fixed a lot reported bugs

ag/ag_popupchat.php

@@ -42,10 +42,11 @@ if(isset($user_ida['nickname'])){
 		db_query('Update anon_chatter set ip = \''.$_SERVER['REMOTE_ADDR'].'\' where ip = \''.$_SESSION['anon_ip'].'\'');
 		$_SESSION['anon_ip'] = $_SERVER['REMOTE_ADDR'];
 	}
-	$usr = mysqli_fetch_assoc(db_query('Select * from anon_chatter where ip = \''.$_SESSION['anon_ip'].'\''));
+	$sql = 'Select * from anon_chatter where ip = \''.$_SESSION['anon_ip'].'\'';
+	$usr = mysqli_fetch_assoc(db_query($sql));
 	while(!$usr){
-		db_query('Insert into anon_chatter(ip, anon_id) values(\''.$_SESSION['anon_ip'].'\', '.mt_random_wrapper(90000,99999).')');
-		$usr = mysqli_fetch_assoc(db_query('Select * from anon_chatter where ip = \''.$_SESSION['anon_ip'].'\''));
+		silent_query('Insert into anon_chatter(ip, anon_id) values(\''.$_SESSION['anon_ip'].'\', '.mt_random_wrapper(90000,99999).')');
+		$usr = mysqli_fetch_assoc(db_query($sql));
 	}
 	$user_ida['id'] = $usr['anon_id'];
 	$user_ida['nickname'] = 'anon_' . $usr['anon_id'];

ag/arena.php

@@ -157,6 +157,7 @@ function displayAusbau2($user, $arena, $arena_name, $steh, $sitz, $loge, $vermoe
 		return;
 	}
 	if($confirm == 1){
+		$gesamtkosten = 0;
 		if($arena['steh'] < $steh){
 			$gesamtkosten += ($steh-$arena['steh'])*12;
 		}

ag/clan/c_ware.php

@@ -13,7 +13,6 @@ include_once (ROOT_PATH . '/include/parse.inc.php');
 include_once (ROOT_PATH . '/include/sqlwrapper.inc.php');
 // GET-Section
 // Kritisch (SQL-Injections)
-$char_id = validateUnsignedInteger($_GET['char_id'], null);
 $c_ware = validateUnsignedInteger($_GET['c_ware'], null);
 
 //Unkritisch
@@ -28,13 +27,6 @@ if($charm == 1) {
 	}
 }
 
-$char = getChar($char_id, false);
-$clan_items = db_query("SELECT ci.name, ci.type, cw.id, 1/(1+exp(3-$char[level]/12)) * nutzung as nutzkosten FROM clan_ware cw LEFT JOIN clan_item ci ON(cw.item_id=ci.id) WHERE cw.clan='$user_ida[clan]'");
-if(!isUserOwnerOf($user_ida['id'], $char_id)){
-	// Legacy (Datei muss ueberarbeitet werden)
-	$char = null;
-}
-
 
 ?>
 <html>

ag/img.php

@@ -14,6 +14,8 @@ include_once(ROOT_PATH.'/include/img.inc.php');
 // Einziger Übergabewert (und der ist auch noch kritisch!!)
 $id = validateString($_GET['id'], null);
 
-displayImage($id, $user_ida);
+if (isset($user_ida['id']) {
+	displayImage($id, $user_ida);
+}
 
 ?>

ag/include/char.inc.php

@@ -185,7 +185,7 @@ function getCharBuffs($items) {
  * */
 function getPicture($char) {
 	$hide = false;
-	if(isset($GLOBALS['user_array'])) {
+	if(isset($GLOBALS['user_array']['id'])) {
 		$data = getUserMetaData($GLOBALS['user_array']['id']);
 		$hide = $data['hide_avatars'] == 1;
 	}

ag/include/usergroup.inc.php

@@ -9,6 +9,7 @@
 include_once (ROOT_PATH . '/include/defines.inc.php');
 include_once(ROOT_PATH.'/include/parse.inc.php');
 include_once(ROOT_PATH.'/include/sqlwrapper.inc.php');
+include_once(ROOT_PATH.'/include/user.inc.php');
 
