From 4849678ab69acc4331fa616a8087ad8237d99cd3 Mon Sep 17 00:00:00 2001 From: hecht Date: Mon, 28 Aug 2017 08:11:01 +0000 Subject: [PATCH] Commit changes applied on live server --- ag/auktion.php | 9 +++++++++ ag/gm/log.php | 1 + ag/inclu/toplists.inc.php | 7 ++++++- ag/include/auktion_functions.inc.php | 2 ++ ag/include/char.inc.php | 2 +- ag/include/cheater.inc.php | 4 ++-- ag/include/erstellfunctions.inc.php | 2 +- ag/include/parse.inc.php | 2 ++ ag/index.php | 3 +++ ag/last_fight2.php | 8 ++++---- ag/markt.php | 7 +++++++ ag/nachricht.php | 4 +++- ag/turnier.php | 2 +- ag/turnier_auswahl.php | 6 +++--- 14 files changed, 45 insertions(+), 14 deletions(-) diff --git a/ag/auktion.php b/ag/auktion.php index a2daf94..9099788 100644 --- a/ag/auktion.php +++ b/ag/auktion.php @@ -53,6 +53,10 @@ function stelleBietenMaskeDar($userid,$auktionsid,$gebot){ } } $auktionsdaten = getEntryInformation($auktionsid); + if ($auktionsdaten === NULL) { + displayErrorMessage(NULL, 'Auktion ist nicht mehr verfügbar!!',displayHistoryBackLink()); + return; + } ?>
@@ -329,6 +333,11 @@ function stelleAuktionsuebersichtDar($userid,$kategorie,$itemnamepart,$entries,$ function zieheAuktionZurueck($userid,$auktionsid,$pay){ $auktionsdaten = getEntryInformation($auktionsid); + if ($auktionsdaten === NULL) { + displayErrorMessage(NULL, 'Auktion ist nicht mehr verfügbar!!',displayHistoryBackLink()); + return; + } + if($pay == NULL || $pay == ''){ // Nix eigentlich!! diff --git a/ag/gm/log.php b/ag/gm/log.php index a1862d2..593ba4c 100644 --- a/ag/gm/log.php +++ b/ag/gm/log.php @@ -17,6 +17,7 @@ include_once('../path.inc.php'); // get the path ;) include_once(ROOT_PATH.'/include/config/db.inc.php'); +include_once(ROOT_PATH.'/include/sqlwrapper.inc.php'); function getChatMessages(){ $result = db_query('SELECT *, Minute(zeit) as m, Hour(zeit) as h, DAY(zeit) as d , MONTH(zeit) as mon FROM ag_chat ORDER BY ID desc'); diff --git a/ag/inclu/toplists.inc.php b/ag/inclu/toplists.inc.php index 5e52673..f379025 100644 --- a/ag/inclu/toplists.inc.php +++ b/ag/inclu/toplists.inc.php @@ -7,11 +7,16 @@ */ include_once(ROOT_PATH.'/include/config/toplists.inc.php'); + +$toplist_string = ''; +if (count($toplist) > 0 ) { + $toplist_string = join('
', $toplist); +} ?>
