* forgot to commit twig templates in last commit

* added some validation in guilds actions if guild has been set to prevent php notices
2025-04-26 17:29:21 +02:00 · 2017-11-14 20:27:59 +01:00 · 2017-11-14 20:27:59 +01:00 · 37f792d9ce
commit 37f792d9ce
parent 867c86d702
18 changed files with 203 additions and 171 deletions
--- a/system/pages/guilds/accept_invite.php
+++ b/system/pages/guilds/accept_invite.php
@ -11,14 +11,16 @@
 defined('MYAAC') or die('Direct access not allowed!');

 //set rights in guild
-$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
-$name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : NULL;
+$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
+$name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : null;
 if(!$logged) {
 	$errors[] = 'You are not logged in. You can\'t accept invitations.';
 }
+
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
 }
+
 if(empty($errors)) {
 	$guild = $ots->createObject('Guild');
 	$guild->find($guild_name);
--- a/system/pages/guilds/add_rank.php
+++ b/system/pages/guilds/add_rank.php
@ -10,24 +10,25 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');

-$guild_name = urldecode($_REQUEST['guild']);
-$ranknew = $_REQUEST['rank_name'];
+$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
+$new_rank = isset($_REQUEST['rank_name']) ? $_REQUEST['rank_name'] : null;
 if(!Validator::guildName($guild_name)) {
-	$guild_errors[] = Validator::getLastError();
+	$errors[] = Validator::getLastError();
 }
-if(empty($guild_errors)) {
-	if(!Validator::rankName($ranknew)) {
-		$guild_errors[] = 'Invalid rank name format.';
+
+if(empty($errors)) {
+	if(!Validator::rankName($new_rank)) {
+		$errors[] = 'Invalid rank name format.';
 	}
 	if(!$logged) {
-		$guild_errors[] = 'You are not logged.';
+		$errors[] = 'You are not logged.';
 	}
 	$guild = $ots->createObject('Guild');
 	$guild->find($guild_name);
 	if(!$guild->isLoaded()) {
-		$guild_errors[] = 'Guild with name <b>'.$guild_name.'</b> doesn\'t exist.';
+		$errors[] = 'Guild with name <b>'.$guild_name.'</b> doesn\'t exist.';
 	}
-	if(empty($guild_errors)) {
+	if(empty($errors)) {
 		$guild_leader_char = $guild->getOwner();
 		$rank_list = $guild->getGuildRanksList();
 		$rank_list->orderBy('level', POT::ORDER_DESC);
@ -44,17 +45,17 @@ if(empty($guild_errors)) {
 			$new_rank = new OTS_GuildRank();
 			$new_rank->setGuild($guild);
 			$new_rank->setLevel(1);
-			$new_rank->setName($ranknew);
+			$new_rank->setName($new_rank);
 			$new_rank->save();
 			header("Location: ?subtopic=guilds&guild=".$guild->getName()."&action=manager");
 			echo 'New rank added. Redirecting...';
 		}
 		else {
-			$guild_errors[] = 'You are not a leader of guild!';
+			$errors[] = 'You are not a leader of guild!';
 		}
 	}
-	if(!empty($guild_errors)) {
-		echo $twig->render('error_box.html.twig', array('errors' => $guild_errors));
+	if(!empty($errors)) {
+		echo $twig->render('error_box.html.twig', array('errors' => $errors));
 		
 		echo $twig->render('guilds.back_button.html.twig', array(
 			'new_line' => true,
@ -64,8 +65,8 @@ if(empty($guild_errors)) {
 }
 else
 {
-	if(!empty($guild_errors)) {
-		echo $twig->render('error_box.html.twig', array('errors' => $guild_errors));
+	if(!empty($errors)) {
+		echo $twig->render('error_box.html.twig', array('errors' => $errors));
 		
 		echo $twig->render('guilds.back_button.html.twig', array(
 			'new_line' => true
--- a/system/pages/guilds/change_description.php
+++ b/system/pages/guilds/change_description.php
@ -10,7 +10,7 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');

