mirror of
https://github.com/Shadowss/TravianZ.git
synced 2026-07-11 23:26:08 +00:00
55e6dd60b5
1. Fix a bug in Admin Panel that you can edit by yourself your rank, now you cannot edit your rank anymore. 2. Now Alliance Leader can edit his own Position 3. Fix negative value on Demolition Building, now in database at lvl is appear new level not -1 4. Refactor Ajax map, now all is alligned (Ajax folder and Map folder) 5. Fix bug from Palace (when change capital now Automation recount population automaticaly on old capital and new capital)
154 lines
4.9 KiB
Smarty
154 lines
4.9 KiB
Smarty
<?php
|
|
#################################################################################
|
|
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
|
|
## --------------------------------------------------------------------------- ##
|
|
## Project: TravianZ (Refactor incremental) ##
|
|
## File: changepos.tpl ##
|
|
## Description: Alliance member permissions ##
|
|
## Improvements: ##
|
|
## - Fixed PHP 5.3 compatibility (no [] arrays) ##
|
|
## - Removed invalid array syntax ##
|
|
## - Input validation & casting ##
|
|
## - XSS protection ##
|
|
## - Cleaner checkbox rendering ##
|
|
## - Allow leader to edit own rank only ##
|
|
#################################################################################
|
|
|
|
// secure input
|
|
$aUser = isset($_POST['a_user'])? (int)$_POST['a_user'] : 0;
|
|
|
|
// fallback alliance id
|
|
if (!isset($aid)) {
|
|
$aid = $session->alliance;
|
|
}
|
|
|
|
// load data
|
|
$playerData = $database->getAlliPermissions($aUser, $aid);
|
|
$playername = $database->getUserField($aUser, 'username', 0);
|
|
$allianceinfo = $database->getAlliance($aid);
|
|
|
|
// status checks
|
|
$isLeader = $database->isAllianceOwner($session->uid);
|
|
$isSelfEdit = ($aUser == $session->uid);
|
|
$isTargetLeader = $database->isAllianceOwner($aUser);
|
|
$allowOnlyRank = ($isLeader && $isSelfEdit); // liderul se editeaza pe sine
|
|
|
|
// Permission map - definit aici ca sa-l folosim si pentru hidden inputs
|
|
$map = array(
|
|
array('e1','opt1','Assign to position'),
|
|
array('e2','opt2','Kick player'),
|
|
array('e3','opt3','Change alliance description'),
|
|
array('e6','opt6','Alliance diplomacy'),
|
|
array('e7','opt7','IGMs to every alliance member'),
|
|
array('e4','opt4','Invite a player into the alliance'),
|
|
array('e5','opt5','Manage forums')
|
|
);
|
|
|
|
// validation checks
|
|
if ($database->getUserField($aUser, "alliance", 0)!= $session->alliance) {
|
|
$form->addError("perm", USER_NOT_IN_YOUR_ALLY);
|
|
|
|
} elseif ($isSelfEdit &&!$isLeader) {
|
|
// membrii normali nu au voie sa-si editeze singuri permisiunile
|
|
$form->addError("perm", CANT_EDIT_YOUR_PERMISSIONS);
|
|
|
|
} elseif ($isTargetLeader &&!$isSelfEdit) {
|
|
// nu poti edita un alt lider
|
|
$form->addError("perm", CANT_EDIT_LEADER_PERMISSIONS);
|
|
}
|
|
|
|
// error handling redirect
|
|
if ($form->returnErrors() > 0) {
|
|
$_SESSION['errorarray'] = $form->getErrors();
|
|
$_SESSION['valuearray'] = $_POST;
|
|
|
|
header("Location: allianz.php?s=5");
|
|
exit;
|
|
}
|
|
|
|
// header
|
|
echo "<h1>". htmlspecialchars($allianceinfo['tag'], ENT_QUOTES, 'UTF-8').
|
|
" - ".
|
|
htmlspecialchars($allianceinfo['name'], ENT_QUOTES, 'UTF-8').
|
|
"</h1>";
|
|
|
|
include("alli_menu.tpl");
|
|
?>
|
|
|
|
<form method="post" action="allianz.php">
|
|
|
|
<table cellpadding="1" cellspacing="1" id="position" class="small_option">
|
|
<thead>
|
|
<tr>
|
|
<th colspan="2">Assign to position</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<th>Name:</th>
|
|
<td><?php echo htmlspecialchars($playername, ENT_QUOTES, 'UTF-8');?></td>
|
|
</tr>
|
|
<tr>
|
|
<th>Position:</th>
|
|
<td>
|
|
<input class="name text"
|
|
type="text"
|
|
name="a_titel"
|
|
value="<?php echo htmlspecialchars($playerData['rank'], ENT_QUOTES, 'UTF-8');?>"
|
|
maxlength="50" />
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
|
|
<?php if (!$allowOnlyRank) {?>
|
|
<!-- RIGHTS TABLE - afisat normal pentru toti ceilalti -->
|
|
<table cellpadding="1" cellspacing="1" id="rights" class="small_option">
|
|
<thead>
|
|
<tr>
|
|
<th colspan="2">Assign rights</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<?php
|
|
foreach ($map as $r) {
|
|
$field = $r[0];
|
|
$opt = $r[1];
|
|
$label = $r[2];
|
|
$checked =!empty($playerData[$opt])? 'checked="checked"' : '';
|
|
echo "<tr>
|
|
<td class=\"sel\">
|
|
<input class=\"check\" type=\"checkbox\" name=\"$field\" value=\"1\" $checked>
|
|
</td>
|
|
<td>$label</td>
|
|
</tr>";
|
|
}
|
|
?>
|
|
</tbody>
|
|
</table>
|
|
<?php } else {?>
|
|
<!-- Liderul isi editeaza doar rank-ul -->
|
|
<p style="margin:10px 0;color:#666;">As a leader, you can only change your title. Your rights remain at their maximum.</p>
|
|
<?php
|
|
// pastram drepturile ca hidden ca allianz.php sa nu le reseteze la 0
|
|
foreach ($map as $r) {
|
|
$field = $r[0];
|
|
$opt = $r[1];
|
|
$val =!empty($playerData[$opt])? 1 : 0;
|
|
echo '<input type="hidden" name="'.$field.'" value="'.$val.'">'."\n";
|
|
}
|
|
?>
|
|
<?php }?>
|
|
|
|
<!-- SUBMIT -->
|
|
<p>
|
|
<input type="hidden" name="a" value="1">
|
|
<input type="hidden" name="o" value="1">
|
|
<input type="hidden" name="s" value="5">
|
|
<input type="hidden" name="a_user" value="<?php echo $aUser;?>">
|
|
|
|
<input type="image" value="ok" name="s1" id="btn_ok"
|
|
class="dynamic_img" src="img/x.gif" alt="OK" />
|
|
</p>
|
|
|
|
</form> |