename sendMessage.php ##
+## Type BACKEND ##
## Developed by: aggenkeech ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
-if (!isset($_SESSION)) session_start();
-if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
+
+if (!isset($_SESSION)) {
+ session_start();
+}
+if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
+ die("Access Denied: You are not Admin!");
+}
+
include_once("../../config.php");
-// go max 5 levels up - we don't have folders that go deeper than that
+// ---------------------------------------------------------------------------
+// Autoloader path
+// ---------------------------------------------------------------------------
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
- if (file_exists($autoprefix.'autoloader.php')) {
- // we have our path, let's leave
+ if (file_exists($autoprefix . 'autoloader.php')) {
break;
}
}
-include_once($autoprefix."GameEngine/Database.php");
+include_once($autoprefix . "GameEngine/Database.php");
-$session = (int) $_POST['admid'];
+// ---------------------------------------------------------------------------
+// Input
+// ---------------------------------------------------------------------------
+$session = (int)($_POST['admid'] ?? 0);
+$uid = (int)($_POST['uid'] ?? 0);
+$topic = trim($_POST['topic'] ?? 'Admin Message');
+$message = trim($_POST['message'] ?? '');
+if ($uid <= 0 || $message === '') {
+ header("Location: ../../../Admin/admin.php?p=Newmessage&uid=$uid&e=1");
+ exit;
+}
-$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$session."");
-$access = mysqli_fetch_array($sql);
-$sessionaccess = $access['access'];
+// ---------------------------------------------------------------------------
+// Verificare admin
+// ---------------------------------------------------------------------------
+$admin = $database->getUserArray($session, 1);
+if (!$admin || (int)$admin['access'] !== 9) {
+ die('Access Denied: You are not Admin!
');
+}
-if($sessionaccess != 9) die("Access Denied: You are not Admin!
");
+// ---------------------------------------------------------------------------
+// Insert mesaj
+// ---------------------------------------------------------------------------
+$time = time();
+$topicEsc = $database->escape($topic);
+$msgEsc = $database->escape($message);
-$query = "INSERT INTO ".TB_PREFIX."mdata (target, owner, topic, message, viewed, time) VALUES ('$uid', 1, '$topic', '$message', 0, '$time')";
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "mdata
+ (target, owner, topic, message, viewed, time, archive)
+ VALUES ($uid, 1, '$topicEsc', '$msgEsc', 0, $time, 0)"
+);
-mysqli_query($GLOBALS["link"], $query);
+// ---------------------------------------------------------------------------
+// Log admin
+// ---------------------------------------------------------------------------
+$adminId = (int)$_SESSION['id'];
+$logText = "Sent message to uid $uid: '$topicEsc'";
+$logEsc = $database->escape($logText);
-header("Location: ../../../Admin/admin.php?p=Newmessage&uid=".$uid."&msg=ok");
+$database->query(
+ "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
+ "VALUES (0, '$adminId', '$logEsc', $time)"
+);
+
+header("Location: ../../../Admin/admin.php?p=Newmessage&uid=" . $uid . "&msg=ok");
+exit;
?>
\ No newline at end of file
diff --git a/GameEngine/Admin/database.php b/GameEngine/Admin/database.php
index b33e4a37..29525a88 100755
--- a/GameEngine/Admin/database.php
+++ b/GameEngine/Admin/database.php
@@ -1,850 +1,808 @@
data_seek($row);
$datarow = $res->fetch_array();
return $datarow[$field];
}
}
-// go max 5 levels up - we don't have folders that go deeper than that
+/* ---------------------------------------------------------------------------
+ * Autoloader path - caută maxim 5 nivele în sus
+ * --------------------------------------------------------------------------- */
$autoprefix = '';
for ($i = 0; $i < 5; $i++) {
$autoprefix = str_repeat('../', $i);
- if (file_exists($autoprefix.'autoloader.php')) {
- // we have our path, let's leave
+ if (file_exists($autoprefix. 'autoloader.php')) {
break;
}
}
-if(isset($gameinstall) && $gameinstall == 1){
- include_once($autoprefix."GameEngine/config.php");
- include_once($autoprefix."GameEngine/Data/buidata.php");
-}else{
- include_once($autoprefix."GameEngine/Data/unitdata.php");
- include_once($autoprefix."GameEngine/Technology.php");
- include_once($autoprefix."GameEngine/Data/buidata.php");
+/* ---------------------------------------------------------------------------
+ * Include-uri condiționate
+ * --------------------------------------------------------------------------- */
+if (isset($gameinstall) && $gameinstall == 1) {
+ include_once($autoprefix. "GameEngine/config.php");
+ include_once($autoprefix. "GameEngine/Data/buidata.php");
+} else {
+ include_once($autoprefix. "GameEngine/Data/unitdata.php");
+ include_once($autoprefix. "GameEngine/Technology.php");
+ include_once($autoprefix. "GameEngine/Data/buidata.php");
}
-include_once($autoprefix."GameEngine/Database.php");
+include_once($autoprefix. "GameEngine/Database.php");
+
+/* ---------------------------------------------------------------------------
+ * Clasa principală admin DB
+ * --------------------------------------------------------------------------- */
class adm_DB {
- var $connection;
- function __construct(){
- global $database;
- $database = new MYSQLi_DB(SQL_SERVER, SQL_USER, SQL_PASS, SQL_DB, (defined('SQL_PORT') ? SQL_PORT : 3306));
- $this->connection = $database->return_link();
- }
+ var $connection;
- function Login($username,$password){
- global $database;
- list($username,$password) = $database->escape_input($username,$password);
+ function __construct() {
+ global $database;
+ $database = new MYSQLi_DB(SQL_SERVER, SQL_USER, SQL_PASS, SQL_DB, (defined('SQL_PORT')? SQL_PORT : 3306));
+ $this->connection = $database->return_link();
+ }
- $q = "SELECT id, password, is_bcrypt FROM ".TB_PREFIX."users where username = '$username' and access >= ".MULTIHUNTER;
- $result = mysqli_query($this->connection, $q);
+ /* ---------------- Login admin ---------------- */
+ function Login($username, $password) {
+ global $database;
+ list($username, $password) = $database->escape_input($username, $password);
- // if we didn't update the database for bcrypt hashes yet...
- if (mysqli_error($database->dblink) != '') {
- $q = "SELECT id, password, 0 as is_bcrypt FROM ".TB_PREFIX."users where username = '$username' and access >= ".MULTIHUNTER;
- $result = mysqli_query($this->connection, $q);
- $bcrypt_update_done = false;
- } else {
- $bcrypt_update_done = true;
- }
+ $q = "SELECT id, password, is_bcrypt FROM ". TB_PREFIX. "users WHERE username = '$username' AND access >= ". MULTIHUNTER;
+ $result = mysqli_query($this->connection, $q);
- $dbarray = mysqli_fetch_array($result);
+ // compatibilitate cu DB fără coloana is_bcrypt
+ if (mysqli_error($database->dblink)!= '') {
+ $q = "SELECT id, password, 0 as is_bcrypt FROM ". TB_PREFIX. "users WHERE username = '$username' AND access >= ". MULTIHUNTER;
+ $result = mysqli_query($this->connection, $q);
+ $bcrypt_update_done = false;
+ } else {
+ $bcrypt_update_done = true;
+ }
- // even if we didn't do a DB conversion for bcrypt passwords,
- // we still need to check if this password wasn't encrypted via password_hash,
- // since all methods were updated to use that instead of md5 and therefore
- // new passwords in DB will be bcrypt already even without the is_bcrypt field present
- $bcrypted = true;
- $pwOk = password_verify($password, $dbarray['password']);
+ $dbarray = mysqli_fetch_array($result);
- if (!$pwOk && !$dbarray['is_bcrypt']) {
- $pwOk = ($dbarray['password'] == md5($password));
- $bcrypted = false;
- }
+ // verificare parolă - bcrypt sau md5 legacy
+ $bcrypted = true;
+ $pwOk = password_verify($password, $dbarray['password']);
- $username = htmlspecialchars($username);
- if($pwOk) {
- // update password to bcrypt, if correct
- if (!$dbarray['is_bcrypt'] && !$bcrypted) {
- mysqli_query($this->connection, "UPDATE " . TB_PREFIX . "users SET password = '".password_hash($password, PASSWORD_BCRYPT,['cost' => 12])."'".($bcrypt_update_done ? ', is_bcrypt = 1' : '')." where id = ".(int) $dbarray['id']);
- }
+ if (!$pwOk &&!$dbarray['is_bcrypt']) {
+ $pwOk = ($dbarray['password'] == md5($password));
+ $bcrypted = false;
+ }
- mysqli_query($this->connection,"Insert into ".TB_PREFIX."admin_log values (0,'X','$username logged in (IP: ".$_SERVER['REMOTE_ADDR'].")',".time().")");
- return true;
- }
- else {
- mysqli_query($this->connection,"Insert into ".TB_PREFIX."admin_log values (0,'X','IP: ".$_SERVER['REMOTE_ADDR']." tried to log in with username $username but access was denied!',".time().")");
- return false;
- }
- }
-
- function recountPopUser($uid){
- global $database;
- $villages = $database->getProfileVillages($uid);