-$guild_name = urldecode($_REQUEST['guild']);
+$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
 }
--- a/system/pages/guilds/change_logo.php
+++ b/system/pages/guilds/change_logo.php
@ -10,7 +10,7 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');

-$guild_name = urldecode($_REQUEST['guild']);
+$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
 }
--- a/system/pages/guilds/change_motd.php
+++ b/system/pages/guilds/change_motd.php
@ -13,7 +13,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 if(!MOTD_EXISTS)
 	return;

-$guild_name = urldecode($_REQUEST['guild']);
+$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
 }
--- a/system/pages/guilds/change_nick.php
+++ b/system/pages/guilds/change_nick.php
@ -10,10 +10,25 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');

-if($logged)
-{
-	$name = stripslashes($_REQUEST['name']);
-	$new_nick = stripslashes($_REQUEST['nick']);
+if(!$logged) {
+	echo 'You are not logged.';
+	echo $twig->render('guilds.back_button.html.twig');
+	return;
+}
+
+$new_rank = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : null;
+$new_nick = isset($_REQUEST['nick']) ? stripslashes($_REQUEST['nick']) : null;
+
+if(!$new_rank) {
+	echo 'Please enter new rank.';
+	return;
+}
+
+if(!$new_nick) {
+	echo 'Please enter new nick.';
+	return;
+}
+
 $player = new OTS_Player();
 $player->find($name);
 $player_from_account = false;
@ -46,9 +61,6 @@ if($logged)
 }
 else
 	echo 'Too long guild nick. Max. 40 chars, your length: '.strlen($new_nick);
-}
-else
-	echo 'You are not logged.';
-echo '<center><h3><a href="?subtopic=guilds'.$addtolink.'">BACK</a></h3></center>';

+echo $twig->render('guilds.back_button.html.twig');
 ?>
--- a/system/pages/guilds/change_rank.php
+++ b/system/pages/guilds/change_rank.php
@ -10,11 +10,15 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');

-$guild_name = urldecode($_REQUEST['guild']);
+if(!$logged) {
+	$errors[] = 'You are not logged in. You can\'t change rank.';
+}
+else {
+	$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
 	if(!Validator::guildName($guild_name))
 		$errors[] = Validator::getLastError();
-if(!$logged)
-	$errors[] = 'You are not logged in. You can\'t change rank.';
+}
+
 if(empty($errors))
 {
 	$guild = $ots->createObject('Guild');
@ -22,6 +26,7 @@ if(empty($errors))
 	if(!$guild->isLoaded())
 		$errors[] = 'Guild with name <b>' . $guild_name . '</b> doesn\'t exist.';
 }
+
 if(!empty($errors))
 {
 	echo $twig->render('error_box.html.twig', array('errors' => $errors));
@ -136,6 +141,7 @@ if($guild_vice)
 			if(!$player_has_lower_rank)
 				$change_errors[] = 'This player has higher rank in guild than you. You can\'t change his/her rank.';
 		}
+		
 		if(empty($change_errors))
 		{
 			$player_to_change->setRank($rank);
--- a/system/pages/guilds/cleanup_guilds.php
+++ b/system/pages/guilds/cleanup_guilds.php
@ -10,8 +10,13 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');

-if($logged)
+if(!$logged)
 {
+	echo "You are not logged in.";
+	echo $twig->render('guilds.back_button.html.twig');
+	return;
+}
+
 $guilds_list = new OTS_Guilds_List();
 $guilds_list->init();
 if(count($guilds_list) > 0)
@ -57,9 +62,6 @@ if($logged)
 }
 else
 	echo "0 guilds found.";
-}
-else
-	echo "You are not logged in.";

 echo $twig->render('guilds.back_button.html.twig');
 ?>
--- a/system/pages/guilds/cleanup_players.php
+++ b/system/pages/guilds/cleanup_players.php
@ -10,8 +10,13 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');