diff --git a/ag/include/auktion_functions.inc.php b/ag/include/auktion_functions.inc.php index 3086e91..e3cb965 100644 --- a/ag/include/auktion_functions.inc.php +++ b/ag/include/auktion_functions.inc.php @@ -21,6 +21,8 @@ include_once(ROOT_PATH.'/include/config.inc.php'); include_once(ROOT_PATH.'/include/messagefunctions.inc.php'); include_once(ROOT_PATH.'/include/semaphore.inc.php'); +include_once(ROOT_PATH.'/include/fehlerausgabe.inc.php'); + // Funktion um das aktuelle Mindestgebot einer Auktion zu ermitteln! diff --git a/ag/include/char.inc.php b/ag/include/char.inc.php index ed3ed8b..b9c19a5 100644 --- a/ag/include/char.inc.php +++ b/ag/include/char.inc.php @@ -318,7 +318,7 @@ function getAttacksforChar($charid, $mode = 0) { } // First sql to include all currently learnable attacks - $sql = 'SELECT a.name, a.id, a.level, a.geld, if(find_in_set(\'0\', req_atk) = 0, a.req_atk, substr(a.req_atk, 1, locate(\',0\', a.req_atk) - 1)) as req_atk, ifnull(l.benutzt, 0) as benutzt, if(l.benutzt is null,1,0) as unknown from attacken a left join lernen l on a.id = l.at_id AND l.besitzer = '.$char['id']. ' where find_in_set('.$char_race.', a.rassen) <> 0 '.$sql_append1; + $sql = 'SELECT a.name, a.id, a.level, a.geld, if(find_in_set(\'0\', req_atk) = 0, a.req_atk, substr(a.req_atk, 1, locate(\',0\', a.req_atk) - 1)) as req_atk, ifnull(l.benutzt, 0) as benutzt, if(l.benutzt is null,1,0) as unknown from attacken a left join lernen l on a.id = l.at_id AND l.besitzer = '.$char['id']. ' where find_in_set('.$char_race.', a.rassen) <> 0 or l.benutzt is not null '.$sql_append1; // Second sql to include all currently not learnable attacks (due to an other fruit or fusion race) $sql2 = 'SELECT a.name, a.id, a.level, a.geld, if(find_in_set(\'0\', req_atk) = 0, a.req_atk, substr(a.req_atk, 1, locate(\',0\', a.req_atk) - 1)) as req_atk, ifnull(l.benutzt, 0) as benutzt, if(l.benutzt is null,1,0) as unknown from lernen l inner join attacken a on l.at_id = a.id where besitzer = '.$char['id'].' and find_in_set('.$char_race.', a.rassen) = 0 '.$sql_append2; diff --git a/ag/include/cheater.inc.php b/ag/include/cheater.inc.php index af7d6b7..7d07ef5 100644 --- a/ag/include/cheater.inc.php +++ b/ag/include/cheater.inc.php @@ -36,8 +36,8 @@ function detectNonCodeEnterers(){ while($row = mysqli_fetch_assoc($qry)){ $sql = 'Insert into bot_image_failures(userid, inserted, valid, used) values('.$row['userid'].', \'!NOTHING!\', \''.$row['compressed_phrase'].'\', \''.$row['created'].'\')'; // echo $sql.'
'; - db_query($sql); + silent_query($sql); } } -?> \ No newline at end of file +?> diff --git a/ag/include/erstellfunctions.inc.php b/ag/include/erstellfunctions.inc.php index c592bda..83ddfd5 100644 --- a/ag/include/erstellfunctions.inc.php +++ b/ag/include/erstellfunctions.inc.php @@ -107,7 +107,7 @@ function erstelleChar($user, $rassen_id, $newname = '', $picture = '', $lvl = 1, '\'0,'.calculateRequiredExpChars($lvl).'\'' . ')'; //echo $sql.'
