diff --git a/system/pages/forum/admin.php b/system/pages/forum/admin.php index 1260cfb2..73be2dc2 100644 --- a/system/pages/forum/admin.php +++ b/system/pages/forum/admin.php @@ -64,7 +64,7 @@ if(!empty($action)) { else if($action == 'delete_board') { Forum::delete_board($id, $errors); header('Location: ' . getLink('forum')); - $action = ''; + exit; } else if($action == 'edit_board') { @@ -78,28 +78,27 @@ if(!empty($action)) { else { Forum::update_board($id, $name, $access, $guild, $description); header('Location: ' . getLink('forum')); - $action = $name = $description = ''; - $access = $guild = 0; + exit; } } else if($action == 'hide_board') { Forum::toggleHide_board($id, $errors); header('Location: ' . getLink('forum')); - $action = ''; + exit; } else if($action == 'moveup_board') { Forum::move_board($id, -1, $errors); header('Location: ' . getLink('forum')); - $action = ''; + exit; } else if($action == 'movedown_board') { Forum::move_board($id, 1, $errors); header('Location: ' . getLink('forum')); - $action = ''; + exit; } if(!empty($errors)) { - $twig->display('error_box.html.twig', array('errors' => $errors)); + $twig->display('error_box.html.twig', ['errors' => $errors]); $action = ''; } } diff --git a/system/pages/forum/edit_post.php b/system/pages/forum/edit_post.php index d795aa99..b9f2890d 100644 --- a/system/pages/forum/edit_post.php +++ b/system/pages/forum/edit_post.php @@ -18,15 +18,14 @@ if ($ret === false) { return; } -csrfProtect(); - if(!$logged) { echo 'You are not logged in. Log in to post on the forum.

'; return; } -if(Forum::canPost($account_logged)) -{ +csrfProtect(); + +if(Forum::canPost($account_logged)) { $post_id = isset($_REQUEST['id']) ? (int) $_REQUEST['id'] : false; if(!$post_id) { $errors[] = 'Please enter post id.'; @@ -43,12 +42,12 @@ if(Forum::canPost($account_logged)) $char_id = $post_topic = $text = $smile = $html = null; $players_from_account = $db->query("SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = ".(int) $account_logged->getId())->fetchAll(); $saved = false; - if(isset($_REQUEST['save'])) { - $text = stripslashes(trim($_REQUEST['text'])); - $char_id = (int) $_REQUEST['char_id']; - $post_topic = stripslashes(trim($_REQUEST['topic'])); - $smile = isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0; - $html = isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0; + if(isset($_POST['save'])) { + $text = stripslashes(trim($_POST['text'])); + $char_id = (int) $_POST['char_id']; + $post_topic = stripslashes(trim($_POST['topic'])); + $smile = isset($_POST['smile']) ? (int)$_POST['smile'] : 0; + $html = isset($_POST['html']) ? (int)$_POST['html'] : 0; if (!superAdmin()) { $html = 0; diff --git a/system/pages/forum/move_thread.php b/system/pages/forum/move_thread.php index 7200fffb..aa101b08 100644 --- a/system/pages/forum/move_thread.php +++ b/system/pages/forum/move_thread.php @@ -18,22 +18,22 @@ if ($ret === false) { return; } -csrfProtect(); - if(!$logged) { echo 'You are not logged in. Log in to post on the forum.

'; return; } +csrfProtect(); + if(!Forum::isModerator()) { echo 'You are not logged in or you are not moderator.'; return; } -$save = isset($_REQUEST['save']) && (int)$_REQUEST['save'] == 1; +$save = isset($_POST['save']) && (int)$_POST['save'] == 1; if($save) { - $post_id = (int)$_REQUEST['id']; - $board = (int)$_REQUEST['section']; + $post_id = (int)$_POST['id']; + $board = (int)$_POST['section']; if(!Forum::hasAccess($board)) { $errors[] = "You don't have access to this board."; displayErrorBoxWithBackButton($errors, getLink('forum')); diff --git a/system/pages/forum/new_post.php b/system/pages/forum/new_post.php index 6e373945..71bc3417 100644 --- a/system/pages/forum/new_post.php +++ b/system/pages/forum/new_post.php @@ -45,11 +45,11 @@ if(Forum::canPost($account_logged)) { echo 'Boards >> '.$sections[$thread['section']]['name'].' >> '.htmlspecialchars($thread['post_topic']).' >> Post new reply

'.htmlspecialchars($thread['post_topic']).'

