fixed a lot reported bugs

main
hecht 8 years ago
parent 7c34a95ec6
commit 4e41a922e3

@ -42,10 +42,11 @@ if(isset($user_ida['nickname'])){
db_query('Update anon_chatter set ip = \''.$_SERVER['REMOTE_ADDR'].'\' where ip = \''.$_SESSION['anon_ip'].'\''); db_query('Update anon_chatter set ip = \''.$_SERVER['REMOTE_ADDR'].'\' where ip = \''.$_SESSION['anon_ip'].'\'');
$_SESSION['anon_ip'] = $_SERVER['REMOTE_ADDR']; $_SESSION['anon_ip'] = $_SERVER['REMOTE_ADDR'];
} }
$usr = mysqli_fetch_assoc(db_query('Select * from anon_chatter where ip = \''.$_SESSION['anon_ip'].'\'')); $sql = 'Select * from anon_chatter where ip = \''.$_SESSION['anon_ip'].'\'';
$usr = mysqli_fetch_assoc(db_query($sql));
while(!$usr){ while(!$usr){
db_query('Insert into anon_chatter(ip, anon_id) values(\''.$_SESSION['anon_ip'].'\', '.mt_random_wrapper(90000,99999).')'); silent_query('Insert into anon_chatter(ip, anon_id) values(\''.$_SESSION['anon_ip'].'\', '.mt_random_wrapper(90000,99999).')');
$usr = mysqli_fetch_assoc(db_query('Select * from anon_chatter where ip = \''.$_SESSION['anon_ip'].'\'')); $usr = mysqli_fetch_assoc(db_query($sql));
} }
$user_ida['id'] = $usr['anon_id']; $user_ida['id'] = $usr['anon_id'];
$user_ida['nickname'] = 'anon_' . $usr['anon_id']; $user_ida['nickname'] = 'anon_' . $usr['anon_id'];

@ -157,6 +157,7 @@ function displayAusbau2($user, $arena, $arena_name, $steh, $sitz, $loge, $vermoe
return; return;
} }
if($confirm == 1){ if($confirm == 1){
$gesamtkosten = 0;
if($arena['steh'] < $steh){ if($arena['steh'] < $steh){
$gesamtkosten += ($steh-$arena['steh'])*12; $gesamtkosten += ($steh-$arena['steh'])*12;
} }

@ -13,7 +13,6 @@ include_once (ROOT_PATH . '/include/parse.inc.php');
include_once (ROOT_PATH . '/include/sqlwrapper.inc.php'); include_once (ROOT_PATH . '/include/sqlwrapper.inc.php');
// GET-Section // GET-Section
// Kritisch (SQL-Injections) // Kritisch (SQL-Injections)
$char_id = validateUnsignedInteger($_GET['char_id'], null);
$c_ware = validateUnsignedInteger($_GET['c_ware'], null); $c_ware = validateUnsignedInteger($_GET['c_ware'], null);
//Unkritisch //Unkritisch
@ -28,13 +27,6 @@ if($charm == 1) {
} }
} }
$char = getChar($char_id, false);
$clan_items = db_query("SELECT ci.name, ci.type, cw.id, 1/(1+exp(3-$char[level]/12)) * nutzung as nutzkosten FROM clan_ware cw LEFT JOIN clan_item ci ON(cw.item_id=ci.id) WHERE cw.clan='$user_ida[clan]'");
if(!isUserOwnerOf($user_ida['id'], $char_id)){
// Legacy (Datei muss ueberarbeitet werden)
$char = null;
}
?> ?>
<html> <html>

@ -14,6 +14,8 @@ include_once(ROOT_PATH.'/include/img.inc.php');
// Einziger Übergabewert (und der ist auch noch kritisch!!) // Einziger Übergabewert (und der ist auch noch kritisch!!)
$id = validateString($_GET['id'], null); $id = validateString($_GET['id'], null);
displayImage($id, $user_ida); if (isset($user_ida['id']) {
displayImage($id, $user_ida);
}
?> ?>

@ -185,7 +185,7 @@ function getCharBuffs($items) {
* */ * */
function getPicture($char) { function getPicture($char) {
$hide = false; $hide = false;
if(isset($GLOBALS['user_array'])) { if(isset($GLOBALS['user_array']['id'])) {
$data = getUserMetaData($GLOBALS['user_array']['id']); $data = getUserMetaData($GLOBALS['user_array']['id']);
$hide = $data['hide_avatars'] == 1; $hide = $data['hide_avatars'] == 1;
} }

