mirror of
https://github.com/Shadowss/TravianZ.git
synced 2026-07-09 06:06:09 +00:00
Alliance forum fixes part 1
Fixed the majority of security issues: +Fixed a bug that permitted to edit, delete and create a forum in any alliance, without any permissions +Fixed a bug that permitted to edit, create and delete any kind of thread, with any kind of permission +Fixed a bug that permitted to edit, modify and delete every kind of post, without any kind of permission +Fixed a bug that din't permit to create posts and threads +Fixed a bug that permitted to create forum and threads with empty name/topic +Fixed a bug that permitted to move a thread to an invalid forum +Fixed a bug that permitted to create an invalid type of forum +Fixed a bug that didn't permit to move forums, to the top and the bottom of their forum type (in reality, it wasn't even coded) +Added a sorting column for supporting the "move to top/bottom" functionality +Minor improvements and bug fixing/code indentation/removal of redundant code NOTE: For playing this version, you HAVE to add a new column to the table "s1_forum_cat", you can simply do that by running this query (where "s1_" is the prefix of your server): ALTER TABLE s1_forum_cat ADD `sorting` int(11) NOT NULL AFTER `id`
This commit is contained in:
+43
-34
@@ -41,22 +41,23 @@ if (!$autoloader_found) {
|
||||
class Alliance {
|
||||
|
||||
public $gotInvite = false;
|
||||
public $inviteArray = array();
|
||||
public $allianceArray = array();
|
||||
public $userPermArray = array();
|
||||
public $inviteArray = [];
|
||||
public $allianceArray = [];
|
||||
public $userPermArray = [];
|
||||
|
||||
public function procAlliance($get) {
|
||||
global $session, $database;
|
||||
|
||||
if($session->alliance != 0) {
|
||||
if($session->alliance > 0) {
|
||||
$this->allianceArray = $database->getAlliance($session->alliance);
|
||||
// Permissions Array
|
||||
// [id] => id [uid] => uid [alliance] => alliance [opt1] => X [opt2] => X [opt3] => X [opt4] => X [opt5] => X [opt6] => X [opt7] => X [opt8] => X
|
||||
$this->userPermArray = $database->getAlliPermissions($session->uid, $session->alliance);
|
||||
} else {
|
||||
$this->inviteArray = $database->getInvitation($session->uid);
|
||||
$this->gotInvite = count($this->inviteArray) == 0 ? false : true;
|
||||
$this->gotInvite = count($this->inviteArray) > 0;
|
||||
}
|
||||
|
||||
if(isset($get['a'])) {
|
||||
switch($get['a']) {
|
||||
case 2:
|
||||
@@ -65,8 +66,6 @@ class Alliance {
|
||||
case 3:
|
||||
$this->acceptInvite($get);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
if(isset($get['o'])) {
|
||||
@@ -74,20 +73,37 @@ class Alliance {
|
||||
case 4:
|
||||
$this->delInvite($get);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Redirects to the option menu if some errors were generated
|
||||
* Determines if a player can act with the forum (edit/delete/create things, etc.)
|
||||
*
|
||||
* @param array $datas The array which contains: [aid, alliance, forum_perm, admin, owner]
|
||||
* @return bool Returns true if you are able to act, false otherwise
|
||||
*/
|
||||
|
||||
public function redirect()
|
||||
public static function canAct($datas, $mode = 0){
|
||||
global $database, $session;
|
||||
|
||||
return ($database->CheckEditRes($datas['aid']) == 1 && ((($database->isAllianceOwner($session->uid) == $datas['alliance'] ||
|
||||
($datas['forum_perm'] == 1 && $session->alliance == $datas['alliance'])) &&
|
||||
($mode || (isset($datas['admin']) && !empty($datas['admin']) && $datas['admin'] == "switch_admin"))) ||
|
||||
$datas['owner'] == $session->uid));
|
||||
}
|
||||
|
||||
/**
|
||||
* Redirects to the forum selection
|
||||
*
|
||||
* @param array $get Contains the values of a GET request
|
||||
*/
|
||||
|
||||
public function redirect($get)
|
||||
{
|
||||
header("location: allianz.php?s=5");
|
||||
exit;
|
||||
header("Location: allianz.php?s=2".(isset($get['fid']) && !empty($get['fid']) ? "&fid=".$get['fid']."" : "").