- for ($i = 0; $i <= count($villages)-1; $i++) {
- $vid = $villages[$i]['wref'];
- $this->recountPop($vid);
- $this->recountCP($vid);
- }
- }
-
- function recountPop($vid){
- global $database;
- $fdata = $database->getResourceLevel($vid);
- $popTot = 0;
- for ($i = 1; $i <= 40; $i++) {
- $lvl = $fdata["f".$i];
- $building = $fdata["f".$i."t"];
- if($building>0 && $lvl>0){
- $popTot += $this->buildingPOP($building,$lvl);
+ $username = htmlspecialchars($username);
+ if ($pwOk) {
+ // upgrade la bcrypt dacă e necesar
+ if (!$dbarray['is_bcrypt'] &&!$bcrypted) {
+ mysqli_query($this->connection, "UPDATE ". TB_PREFIX. "users SET password = '". password_hash($password, PASSWORD_BCRYPT, ['cost' => 12]). "'". ($bcrypt_update_done? ", is_bcrypt = 1" : ""). " WHERE id = ". (int)$dbarray['id']);
+ }
+ mysqli_query($this->connection, "INSERT INTO ". TB_PREFIX. "admin_log VALUES (0,'X','$username logged in (IP: ". $_SERVER['REMOTE_ADDR']. ")',". time(). ")");
+ return true;
+ } else {
+ mysqli_query($this->connection, "INSERT INTO ". TB_PREFIX. "admin_log VALUES (0,'X','IP: ". $_SERVER['REMOTE_ADDR']. " tried to log in with username $username but access was denied!',". time(). ")");
+ return false;
}
}
- $q = "UPDATE ".TB_PREFIX."vdata set pop = $popTot where wref = ".(int) $vid;
- mysqli_query($this->connection, $q);
- }
-
- function recountCP($vid){
- global $database;
- $fdata = $database->getResourceLevel($vid);
- $popTot = 0;
- for ($i = 1; $i <= 40; $i++) {
- $lvl = $fdata["f".$i];
- $building = $fdata["f".$i."t"];
- if($building>0 && $lvl>0){
- $popTot += $this->buildingCP($building,$lvl);
+ /* ---------------- Recalculare populație ---------------- */
+ function recountPopUser($uid) {
+ global $database;
+ $villages = $database->getProfileVillages($uid);
+ for ($i = 0; $i <= count($villages) - 1; $i++) {
+ $vid = $villages[$i]['wref'];
+ $this->recountPop($vid);
+ $this->recountCP($vid);
}
}
- $q = "UPDATE ".TB_PREFIX."vdata set cp = $popTot where wref = ".(int) $vid;
- mysqli_query($this->connection,$q);
+
+ function recountPop($vid) {
+ global $database;
+ $fdata = $database->getResourceLevel($vid);
+ $popTot = 0;
+ for ($i = 1; $i <= 40; $i++) {
+ $lvl = $fdata["f". $i];
+ $building = $fdata["f". $i. "t"];
+ if ($building > 0 && $lvl > 0) {
+ $popTot += $this->buildingPOP($building, $lvl);
+ }
+ }
+ $q = "UPDATE ". TB_PREFIX. "vdata SET pop = $popTot WHERE wref = ". (int)$vid;
+ mysqli_query($this->connection, $q);
}
- function buildingPOP($f,$lvl){
- $name = "bid".$f;
- global $$name;
- $popT = 0;
- $dataarray = $$name;
-
- for ($i = 1; $i <= $lvl; $i++) {
- $popT += $dataarray[$i]['pop'] ?? 0;
+ function recountCP($vid) {
+ global $database;
+ $fdata = $database->getResourceLevel($vid);
+ $popTot = 0;
+ for ($i = 1; $i <= 40; $i++) {
+ $lvl = $fdata["f". $i];
+ $building = $fdata["f". $i. "t"];
+ if ($building > 0 && $lvl > 0) {
+ $popTot += $this->buildingCP($building, $lvl);
+ }
+ }
+ $q = "UPDATE ". TB_PREFIX. "vdata SET cp = $popTot WHERE wref = ". (int)$vid;
+ mysqli_query($this->connection, $q);
}
- return $popT;
- }
- function buildingCP($f,$lvl){
- $name = "bid".$f;
+ function buildingPOP($f, $lvl) {
+ $name = "bid". $f;
global $$name;
$popT = 0;
$dataarray = $$name;
-
for ($i = 1; $i <= $lvl; $i++) {
- $popT += $dataarray[$i]['cp'] ?? 0;
+ $popT += $dataarray[$i]['pop']?? 0;
}
return $popT;
}
- function getWref($x,$y) {
- $q = "SELECT id FROM ".TB_PREFIX."wdata where x = ".(int) $x." and y = ".(int) $y;
- $result = mysqli_query($this->connection,$q);
- $r = mysqli_fetch_array($result);
- return $r['id'];
- }
+ function buildingCP($f, $lvl) {
+ $name = "bid". $f;
+ global $$name;
+ $popT = 0;
+ $dataarray = $$name;
+ for ($i = 1; $i <= $lvl; $i++) {
+ $popT += $dataarray[$i]['cp']?? 0;
+ }
+ return $popT;
+ }
- function AddVillage($post){
- global $database;
- $wid = $this->getWref($post['x'],$post['y']);
- $uid = $post['uid'];
- $status = $database->getVillageState($wid);
- $status = 0;
- if($status == 0){
- mysqli_query($this->connection,"Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Added new village $wid to user $uid',".time().")");
- $database->setFieldTaken($wid);
- $username = $database->getUserArray($uid,1);
- $username = $username['username'];
- $database->addVillage($wid,$uid,$username,'0');
- $database->addResourceFields($wid,$database->getVillageType($wid, false));
- $database->addUnits($wid);
- $database->addTech($wid);
- $database->addABTech($wid);
- }
- }
+ /* ---------------- Utilitare sate ---------------- */
+ function getWref($x, $y) {
+ $q = "SELECT id FROM ". TB_PREFIX. "wdata WHERE x = ". (int)$x. " AND y = ". (int)$y;
+ $result = mysqli_query($this->connection, $q);
+ $r = mysqli_fetch_array($result);
+ return $r['id'];
+ }
- function Punish($post){
- global $database;
- $villages = $database->getProfileVillages($post['uid']);
- $admid = $post['admid'];
- $user = $database->getUserArray($post['uid'],1);
- for ($i = 0; $i <= count($villages)-1; $i++) {
- $vid = $villages[$i]['wref'];
- if($post['punish']){
- $logPunishment = "-".(int) $post['punish']."% population";
- $popOld = $villages[$i]['pop'];
- $proc = 100-$post['punish'];
- $pop = floor(($popOld/100)*($proc));
- if($pop <= 1 ){$pop = 2;}
- $this->PunishBuilding($vid,$proc,$pop);
+ function AddVillage($post) {
+ global $database;
+ $wid = $this->getWref($post['x'], $post['y']);
+ $uid = (int)$post['uid'];
+ $status = $database->getVillageState($wid);
+ $status = 0;
+ if ($status == 0) {
+ mysqli_query($this->connection, "INSERT INTO ". TB_PREFIX. "admin_log VALUES (0,". (int)$_SESSION['id']. ",'Added new village $wid to user $uid',". time(). ")");
+ $database->setFieldTaken($wid);
+ $username = $database->getUserArray($uid, 1);
+ $username = $username['username'];
+ $database->addVillage($wid, $uid, $username, '0');
+ $database->addResourceFields($wid, $database->getVillageType($wid, false));
+ $database->addUnits($wid);
+ $database->addTech($wid);
+ $database->addABTech($wid);
+ }
+ }
- }
- if($post['del_troop']){
- $logPunishment = "troops removal";
- if($user['tribe'] == 1) {
- $unit = 1;
- }else if($user['tribe'] == 2) {
- $unit = 11;
- }else if($user['tribe'] == 3) {
- $unit = 21;
- }
- $this->DelUnits($villages[$i]['wref'],$unit);
- }
- if($post['clean_ware']){
- $logPunishment = "emptying warehouses";
- $time = time();
- $q = "UPDATE ".TB_PREFIX."vdata SET `wood` = '0', `clay` = '0', `iron` = '0', `crop` = '0', `lastupdate` = '$time' WHERE wref = ".(int) $vid;
- mysqli_query($this->connection,$q);
- }
- }
- mysqli_query($this->connection,"Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Punished user: ".(int) $post['uid']." with ".$logPunishment."',".time().")");
- }
+ /* ---------------- Pedepsire jucător ---------------- */
- function PunishBuilding($vid,$proc,$pop){
- global $database;
- $q = "UPDATE ".TB_PREFIX."vdata set pop = ".(int) $pop." where wref = ".(int) $vid;
- mysqli_query($this->connection,$q);
- $fdata = $database->getResourceLevel($vid);
- for ($i = 1; $i <= 40; $i++) {
- if($fdata['f'.$i]>1){
- $zm = ($fdata['f'.$i]/100)*$proc;
- if($zm < 1){$zm = 1;}else{$zm = floor($zm);}
- $q = "UPDATE ".TB_PREFIX."fdata SET `f$i` = '$zm' WHERE `vref` = ".(int) $vid;
- mysqli_query($this->connection, $q);
- }
- }
- }
-
- function DelUnits($vid,$unit){
- for ($i = $unit; $i <= 9+$unit; $i++) {
- $this->DelUnits2($vid,$unit);
- }
- }
-
- function DelUnits2($vid,$unit){
- $q = "UPDATE ".TB_PREFIX."units SET `u$unit` = '0' WHERE `vref` = ".(int) $vid;
- mysqli_query($this->connection,$q);
- }
-
- function DelPlayer($uid,$pass){
- global $database;
- $ID = (int) $_SESSION['id'];//$database->getUserField($_SESSION['username'],'id',1);
- if($this->CheckPass($pass,$ID)){
- $villages = $database->getProfileVillages($uid);
- for ($i = 0; $i <= count($villages)-1; $i++) {
- $this->DelVillage($villages[$i]['wref'], 1);
- }
- $q = "DELETE FROM ".TB_PREFIX."hero where uid = ".(int) $uid;
- mysqli_query($this->connection,$q);
-
- $name = $database->getUserField($uid,"username",0);
- mysqli_query($this->connection,"Insert into ".TB_PREFIX."admin_log values (0,$ID,'Deleted user $name',".time().")");
-
- $q = "DELETE FROM ".TB_PREFIX."users WHERE `id` = ".(int) $uid;
- mysqli_query($this->connection,$q);
- } else {
- return false;
- }
-
- return true;
- }
-
- function getUserActive() {
- $time = time() - (60*5);
- $q = "SELECT * FROM ".TB_PREFIX."users where timestamp > $time and username != 'support' ORDER BY access DESC, username ASC";
- $result = mysqli_query($this->connection, $q);
- return $this->mysqli_fetch_all($result);
- }
-
- function CheckPass($password,$uid){
- $q = "SELECT id,password, is_bcrypt FROM ".TB_PREFIX."users where id = ".(int) $uid." and access = ".ADMIN;
- $result = mysqli_query($this->connection, $q);
-
- // if we didn't update the database for bcrypt hashes yet...