'; - $identifier = db_query($sql); + $identifier = silent_query($sql); if($identifier == FALSE){ if(mysqli_fetch_assoc(db_query('Select id from chars where name = \''.$newname.'\''))){ displayErrorMessage(NULL,'Name schon vorhanden!!',displayHistoryBackLink()); diff --git a/ag/include/parse.inc.php b/ag/include/parse.inc.php index 8074523..3a765ef 100644 --- a/ag/include/parse.inc.php +++ b/ag/include/parse.inc.php @@ -306,6 +306,8 @@ function validateStringCritical($value) { if($value == null) { return null; } + if(preg_match('#[\\\'"()\]\[\s]#', $value)) + return ''; $value = validateString($value); return preg_replace('#[()\]\[\s]#', '', $value); } diff --git a/ag/index.php b/ag/index.php index 6c0d358..c28bce5 100644 --- a/ag/index.php +++ b/ag/index.php @@ -83,6 +83,9 @@ if (top != self)
+
+ +
diff --git a/ag/last_fight2.php b/ag/last_fight2.php index 060e0f3..41c48e3 100644 --- a/ag/last_fight2.php +++ b/ag/last_fight2.php @@ -14,7 +14,7 @@ include_once(ROOT_PATH.'/include/parse.inc.php'); // GET-Section // Kritisch (SQL-Injections) -$spleoic = validateString($_GET['spleoic']); +$spleoic = validateStringCritical($_GET['spleoic']); $kampf_id = validateUnsignedInteger($_GET['kampf_id'], null); $art = validateString($_GET['art']); @@ -24,9 +24,9 @@ $art = validateString($_GET['art']); if(!$spleoic) { $spleoic = "top_kampf"; } else { echo "

$back
 
"; -$kampf2 = mysqli_fetch_array(db_query("SELECT id FROM $spleoic ORDER BY id ASC LIMIT 1")); -$kampf1 = mysqli_fetch_array(db_query("SELECT * FROM $spleoic WHERE id='$kampf_id' LIMIT 1")); -$turnier_uids = mysqli_fetch_array(db_query("SELECT id FROM $spleoic WHERE art='$art' ORDER BY id ASC")); +$kampf2 = mysqli_fetch_array(db_query("SELECT id FROM `$spleoic` ORDER BY id ASC LIMIT 1")); +$kampf1 = mysqli_fetch_array(db_query("SELECT * FROM `$spleoic` WHERE id='$kampf_id' LIMIT 1")); +$turnier_uids = mysqli_fetch_array(db_query("SELECT id FROM `$spleoic` WHERE art='$art' ORDER BY id ASC")); diff --git a/ag/markt.php b/ag/markt.php index eed78fa..1445c8f 100644 --- a/ag/markt.php +++ b/ag/markt.php @@ -43,6 +43,13 @@ $oder = validateStringCritical($_GET['oder']); $ords = validateStringCritical($_GET['ords']); $charm = validateString($_GET['charm']); +if( strlen($ords) > 10 ) { + unset($ords); +} +if( strlen($oder) > 10 ) { + unset($oder); +} + // Unkritisch $as = $_GET['as']; diff --git a/ag/nachricht.php b/ag/nachricht.php index bf4f94c..bfecf77 100644 --- a/ag/nachricht.php +++ b/ag/nachricht.php @@ -133,11 +133,13 @@ function displayMessage($userid,$nr){//if($charm == 3) { function deleteMessage($userid,$nachrichten){ - if(isset($nachrichten)){ + if(isset($nachrichten) && count($nachrichten) > 0 ){ $weiter_an = 'weiter...'; // echo implode(',', $nachrichten); db_query('DELETE FROM nachricht WHERE besitzer='.$userid.' AND id IN ('.implode(',',$nachrichten).')'); displayErrorMessage('Änderungen übernommen','Nachrichten Erfolgreich gelöscht',$weiter_an); + } else if(isset($nachrichten) && count($nachrichten) == 0) { + displayErrorMessage(NULL, 'Nachrichten konnten nicht gelöscht werden, da keine ausgewählt wurden.',displayHistoryBackLink()); } else{ displayErrorMessage(NULL, 'Nachrichten konnten nicht gelöscht werden',displayHistoryBackLink()); } diff --git a/ag/turnier.php b/ag/turnier.php index 5d78462..7eaa43c 100644 --- a/ag/turnier.php +++ b/ag/turnier.php @@ -25,7 +25,7 @@ $charm = $_GET['charm']; function anmelden($user, $charid, $art){ // Security - if($art != 'klein' && $art != 'wochen'){ + if($art != 'klein' && $art != 'wochen' && $art != 'wochenst'){ displayErrorMessage(NULL,'Es ist ein Fehler beim Anmelden aufgetreten!!','weiter...'); return; } diff --git a/ag/turnier_auswahl.php b/ag/turnier_auswahl.php index 16e8032..edd0958 100644 --- a/ag/turnier_auswahl.php +++ b/ag/turnier_auswahl.php @@ -27,14 +27,14 @@   - + - + @@ -47,7 +47,7 @@   - +