From 4e41a922e318e08c475355b421e95b85395dc512 Mon Sep 17 00:00:00 2001 From: hecht Date: Wed, 26 Oct 2016 20:56:33 +0000 Subject: [PATCH] fixed a lot reported bugs --- ag/ag_popupchat.php | 7 ++++--- ag/arena.php | 1 + ag/clan/c_ware.php | 8 -------- ag/img.php | 4 +++- ag/include/char.inc.php | 2 +- ag/include/usergroup.inc.php | 23 ++++++++++++++++++++++- ag/nachricht.php | 13 ++++++++----- ag/profil.php | 9 ++++++--- 8 files changed, 45 insertions(+), 22 deletions(-) diff --git a/ag/ag_popupchat.php b/ag/ag_popupchat.php index 5a83355..a46a8a2 100644 --- a/ag/ag_popupchat.php +++ b/ag/ag_popupchat.php @@ -42,10 +42,11 @@ if(isset($user_ida['nickname'])){ db_query('Update anon_chatter set ip = \''.$_SERVER['REMOTE_ADDR'].'\' where ip = \''.$_SESSION['anon_ip'].'\''); $_SESSION['anon_ip'] = $_SERVER['REMOTE_ADDR']; } - $usr = mysqli_fetch_assoc(db_query('Select * from anon_chatter where ip = \''.$_SESSION['anon_ip'].'\'')); + $sql = 'Select * from anon_chatter where ip = \''.$_SESSION['anon_ip'].'\''; + $usr = mysqli_fetch_assoc(db_query($sql)); while(!$usr){ - db_query('Insert into anon_chatter(ip, anon_id) values(\''.$_SESSION['anon_ip'].'\', '.mt_random_wrapper(90000,99999).')'); - $usr = mysqli_fetch_assoc(db_query('Select * from anon_chatter where ip = \''.$_SESSION['anon_ip'].'\'')); + silent_query('Insert into anon_chatter(ip, anon_id) values(\''.$_SESSION['anon_ip'].'\', '.mt_random_wrapper(90000,99999).')'); + $usr = mysqli_fetch_assoc(db_query($sql)); } $user_ida['id'] = $usr['anon_id']; $user_ida['nickname'] = 'anon_' . $usr['anon_id']; diff --git a/ag/arena.php b/ag/arena.php index 1f387d8..8074930 100644 --- a/ag/arena.php +++ b/ag/arena.php @@ -157,6 +157,7 @@ function displayAusbau2($user, $arena, $arena_name, $steh, $sitz, $loge, $vermoe return; } if($confirm == 1){ + $gesamtkosten = 0; if($arena['steh'] < $steh){ $gesamtkosten += ($steh-$arena['steh'])*12; } diff --git a/ag/clan/c_ware.php b/ag/clan/c_ware.php index ddd5169..1ceb571 100644 --- a/ag/clan/c_ware.php +++ b/ag/clan/c_ware.php @@ -13,7 +13,6 @@ include_once (ROOT_PATH . '/include/parse.inc.php'); include_once (ROOT_PATH . '/include/sqlwrapper.inc.php'); // GET-Section // Kritisch (SQL-Injections) -$char_id = validateUnsignedInteger($_GET['char_id'], null); $c_ware = validateUnsignedInteger($_GET['c_ware'], null); //Unkritisch @@ -28,13 +27,6 @@ if($charm == 1) { } } -$char = getChar($char_id, false); -$clan_items = db_query("SELECT ci.name, ci.type, cw.id, 1/(1+exp(3-$char[level]/12)) * nutzung as nutzkosten FROM clan_ware cw LEFT JOIN clan_item ci ON(cw.item_id=ci.id) WHERE cw.clan='$user_ida[clan]'"); -if(!isUserOwnerOf($user_ida['id'], $char_id)){ - // Legacy (Datei muss ueberarbeitet werden) - $char = null; -} - ?> diff --git a/ag/img.php b/ag/img.php index df11891..d2a6e39 100644 --- a/ag/img.php +++ b/ag/img.php @@ -14,6 +14,8 @@ include_once(ROOT_PATH.'/include/img.inc.php'); // Einziger Übergabewert (und der ist auch noch kritisch!!) $id = validateString($_GET['id'], null); -displayImage($id, $user_ida); +if (isset($user_ida['id']) { + displayImage($id, $user_ida); +} ?