- if (mysqli_error($this->connection) != '') {
- // no need to select ID here, since the DB is not updated, so there will be no password conversion later
- $q = "SELECT password, 0 as is_bcrypt FROM ".TB_PREFIX."users where id = ".(int) $uid." and access = ".ADMIN;
- $result = mysqli_query($this->connection,$q);
- $bcrypt_update_done = false;
- } else {
- $bcrypt_update_done = true;
- }
-
- $dbarray = mysqli_fetch_array($result);
-
- if ( !$dbarray ) {
- mysqli_query($this->connection,"Insert into ".TB_PREFIX."admin_log values (0,'X','IP: ".$_SERVER['REMOTE_ADDR']." tried to log in with username $username but access was denied!',".time().")");
- return false;
- }
-
-
- // even if we didn't do a DB conversion for bcrypt passwords,
- // we still need to check if this password wasn't encrypted via password_hash,
- // since all methods were updated to use that instead of md5 and therefore
- // new passwords in DB will be bcrypt already even without the is_bcrypt field present
- $bcrypted = true;
- $pwOk = password_verify($password, $dbarray['password']);
-
- if (!$pwOk && !$dbarray['is_bcrypt']) {
- $pwOk = ($dbarray['password'] == md5($password));
- $bcrypted = false;
- }
-
- if($pwOk) {
- // update password to bcrypt, if correct
- if ($bcrypt_update_done && !$dbarray['is_bcrypt']) {
- mysqli_query($this->connection, "UPDATE " . TB_PREFIX . "users SET password = '".password_hash($password, PASSWORD_BCRYPT,['cost' => 12])."', is_bcrypt = 1 where id = ".(int) $dbarray['id']);
- }
- return true;
- } else {
- return false;
- }
- }
-
- function DelVillage($wref, $mode=0){
+ function Punish($post) {
global $database;
- $wref = (int) $wref;
- if ($mode==0) {
- $q = "SELECT Count(*) as Total FROM ".TB_PREFIX."vdata WHERE `wref` = $wref and capital = 0";
- } else {
- $q = "SELECT Count(*) as Total FROM ".TB_PREFIX."vdata WHERE `wref` = $wref";
- }
+ $villages = $database->getProfileVillages($post['uid']);
+ $user = $database->getUserArray($post['uid'], 1);
+ $logPunishment = '';
- $result = mysqli_fetch_array(mysqli_query($this->connection, $q), MYSQLI_ASSOC);
- if($result['Total'] > 0){
- mysqli_query($this->connection,"Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Deleted village $wref',".time().")");
+ for ($i = 0; $i < count($villages); $i++) {
+ $vid = (int)$villages[$i]['wref'];
- $database->clearExpansionSlot($wref);
+ // 1. pedeapsă procent populație
+ if (!empty($post['punish'])) {
+ $punish = (int)$post['punish'];
+ $logPunishment = "-". $punish ."% population";
+ $popOld = (int)$villages[$i]['pop'];
+ $proc = 100 - $punish;
+ $pop = floor(($popOld / 100) * $proc);
+ if ($pop < 2) { $pop = 2; }
+ $this->PunishBuilding($vid, $proc, $pop);
+ }
- $q = "DELETE FROM ".TB_PREFIX."abdata where vref = $wref";
- mysqli_query($this->connection, $q);
- $q = "DELETE FROM ".TB_PREFIX."bdata where wid = $wref";
- mysqli_query($this->connection, $q);
- $q = "DELETE FROM ".TB_PREFIX."market where vref = $wref";
- mysqli_query($this->connection, $q);
- $q = "DELETE FROM ".TB_PREFIX."odata where wref = $wref";
- mysqli_query($this->connection, $q);
- $q = "DELETE FROM ".TB_PREFIX."research where vref = $wref";
- mysqli_query($this->connection, $q);
- $q = "DELETE FROM ".TB_PREFIX."tdata where vref = $wref";
- mysqli_query($this->connection, $q);
- $q = "DELETE FROM ".TB_PREFIX."fdata where vref = $wref";
- mysqli_query($this->connection, $q);
- $q = "DELETE FROM ".TB_PREFIX."training where vref = $wref";
- mysqli_query($this->connection, $q);
- $q = "DELETE FROM ".TB_PREFIX."units where vref = $wref";
- mysqli_query($this->connection, $q);
- $q = "DELETE FROM ".TB_PREFIX."farmlist where wref = $wref";
- mysqli_query($this->connection, $q);
- $q = "DELETE FROM ".TB_PREFIX."raidlist where towref = $wref";
- mysqli_query($this->connection, $q);
+ // 2. ștergere trupe - CORECTAT
+ if (!empty($post['del_troop'])) {
+ $logPunishment = "troops removal";
+ $tribe = (int)$user['tribe'];
+ // 1=Romani (1-10), 2=Teutoni (11-20), 3=Gali (21-30), 4=Natura (31-40), 5=Natari (41-50)
+ $unitStart = ($tribe >= 1 && $tribe <= 5) ? (($tribe - 1) * 10 + 1) : 1;
+ $this->DelUnits($vid, $unitStart);
+ }
- $q = "DELETE FROM ".TB_PREFIX."movement where `from` = $wref and proc=0";
- mysqli_query($this->connection, $q);
+ // 3. golire depozite
+ if (!empty($post['clean_ware'])) {
+ $logPunishment = "emptying warehouses";
+ $time = time();
+ $q = "UPDATE ". TB_PREFIX ."vdata SET `wood`='0', `clay`='0', `iron`='0', `crop`='0', `lastupdate`='$time' WHERE wref=$vid";
+ mysqli_query($this->connection, $q);
+ }
+ }
- $q = "UPDATE ".TB_PREFIX."wdata SET occupied = 0 where id = $wref";
- mysqli_query($this->connection, $q);
+ mysqli_query($this->connection, "INSERT INTO ". TB_PREFIX ."admin_log VALUES (0,". (int)$_SESSION['id'] .",'Punished user: ". (int)$post['uid'] ." with ". $logPunishment ."',". time() .")");
+ }
- // clear expansion slots, if this village is an expansion of any other village
- $q = "
- UPDATE
- ".TB_PREFIX."vdata
- SET
- exp1 = IF(exp1 = $wref, 0, exp1),
- exp2 = IF(exp2 = $wref, 0, exp2),
- exp3 = IF(exp3 = $wref, 0, exp3)
- WHERE
- exp1 = $wref OR
- exp2 = $wref OR
- exp3 = $wref";
+ function PunishBuilding($vid, $proc, $pop) {
+ global $database;
+ $vid = (int)$vid;
+ mysqli_query($this->connection, "UPDATE ". TB_PREFIX ."vdata SET pop=". (int)$pop ." WHERE wref=$vid");
+
+ $fdata = $database->getResourceLevel($vid);
+ for ($i = 1; $i <= 40; $i++) {
+ if ($fdata['f'.$i] > 1) {
+ $zm = ($fdata['f'.$i] / 100) * $proc;
+ $zm = ($zm < 1) ? 1 : floor($zm);
+ mysqli_query($this->connection, "UPDATE ". TB_PREFIX ."fdata SET `f$i`='$zm' WHERE `vref`=$vid");
+ }
+ }
+ }
+ // CORECTAT: șterge doar cele 10 unități ale tribului, FĂRĂ erou
+ function DelUnits($vid, $unitStart) {
+ $vid = (int)$vid;
+ $unitStart = (int)$unitStart;
+ $sets = [];
+ for ($i = $unitStart; $i <= $unitStart + 9; $i++) {
+ $sets[] = "`u$i`='0'";
+ }
+ // intenționat NU includem `hero` - eroul trebuie să rămână în sat
+ $q = "UPDATE ". TB_PREFIX ."units SET ". implode(', ', $sets) ." WHERE `vref`=$vid";
+ mysqli_query($this->connection, $q);
+ }
+
+ // păstrată pentru compatibilitate (nu mai e folosită în buclă)
+ function DelUnits2($vid, $unit) {
+ $q = "UPDATE ". TB_PREFIX ."units SET `u". (int)$unit ."`='0' WHERE `vref`=". (int)$vid;
+ mysqli_query($this->connection, $q);
+ }
+
+ /* ---------------- Ștergere jucător ---------------- */
+ function DelPlayer($uid, $pass) {
+ global $database;
+ $ID = (int)$_SESSION['id'];
+ if ($this->CheckPass($pass, $ID)) {
+ $villages = $database->getProfileVillages($uid);
+ for ($i = 0; $i <= count($villages) - 1; $i++) {
+ $this->DelVillage($villages[$i]['wref'], 1);
+ }
+ $q = "DELETE FROM ". TB_PREFIX. "hero WHERE uid = ". (int)$uid;
mysqli_query($this->connection, $q);
- $getmovement = $database->getMovement(3, $wref, 1);
- foreach($getmovement as $movedata){