-if($logged)
+if(!$logged)
 {
+	echo "You are not logged in.";
+	echo $twig->render('guilds.back_button.html.twig');
+	return;
+}
+
 if(admin())
 {
 	$players_list = new OTS_Players_List();
@ -59,9 +64,6 @@ if($logged)
 }
 else
 	echo "0 players found.";
-}
-else
-	echo "You are not logged in.";
 	
 echo $twig->render('guilds.back_button.html.twig');
 ?>
--- a/system/pages/guilds/delete_by_admin.php
+++ b/system/pages/guilds/delete_by_admin.php
@ -10,7 +10,7 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');

-$guild_name = urldecode($_REQUEST['guild']);
+$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
 }
--- a/system/pages/guilds/delete_guild.php
+++ b/system/pages/guilds/delete_guild.php
@ -10,7 +10,7 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');

-$guild_name = urldecode($_REQUEST['guild']);
+$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
 }
--- a/system/pages/guilds/delete_invite.php
+++ b/system/pages/guilds/delete_invite.php
@ -10,23 +10,27 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');

-//set rights in guild
-$guild_name = urldecode($_REQUEST['guild']);
+$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
 $name = stripslashes($_REQUEST['name']);
+
 if(!$logged)
-	$guild_errors[] = 'You are not logged in. You can\'t delete invitations.';
+	$errors[] = 'You are not logged in. You can\'t delete invitations.';
+
 if(!Validator::guildName($guild_name))
-	$guild_errors[] = Validator::getLastError();
+	$errors[] = Validator::getLastError();
+
 if(!Validator::characterName($name))
-	$guild_errors[] = 'Invalid name format.';
-if(empty($guild_errors))
+	$errors[] = 'Invalid name format.';
+
+if(empty($errors))
 {
-	$guild = $ots->createObject('Guild');
+	$guild = new OTS_Guild();
 	$guild->find($guild_name);
 	if(!$guild->isLoaded())
-		$guild_errors[] = 'Guild with name <b>'.$guild_name.'</b> doesn\'t exist.';
+		$errors[] = "Guild with name <b>" . $guild_name . "</b> doesn't exist.";
 }
-if(empty($guild_errors))
+
+if(empty($errors))
 {
 	$rank_list = $guild->getGuildRanksList();
 	$rank_list->orderBy('level', POT::ORDER_DESC);
@ -58,16 +62,17 @@ if(empty($guild_errors))
 		}
 	}
 }
-if(empty($guild_errors))
+if(empty($errors))
 {
 	$player = new OTS_Player();
 	$player->find($name);
 	if(!$player->isLoaded())
-		$guild_errors[] = 'Player with name <b>'.$name.'</b> doesn\'t exist.';
+		$errors[] = 'Player with name <b>' . $name . '</b> doesn\'t exist.';
 }
 if(!$guild_vice)
-	$guild_errors[] = 'You are not a leader or vice leader of guild <b>'.$guild_name.'</b>.';
-if(empty($guild_errors))
+	$errors[] = 'You are not a leader or vice leader of guild <b>' . $guild_name . '</b>.';
+
+if(empty($errors))
 {
 	include(SYSTEM . 'libs/pot/InvitesDriver.php');
 	new InvitesDriver($guild);
@ -79,14 +84,14 @@ if(empty($guild_errors))
 			if($invited->getName() == $player->getName())
 				$is_invited = true;
 		if(!$is_invited)
-			$guild_errors[] = '<b>'.$player->getName().'</b> isn\'t invited to your guild.';
+			$errors[] = '<b>'.$player->getName().'</b> isn\'t invited to your guild.';
 	}
 	else
-		$guild_errors[] = 'No one is invited to your guild.';
+		$errors[] = 'No one is invited to your guild.';
 }
-if(!empty($guild_errors))
+if(!empty($errors))
 {
-	echo $twig->render('error_box.html.twig', array('errors' => $guild_errors));
+	echo $twig->render('error_box.html.twig', array('errors' => $errors));
 	
 	echo $twig->render('guilds.back_button.html.twig', array('action' => '?subtopic=guilds&action=show&guild=' . $guild_name));
 }
--- a/system/pages/guilds/delete_rank.php
+++ b/system/pages/guilds/delete_rank.php
@ -10,8 +10,9 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');

