Issue #299: posting to an admin Mod (eg editBuildings.php) could show an
essentially blank page. The admin panel and the game share the same PHP
session, so a game logout (session_destroy) — or a mobile browser dropping the
session cookie / serving a cached form with a stale token — wipes the admin
session. The Mod then stopped on a bare die('<h1>Access Denied</h1>') (or the
403 die() in csrf_verify()), which renders as a blank/broken page outside the
panel.
Add a shared admin_deny() helper in GameEngine/Admin/csrf.php that renders a
clean, self-contained, styled error page (with a "Return to Admin Panel" link)
and a no-store header, then exits. Wire it into csrf_verify() and replace every
bare "Access Denied" die() across the 42 admin Mods. Each Mod now loads
csrf.php at the top so admin_deny() is available before its first access check.
This is the presentation fix Shadow asked for ("we must receive an error not
blank page"). The deeper root cause (admin and game sharing one PHP session) is
left for a follow-up: giving the admin panel its own session cookie name.
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
+Added the "Artifacts" section in the Admin Panel, which contains two
options: return a deleted artifact to the Natars and create new
Artifacts, assigned to a specified player
+Return to Natars coded, in the village section of the Admin Panel
+Moved a lot of functions and costants from Automation.php to the "new"
class Artifacts.php
+Optimized a lot the whole Natars creation process, decreased the number
of query of about 600
+Optimized a lot the function which deletes a player's account, it's now
executed almost instantly, even with players with a lot of villages
+Redesigned the map spawn system, using a more Travian-like village
distribution
+Fixed a bug that did show a broken village in the artifact chronology,
if that village was destroyed
+Reduced the amount of redundant code (about 230 lines) for
27_1.tpl/27_2.tpl and 27_3.tpl
+Fixed a bug that permitted to build the Great Granary and the Great
Warehouse in the whole account, with only a village effect artifact
+Fixed a bug in the Admin Panel map that didn't permit to show village
informations, if that village contained single quotes in its name
Some installations seem to support localhost:port for 1st parameter of
mysqli_connect(), others will only support the official parameters with
port towards the end. This fix tries them both - first the official one,
then the localhost:port one.
Also, there were a lot of mysqli_connect()'s inside Admin mods. These
now also use the central Database class.
novgorodschi catalin