'; $quote = isset($_REQUEST['quote']) ? (int) $_REQUEST['quote'] : NULL; - $text = isset($_REQUEST['text']) ? stripslashes(trim($_REQUEST['text'])) : NULL; - $char_id = (int) ($_REQUEST['char_id'] ?? 0); - $post_topic = isset($_REQUEST['topic']) ? stripslashes(trim($_REQUEST['topic'])) : ''; - $smile = (int)($_REQUEST['smile'] ?? 0); - $html = (int)($_REQUEST['html'] ?? 0); + $text = isset($_POST['text']) ? stripslashes(trim($_POST['text'])) : NULL; + $char_id = (int) ($_POST['char_id'] ?? 0); + $post_topic = isset($_POST['topic']) ? stripslashes(trim($_POST['topic'])) : ''; + $smile = (int)($_POST['smile'] ?? 0); + $html = (int)($_POST['html'] ?? 0); $saved = false; if (!superAdmin()) { @@ -62,10 +62,10 @@ if(Forum::canPost($account_logged)) { $text = '[i]Originally posted by ' . $quoted_post[0]['name'] . ' on ' . date('d.m.y H:i:s', $quoted_post[0]['post_date']) . ':[/i][quote]' . $quoted_post[0]['post_text'] . '[/quote]'; } } - elseif(isset($_REQUEST['save'])) { + elseif(isset($_POST['save'])) { $length = strlen($text); if($length < 1 || strlen($text) > 15000) { - $errors[] = 'Too short or too long post (Length: $length letters). Minimum 1 letter, maximum 15000 letters.'; + $errors[] = "Too short or too long post (Length: $length letters). Minimum 1 letter, maximum 15000 letters."; } if($char_id == 0) { @@ -81,15 +81,14 @@ if(Forum::canPost($account_logged)) { } if(!$player_on_account) { - $errors[] = 'Player with selected ID ' . $char_id . ' doesn\'t exist or isn\'t on your account'; + $errors[] = "Player with selected ID $char_id doesn't exist or isn't on your account"; } } if(count($errors) == 0) { $last_post = 0; $query = $db->query('SELECT post_date FROM ' . FORUM_TABLE_PREFIX . 'forum ORDER BY post_date DESC LIMIT 1'); - if($query->rowCount() > 0) - { + if($query->rowCount() > 0) { $query = $query->fetch(); $last_post = $query['post_date']; } diff --git a/system/pages/forum/new_thread.php b/system/pages/forum/new_thread.php index 2e9e74b3..4f311977 100644 --- a/system/pages/forum/new_thread.php +++ b/system/pages/forum/new_thread.php @@ -40,19 +40,18 @@ if(Forum::canPost($account_logged)) { if ($sections[$section_id]['closed'] && !Forum::isModerator()) $errors[] = 'You cannot create topic on this board.'; - $quote = (int)(isset($_REQUEST['quote']) ? $_REQUEST['quote'] : 0); - $text = isset($_REQUEST['text']) ? stripslashes($_REQUEST['text']) : ''; - $char_id = (int)(isset($_REQUEST['char_id']) ? $_REQUEST['char_id'] : 0); - $post_topic = isset($_REQUEST['topic']) ? stripslashes($_REQUEST['topic']) : ''; - $smile = (isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0); - $html = (isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0); + $text = isset($_POST['text']) ? stripslashes($_POST['text']) : ''; + $char_id = (int)(isset($_POST['char_id']) ? $_POST['char_id'] : 0); + $post_topic = isset($_POST['topic']) ? stripslashes($_POST['topic']) : ''; + $smile = (isset($_POST['smile']) ? (int)$_POST['smile'] : 0); + $html = (isset($_POST['html']) ? (int)$_POST['html'] : 0); if (!superAdmin()) { $html = 0; } $saved = false; - if (isset($_REQUEST['save'])) { + if (isset($_POST['save'])) { $length = strlen($post_topic); if ($length < 1 || $length > 60) { $errors[] = "Too short or too long topic (Length: $length letters). Minimum 1 letter, maximum 60 letters."; diff --git a/system/pages/forum/remove_post.php b/system/pages/forum/remove_post.php index a1dc15af..ec3a38ec 100644 --- a/system/pages/forum/remove_post.php +++ b/system/pages/forum/remove_post.php @@ -26,10 +26,10 @@ if(!$logged) { csrfProtect(); if(Forum::isModerator()) { - $id = (int) $_REQUEST['id']; + $id = (int) ($_POST['id'] ?? 0); $post = $db->query("SELECT `id`, `first_post`, `section` FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `id` = ".$id." LIMIT 1")->fetch(); - if($post['id'] == $id && Forum::hasAccess($post['section'])) { + if($post && $post['id'] == $id && Forum::hasAccess($post['section'])) { if($post['id'] == $post['first_post']) { $db->query("DELETE FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `first_post` = ".$post['id']); header('Location: ' . getForumBoardLink($post['section'])); @@ -38,7 +38,7 @@ if(Forum::isModerator()) { $post_page = $db->query("SELECT COUNT(`" . FORUM_TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`id` < ".$id." AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".(int) $post['first_post'])->fetch(); $_page = (int) ceil($post_page['posts_count'] / setting('core.forum_threads_per_page')) - 1; $db->query("DELETE FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `id` = ".$post['id']); - header('Location: ' . getForumThreadLink($post['first_post'], (int) $_page)); + header('Location: ' . getForumThreadLink($post['first_post'], $_page)); } } else { diff --git a/system/pages/forum/show_board.php b/system/pages/forum/show_board.php index 5997bdba..e899cc99 100644 --- a/system/pages/forum/show_board.php +++ b/system/pages/forum/show_board.php @@ -33,7 +33,7 @@ if(!Forum::hasAccess($section_id)) { return; } -$_page = (int) (isset($_REQUEST['page']) ? $_REQUEST['page'] : 0); +$_page = (int) ($_REQUEST['page'] ?? 0); $threads_count = $db->query("SELECT COUNT(`" . FORUM_TABLE_PREFIX . "forum`.`id`) AS threads_count FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`section` = ".(int) $section_id." AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = `" . FORUM_TABLE_PREFIX . "forum`.`id`")->fetch(); for($i = 0; $i < $threads_count['threads_count'] / setting('core.forum_threads_per_page'); $i++) { if($i != $_page) @@ -50,7 +50,7 @@ if($logged && (!$sections[$section_id]['closed'] || Forum::isModerator())) { } echo '