-$guild_name = urldecode($_REQUEST['guild']);
-$rank_to_delete = (int) $_REQUEST['rankid'];
+$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
+$rank_to_delete = isset($_REQUEST['rankid']) ? (int) $_REQUEST['rankid'] : null;
+
 if(!Validator::guildName($guild_name)) {
 	$guild_errors[] = Validator::getLastError();
 }
--- a/system/pages/guilds/kick_player.php
+++ b/system/pages/guilds/kick_player.php
@ -11,8 +11,9 @@
 defined('MYAAC') or die('Direct access not allowed!');

 //set rights in guild
-$guild_name = urldecode($_REQUEST['guild']);
-$name = stripslashes($_REQUEST['name']);
+$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
+$name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : null;
+
 if(!$logged) {
 	$errors[] = 'You are not logged in. You can\'t kick characters.';
 }
--- a/system/pages/guilds/manager.php
+++ b/system/pages/guilds/manager.php
@ -10,20 +10,20 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');

-$guild_name = urldecode($_REQUEST['guild']);
+$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
 if(!Validator::guildName($guild_name)) {
-	$guild_errors[] = Validator::getLastError();
+	$errors[] = Validator::getLastError();
 }

-if(empty($guild_errors)) {
+if(empty($errors)) {
 	$guild = new OTS_Guild();
 	$guild->find($guild_name);
 	if(!$guild->isLoaded()) {
-		$guild_errors[] = 'Guild with name <b>'.$guild_name.'</b> doesn\'t exist.';
+		$errors[] = 'Guild with name <b>'.$guild_name.'</b> doesn\'t exist.';
 	}
 }

-if(empty($guild_errors)) {
+if(empty($errors)) {
 	if($logged) {
 		$guild_leader_char = $guild->getOwner();
 		$rank_list = $guild->getGuildRanksList();
@ -45,16 +45,16 @@ if(empty($guild_errors)) {
 		}
 		else
 		{
-			$guild_errors[] = 'You are not a leader of guild!';
+			$errors[] = 'You are not a leader of guild!';
 		}
 	}
 	else
 	{
-		$guild_errors[] = 'You are not logged. You can\'t manage guild.';
+		$errors[] = 'You are not logged. You can\'t manage guild.';
 	}
 }
-if(!empty($guild_errors)) {
-	echo $twig->render('error_box.html.twig', array('errors' => $guild_errors));
+if(!empty($errors)) {
+	echo $twig->render('error_box.html.twig', array('errors' => $errors));
 }

