mirror of
https://github.com/Shadowss/TravianZ.git
synced 2026-06-28 00:24:23 +00:00
Ferywir
45 lines
1.9 KiB
PHP
Executable File
45 lines
1.9 KiB
PHP
Executable File
<?php
|
|
#################################################################################
|
|
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
|
|
## --------------------------------------------------------------------------- ##
|
|
## Filename cp.php ##
|
|
## Developed by: aggenkeech ##
|
|
## License: TravianZ Project ##
|
|
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
|
|
## ##
|
|
#################################################################################
|
|
if (!isset($_SESSION)) session_start();
|
|
if($_SESSION['access'] < 9) die("Access Denied: You are not Admin!");
|
|
|
|
// Issue #139: this Mod is POSTed to directly, so it must verify the CSRF token
|
|
// itself (it does not go through admin.php's central csrf_verify()).
|
|
require_once(__DIR__ . '/../csrf.php');
|
|
csrf_verify();
|
|
|
|
include_once("../../config.php");
|
|
|
|
// go max 5 levels up - we don't have folders that go deeper than that
|
|
$autoprefix = '';
|
|
for ($i = 0; $i < 5; $i++) {
|
|
$autoprefix = str_repeat('../', $i);
|
|
if (file_exists($autoprefix.'autoloader.php')) {
|
|
// we have our path, let's leave
|
|
break;
|
|
}
|
|
}
|
|
|
|
include_once($autoprefix."GameEngine/Database.php");
|
|
|
|
$id = (int) $_POST['id'];
|
|
$admid = (int) $_POST['admid'];
|
|
|
|
$sql = mysqli_query($GLOBALS["link"], "SELECT * FROM ".TB_PREFIX."users WHERE id = ".$admid."");
|
|
$access = mysqli_fetch_array($sql);
|
|
$sessionaccess = $access['access'];
|
|
|
|
if($sessionaccess != 9) die("<h1><font color=\"red\">Access Denied: You are not Admin!</font></h1>");
|
|
|
|
mysqli_query($GLOBALS["link"], "UPDATE ".TB_PREFIX."users SET cp = cp + ".(int) $_POST['cp']." WHERE id = ".$id."");
|
|
|
|
header("Location: ../../../Admin/admin.php?p=player&uid=".$id."");
|
|
?>
|