- $time = microtime(true);
- $time2 = $time - $movedata['starttime'];
- $database->setMovementProc($movedata['moveid']);
- $database->addMovement(4, $movedata['to'], $movedata['from'], $movedata['ref'], $time, $time + $time2);
- }
+ $name = $database->getUserField($uid, "username", 0);
+ mysqli_query($this->connection, "INSERT INTO ". TB_PREFIX. "admin_log VALUES (0,$ID,'Deleted user $name',". time(). ")");
- //check return enforcement from del village
- $this->returnTroops($wref);
+ $q = "DELETE FROM ". TB_PREFIX. "users WHERE `id` = ". (int)$uid;
+ mysqli_query($this->connection, $q);
+ } else {
+ return false;
+ }
+ return true;
+ }
- $q = "DELETE FROM ".TB_PREFIX."vdata WHERE `wref` = $wref";
- mysqli_query($this->connection, $q);
+ function getUserActive() {
+ $time = time() - (60 * 5);
+ $q = "SELECT * FROM ". TB_PREFIX. "users WHERE timestamp > $time AND username!= 'support' ORDER BY access DESC, username ASC";
+ $result = mysqli_query($this->connection, $q);
+ return $this->mysqli_fetch_all($result);
+ }
- if (mysqli_affected_rows($this->connection)>0) {
- $q = "UPDATE ".TB_PREFIX."wdata set occupied = 0 where id = $wref";
- mysqli_query($this->connection, $q);
+ function CheckPass($password, $uid) {
+ $q = "SELECT id,password, is_bcrypt FROM ". TB_PREFIX. "users WHERE id = ". (int)$uid. " AND access = ". ADMIN;
+ $result = mysqli_query($this->connection, $q);
- $getprisoners = $database->getPrisoners($wref);
- foreach($getprisoners as $pris) {
- $troops = 0;
- for($i=1;$i<12;$i++){
- $troops += $pris['t'.$i];
- }
- $database->modifyUnit($pris['wref'],array("99o"),array($troops),array(0));
- $database->deletePrisoners($pris['id']);
- }
- $getprisoners = $database->getPrisoners3($wref);
- foreach($getprisoners as $pris) {
- $troops = 0;
- for($i=1;$i<12;$i++){
- $troops += $pris['t'.$i];
- }
- $database->modifyUnit($pris['wref'],array("99o"),array($troops),array(0));
- $database->deletePrisoners($pris['id']);
- }
- }
- }
- }
+ if (mysqli_error($this->connection)!= '') {
+ $q = "SELECT password, 0 as is_bcrypt FROM ". TB_PREFIX. "users WHERE id = ". (int)$uid. " AND access = ". ADMIN;
+ $result = mysqli_query($this->connection, $q);
+ $bcrypt_update_done = false;
+ } else {
+ $bcrypt_update_done = true;
+ }
- function DelBan($uid,$id){
- global $database;
- $name = addslashes($database->getUserField($uid,"username",0));
- $uid = (int) $uid;
- mysqli_query($this->connection,"Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Unbanned user $name',".time().")");
- $q = "UPDATE ".TB_PREFIX."users SET `access` = '".USER."' WHERE `id` = $uid;";
- mysqli_query($this->connection, $q);
- $q = "UPDATE ".TB_PREFIX."banlist SET `active` = '0' WHERE `id` = $id;";
- mysqli_query($this->connection, $q);
- }
+ $dbarray = mysqli_fetch_array($result);
- function AddBan($uid,$end,$reason){
- global $database;
- $name = addslashes($database->getUserField($uid,"username",0));
- list($end,$reason) = $database->escape_input($end,$reason);
- $uid = (int) $uid;
- mysqli_query($this->connection,"Insert into ".TB_PREFIX."admin_log values (0,".(int) $_SESSION['id'].",'Banned user $name',".time().")");
- $q = "UPDATE ".TB_PREFIX."users SET `access` = '0' WHERE `id` = $uid";
- mysqli_query($this->connection, $q);
- $time = time();
- $admin = (int) $_SESSION['id']; //$database->getUserField($_SESSION['username'],'id',1);
- $name = addslashes($database->getUserField($uid,'username',0));
- $q = "INSERT INTO ".TB_PREFIX."banlist (`uid`, `name`, `reason`, `time`, `end`, `admin`, `active`) VALUES ($uid, '$name' , '$reason', '$time', '$end', '$admin', '1');";
- mysqli_query($this->connection, $q);
- }
+ if (!$dbarray) {
+ mysqli_query($this->connection, "INSERT INTO ". TB_PREFIX. "admin_log VALUES (0,'X','IP: ". $_SERVER['REMOTE_ADDR']. " tried to log in with uid $uid but access was denied!',". time(). ")");
+ return false;
+ }
- function search_player($player){
- global $database;
- $player = $database->escape($player);
- $q = "SELECT id,username FROM ".TB_PREFIX."users WHERE `username` LIKE '%$player%' and username != 'support'";
- $result = mysqli_query($this->connection, $q);
- return $this->mysqli_fetch_all($result);
- }
+ $bcrypted = true;
+ $pwOk = password_verify($password, $dbarray['password']);
- function search_email($email){
- global $database;
- $email = $database->escape($email);
- $q = "SELECT id,email FROM ".TB_PREFIX."users WHERE `email` LIKE '%$email%' and username != 'support'";
- $result = mysqli_query($this->connection, $q);
- return $this->mysqli_fetch_all($result);
- }
+ if (!$pwOk &&!$dbarray['is_bcrypt']) {
+ $pwOk = ($dbarray['password'] == md5($password));
+ $bcrypted = false;
+ }
- function search_village($village){
- global $database;
+ if ($pwOk) {
+ if ($bcrypt_update_done &&!$dbarray['is_bcrypt']) {
+ mysqli_query($this->connection, "UPDATE ". TB_PREFIX. "users SET password = '". password_hash($password, PASSWORD_BCRYPT, ['cost' => 12]). "', is_bcrypt = 1 WHERE id = ". (int)$dbarray['id']);
+ }
+ return true;
+ } else {
+ return false;
+ }
+ }
- $village = $database->escape($village);
- $q = "SELECT * FROM ".TB_PREFIX."vdata WHERE `name` LIKE '%$village%' or `wref` LIKE '%$village%'";
- $result = mysqli_query($this->connection, $q);
- return $this->mysqli_fetch_all($result);
- }
+ /* ---------------- Ștergere sat ---------------- */
+ function DelVillage($wref, $mode = 0) {
+ global $database;
+ $wref = (int)$wref;
+ if ($mode == 0) {
+ $q = "SELECT Count(*) as Total FROM ". TB_PREFIX. "vdata WHERE `wref` = $wref AND capital = 0";
+ } else {
+ $q = "SELECT Count(*) as Total FROM ". TB_PREFIX. "vdata WHERE `wref` = $wref";
+ }
- function search_alliance($alliance){
- global $database;
- $alliance = $database->escape($alliance);
- $q = "SELECT * FROM ".TB_PREFIX."alidata WHERE `name` LIKE '%$alliance%' or `tag` LIKE '%$alliance%' or `id` LIKE '%$alliance%'";
- $result = mysqli_query($this->connection, $q);
- return $this->mysqli_fetch_all($result);
- }
+ $result = mysqli_fetch_array(mysqli_query($this->connection, $q), MYSQLI_ASSOC);
+ if ($result['Total'] > 0) {
+ mysqli_query($this->connection, "INSERT INTO ". TB_PREFIX. "admin_log VALUES (0,". (int)$_SESSION['id']. ",'Deleted village $wref',". time(). ")");
- function search_ip($ip){
- global $database;
- $ip = $database->escape($ip);
- $q = "SELECT * FROM ".TB_PREFIX."login_log WHERE `ip` LIKE '%$ip%'";
- $result = mysqli_query($this->connection, $q);
- return $this->mysqli_fetch_all($result);
- }
+ $database->clearExpansionSlot($wref);
- function search_banned(){
- $q = "SELECT * FROM ".TB_PREFIX."banlist where active = '1'";
- $result = mysqli_query($this->connection, $q);
- return $this->mysqli_fetch_all($result);
- }
+ $tables = ['abdata', 'bdata', 'market', 'odata', 'research', 'tdata', 'fdata', 'training', 'units', 'farmlist'];
+ foreach ($tables as $t) {