 ?>
--- a/system/templates/account.management.html.twig
+++ b/system/templates/account.management.html.twig
@ -150,7 +150,7 @@
 			{% for player in players %}
 				{% set i = i + 1 %}
 				<tr bgcolor="{{ getStyle(i) }}">
-					<td><a href="{{ getLink('characters/' ~ player.getName()|url_encode) }}">{{ player.getName() }}</a></td><td>{{ player.getLevel() }}</td><td>{{ config.vocations[player.getVocation()] }}</td><td>{{ config.towns[player.getTownId()] }}</td><td>{% if player.getLastLogin() > 0 %}{{ player.getLastLogin|date('d F Y (H:i)') }}{% else %}Never.{% endif %}</td><td>{%  if player.isOnline() %}<font color="green">ONLINE</font>{% else %}<font color="red">Offline</font>{% endif %}</td><td>{% if player.isHidden() %}Hidden{% else %}Visible{% endif %}</td><td>[<a href="{{ getLink('account/character/comment/' ~ player.getName|url_encode) }}" >Edit</a>]</td>
+					<td><a href="{{ getLink('characters/' ~ player.getName()|urlencode) }}">{{ player.getName() }}</a></td><td>{{ player.getLevel() }}</td><td>{{ config.vocations[player.getVocation()] }}</td><td>{{ config.towns[player.getTownId()] }}</td><td>{% if player.getLastLogin() > 0 %}{{ player.getLastLogin|date('d F Y (H:i)') }}{% else %}Never.{% endif %}</td><td>{%  if player.isOnline() %}<font color="green">ONLINE</font>{% else %}<font color="red">Offline</font>{% endif %}</td><td>{% if player.isHidden() %}Hidden{% else %}Visible{% endif %}</td><td>[<a href="{{ getLink('account/character/comment/' ~ player.getName|urlencode) }}" >Edit</a>]</td>
 				</tr>
 			{% endfor %}
 		</table>
--- a/system/templates/spells.html.twig
+++ b/system/templates/spells.html.twig
@ -35,25 +35,25 @@
 <table border="0" cellspacing="1" cellpadding="4" width="100%">
 	<tr bgcolor="{{ config.vdarkborder }}">
 		<td class="white">
-			<b><a href="{{ getLink('spells') ~ '/' ~ post_vocation|url_encode ~ '/spell' }}"><font class="white">Name</font></a></b>
+			<b><a href="{{ getLink('spells') ~ '/' ~ post_vocation|urlencode ~ '/spell' }}"><font class="white">Name</font></a></b>
 		</td>
 		<td class="white">
-			<b><a href="{{ getLink('spells') ~ '/' ~ post_vocation|url_encode ~ '/words' }}"><font class="white">Words</font></a></b>
+			<b><a href="{{ getLink('spells') ~ '/' ~ post_vocation|urlencode ~ '/words' }}"><font class="white">Words</font></a></b>
 		</td>
 		<td class="white">
-			<b><a href="{{ getLink('spells') ~ '/' ~ post_vocation|url_encode ~ '/type' }}"><font class="white">Type<br/>(count)</font></a></b>
+			<b><a href="{{ getLink('spells') ~ '/' ~ post_vocation|urlencode ~ '/type' }}"><font class="white">Type<br/>(count)</font></a></b>
 		</td>
 		<td class="white">
-			<b><a href="{{ getLink('spells') ~ '/' ~ post_vocation|url_encode ~ '/mana' }}"><font class="white">Mana</font></a></b>
+			<b><a href="{{ getLink('spells') ~ '/' ~ post_vocation|urlencode ~ '/mana' }}"><font class="white">Mana</font></a></b>
 		</td>
 		<td class="white">
-			<b><a href="{{ getLink('spells') ~ '/' ~ post_vocation|url_encode ~ '/level' }}"><font class="white">Level</font></a></b>
+			<b><a href="{{ getLink('spells') ~ '/' ~ post_vocation|urlencode ~ '/level' }}"><font class="white">Level</font></a></b>
 		</td>
 		<td class="white">
-			<b><a href="{{ getLink('spells') ~ '/' ~ post_vocation|url_encode ~ '/maglevel' }}"><font class="white">Magic<br/>Level</font></a></b>
+			<b><a href="{{ getLink('spells') ~ '/' ~ post_vocation|urlencode ~ '/maglevel' }}"><font class="white">Magic<br/>Level</font></a></b>
 		</td>
 		<td class="white">
-			<b><a href="{{ getLink('spells') ~ '/' ~ post_vocation|url_encode ~ '/soul' }}"><font class="white">Soul</font></a></b>
+			<b><a href="{{ getLink('spells') ~ '/' ~ post_vocation|urlencode ~ '/soul' }}"><font class="white">Soul</font></a></b>
 		</td>
 		<td class="white">
 			<b>Premium</b>
--- a/templates/tibiacom/account.management.html.twig
+++ b/templates/tibiacom/account.management.html.twig
@ -440,7 +440,7 @@
 												{% else %}
 												<td><font color="red"><b>Offline</b></font></td>
 												{% endif %}
-												<td>[<a href="{{ getLink('account/character/comment/' ~ player.getName|url_encode) }}" >Edit</a>]</td>
+												<td>[<a href="{{ getLink('account/character/comment/' ~ player.getName|urlencode) }}" >Edit</a>]</td>
 											</tr>
 											{% endfor %}
 										</table>