|
||||
(isset($get['admin']) && !empty($get['admin']) ? "&admin=switch_admin" : ""));
|
||||
exit;
|
||||
}
|
||||
|
||||
public function procAlliForm($post) {
|
||||
@@ -99,27 +115,20 @@ class Alliance {
|
||||
}
|
||||
|
||||
}
|
||||
if(isset($post['dipl']) && isset($post['a_name'])) {
|
||||
$this->changediplomacy($post);
|
||||
}
|
||||
|
||||
if(isset($post['dipl']) && isset($post['a_name'])) $this->changediplomacy($post);
|
||||
|
||||
if(isset($post['s'])) {
|
||||
if(isset($post['o'])) {
|
||||
switch($post['o']) {
|
||||
case 1:
|
||||
if(isset($_POST['a'])) {
|
||||
$this->changeUserPermissions($post);
|
||||
}
|
||||
if(isset($_POST['a'])) $this->changeUserPermissions($post);
|
||||
break;
|
||||
case 2:
|
||||
if(isset($_POST['a_user'])) {
|
||||
$this->kickAlliUser($post);
|
||||
}
|
||||
if(isset($_POST['a_user'])) $this->kickAlliUser($post);
|
||||
break;
|
||||
case 4:
|
||||
if(isset($_POST['a']) && $_POST['a'] == 4) {
|
||||
$this->sendInvite($post);
|
||||
}
|
||||
if(isset($_POST['a']) && $_POST['a'] == 4) $this->sendInvite($post);
|
||||
break;
|
||||
case 3:
|
||||
$this->updateAlliProfile($post);
|
||||
@@ -446,16 +455,16 @@ class Alliance {
|
||||
public function Vote($post) {
|
||||
global $database, $session;
|
||||
if($session->access != BANNED){
|
||||
if($database->checkSurvey($post['tid']) && !$database->checkVote($post['tid'], $session->uid)){
|
||||
$survey = $database->getSurvey($post['tid']);
|
||||
$text = ''.$survey['voted'].','.$session->uid.',';
|
||||
$database->Vote($post['tid'], $post['vote'], $text);
|
||||
}
|
||||
header("Location: allianz.php?s=2&fid2=".$post['fid2']."&pid=".$post['pid']."&tid=".$post['tid']);
|
||||
exit;
|
||||
if($database->checkSurvey($post['tid']) && !$database->checkVote($post['tid'], $session->uid)){
|
||||
$survey = $database->getSurvey($post['tid']);
|
||||
$text = ''.$survey['voted'].','.$session->uid.',';
|
||||
$database->Vote($post['tid'], $post['vote'], $text);
|
||||
}
|
||||
header("Location: allianz.php?s=2&fid2=".$post['fid2']."&tid=".$post['tid']);
|
||||
exit;
|
||||
}else{
|
||||
header("Location: banned.php");
|
||||
exit;
|
||||
header("Location: banned.php");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
/*****************************************
|
||||
|
||||
+25
-21
@@ -2373,7 +2373,7 @@ class MYSQLi_DB implements IDbConnection {
|
||||
function ForumCat($id) {
|
||||
list($id) = $this->escape_input($id);
|
||||
|
||||
$q = "SELECT * from " . TB_PREFIX . "forum_cat where alliance = '$id' ORDER BY id";
|
||||
$q = "SELECT * from " . TB_PREFIX . "forum_cat where alliance = '$id' ORDER BY sorting DESC, id";
|
||||
$result = mysqli_query($this->dblink,$q);
|
||||
return $this->mysqli_fetch_all($result);
|
||||
}
|
||||
@@ -2413,11 +2413,7 @@ class MYSQLi_DB implements IDbConnection {
|
||||
|
||||
$q = "SELECT Count(*) as Total from " . TB_PREFIX . "forum_topic where cat = $id";
|
||||
$result = mysqli_fetch_array(mysqli_query($this->dblink,$q), MYSQLI_ASSOC);
|
||||
if ($result['Total']) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
return $result['Total'] > 0;
|
||||
}
|
||||
|
||||
// no need to cache this method
|
||||
@@ -2426,11 +2422,7 @@ class MYSQLi_DB implements IDbConnection {
|
||||
|
||||
$q = "SELECT Count(*) as Total from " . TB_PREFIX . "forum_edit where alliance = $alli";
|
||||
$result = mysqli_fetch_array(mysqli_query($this->dblink,$q), MYSQLI_ASSOC);
|
||||
if ($result['Total']) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
return $result['Total'] > 0;
|
||||
}
|
||||
|
||||
// no need to cache this method
|
||||
@@ -2510,6 +2502,18 @@ class MYSQLi_DB implements IDbConnection {
|
||||
}
|
||||
}
|
||||
|
||||
function MoveForum($id, $area, $ally, $mode){
|
||||
list($id, $area, $ally, $mode) = $this->escape_input((int) $id, (int) $area, (int) $ally, $mode);
|
||||
|
||||
