From 651b62686c903cfe023ff561840186fc39b96174 Mon Sep 17 00:00:00 2001
From: Tandloze <blackspider_ot@hotmail.com>
Date: Sat, 15 Aug 2015 23:24:44 +0200
Subject: [PATCH] Fixed some things

Added $config to enable or disable country flags its on false by
default.
Also some advice from Znote for securing integer database values.
Cleanedup some if statements.
---
 characterprofile.php | 68 +++++++++-----------------------------------
 config.php           |  3 ++
 helpdesk.php         |  4 +--
 3 files changed, 18 insertions(+), 57 deletions(-)
diff --git a/characterprofile.php b/characterprofile.php
index 535513b..b57cdab 100644
--- a/characterprofile.php
+++ b/characterprofile.php
@@ -7,7 +7,7 @@ if ($config['log_ip'])
 
 if (isset($_GET['name']) === true && empty($_GET['name']) === false) 
 {
-	$name = $_GET['name'];
+	$name = getValue($_GET['name']);
 	$user_id = user_character_exist($name);
 	
 	if ($user_id !== false) 
@@ -19,7 +19,7 @@ if (isset($_GET['name']) === true && empty($_GET['name']) === false)
 			
 			if ($config['Ach']) 
 			{
-				$achievementPoints = mysql_select_single("SELECT SUM(`value`) AS `sum` FROM `player_storage` WHERE `key` LIKE '30___' AND `player_id`='$user_id'");
+				$achievementPoints = mysql_select_single("SELECT SUM(`value`) AS `sum` FROM `player_storage` WHERE `key` LIKE '30___' AND `player_id`=(int)$user_id");
 			}
 			
 		} 
@@ -47,8 +47,12 @@ if (isset($_GET['name']) === true && empty($_GET['name']) === false)
 		<!-- Profile name -->
 		<h1><font class="profile_font" name="profile_font_header">Profile: <?php echo $profile_data['name']; ?></font></h1>
 			<ul class="unstyled">
-				<!-- Player country data -->
-				<li><font class="profile_font" name="profile_font_country">Country: <?php echo '<img src="\flags\\' . $account_data['flag'] . '.png">'; ?></font></li>
+				<?php 
+				if ($config['country_flags'])
+				{ ?>
+					<!-- Player country data -->
+					<li><font class="profile_font" name="profile_font_country">Country: <?php echo '<img src="\flags\\' . $account_data['flag'] . '.png">'; ?></font></li><?php
+				} ?>
 				
 				<!-- Player male / female -->
 				<li>
@@ -130,7 +134,7 @@ if (isset($_GET['name']) === true && empty($_GET['name']) === false)
 					$townid = ($config['TFSVersion'] === 'TFS_03') ? 'town' : 'town_id';
 					$houses = mysql_select_multi("SELECT `id`, `owner`, `name`, `$townid` AS `town_id` FROM `houses` WHERE `owner` = $user_id;");
 					
-					if ($houses !== false) 
+					if ($houses) 
 					{
 						$playerlist = array();
 						foreach ($houses as $h) 
@@ -144,7 +148,7 @@ if (isset($_GET['name']) === true && empty($_GET['name']) === false)
 							{
 							?>
 								<li>House: <?php echo $h['name']; ?>, <?php 
-									foreach ($config['towns'] as $key=>$value) 
+									foreach ($config['towns'] as $key => $value) 
 									{
 										if ($key == $h['town_id']) 
 										{
@@ -159,8 +163,9 @@ if (isset($_GET['name']) === true && empty($_GET['name']) === false)
 					}
 				}
 				?>
-				
 				<!-- Display house end -->
+				
+				<!-- Display player status -->
 				<li><font class="profile_font" name="profile_font_status">Status:</font> <?php
 				if ($config['TFSVersion'] == 'TFS_10') 
 				{
@@ -175,7 +180,7 @@ if (isset($_GET['name']) === true && empty($_GET['name']) === false)
 				} 
 				else 
 				{
-					if ($profile_data['online'] == 1) 
+					if ($profile_data['online']) 
 					{
 						echo '<font class="profile_font" name="profile_font_online" color="green"><b>ONLINE</b></font>';
 					} 
@@ -186,6 +191,7 @@ if (isset($_GET['name']) === true && empty($_GET['name']) === false)
 				}
 				?>
 				</li>
+				<!-- Display player status end -->
 				