@ -9,6 +9,7 @@
include_once (ROOT_PATH . '/include/defines.inc.php'); include_once (ROOT_PATH . '/include/defines.inc.php');
include_once(ROOT_PATH.'/include/parse.inc.php'); include_once(ROOT_PATH.'/include/parse.inc.php');
include_once(ROOT_PATH.'/include/sqlwrapper.inc.php'); include_once(ROOT_PATH.'/include/sqlwrapper.inc.php');
include_once(ROOT_PATH.'/include/user.inc.php');
//Konstanten //Konstanten
defineIfNotDefined('ADMIN', 1); defineIfNotDefined('ADMIN', 1);
@ -21,6 +22,21 @@ defineIfNotDefined('AKTIV_LOESCHSCHUTZ', 7);
defineIfNotDefined('AKTIV_CHAT', 8); defineIfNotDefined('AKTIV_CHAT', 8);
defineIfNotDefined('MODERATOREN', 9); defineIfNotDefined('MODERATOREN', 9);
function getGroupUsers($group) {
$user_array = array();
if (is_numeric($group)) {
$sql = 'SELECT ugz.user_id FROM user_gruppe_zuordnung as ugz
INNER JOIN user_gruppe as ug ON ugz.gruppen_id=ug.gruppen_id
WHERE ug.gruppen_id = \''.$group.'\'';
$qry = db_query($sql);
$row = mysqli_fetch_assoc($qry);
$user_array[] = getUser($row['user_id']);
}
return $user_array;
}
function getUserGroups($user) { function getUserGroups($user) {
$qry = null; $qry = null;
$groups = array(); $groups = array();
@ -61,6 +77,11 @@ function isUserInGroup(array $usergrouparray, $group) {
return false; return false;
} }
function isUserInGroupSimple($user, $group) {
$groupArray = getUserGroups($user);
return isUserInGroup($groupArray, $group);
}
function removeUserFromGroup($user, $group) { function removeUserFromGroup($user, $group) {
if($user !== NULL) { if($user !== NULL) {
if ($group !== NULL && $group >= 0) { if ($group !== NULL && $group >= 0) {
@ -84,4 +105,4 @@ function addUserToGroup($user, $group) {
} }
return false; return false;
} }
?> ?>

@ -12,6 +12,7 @@ include_once(ROOT_PATH.'/include/fehlerausgabe.inc.php');
include_once(ROOT_PATH.'/include/messagefunctions.inc.php'); include_once(ROOT_PATH.'/include/messagefunctions.inc.php');
include_once(ROOT_PATH.'/include/designfunctions.inc.php'); include_once(ROOT_PATH.'/include/designfunctions.inc.php');
include_once(ROOT_PATH.'/include/fehlerausgabe.inc.php'); include_once(ROOT_PATH.'/include/fehlerausgabe.inc.php');
include_once(ROOT_PATH.'/include/usergroup.inc.php');
// GET-Section // GET-Section
// Kritisch (SQL-Injections) // Kritisch (SQL-Injections)
@ -170,11 +171,13 @@ function sendMessageForumlar($userid,$username,$besitzer,$betreff,$text){// if($
function check(){ function check(){
val = document.getElementById("user").value.toLowerCase(); val = document.getElementById("user").value.toLowerCase();
if(<?php if(<?php
$qry = db_query('SELECT nickname FROM user where gm = \'ja\''); $users = array_merge(getGroupUsers(ADMIN), getGroupUsers(ENTWICKLER));
echo 'val == "hecht"'; // var_dump($users);
while($row = mysqli_fetch_assoc($qry)){ $conditions = array();
echo ' || val == "'.strtolower($row['nickname']).'"'; foreach( $users as $user ) {
} $conditions[] = 'val == "'.strtolower($user['nickname']).'"';
}
echo join(' || ', $conditions);
?>){ ?>){
document.getElementById('notify').innerHTML = "Bugreports, Sittinganfragen und andere Adminangelegenheiten bitte nicht via pn verschicken (auch nicht im Forum)!!"; document.getElementById('notify').innerHTML = "Bugreports, Sittinganfragen und andere Adminangelegenheiten bitte nicht via pn verschicken (auch nicht im Forum)!!";
}else{ }else{

@ -261,9 +261,12 @@ function display($user, $usergroups){
<?php <?php
} }
if($charm == '1'){ if(isset($user_ida['id'])) {
$user_ida = changeProfil($user_ida, $usergroups, $new_pw, $new_nick, $new_nick2, $alt_pw, $homepage, $icq, $chat, $ads, $acc_delete, $hide_avatars); if($charm == '1'){
$user_ida = changeProfil($user_ida, $usergroups, $new_pw, $new_nick, $new_nick2, $alt_pw, $homepage, $icq, $chat, $ads, $acc_delete, $hide_avatars);
}
$usergroups = getUserGroups($user_ida['nickname']); $usergroups = getUserGroups($user_ida['nickname']);
display($user_ida, $usergroups);
} }
display($user_ida, $usergroups);
?> ?>

Loading…
Cancel
Save