$q = "UPDATE
|
||||
".TB_PREFIX."forum_cat
|
||||
SET
|
||||
sorting = (SELECT * FROM(SELECT ".(!$mode ? "MIN" : "MAX")."(sorting) FROM ".TB_PREFIX."forum_cat WHERE forum_area = $area AND alliance = $ally AND id != $id) f) ".(!$mode ? "-" : "+")." 1
|
||||
WHERE
|
||||
id = $id";
|
||||
return mysqli_query($this->dblink, $q);
|
||||
}
|
||||
|
||||
function UpdateEditTopic($id, $title, $cat) {
|
||||
list($id, $title, $cat) = $this->escape_input((int) $id, $title, $cat);
|
||||
|
||||
@@ -2517,17 +2521,17 @@ class MYSQLi_DB implements IDbConnection {
|
||||
return mysqli_query($this->dblink,$q);
|
||||
}
|
||||
|
||||
function UpdateEditForum($id, $name, $des) {
|
||||
list($id, $name, $des) = $this->escape_input((int) $id, $name, $des);
|
||||
function UpdateEditForum($id, $name, $des, $ally) {
|
||||
list($id, $name, $des, $ally) = $this->escape_input((int) $id, $name, $des, (int) $ally);
|
||||
|
||||
$q = "UPDATE " . TB_PREFIX . "forum_cat set forum_name = '$name', forum_des = '$des' where id = $id";
|
||||
$q = "UPDATE " . TB_PREFIX . "forum_cat SET forum_name = '$name', forum_des = '$des' WHERE id = $id AND alliance = $ally";
|
||||
return mysqli_query($this->dblink,$q);
|
||||
}
|
||||
|
||||
function StickTopic($id, $mode) {
|
||||
list($id, $mode) = $this->escape_input((int) $id, $mode);
|
||||
list($id, $mode) = $this->escape_input((int) $id, (int) $mode);
|
||||
|
||||
$q = "UPDATE " . TB_PREFIX . "forum_topic set stick = '$mode' where id = $id";
|
||||
$q = "UPDATE " . TB_PREFIX . "forum_topic SET stick = $mode WHERE id = $id";
|
||||
return mysqli_query($this->dblink,$q);
|
||||
}
|
||||
|
||||
@@ -2579,7 +2583,7 @@ class MYSQLi_DB implements IDbConnection {
|
||||
function CreatForum($owner, $alli, $name, $des, $area) {
|
||||
list($owner, $alli, $name, $des, $area) = $this->escape_input($owner, $alli, $name, $des, $area);
|
||||
|
||||
$q = "INSERT into " . TB_PREFIX . "forum_cat values (0,'$owner','$alli','$name','$des','$area')";
|
||||
$q = "INSERT into " . TB_PREFIX . "forum_cat values (0, 0,'$owner','$alli','$name','$des','$area')";
|
||||
mysqli_query($this->dblink,$q);
|
||||
return mysqli_insert_id($this->dblink);
|
||||
}
|
||||
@@ -2719,7 +2723,8 @@ class MYSQLi_DB implements IDbConnection {
|
||||
list($id, $post, $alliance, $player, $coor, $report) = $this->escape_input((int) $id, $post, (int) $alliance, (int) $player, (int) $coor, (int) $report);
|
||||
|
||||
$q = "UPDATE " . TB_PREFIX . "forum_topic set post = '$post', alliance0 = $alliance, player0 = $player, coor0 = $coor, report0 = $report where id = $id";
|
||||
return mysqli_query($this->dblink,$q);
|
||||
|
||||
return mysqli_query($this->dblink, $q);
|
||||
}
|
||||
|
||||
function EditUpdatePost($id, $post, $alliance, $player, $coor, $report) {
|
||||
@@ -2840,9 +2845,8 @@ class MYSQLi_DB implements IDbConnection {
|
||||
if(mysqli_num_rows($result)) {
|
||||
$result = mysqli_fetch_assoc($result);
|
||||
$result = $result['id'];
|
||||
} else {
|
||||
$result = false;
|
||||
}
|
||||
}
|
||||
else $result = false;
|
||||
|
||||
self::$allianceOwnerCheckCache[$id] = $result;
|
||||
return self::$allianceOwnerCheckCache[$id];
|
||||
|
||||
@@ -88,6 +88,7 @@ define("OFFERED_CONFED_TO","offered a confederation to");
|
||||
define("ALLY_TOO_MUCH_PACTS","Either You cannot offer more pacts of this kind or this alliance has reached the limit for this kind of patcs");
|
||||
define("ALLY_PERMISSIONS_UPDATED","Permissions updated");
|
||||
define("ALLY_FORUM_LINK_UPDATED", "Forum link updated");
|
||||
define("NO_FORUMS_YET","There are no forums yet.");
|
||||
define("ALLY_USER_KICKED"," has been kicked from the alliance");
|
||||
define("NOT_OPENED_YET","Server not started yet.");
|
||||
define("REGISTER_CLOSED","The register is closed. You can't register to this server.");
|
||||
|
||||
Reference in New Issue
Block a user