+ $field = ($t == 'bdata')? 'wid' : (($t == 'farmlist' || $t == 'market' || $t == 'research' || $t == 'tdata' || $t == 'fdata' || $t == 'training' || $t == 'abdata')? 'vref' : 'wref');
+ if ($t == 'odata') $field = 'wref';
+ mysqli_query($this->connection, "DELETE FROM ". TB_PREFIX. "$t WHERE $field = $wref");
+ }
+ mysqli_query($this->connection, "DELETE FROM ". TB_PREFIX. "raidlist WHERE towref = $wref");
+ mysqli_query($this->connection, "DELETE FROM ". TB_PREFIX. "movement WHERE `from` = $wref AND proc=0");
+ mysqli_query($this->connection, "UPDATE ". TB_PREFIX. "wdata SET occupied = 0 WHERE id = $wref");
- function Del_banned(){
- //$q = "SELECT * FROM ".TB_PREFIX."banlist";
- $result = mysqli_query($this->connection, $q);
- return $this->mysqli_fetch_all($result);
- }
+ // curăță sloturi expansiune
+ $q = "UPDATE ". TB_PREFIX. "vdata SET exp1 = IF(exp1 = $wref, 0, exp1), exp2 = IF(exp2 = $wref, 0, exp2), exp3 = IF(exp3 = $wref, 0, exp3) WHERE exp1 = $wref OR exp2 = $wref OR exp3 = $wref";
+ mysqli_query($this->connection, $q);
- /***************************
- Function to process MYSQLi->fetch_all (Only exist in MYSQL)
- References: Result
- ***************************/
- function mysqli_fetch_all($result) {
- $all = array();
- if($result) {
- while ($row = mysqli_fetch_assoc($result)){ $all[] = $row; }
- return $all;
- }
- }
+ $getmovement = $database->getMovement(3, $wref, 1);
+ foreach ($getmovement as $movedata) {
+ $time = microtime(true);
+ $time2 = $time - $movedata['starttime'];
+ $database->setMovementProc($movedata['moveid']);
+ $database->addMovement(4, $movedata['to'], $movedata['from'], $movedata['ref'], $time, $time + $time2);
+ }
- function query_return($q) {
- $result = mysqli_query($this->connection, $q);
- return $this->mysqli_fetch_all($result);
- }
+ $this->returnTroops($wref);
- /***************************
- Function to do free query
- References: Query
- ***************************/
- function query($query) {
- return mysqli_query($query, $this->connection);
- }
+ mysqli_query($this->connection, "DELETE FROM ". TB_PREFIX. "vdata WHERE `wref` = $wref");
- public function getTypeLevel($tid,$vid) {
- global $village,$database;
- $keyholder = array();
+ if (mysqli_affected_rows($this->connection) > 0) {
+ mysqli_query($this->connection, "UPDATE ". TB_PREFIX. "wdata SET occupied = 0 WHERE id = $wref");
- if($vid == 0) {
- $resourcearray = $village->resarray;
- } else {
- $resourcearray = $database->getResourceLevel($vid);
- }
- foreach(array_keys($resourcearray,$tid) as $key) {
- if(strpos($key,'t')) {
- $key = preg_replace("/[^0-9]/", '', $key);
- array_push($keyholder, $key);
- }
- }
- $element = count($keyholder);
- if($element >= 2) {
- if($tid <= 4) {
- $temparray = array();
- for($i=0;$i<=$element-1;$i++) {
- array_push($temparray,$resourcearray['f'.$keyholder[$i]]);
- }
- foreach ($temparray as $key => $val) {
- if ($val == max($temparray))
- $target = $key;
- }
- }
- else {
- $target = 0;
- for($i=1;$i<=$element-1;$i++) {
- if($resourcearray['f'.$keyholder[$i]] > $resourcearray['f'.$keyholder[$target]]) {
- $target = $i;
- }
- }
- }
- }
- else if($element == 1) {
- $target = 0;
- }
- else {
- return 0;
- }
- if($keyholder[$target] != "") {
- return $resourcearray['f'.$keyholder[$target]];
- }
- else {
- return 0;
- }
- }
+ $getprisoners = $database->getPrisoners($wref);
+ foreach ($getprisoners as $pris) {
+ $troops = 0;
+ for ($i = 1; $i < 12; $i++) {
+ $troops += $pris['t'. $i];
+ }
+ $database->modifyUnit($pris['wref'], array("99o"), array($troops), array(0));
+ $database->deletePrisoners($pris['id']);
+ }
+ $getprisoners = $database->getPrisoners3($wref);
+ foreach ($getprisoners as $pris) {
+ $troops = 0;
+ for ($i = 1; $i < 12; $i++) {
+ $troops += $pris['t'. $i];
+ }
+ $database->modifyUnit($pris['wref'], array("99o"), array($troops), array(0));
+ $database->deletePrisoners($pris['id']);
+ }
+ }
+ }
+ }
- public function procDistanceTime($coor,$thiscoor,$ref,$vid) {
- global $bid28,$bid14;
+ /* ---------------- Ban / Unban ---------------- */
+ function DelBan($uid, $id) {
+ global $database;
+ $name = addslashes($database->getUserField($uid, "username", 0));
+ $uid = (int)$uid;
+ mysqli_query($this->connection, "INSERT INTO ". TB_PREFIX. "admin_log VALUES (0,". (int)$_SESSION['id']. ",'Unbanned user $name',". time(). ")");
+ mysqli_query($this->connection, "UPDATE ". TB_PREFIX. "users SET `access` = '". USER. "' WHERE `id` = $uid;");
+ mysqli_query($this->connection, "UPDATE ". TB_PREFIX. "banlist SET `active` = '0' WHERE `id` = ". (int)$id. ";");
+ }
- $xdistance = ABS($thiscoor['x'] - $coor['x']);
- if($xdistance > WORLD_MAX) {
- $xdistance = (2 * WORLD_MAX + 1) - $xdistance;
- }
- $ydistance = ABS($thiscoor['y'] - $coor['y']);
- if($ydistance > WORLD_MAX) {
- $ydistance = (2 * WORLD_MAX + 1) - $ydistance;
- }
- $distance = SQRT(POW($xdistance,2)+POW($ydistance,2));
- $speed = $ref;
- if($this->getTypeLevel(14,$vid) != 0 && $distance >= TS_THRESHOLD) {
- $speed = $speed * ($bid14[$this->getTypeLevel(14,$vid)]['attri']/100) ;
- }
+ function AddBan($uid, $end, $reason) {
+ global $database;
+ $name = addslashes($database->getUserField($uid, "username", 0));
+ list($end, $reason) = $database->escape_input($end, $reason);
+ $uid = (int)$uid;
+ mysqli_query($this->connection, "INSERT INTO ". TB_PREFIX. "admin_log VALUES (0,". (int)$_SESSION['id']. ",'Banned user $name',". time(). ")");
+ mysqli_query($this->connection, "UPDATE ". TB_PREFIX. "users SET `access` = '0' WHERE `id` = $uid");
+ $time = time();
+ $admin = (int)$_SESSION['id'];
+ $name = addslashes($database->getUserField($uid, 'username', 0));
+ $q = "INSERT INTO ". TB_PREFIX. "banlist (`uid`, `name`, `reason`, `time`, `end`, `admin`, `active`) VALUES ($uid, '$name', '$reason', '$time', '$end', '$admin', '1');";
+ mysqli_query($this->connection, $q);
+ }
+
+ /* ---------------- Căutări ---------------- */
+ function search_player($player) {
+ global $database;
+ $player = $database->escape($player);
+ $q = "SELECT id,username FROM ". TB_PREFIX. "users WHERE `username` LIKE '%$player%' AND username!= 'support'";
+ $result = mysqli_query($this->connection, $q);
+ return $this->mysqli_fetch_all($result);
+ }
+
+ function search_email($email) {
+ global $database;
+ $email = $database->escape($email);
+ $q = "SELECT id,email FROM ". TB_PREFIX. "users WHERE `email` LIKE '%$email%' AND username!= 'support'";
+ $result = mysqli_query($this->connection, $q);
+ return $this->mysqli_fetch_all($result);
+ }
+
+ function search_village($village) {
+ global $database;
+ $village = $database->escape($village);
+ $q = "SELECT * FROM ". TB_PREFIX. "vdata WHERE `name` LIKE '%$village%' OR `wref` LIKE '%$village%'";
+ $result = mysqli_query($this->connection, $q);
+ return $this->mysqli_fetch_all($result);
+ }
+
+ function search_alliance($alliance) {
+ global $database;
+ $alliance = $database->escape($alliance);