 				<!-- Player created -->
 				<li><font class="profile_font" name="profile_font_created">Created: <?php echo getClock($profile_znote_data['created'], true); ?></font></li>
@@ -203,52 +209,6 @@ if (isset($_GET['name']) === true && empty($_GET['name']) === false)
 				}
 				?>
 				
-				<!-- Character information by Znote -->
-				<table cellspacing="1" cellpadding="4" style="width:540px;">
-					<tr>
-						<td bgcolor="#F1E0C6" align="left" width="20%">
-							<b>Player HP:</b>
-						</td>
-						<td bgcolor="#F1E0C6" align="left">
-							<?php echo $profile_data['health'] . ' / ' . $profile_data['healthmax']; ?>
-							<div style="width: 100%; height: 3px; border: 1px solid #000;">
-								<div style="background: red; width: <?php echo (int)($profile_data['health'] / $profile_data['healthmax'] * 100); ?>%; height: 3px;"></div>
-							</div>
-						</td>
-					</tr>
-					<tr>
-						<td bgcolor="#D4C0A1" align="left">
-							<b>Player MP:</b>
-						</td>
-						<td bgcolor="#D4C0A1" align="left">
-							<?php echo $profile_data['mana'] . ' / ' . $profile_data['manamax']; ?>
-							<div style="width: 100%; height: 3px; border: 1px solid #000;">
-								<div style="background: blue; width: <?php echo (int)($profile_data['mana'] / $profile_data['manamax'] * 100); ?>%; height: 3px;"></div>
-							</div>
-						</td>
-					</tr>
-					<tr>
-						<td bgcolor="#D4C0A1" align="left">
-							<b>Player XP:</b>
-						</td>
-						<td bgcolor="#D4C0A1" align="left">
-							<?php echo number_format($profile_data['experience']); ?> Experience.
-						</td>
-					</tr>
-					<tr>
-						<td bgcolor="#F1E0C6" align="left">
-							<b>To Next Lvl:</b>
-						</td>
-						<td bgcolor="#F1E0C6" align="left">
-							Need <b><?php echo number_format((int)(level_to_experience($profile_data['level'] + 1) - $profile_data['experience'])); ?> experience (<?php echo (100 - (int)max(0, min(100, ($profile_data['experience'] - level_to_experience($profile_data['level'])) / (level_to_experience($profile_data['level'] + 1) - level_to_experience($profile_data['level'])) * 100))); ?>%)</b> to Level <b><?php echo (int)$profile_data['level'] + 1; ?></b>.
-							<div title="99.320604545 %" style="width: 100%; height: 3px; border: 1px solid #000;">
-								<div style="background: red; width: <?php echo (int)max(0, min(100, ($profile_data['experience'] - level_to_experience($profile_data['level'])) / (level_to_experience($profile_data['level'] + 1) - level_to_experience($profile_data['level'])) * 100)); ?>%; height: 3px;"></div>
-							</div>
-						</td>
-					</tr>
-				</table>
-				<!-- END Character information by Znote -->
-				
 				<!-- Achievements start -->
 				<?php if ($config['Ach']) 
 				{ ?>			
diff --git a/config.php b/config.php
index 842930a..a859981 100644
--- a/config.php
+++ b/config.php
@@ -439,6 +439,9 @@
 
 	// Use guild logo system
 	$config['use_guild_logos'] = true;
+	
+	// Use country flags
+	$config['country_flags'] = false;
 
 	// Level requirement to create guild? (Just set it to 1 to allow all levels).
 	$config['create_guild_level'] = 8;
diff --git a/helpdesk.php b/helpdesk.php
index 6580bc3..d177714 100644
--- a/helpdesk.php
+++ b/helpdesk.php
@@ -1,8 +1,6 @@
 <?php
 require_once 'engine/init.php';
-if (user_logged_in() === false) {
-	header('Location: register.php');
-}
+protect_page();
 include 'layout/overall/header.php';
 
 $view = (isset($_GET['view']) && (int)$_GET['view'] > 0) ? (int)$_GET['view'] : false;

- Player HP: -	- - - - -
- Player MP: -	- - - - -
- Player XP: -	- Experience. -
- To Next Lvl: -	- Need experience (%) to Level . - - - -