 //Konstanten
 defineIfNotDefined('ADMIN', 1);
@@ -21,6 +22,21 @@ defineIfNotDefined('AKTIV_LOESCHSCHUTZ', 7);
 defineIfNotDefined('AKTIV_CHAT', 8);
 defineIfNotDefined('MODERATOREN', 9);
 
+
+function getGroupUsers($group) {
+	$user_array = array();
+	if (is_numeric($group)) {
+		$sql = 'SELECT ugz.user_id FROM user_gruppe_zuordnung as ugz
+                                           INNER JOIN user_gruppe as ug ON ugz.gruppen_id=ug.gruppen_id
+                                           WHERE ug.gruppen_id = \''.$group.'\'';
+		$qry = db_query($sql);
+		$row = mysqli_fetch_assoc($qry);
+		$user_array[] = getUser($row['user_id']);
+	}
+
+	return $user_array;
+}
+
 function getUserGroups($user) {
 	$qry = null;
 	$groups = array();
@@ -61,6 +77,11 @@ function isUserInGroup(array $usergrouparray, $group) {
 	return false;
 }
 
+function isUserInGroupSimple($user, $group) {
+	$groupArray = getUserGroups($user);
+	return isUserInGroup($groupArray, $group);
+}
+
 function removeUserFromGroup($user, $group) {
 	if($user !== NULL) {
 		if ($group !== NULL && $group >= 0) {
@@ -84,4 +105,4 @@ function addUserToGroup($user, $group) {
 	}
 	return false;
 }
-?>
+?>

ag/nachricht.php

@@ -12,6 +12,7 @@ include_once(ROOT_PATH.'/include/fehlerausgabe.inc.php');
 include_once(ROOT_PATH.'/include/messagefunctions.inc.php');
 include_once(ROOT_PATH.'/include/designfunctions.inc.php');
 include_once(ROOT_PATH.'/include/fehlerausgabe.inc.php');
+include_once(ROOT_PATH.'/include/usergroup.inc.php');
 
 // GET-Section
 // Kritisch (SQL-Injections)
@@ -170,11 +171,13 @@ function sendMessageForumlar($userid,$username,$besitzer,$betreff,$text){//	if($
 	function check(){
 		val = document.getElementById("user").value.toLowerCase();
 		if(<?php
-			$qry = db_query('SELECT nickname FROM user where gm = \'ja\'');
-			echo 'val == "hecht"';
-			while($row = mysqli_fetch_assoc($qry)){
-				echo ' || val == "'.strtolower($row['nickname']).'"';
-			}
+			$users = array_merge(getGroupUsers(ADMIN), getGroupUsers(ENTWICKLER));
+			// var_dump($users);
+			$conditions = array();
+			foreach( $users as $user ) {
+				$conditions[] = 'val == "'.strtolower($user['nickname']).'"';
+			}
+			echo join(' || ', $conditions);
 		?>){
 			document.getElementById('notify').innerHTML	= "Bugreports, Sittinganfragen und andere Adminangelegenheiten bitte nicht via pn verschicken (auch nicht im Forum)!!";
 		}else{

ag/profil.php

@@ -261,9 +261,12 @@ function display($user, $usergroups){
 			<?php
 }
 
-if($charm == '1'){
-	$user_ida = changeProfil($user_ida, $usergroups, $new_pw, $new_nick, $new_nick2, $alt_pw, $homepage, $icq, $chat, $ads, $acc_delete, $hide_avatars);
+if(isset($user_ida['id'])) {
+	if($charm == '1'){
+		$user_ida = changeProfil($user_ida, $usergroups, $new_pw, $new_nick, $new_nick2, $alt_pw, $homepage, $icq, $chat, $ads, $acc_delete, $hide_avatars);
+	}
 	$usergroups = getUserGroups($user_ida['nickname']);
+	display($user_ida, $usergroups);
 }
-display($user_ida, $usergroups);
+
 ?>