mirror of
https://github.com/Shadowss/TravianZ.git
synced 2026-06-28 00:24:23 +00:00
fix: sanitization of username in session where used directly in queries
This commit is contained in:
Martin Ambrus
@@ -85,17 +85,18 @@ class Session {
|
||||
$this->logged_in = true;
|
||||
$_SESSION['sessid'] = $generator->generateRandID();
|
||||
$_SESSION['username'] = $user;
|
||||
$user_sanitized = $database->escape($user);
|
||||
$_SESSION['checker'] = $generator->generateRandStr(3);
|
||||
$_SESSION['mchecker'] = $generator->generateRandStr(5);
|
||||
$_SESSION['qst'] = $database->getUserField($_SESSION['username'], "quest", 1);
|
||||
$result = mysqli_query($GLOBALS['link'],"SELECT village_select FROM `". TB_PREFIX."users` WHERE `username`='".$_SESSION['username']."'");
|
||||
$_SESSION['qst'] = $database->getUserField($user_sanitized, "quest", 1);
|
||||
$result = mysqli_query($GLOBALS['link'],"SELECT village_select FROM `". TB_PREFIX."users` WHERE `username`='".$user_sanitized."'");
|
||||
$dbarray = mysqli_fetch_assoc($result);
|
||||
$selected_village=$dbarray['village_select'];
|
||||
if(!isset($_SESSION['wid'])) {
|
||||
if($selected_village!='') {
|
||||
$query = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'vdata` WHERE `wref` = '.$selected_village);
|
||||
}else{
|
||||
$query = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'vdata` WHERE `owner` = ' . $database->getUserField($_SESSION['username'], "id", 1) . ' LIMIT 1');
|
||||
$query = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'vdata` WHERE `owner` = ' . $database->getUserField($user_sanitized, "id", 1) . ' LIMIT 1');
|
||||
}
|
||||
$data = mysqli_fetch_assoc($query);
|
||||
$_SESSION['wid'] = $data['wref'];
|
||||
@@ -104,7 +105,7 @@ class Session {
|
||||
if($selected_village!='') {
|
||||
$query = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'vdata` WHERE `wref` = '.$selected_village);
|
||||
}else{
|
||||
$query = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'vdata` WHERE `owner` = ' . $database->getUserField($_SESSION['username'], "id", 1) . ' LIMIT 1');
|
||||
$query = mysqli_query($GLOBALS['link'],'SELECT * FROM `' . TB_PREFIX . 'vdata` WHERE `owner` = ' . $database->getUserField($user_sanitized, "id", 1) . ' LIMIT 1');
|
||||
}
|
||||
$data = mysqli_fetch_assoc($query);
|
||||
$_SESSION['wid'] = $data['wref'];
|
||||
@@ -112,8 +113,8 @@ class Session {
|
||||
$this->PopulateVar();
|
||||
|
||||
$logging->addLoginLog($this->uid, $_SERVER['REMOTE_ADDR']);
|
||||
$database->addActiveUser($_SESSION['username'], $this->time);
|
||||
$database->updateUserField($_SESSION['username'], "sessid", $_SESSION['sessid'], 0);
|
||||
$database->addActiveUser($user_sanitized, $this->time);
|
||||
$database->updateUserField($user_sanitized, "sessid", $_SESSION['sessid'], 0);
|
||||
|
||||
header("Location: dorf1.php");
|
||||
}
|
||||
|
||||
@@ -19,6 +19,7 @@
|
||||
include("GameEngine/Village.php");
|
||||
include("GameEngine/Data/cp.php");
|
||||
|
||||
$user_sanitized = $database->escape($_SESSION['username']);
|
||||
$uArray = $database->getUserArray($_SESSION['username'],0);
|
||||
$check_quest=$database->getUserField($_SESSION['username'],'quest','username');
|
||||
|
||||
@@ -71,7 +72,7 @@ if (isset($qact)){
|
||||
$_SESSION['qst']= 3;
|
||||
//Give Reward
|
||||
if(!$session->plus){
|
||||
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+86400 where `username`='".$_SESSION['username']."'") or die(mysqli_error($database->dblink));
|
||||
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+86400 where `username`='".$user_sanitized."'") or die(mysqli_error($database->dblink));
|
||||
} else {
|
||||
$plus=$database->getUserField($_SESSION['username'],'plus','username');
|
||||
$plus+=86400;
|
||||
@@ -151,7 +152,7 @@ if (isset($qact)){
|
||||
$_SESSION['qst']= 11;
|
||||
//Give Reward
|
||||
if(!$session->plus){
|
||||
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+172800 where `username`='".$_SESSION['username']."'") or die(mysqli_error($database->dblink));
|
||||