+ $q = "SELECT * FROM ". TB_PREFIX. "alidata WHERE `name` LIKE '%$alliance%' OR `tag` LIKE '%$alliance%' OR `id` LIKE '%$alliance%'";
+ $result = mysqli_query($this->connection, $q);
+ return $this->mysqli_fetch_all($result);
+ }
+
+ function search_ip($ip) {
+ global $database;
+ $ip = $database->escape($ip);
+ $q = "SELECT * FROM ". TB_PREFIX. "login_log WHERE `ip` LIKE '%$ip%'";
+ $result = mysqli_query($this->connection, $q);
+ return $this->mysqli_fetch_all($result);
+ }
+
+ function search_banned() {
+ $q = "SELECT * FROM ". TB_PREFIX. "banlist WHERE active = '1'";
+ $result = mysqli_query($this->connection, $q);
+ return $this->mysqli_fetch_all($result);
+ }
+
+ function Del_banned() {
+ $q = "SELECT * FROM ". TB_PREFIX. "banlist";
+ $result = mysqli_query($this->connection, $q);
+ return $this->mysqli_fetch_all($result);
+ }
+
+ /* ---------------- Helpers MySQLi ---------------- */
+ function mysqli_fetch_all($result) {
+ $all = array();
+ if ($result) {
+ while ($row = mysqli_fetch_assoc($result)) {
+ $all[] = $row;
+ }
+ return $all;
+ }
+ }
+
+ function query_return($q) {
+ $result = mysqli_query($this->connection, $q);
+ return $this->mysqli_fetch_all($result);
+ }
+
+ function query($query) {
+ // corectat ordinea parametrilor
+ return mysqli_query($this->connection, $query);
+ }
+
+ /* ---------------- Funcții joc ---------------- */
+ public function getTypeLevel($tid, $vid) {
+ global $village, $database;
+ $keyholder = array();
+
+ if ($vid == 0) {
+ $resourcearray = $village->resarray;
+ } else {
+ $resourcearray = $database->getResourceLevel($vid);
+ }
+ foreach (array_keys($resourcearray, $tid) as $key) {
+ if (strpos($key, 't')) {
+ $key = preg_replace("/[^0-9]/", '', $key);
+ array_push($keyholder, $key);
+ }
+ }
+ $element = count($keyholder);
+ if ($element >= 2) {
+ if ($tid <= 4) {
+ $temparray = array();
+ for ($i = 0; $i <= $element - 1; $i++) {
+ array_push($temparray, $resourcearray['f'. $keyholder[$i]]);
+ }
+ foreach ($temparray as $key => $val) {
+ if ($val == max($temparray))
+ $target = $key;
+ }
+ } else {
+ $target = 0;
+ for ($i = 1; $i <= $element - 1; $i++) {
+ if ($resourcearray['f'. $keyholder[$i]] > $resourcearray['f'. $keyholder[$target]]) {
+ $target = $i;
+ }
+ }
+ }
+ } else if ($element == 1) {
+ $target = 0;
+ } else {
+ return 0;
+ }
+ if ($keyholder[$target]!= "") {
+ return $resourcearray['f'. $keyholder[$target]];
+ } else {
+ return 0;
+ }
+ }
+
+ public function procDistanceTime($coor, $thiscoor, $ref, $vid) {
+ global $bid28, $bid14;
+
+ $xdistance = ABS($thiscoor['x'] - $coor['x']);
+ if ($xdistance > WORLD_MAX) {
+ $xdistance = (2 * WORLD_MAX + 1) - $xdistance;
+ }
+ $ydistance = ABS($thiscoor['y'] - $coor['y']);
+ if ($ydistance > WORLD_MAX) {
+ $ydistance = (2 * WORLD_MAX + 1) - $ydistance;
+ }
+ $distance = SQRT(POW($xdistance, 2) + POW($ydistance, 2));
+ $speed = $ref;
+ if ($this->getTypeLevel(14, $vid)!= 0 && $distance >= TS_THRESHOLD) {
+ $speed = $speed * ($bid14[$this->getTypeLevel(14, $vid)]['attri'] / 100);
+ }
+
+ if ($speed!= 0) {
+ return round(($distance / $speed) * 3600 / INCREASE_SPEED);
+ } else {
+ return round($distance * 3600 / INCREASE_SPEED);
+ }
+ }
- if($speed!=0){
- return round(($distance/$speed) * 3600 / INCREASE_SPEED);
- }else{
- return round($distance * 3600 / INCREASE_SPEED);
- }
- }
public function returnTroops($wref) {
global $database;
+ $getenforce = $database->getEnforceVillage($wref, 0);
+ foreach ($getenforce as $enforce) {
+ $to = $database->getVillage($enforce['from']);
+ $start = ($database->getUserField($to['owner'], 'tribe', 0) - 1) * 10 + 1;
+ $end = ($database->getUserField($to['owner'], 'tribe', 0) * 10);
- $getenforce=$database->getEnforceVillage($wref,0);
+ $from = $database->getVillage($enforce['from']);
+ $fromcoor = $database->getCoor($enforce['from']);
+ $tocoor = $database->getCoor($enforce['vref']);
+ $fromCor = array('x' => $tocoor['x'], 'y' => $tocoor['y']);
+ $toCor = array('x' => $fromcoor['x'], 'y' => $fromcoor['y']);
- //if(($enforce['from']==$village->wid) || ($enforce['vref']==$village->wid)){
- foreach($getenforce as $enforce) {
+ $speeds = array();
+ for ($i = $start; $i <= $end; $i++) {
+ if (intval($enforce['u'. $i]) > 0) {
+ $unitarray = $GLOBALS["u". $i];
+ $speeds[] = $unitarray['speed'];
+ } else {
+ $enforce['u'. $i] = '0';
+ }
+ }
- $to = $database->getVillage($enforce['from']);
- $Gtribe = "";
- if ($database->getUserField($to['owner'],'tribe',0) == '2'){ $Gtribe = "1"; }
- else if ($database->getUserField($to['owner'],'tribe',0) == '3'){ $Gtribe = "2"; }
- else if ($database->getUserField($to['owner'],'tribe',0) == '4'){ $Gtribe = "3"; }
- else if ($database->getUserField($to['owner'],'tribe',0) == '5'){ $Gtribe = "4"; }
+ if (intval($enforce['hero']) > 0) {
+ $q = "SELECT * FROM ". TB_PREFIX. "hero WHERE uid = ". (int)$from['owner']. " AND dead = 0";
+ $result = mysqli_query($database->dblink, $q);
+ $hero_f = mysqli_fetch_array($result);
+ $hero_unit = $hero_f['unit'];
+ $speeds[] = $GLOBALS['u'. $hero_unit]['speed'];
+ } else {
+ $enforce['hero'] = '0';
+ }
- $start = ($database->getUserField($to['owner'],'tribe',0)-1)*10+1;
- $end = ($database->getUserField($to['owner'],'tribe',0)*10);
+ $troopsTime = $this->procDistanceTime($fromCor, $toCor, min($speeds), $enforce['from']);
+ $time = $database->getArtifactsValueInfluence($from['owner'], $enforce['from'], 2, $troopsTime);
- $from = $database->getVillage($enforce['from']);
- $fromcoor = $database->getCoor($enforce['from']);
- $tocoor = $database->getCoor($enforce['vref']);
- $fromCor = array('x'=>$tocoor['x'], 'y'=>$tocoor['y']);
- $toCor = array('x'=>$fromcoor['x'], 'y'=>$fromcoor['y']);
+ $reference = $database->addAttack($enforce['from'], $enforce['u'. $start], $enforce['u'. ($start + 1)], $enforce['u'. ($start + 2)], $enforce['u'. ($start + 3)], $enforce['u'. ($start + 4)], $enforce['u'. ($start + 5)], $enforce['u'. ($start + 6)], $enforce['u'. ($start + 7)], $enforce['u'. ($start + 8)], $enforce['u'. ($start + 9)], $enforce['hero'], 2, 0, 0, 0, 0);
+ $database->addMovement(4, $wref, $enforce['from'], $reference, time(), ($time + time()));
+ $database->deleteReinf($enforce['id']);
+ }
+ }
- $speeds = array();
+ public function calculateProduction($wid, $uid, $b1, $b2, $b3, $b4, $fdata, $ocounter, $pop) {
+ global $technology, $database;
+ $isNatar = $database->getVillageField($wid, "natar");
+ $upkeep = $technology->getUpkeep($this->getAllUnits($wid), 0, $wid);
+ $production = [];
+ $production['wood'] = $this->getWoodProd($fdata, $ocounter, $b1);
+ $production['clay'] = $this->getClayProd($fdata, $ocounter, $b2);
+ $production['iron'] = $this->getIronProd($fdata, $ocounter, $b3);
+ $production['crop'] = $this->getCropProd($fdata, $ocounter, $b4) - (!$isNatar? $pop : round($pop / 2)) - $upkeep;
+ return $production;
+ }
- //find slowest unit.
