xinyin025/TravianZ
1
0
Fork 0
mirror of https://github.com/Shadowss/TravianZ.git synced 2026-06-28 08:34:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
0737b5879d55dc43ea18da3bae2bcf1f722606f4
TravianZ/GameEngine/Admin/Mods/additional.php
T
Martin Ambrus 606d0a6ad2 fix: DB class not included
2017-10-20 11:04:28 +02:00

53 lines
2.1 KiB
PHP
Executable File
Raw Blame History

<?php
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename cp.php ##
## Developed by: aggenkeech ##
## License: TravianX Project ##
## Copyright: TravianX (c) 2010-2012. All rights reserved. ##
## ##
#################################################################################
include_once("../../config.php");
include_once("../../Database.php");
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
$GLOBALS["link"] = mysqli_connect(SQL_SERVER, SQL_USER, SQL_PASS);
mysqli_select_db($GLOBALS["link"], SQL_DB);
$id = (int) $_POST['id'];
$admid = $_POST['admid'];
//$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$admid."");
//$access = mysqli_fetch_array($sql);
//$sessionaccess = $access['access'];
if (!isset($_SESSION)) {
session_start();
}
if($_SESSION['access'] != ADMIN) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
foreach ($_POST as $key => $value) {
$_POST[$key] = $database->escape($value);
}
$access = (int) $_POST['access'];
$dur = (int) $_POST['protect'] * 86400;
$protection = (time() + $dur);
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET
access = ".$access.",
gold = ".(int) $_POST['gold'].",
sit1 = '".(int) $_POST['sitter1']."',
sit2 = '".(int) $_POST['sitter2']."',
protect = '".$protection."',
cp = ".(int) $_POST['cp'].",
ap = '".(int) $_POST['off']."',
dp = '".(int) $_POST['def']."',
RR = '".(int) $_POST['res']."',
apall = '".(int) $_POST['ooff']."',
dpall = '".(int) $_POST['odef']."'
WHERE id = ".$id."") or die(mysqli_error($database->dblink));
header("Location: ../../../Admin/admin.php?p=player&uid=".$id."");
?>
Reference in New Issue View Git Blame Copy Permalink