> diff --git a/ag/include/char.inc.php b/ag/include/char.inc.php index ad8cdf9..ed3ed8b 100644 --- a/ag/include/char.inc.php +++ b/ag/include/char.inc.php @@ -185,7 +185,7 @@ function getCharBuffs($items) { * */ function getPicture($char) { $hide = false; - if(isset($GLOBALS['user_array'])) { + if(isset($GLOBALS['user_array']['id'])) { $data = getUserMetaData($GLOBALS['user_array']['id']); $hide = $data['hide_avatars'] == 1; } diff --git a/ag/include/usergroup.inc.php b/ag/include/usergroup.inc.php index 57951ad..b8033a9 100644 --- a/ag/include/usergroup.inc.php +++ b/ag/include/usergroup.inc.php @@ -9,6 +9,7 @@ include_once (ROOT_PATH . '/include/defines.inc.php'); include_once(ROOT_PATH.'/include/parse.inc.php'); include_once(ROOT_PATH.'/include/sqlwrapper.inc.php'); +include_once(ROOT_PATH.'/include/user.inc.php'); //Konstanten defineIfNotDefined('ADMIN', 1); @@ -21,6 +22,21 @@ defineIfNotDefined('AKTIV_LOESCHSCHUTZ', 7); defineIfNotDefined('AKTIV_CHAT', 8); defineIfNotDefined('MODERATOREN', 9); + +function getGroupUsers($group) { + $user_array = array(); + if (is_numeric($group)) { + $sql = 'SELECT ugz.user_id FROM user_gruppe_zuordnung as ugz + INNER JOIN user_gruppe as ug ON ugz.gruppen_id=ug.gruppen_id + WHERE ug.gruppen_id = \''.$group.'\''; + $qry = db_query($sql); + $row = mysqli_fetch_assoc($qry); + $user_array[] = getUser($row['user_id']); + } + + return $user_array; +} + function getUserGroups($user) { $qry = null; $groups = array(); @@ -61,6 +77,11 @@ function isUserInGroup(array $usergrouparray, $group) { return false; } +function isUserInGroupSimple($user, $group) { + $groupArray = getUserGroups($user); + return isUserInGroup($groupArray, $group); +} + function removeUserFromGroup($user, $group) { if($user !== NULL) { if ($group !== NULL && $group >= 0) { @@ -84,4 +105,4 @@ function addUserToGroup($user, $group) { } return false; } -?> \ No newline at end of file +?> diff --git a/ag/nachricht.php b/ag/nachricht.php index 2a3c4f0..bf4f94c 100644 --- a/ag/nachricht.php +++ b/ag/nachricht.php @@ -12,6 +12,7 @@ include_once(ROOT_PATH.'/include/fehlerausgabe.inc.php'); include_once(ROOT_PATH.'/include/messagefunctions.inc.php'); include_once(ROOT_PATH.'/include/designfunctions.inc.php'); include_once(ROOT_PATH.'/include/fehlerausgabe.inc.php'); +include_once(ROOT_PATH.'/include/usergroup.inc.php'); // GET-Section // Kritisch (SQL-Injections) @@ -170,11 +171,13 @@ function sendMessageForumlar($userid,$username,$besitzer,$betreff,$text){// if($ function check(){ val = document.getElementById("user").value.toLowerCase(); if(){ document.getElementById('notify').innerHTML = "Bugreports, Sittinganfragen und andere Adminangelegenheiten bitte nicht via pn verschicken (auch nicht im Forum)!!"; }else{ diff --git a/ag/profil.php b/ag/profil.php index b2e233e..9f9556c 100644 --- a/ag/profil.php +++ b/ag/profil.php @@ -261,9 +261,12 @@ function display($user, $usergroups){