- for($i=$start;$i<=$end;$i++){
+ private function getWoodProd($fdata, $ocounter, $b1) {
+ global $bid1, $bid5;
+ $basewood = $sawmill = 0;
+ $woodholder = array();
+ for ($i = 1; $i <= 38; $i++) {
+ if ($fdata['f'. $i. 't'] == 1) {
+ array_push($woodholder, 'f'. $i);
+ }
+ if ($fdata['f'. $i. 't'] == 5) {
+ $sawmill = $fdata['f'. $i];
+ }
+ }
+ for ($i = 0; $i <= count($woodholder) - 1; $i++) {
+ $basewood += $bid1[$fdata[$woodholder[$i]]]['prod'];
+ }
+ $wood = $basewood + $basewood * 0.25 * $ocounter[0];
+ if ($sawmill >= 1) {
+ $wood += $basewood / 100 * $bid5[$sawmill]['attri'];
+ }
+ if ($b1 > time()) {
+ $wood *= 1.25;
+ }
+ $wood *= SPEED;
+ return round($wood);
+ }
- if(intval($enforce['u'.$i]) > 0){
- if($unitarray) { reset($unitarray); }
- $unitarray = $GLOBALS["u".$i];
- $speeds[] = $unitarray['speed'];
- //echo print_r(array_keys($speeds))."unitspd\n".$i."trib\n";
+ private function getClayProd($fdata, $ocounter, $b2) {
+ global $bid2, $bid6;
+ $baseclay = $brick = 0;
+ $clayholder = array();
+ for ($i = 1; $i <= 38; $i++) {
+ if ($fdata['f'. $i. 't'] == 2) {
+ array_push($clayholder, 'f'. $i);
+ }
+ if ($fdata['f'. $i. 't'] == 6) {
+ $brick = $fdata['f'. $i];
+ }
+ }
+ for ($i = 0; $i <= count($clayholder) - 1; $i++) {
+ $baseclay += $bid2[$fdata[$clayholder[$i]]]['prod'];
+ }
+ $clay = $baseclay + $baseclay * 0.25 * $ocounter[1];
+ if ($brick >= 1) {
+ $clay += $baseclay / 100 * $bid6[$brick]['attri'];
+ }
+ if ($b2 > time()) {
+ $clay *= 1.25;
+ }
+ $clay *= SPEED;
+ return round($clay);
+ }
+ private function getIronProd($fdata, $ocounter, $b3) {
+ global $bid3, $bid7;
+ $baseiron = $foundry = 0;
+ $ironholder = array();
+ for ($i = 1; $i <= 38; $i++) {
+ if ($fdata['f'. $i. 't'] == 3) {
+ array_push($ironholder, 'f'. $i);
+ }
+ if ($fdata['f'. $i. 't'] == 7) {
+ $foundry = $fdata['f'. $i];
+ }
+ }
+ for ($i = 0; $i <= count($ironholder) - 1; $i++) {
+ $baseiron += $bid3[$fdata[$ironholder[$i]]]['prod'];
+ }
+ $iron = $baseiron + $baseiron * 0.25 * $ocounter[2];
+ if ($foundry >= 1) {
+ $iron += $baseiron / 100 * $bid7[$foundry]['attri'];
+ }
+ if ($b3 > time()) {
+ $iron *= 1.25;
+ }
+ $iron *= SPEED;
+ return round($iron);
+ }
- } else {
- $enforce['u'.$i]='0';
- }
+ private function getCropProd($fdata, $ocounter, $b4) {
+ global $bid4, $bid8, $bid9;
+ $basecrop = $grainmill = $bakery = 0;
+ $cropholder = array();
+ for ($i = 1; $i <= 38; $i++) {
+ if ($fdata['f'. $i. 't'] == 4) {
+ array_push($cropholder, 'f'. $i);
+ }
+ if ($fdata['f'. $i. 't'] == 8) {
+ $grainmill = $fdata['f'. $i];
+ }
+ if ($fdata['f'. $i. 't'] == 9) {
+ $bakery = $fdata['f'. $i];
+ }
+ }
+ for ($i = 0; $i <= count($cropholder) - 1; $i++) {
+ $basecrop += $bid4[$fdata[$cropholder[$i]]]['prod'];
+ }
+ $crop = $basecrop + $basecrop * 0.25 * $ocounter[3];
+ $jcrop = 0;
+ if ($grainmill >= 1) $jcrop = (isset($bid8[$grainmill]['attri'])? $bid8[$grainmill]['attri'] : 0);
+ if ($bakery >= 1) $jcrop += (isset($bid9[$bakery]['attri'])? $bid9[$bakery]['attri'] : 0);
+ $crop += $basecrop / 100 * $jcrop;
+ if ($b4 > time()) {
+ $crop *= 1.25;
+ }
+ $crop *= SPEED;
+ return round($crop);
+ }
- }
+ function getAllUnits($base, $InVillageOnly = False, $mode = 0) {
+ global $database;
+ $ownunit = $database->getUnit($base);
+ $ownunit['u99'] -= $ownunit['u99'];
+ $ownunit['u99o'] -= $ownunit['u99o'];
+ $enforcementarray = $database->getEnforceVillage($base, 0);
+ if (count($enforcementarray) > 0) {
+ foreach ($enforcementarray as $enforce) {
+ for ($i = 1; $i <= 50; $i++) {
+ $ownunit['u'. $i] += $enforce['u'. $i];
+ }
+ $ownunit['hero'] += $enforce['hero'];
+ }
+ }
+ if ($mode == 0) {
+ $enforceoasis = $database->getOasisEnforce($base, 0);
+ if (count($enforceoasis) > 0) {
+ foreach ($enforceoasis as $enforce) {
+ for ($i = 1; $i <= 50; $i++) {
+ $ownunit['u'. $i] += $enforce['u'. $i];
+ }
+ $ownunit['hero'] += $enforce['hero'];
+ }
+ }
+ $enforceoasis1 = $database->getOasisEnforce($base, 1);
+ if (count($enforceoasis1) > 0) {
+ foreach ($enforceoasis1 as $enforce) {
+ for ($i = 1; $i <= 50; $i++) {
+ $ownunit['u'. $i] += $enforce['u'. $i];
+ }
+ $ownunit['hero'] += $enforce['hero'];
+ }
+ }
- if( intval($enforce['hero']) > 0){
- $q = "SELECT * FROM ".TB_PREFIX."hero WHERE uid = ".(int) $from['owner']." AND dead = 0";
- $result = mysqli_query($database->dblink, $q);
- $hero_f=mysqli_fetch_array($result);
- $hero_unit=$hero_f['unit'];
- $speeds[] = $GLOBALS['u'.$hero_unit]['speed'];
- } else {
- $enforce['hero']='0';
- }
-
- $troopsTime = $this->procDistanceTime($fromCor, $toCor, min($speeds), $enforce['from']);
- $time = $database->getArtifactsValueInfluence($from['owner'], $enforce['from'], 2, $troopsTime);
-
- $reference = $database->addAttack($enforce['from'], $enforce['u' . $start], $enforce['u' . ($start + 1)], $enforce['u' . ($start + 2)], $enforce['u' . ($start + 3)], $enforce['u' . ($start + 4)], $enforce['u' . ($start + 5)], $enforce['u' . ($start + 6)], $enforce['u' . ($start + 7)], $enforce['u' . ($start + 8)], $enforce['u' . ($start + 9)], $enforce['hero'], 2, 0, 0, 0, 0);
- $database->addMovement(4, $wref, $enforce['from'], $reference, time(), ($time + time()));
- $database->deleteReinf($enforce['id']);
- }
- }
+ $prisoners = $database->getPrisoners($base, 1);
+ if (!empty($prisoners)) {
+ foreach ($prisoners as $prisoner) {
+ $owner = $database->getVillageField($base, "owner");
+ $ownertribe = $database->getUserField($owner, "tribe", 0);
+ $start = ($ownertribe - 1) * 10 + 1;
+ $end = ($ownertribe * 10);
+ for ($i = $start; $i <= $end; $i++) {
+ $j = $i - $start + 1;
