mirror of
https://github.com/Shadowss/TravianZ.git
synced 2026-06-28 00:24:23 +00:00
Ferywir
108 lines
4.4 KiB
PHP
Executable File
108 lines
4.4 KiB
PHP
Executable File
<?php
|
|
#################################################################################
|
|
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
|
|
## --------------------------------------------------------------------------- ##
|
|
## Filename editUsername.php ##
|
|
## Type BACKEND ##
|
|
## Developed by: aggenkeech ##
|
|
## License: TravianZ Project ##
|
|
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
|
|
## ##
|
|
#################################################################################
|
|
|
|
if (!isset($_SESSION)) {
|
|
session_start();
|
|
}
|
|
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
|
|
die("Access Denied: You are not Admin!");
|
|
}
|
|
|
|
// Issue #139: this Mod is POSTed to directly, so it must verify the CSRF token
|
|
// itself (it does not go through admin.php's central csrf_verify()).
|
|
require_once(__DIR__ . '/../csrf.php');
|
|
csrf_verify();
|
|
|
|
include_once("../../config.php");
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Autoloader path
|
|
// ---------------------------------------------------------------------------
|
|
$autoprefix = '';
|
|
for ($i = 0; $i < 5; $i++) {
|
|
$autoprefix = str_repeat('../', $i);
|
|
if (file_exists($autoprefix . 'autoloader.php')) {
|
|
break;
|
|
}
|
|
}
|
|
|
|
include_once($autoprefix . "GameEngine/Database.php");
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Input
|
|
// ---------------------------------------------------------------------------
|
|
$uid = (int)($_POST['uid'] ?? 0);
|
|
$session = (int)($_POST['admid'] ?? 0);
|
|
$username = trim($_POST['username'] ?? '');
|
|
|
|
if ($uid <= 0 || $session <= 0 || $username === '') {
|
|
header("Location: ../../../Admin/admin.php?p=player&uid=$uid&e=user");
|
|
exit;
|
|
}
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Verificare admin
|
|
// ---------------------------------------------------------------------------
|
|
$admin = $database->getUserArray($session, 1);
|
|
if (!$admin || (int)$admin['access'] !== 9) {
|
|
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
|
|
}
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Validare username
|
|
// ---------------------------------------------------------------------------
|
|
// Mirror the sign-up rule (Account.php, issue #184) so an admin can rename a
|
|
// player to any name registration would accept. The allowed character set
|
|
// depends on USRNM_SPECIAL: when on, letters/digits/.-_ and single internal
|
|
// spaces; when off, ASCII alphanumerics only.
|
|
$usernameSpecial = defined('USRNM_SPECIAL') ? USRNM_SPECIAL : false;
|
|
$minLen = defined('USRNM_MIN_LENGTH') ? USRNM_MIN_LENGTH : 3;
|
|
$maxLen = defined('USRNM_MAX_LENGTH') ? USRNM_MAX_LENGTH : 15;
|
|
$charsOk = $usernameSpecial
|
|
? (bool)preg_match('/^[A-Za-z0-9._-]+(?: [A-Za-z0-9._-]+)*$/D', $username)
|
|
: !preg_match('/[^0-9A-Za-z]/', $username);
|
|
|
|
if (strlen($username) < $minLen || strlen($username) > $maxLen || !$charsOk) {
|
|
header("Location: ../../../Admin/admin.php?p=player&uid=$uid&e=invalid");
|
|
exit;
|
|
}
|
|
|
|
// verificare duplicat
|
|
$check = $database->query("SELECT id FROM " . TB_PREFIX . "users WHERE username = '" . $database->escape($username) . "' AND id != $uid LIMIT 1");
|
|
if (mysqli_num_rows($check) > 0) {
|
|
header("Location: ../../../Admin/admin.php?p=player&uid=$uid&e=taken");
|
|
exit;
|
|
}
|
|
|
|
$usernameEsc = $database->escape($username);
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Update
|
|
// ---------------------------------------------------------------------------
|
|
$database->query("UPDATE " . TB_PREFIX . "users SET username = '$usernameEsc' WHERE id = $uid");
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Log admin
|
|
// ---------------------------------------------------------------------------
|
|
$adminId = (int)$_SESSION['id'];
|
|
$time = time();
|
|
$logText = "Changed username for user $uid to '$usernameEsc'";
|
|
$logEsc = $database->escape($logText);
|
|
|
|
$database->query(
|
|
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
|
|
"VALUES (0, '$adminId', '$logEsc', $time)"
|
|
);
|
|
|
|
header("Location: ../../../Admin/admin.php?p=player&uid=" . $uid . "&name=1");
|
|
exit;
|
|
?>
|