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+172800 where `username`='".$user_sanitized."'") or die(mysqli_error());
|
||||
} else {
|
||||
$plus=$database->getUserField($_SESSION['username'],'plus','username');
|
||||
$plus+=172800;
|
||||
@@ -338,7 +339,7 @@ if (isset($qact)){
|
||||
$_SESSION['qst_time'] = time()+$skipp_time;
|
||||
//Give Reward
|
||||
if(!$session->plus){
|
||||
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+86400 where `username`='".$_SESSION['username']."'") or die(mysqli_error($database->dblink));
|
||||
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+86400 where `username`='".$user_sanitized."'") or die(mysqli_error());
|
||||
} else {
|
||||
$plus=$database->getUserField($_SESSION['username'],'plus','username');
|
||||
$plus+=86400;
|
||||
@@ -401,7 +402,7 @@ if (isset($qact)){
|
||||
$_SESSION['qst']= 97;
|
||||
//Give Reward 20 gold + 2 days plus
|
||||
if(!$session->plus){
|
||||
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+172800 where `username`='".$_SESSION['username']."'") or die(mysqli_error($database->dblink));
|
||||
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+172800 where `username`='".$user_sanitized."'") or die(mysqli_error());
|
||||
} else {
|
||||
$plus=$database->getUserField($_SESSION['username'],'plus','username');
|
||||
$plus+=172800;
|
||||
|
||||
@@ -21,6 +21,7 @@ if (!isset($_SESSION)) {
|
||||
include_once("GameEngine/Village.php");
|
||||
include_once("GameEngine/Data/cp.php");
|
||||
|
||||
$user_sanitized = $database->escape($_SESSION['username']);
|
||||
$uArray = $database->getUserArray($_SESSION['username'],0);
|
||||
$check_quest=$uArray['quest'];
|
||||
$_SESSION['qst_time'] = $uArray['quest_time'];
|
||||
@@ -69,7 +70,7 @@ if (isset($qact)){
|
||||
$_SESSION['qst']= 3;
|
||||
//Give Reward
|
||||
if(!$session->plus){
|
||||
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+86400 where `username`='".$_SESSION['username']."'") or die(mysqli_error($database->dblink));
|
||||
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+86400 where `username`='".$user_sanitized."'") or die(mysqli_error($database->dblink));
|
||||
} else {
|
||||
$plus=$database->getUserField($_SESSION['username'],'plus','username');
|
||||
$plus+=86400;
|
||||
@@ -154,7 +155,7 @@ if (isset($qact)){
|
||||
$_SESSION['qst']= 11;
|
||||
//Give Reward
|
||||
if(!$session->plus){
|
||||
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+172800 where `username`='".$_SESSION['username']."'") or die(mysqli_error($database->dblink));
|
||||
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+172800 where `username`='".$user_sanitized."'") or die(mysqli_error($database->dblink));
|
||||
} else {
|
||||
$plus=$database->getUserField($_SESSION['username'],'plus','username');
|
||||
$plus+=172800;
|
||||
@@ -322,7 +323,7 @@ if (isset($qact)){
|
||||
$_SESSION['qst_time'] = time()+$skipp_time;
|
||||
//Give Reward
|
||||
if(!$session->plus){
|
||||
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+86400 where `username`='".$_SESSION['username']."'") or die(mysqli_error($database->dblink));
|
||||
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+86400 where `username`='".$user_sanitized."'") or die(mysqli_error($database->dblink));
|
||||
} else {
|
||||
$plus=$database->getUserField($_SESSION['username'],'plus',1);
|
||||
$plus+=86400;
|
||||
@@ -385,7 +386,7 @@ if (isset($qact)){
|
||||
$_SESSION['qst']= 97;
|
||||
//Give Reward 20 gold + 2 days plus
|
||||
if(!$session->plus){
|
||||
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+172800 where `username`='".$_SESSION['username']."'") or die(mysqli_error($database->dblink));
|
||||
mysqli_query($GLOBALS['link'],"UPDATE ".TB_PREFIX."users set plus = ('".mktime(date("H"),date("i"), date("s"),date("m") , date("d"), date("Y"))."')+172800 where `username`='".$user_sanitized."'") or die(mysqli_error($database->dblink));
|
||||
} else {
|
||||
$plus=$database->getUserField($_SESSION['username'],'plus',1);
|
||||
$plus+=172800;
|
||||
|
||||
Reference in New Issue
Block a user