+ $ownunit['u'. $i] += $prisoner['t'. $j];
+ }
+ $ownunit['hero'] += $prisoner['t11'];
+ }
+ }
+ }
-
- public function calculateProduction($wid, $uid, $b1, $b2, $b3, $b4, $fdata, $ocounter, $pop) {
- global $technology, $database;
-
- $isNatar = $database->getVillageField($wid, "natar");
- $upkeep = $technology->getUpkeep($this->getAllUnits($wid), 0, $wid);
- $production = [];
- $production['wood'] = $this->getWoodProd($fdata, $ocounter,$b1);
- $production['clay'] = $this->getClayProd($fdata, $ocounter,$b2);
- $production['iron'] = $this->getIronProd($fdata, $ocounter,$b3);
- $production['crop'] = $this->getCropProd($fdata, $ocounter,$b4) - (!$isNatar ? $pop : round($pop / 2)) - $upkeep;
- return $production;
- }
-
- private function getWoodProd($fdata,$ocounter,$b1) {
- global $bid1,$bid5;
- $basewood = $sawmill = 0;
- $woodholder = array();
- for($i=1;$i<=38;$i++) {
- if($fdata['f'.$i.'t'] == 1) {
- array_push($woodholder,'f'.$i);
- }
- if($fdata['f'.$i.'t'] == 5) {
- $sawmill = $fdata['f'.$i];
- }
- }
- for($i=0;$i<=count($woodholder)-1;$i++) { $basewood+= $bid1[$fdata[$woodholder[$i]]]['prod']; }
- $wood = $basewood + $basewood * 0.25 * $ocounter[0];
- if($sawmill >= 1) {
- $wood += $basewood / 100 * $bid5[$sawmill]['attri'];
- }
- if($b1 > time()) {
- $wood *= 1.25;
- }
- $wood *= SPEED;
- return round($wood);
- }
-
- private function getClayProd($fdata,$ocounter,$b2) {
- global $bid2,$bid6,$session;
- $baseclay = $clay = $brick = 0;
- $clayholder = array();
- for($i=1;$i<=38;$i++) {
- if($fdata['f'.$i.'t'] == 2) {
- array_push($clayholder,'f'.$i);
- }
- if($fdata['f'.$i.'t'] == 6) {
- $brick = $fdata['f'.$i];
- }
- }
- for($i=0;$i<=count($clayholder)-1;$i++) { $baseclay+= $bid2[$fdata[$clayholder[$i]]]['prod']; }
- $clay = $baseclay + $baseclay * 0.25 * $ocounter[1];
- if($brick >= 1) {
- $clay += $baseclay / 100 * $bid6[$brick]['attri'];
- }
- if($b2 > time()) {
- $clay *= 1.25;
- }
- $clay *= SPEED;
- return round($clay);
- }
-
- private function getIronProd($fdata,$ocounter,$b3) {
- global $bid3,$bid7;
- $baseiron = $foundry = 0;
- $ironholder = array();
- for($i=1;$i<=38;$i++) {
- if($fdata['f'.$i.'t'] == 3) {
- array_push($ironholder,'f'.$i);
- }
- if($fdata['f'.$i.'t'] == 7) {
- $foundry = $fdata['f'.$i];
- }
- }
- for($i=0;$i<=count($ironholder)-1;$i++) { $baseiron+= $bid3[$fdata[$ironholder[$i]]]['prod']; }
- $iron = $baseiron + $baseiron * 0.25 * $ocounter[2];
- if($foundry >= 1) {
- $iron += $baseiron / 100 * $bid7[$foundry]['attri'];
- }
- if($b3 > time()) {
- $iron *= 1.25;
- }
- $iron *= SPEED;
- return round($iron);
- }
-
- private function getCropProd($fdata,$ocounter,$b4) {
- global $bid4,$bid8,$bid9;
- $basecrop = $grainmill = $bakery = 0;
- $cropholder = array();
- for($i=1;$i<=38;$i++) {
- if($fdata['f'.$i.'t'] == 4) {
- array_push($cropholder,'f'.$i);
- }
- if($fdata['f'.$i.'t'] == 8) {
- $grainmill = $fdata['f'.$i];
- }
- if($fdata['f'.$i.'t'] == 9) {
- $bakery = $fdata['f'.$i];
- }
- }
- for($i=0;$i<=count($cropholder)-1;$i++) { $basecrop+= $bid4[$fdata[$cropholder[$i]]]['prod']; }
- $crop = $basecrop + $basecrop * 0.25 * $ocounter[3];
- $jcrop=0;
- if($grainmill >= 1) $jcrop=(isset($bid8[$grainmill]['attri']) ? $bid8[$grainmill]['attri'] : 0);
- if($bakery >= 1) $jcrop+=(isset($bid9[$bakery]['attri']) ? $bid9[$bakery]['attri'] : 0);
- $crop += $basecrop /100 * $jcrop;
- if($b4 > time()) {
- $crop *= 1.25;
- }
- $crop *= SPEED;
- return round($crop);
- }
-
- function getAllUnits($base,$InVillageOnly=False,$mode=0) {
- global $database;
- $ownunit = $database->getUnit($base);
- $ownunit['u99'] -= $ownunit['u99'];
- $ownunit['u99o'] -= $ownunit['u99o'];
- $enforcementarray = $database->getEnforceVillage($base,0);
- if(count($enforcementarray) > 0) {
- foreach($enforcementarray as $enforce) {
- for($i=1;$i<=50;$i++) {
- $ownunit['u'.$i] += $enforce['u'.$i];
- }
- $ownunit['hero'] += $enforce['hero'];
- }
- }
- if ($mode==0) {
- $enforceoasis=$database->getOasisEnforce($base,0);
- if(count($enforceoasis) > 0) {
- foreach($enforceoasis as $enforce) {
- for($i=1;$i<=50;$i++) {
- $ownunit['u'.$i] += $enforce['u'.$i];
- }
- $ownunit['hero'] += $enforce['hero'];
- }
- }
- //$enforcementarray = $database->getEnforceVillage($base,1);
- $enforceoasis1=$database->getOasisEnforce($base,1);
- if(count($enforceoasis1) > 0) {
- foreach($enforceoasis1 as $enforce) {
- for($i=1;$i<=50;$i++) {
- $ownunit['u'.$i] += $enforce['u'.$i];
- }
- $ownunit['hero'] += $enforce['hero'];
- }
- }
-
-
- $prisoners = $database->getPrisoners($base,1);
- if(!empty($prisoners)) {
- foreach($prisoners as $prisoner){
- $owner = $database->getVillageField($base,"owner");
- $ownertribe = $database->getUserField($owner,"tribe",0);
- $start = ($ownertribe-1)*10+1;
- $end = ($ownertribe*10);
- for($i=$start;$i<=$end;$i++) {
- $j = $i-$start+1;
- $ownunit['u'.$i] += $prisoner['t'.$j];
- }
- $ownunit['hero'] += $prisoner['t11'];
- }
- }
- }
-
- if(!$InVillageOnly) {
- $movement = $database->getVillageMovement($base);
- if(!empty($movement)) {
- for($i=1;$i<=50;$i++) {
- if (isset($movement['u'.$i])) {
- $ownunit['u'.$i] += $movement['u'.$i];
- }
- }
- $ownunit['hero'] += $movement['hero'];
- }
- }
- return $ownunit;
- }
+ if (!$InVillageOnly) {
+ $movement = $database->getVillageMovement($base);
+ if (!empty($movement)) {
+ for ($i = 1; $i <= 50; $i++) {
+ if (isset($movement['u'. $i])) {
+ $ownunit['u'. $i] += $movement['u'. $i];
+ }
+ }
+ $ownunit['hero'] += $movement['hero'];
+ }
+ }
+ return $ownunit;
+ }
};
$admin = new adm_DB;
include("function.php");
-?>
+?>
\ No newline at end of file