xinyin025/TravianZ
1
0
Fork 0
mirror of https://github.com/Shadowss/TravianZ.git synced 2026-06-28 08:34:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
886f421f50960ac69dbd33f4e6909d79df1f3f48
TravianZ/GameEngine/Admin/Mods/addTroops.php
T
Ferywir 8d1a1cab38 fix(admin): verify CSRF token in troop admin Mods [#139] (#258) 
addTroops and addABTroops are POSTed to directly, bypassing admin.php's
central csrf_verify(). Add csrf_verify() (after the admin access check, via
the shared GameEngine/Admin/csrf.php) and csrf_field() in their forms.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-23 08:43:18 +03:00

84 lines
3.3 KiB
PHP
Executable File
Raw Blame History

<?php
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename addTroops.php ##
## Type BACKEND ##
## Developed by: Dzoki & Advocatie ##
## License: TravianZ Project ##
## Reworks by: ronix ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die(defined('ACCESS_DENIED_ADMIN') ? ACCESS_DENIED_ADMIN : 'Access Denied: You are not Admin!');
}
// Issue #139: this Mod is POSTed to directly, so it must verify the CSRF token
// itself (it does not go through admin.php's central csrf_verify()).
require_once(__DIR__ . '/../csrf.php');
csrf_verify();
include_once __DIR__ . "/../../Database.php";
include_once __DIR__ . "/../../Technology.php";
include_once __DIR__ . "/../../Data/unitdata.php";
/* ---------------------------------------------------------------------------
* Input & validare
* --------------------------------------------------------------------------- */
$id = (int)($_POST['id'] ?? 0);
if ($id <= 0) {
header("Location: ../../../Admin/admin.php");
exit;
}
$village = $database->getVillage($id);
$user = $database->getUserArray($village['owner'], 1);
$tribe = (int)$user['tribe'];
$u = ($tribe - 1) * 10;
/* ---------------------------------------------------------------------------
* Construiește SET pentru u1-u10 / u11-u20 etc.
* - originalul concatena escape($_POST + ",") greșit
* - aici cast la int + implode
* --------------------------------------------------------------------------- */
$fields = [];
for ($i = 1; $i <= 10; $i++) {
$unitId = $u + $i;
$val = (int)($_POST['u' . $unitId] ?? 0);
$fields[] = "u$unitId = $val";
}
$q = "UPDATE " . TB_PREFIX . "units SET " . implode(", ", $fields) . " WHERE vref = $id";
$database->query($q);
/* ---------------------------------------------------------------------------
* Log admin - adaptat pentru tabelul tău
* --------------------------------------------------------------------------- */
$adminId = (string)(int)$_SESSION['id'];
$time = time();
// FIX AICI
$villageName = $village['name'] ?? 'Village';
$villageNameSafe = htmlspecialchars($villageName, ENT_QUOTES, 'UTF-8');
$logText = "Changed troop amounts in village <a href='admin.php?p=village&did=$id'>$villageNameSafe</a>";
$adminIdEsc = $database->escape($adminId);
$logEsc = $database->escape($logText);
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminIdEsc', '$logEsc', $time)"
);
$database->addStarvationData($id);
header("Location: ../../../Admin/admin.php?p=village&did=" . $id . "&d");
exit;
?>
Reference in New Issue View Git Blame Copy Permalink