fixed a lot reported bugs

main
hecht 8 years ago
parent 7c34a95ec6
commit 4e41a922e3

@ -42,10 +42,11 @@ if(isset($user_ida['nickname'])){
db_query('Update anon_chatter set ip = \''.$_SERVER['REMOTE_ADDR'].'\' where ip = \''.$_SESSION['anon_ip'].'\'');
$_SESSION['anon_ip'] = $_SERVER['REMOTE_ADDR'];
}
$usr = mysqli_fetch_assoc(db_query('Select * from anon_chatter where ip = \''.$_SESSION['anon_ip'].'\''));
$sql = 'Select * from anon_chatter where ip = \''.$_SESSION['anon_ip'].'\'';
$usr = mysqli_fetch_assoc(db_query($sql));
while(!$usr){
db_query('Insert into anon_chatter(ip, anon_id) values(\''.$_SESSION['anon_ip'].'\', '.mt_random_wrapper(90000,99999).')');
$usr = mysqli_fetch_assoc(db_query('Select * from anon_chatter where ip = \''.$_SESSION['anon_ip'].'\''));
silent_query('Insert into anon_chatter(ip, anon_id) values(\''.$_SESSION['anon_ip'].'\', '.mt_random_wrapper(90000,99999).')');
$usr = mysqli_fetch_assoc(db_query($sql));
}
$user_ida['id'] = $usr['anon_id'];
$user_ida['nickname'] = 'anon_' . $usr['anon_id'];

@ -157,6 +157,7 @@ function displayAusbau2($user, $arena, $arena_name, $steh, $sitz, $loge, $vermoe
return;
}
if($confirm == 1){
$gesamtkosten = 0;
if($arena['steh'] < $steh){
$gesamtkosten += ($steh-$arena['steh'])*12;
}

@ -13,7 +13,6 @@ include_once (ROOT_PATH . '/include/parse.inc.php');
include_once (ROOT_PATH . '/include/sqlwrapper.inc.php');
// GET-Section
// Kritisch (SQL-Injections)
$char_id = validateUnsignedInteger($_GET['char_id'], null);
$c_ware = validateUnsignedInteger($_GET['c_ware'], null);
//Unkritisch
@ -28,13 +27,6 @@ if($charm == 1) {
}
}
$char = getChar($char_id, false);
$clan_items = db_query("SELECT ci.name, ci.type, cw.id, 1/(1+exp(3-$char[level]/12)) * nutzung as nutzkosten FROM clan_ware cw LEFT JOIN clan_item ci ON(cw.item_id=ci.id) WHERE cw.clan='$user_ida[clan]'");
if(!isUserOwnerOf($user_ida['id'], $char_id)){
// Legacy (Datei muss ueberarbeitet werden)
$char = null;
}
?>
<html>

@ -14,6 +14,8 @@ include_once(ROOT_PATH.'/include/img.inc.php');
// Einziger Übergabewert (und der ist auch noch kritisch!!)
$id = validateString($_GET['id'], null);
displayImage($id, $user_ida);
if (isset($user_ida['id']) {
displayImage($id, $user_ida);
}
?>

@ -185,7 +185,7 @@ function getCharBuffs($items) {
* */
function getPicture($char) {
$hide = false;
if(isset($GLOBALS['user_array'])) {
if(isset($GLOBALS['user_array']['id'])) {
$data = getUserMetaData($GLOBALS['user_array']['id']);
$hide = $data['hide_avatars'] == 1;
}

@ -9,6 +9,7 @@
include_once (ROOT_PATH . '/include/defines.inc.php');
include_once(ROOT_PATH.'/include/parse.inc.php');
include_once(ROOT_PATH.'/include/sqlwrapper.inc.php');
include_once(ROOT_PATH.'/include/user.inc.php');
//Konstanten
defineIfNotDefined('ADMIN', 1);
@ -21,6 +22,21 @@ defineIfNotDefined('AKTIV_LOESCHSCHUTZ', 7);
defineIfNotDefined('AKTIV_CHAT', 8);
defineIfNotDefined('MODERATOREN', 9);
function getGroupUsers($group) {
$user_array = array();
if (is_numeric($group)) {
$sql = 'SELECT ugz.user_id FROM user_gruppe_zuordnung as ugz
INNER JOIN user_gruppe as ug ON ugz.gruppen_id=ug.gruppen_id
WHERE ug.gruppen_id = \''.$group.'\'';
$qry = db_query($sql);
$row = mysqli_fetch_assoc($qry);
$user_array[] = getUser($row['user_id']);
}
return $user_array;
}
function getUserGroups($user) {
$qry = null;
$groups = array();
@ -61,6 +77,11 @@ function isUserInGroup(array $usergrouparray, $group) {
return false;
}
function isUserInGroupSimple($user, $group) {
$groupArray = getUserGroups($user);
return isUserInGroup($groupArray, $group);
}
function removeUserFromGroup($user, $group) {
if($user !== NULL) {
if ($group !== NULL && $group >= 0) {

@ -12,6 +12,7 @@ include_once(ROOT_PATH.'/include/fehlerausgabe.inc.php');
include_once(ROOT_PATH.'/include/messagefunctions.inc.php');
include_once(ROOT_PATH.'/include/designfunctions.inc.php');
include_once(ROOT_PATH.'/include/fehlerausgabe.inc.php');
include_once(ROOT_PATH.'/include/usergroup.inc.php');
// GET-Section
// Kritisch (SQL-Injections)
@ -170,11 +171,13 @@ function sendMessageForumlar($userid,$username,$besitzer,$betreff,$text){// if($
function check(){
val = document.getElementById("user").value.toLowerCase();
if(<?php
$qry = db_query('SELECT nickname FROM user where gm = \'ja\'');
echo 'val == "hecht"';
while($row = mysqli_fetch_assoc($qry)){
echo ' || val == "'.strtolower($row['nickname']).'"';
$users = array_merge(getGroupUsers(ADMIN), getGroupUsers(ENTWICKLER));
// var_dump($users);
$conditions = array();
foreach( $users as $user ) {
$conditions[] = 'val == "'.strtolower($user['nickname']).'"';
}
echo join(' || ', $conditions);
?>){
document.getElementById('notify').innerHTML = "Bugreports, Sittinganfragen und andere Adminangelegenheiten bitte nicht via pn verschicken (auch nicht im Forum)!!";
}else{

@ -261,9 +261,12 @@ function display($user, $usergroups){
<?php
}
if($charm == '1'){
$user_ida = changeProfil($user_ida, $usergroups, $new_pw, $new_nick, $new_nick2, $alt_pw, $homepage, $icq, $chat, $ads, $acc_delete, $hide_avatars);
if(isset($user_ida['id'])) {
if($charm == '1'){
$user_ida = changeProfil($user_ida, $usergroups, $new_pw, $new_nick, $new_nick2, $alt_pw, $homepage, $icq, $chat, $ads, $acc_delete, $hide_avatars);
}
$usergroups = getUserGroups($user_ida['nickname']);
display($user_ida, $usergroups);
}
display($user_ida, $usergroups);
?>

Loading…
Cancel
Save