Page: '.$links_to_pages.'
'; -$last_threads = $db->query("SELECT `players`.`id` as `player_id`, `players`.`name`, `" . FORUM_TABLE_PREFIX . "forum`.`post_text`, `" . FORUM_TABLE_PREFIX . "forum`.`post_topic`, `" . FORUM_TABLE_PREFIX . "forum`.`id`, `" . FORUM_TABLE_PREFIX . "forum`.`last_post`, `" . FORUM_TABLE_PREFIX . "forum`.`replies`, `" . FORUM_TABLE_PREFIX . "forum`.`views`, `" . FORUM_TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`section` = ".$section_id." AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = `" . FORUM_TABLE_PREFIX . "forum`.`id` ORDER BY `" . FORUM_TABLE_PREFIX . "forum`.`last_post` DESC LIMIT ".setting('core.forum_threads_per_page')." OFFSET ".($_page * setting('core.forum_threads_per_page')))->fetchAll(); +$last_threads = $db->query("SELECT `players`.`id` as `player_id`, `players`.`name`, `" . FORUM_TABLE_PREFIX . "forum`.`first_post`, `" . FORUM_TABLE_PREFIX . "forum`.`post_text`, `" . FORUM_TABLE_PREFIX . "forum`.`post_topic`, `" . FORUM_TABLE_PREFIX . "forum`.`id`, `" . FORUM_TABLE_PREFIX . "forum`.`last_post`, `" . FORUM_TABLE_PREFIX . "forum`.`replies`, `" . FORUM_TABLE_PREFIX . "forum`.`views`, `" . FORUM_TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`section` = ".$section_id." AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = `" . FORUM_TABLE_PREFIX . "forum`.`id` ORDER BY `" . FORUM_TABLE_PREFIX . "forum`.`last_post` DESC LIMIT ".setting('core.forum_threads_per_page')." OFFSET ".($_page * setting('core.forum_threads_per_page')))->fetchAll(PDO::FETCH_ASSOC); if(isset($last_threads[0])) { echo ' @@ -67,8 +67,8 @@ if(isset($last_threads[0])) { foreach($last_threads as $thread) { echo '
'; if(Forum::isModerator()) { - echo '[MOVE]'; - echo '[REMOVE] '; + echo ''; + $twig->display('forum.remove_post.html.twig', ['post' => $thread]); } $player->load($thread['player_id']); @@ -82,10 +82,13 @@ if(isset($last_threads[0])) { echo ''.htmlspecialchars($thread['post_topic']). '
'.($canEditForum ? substr(strip_tags($thread['post_text']), 0, 50) : htmlspecialchars(substr($thread['post_text'], 0, 50))).'...		' . getPlayerLink($thread['name']) . ''.(int) $thread['replies'].''.(int) $thread['views'].''; if($thread['last_post'] > 0) { $last_post = $db->query("SELECT `players`.`name`, `" . FORUM_TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread['id']." AND `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` ORDER BY `post_date` DESC LIMIT 1")->fetch(); - if(isset($last_post['name'])) - echo date('d.m.y H:i:s', $last_post['post_date']).'
by ' . getPlayerLink($last_post['name']); - else + + if(isset($last_post['name'])) { + echo date('d.m.y H:i:s', $last_post['post_date']) . '
by ' . getPlayerLink($last_post['name']); + } + else { echo 'No posts.'; + } } else { echo date('d.m.y H:i:s', $thread['post_date']) . '
by ' . getPlayerLink($thread['name']); diff --git a/system/pages/forum/show_thread.php b/system/pages/forum/show_thread.php index e4c53f16..ceeb2602 100644 --- a/system/pages/forum/show_thread.php +++ b/system/pages/forum/show_thread.php @@ -35,7 +35,7 @@ if(!Forum::hasAccess($thread_starter['section'])) { return; } -$posts_count = $db->query("SELECT COUNT(`" . FORUM_TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id)->fetch(); +$posts_count = $db->query("SELECT COUNT(`" . FORUM_TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".$thread_id)->fetch(); for($i = 0; $i < $posts_count['posts_count'] / setting('core.forum_threads_per_page'); $i++) { if($i != $_page) $links_to_pages .= ''.($i + 1).' '; @@ -46,7 +46,7 @@ for($i = 0; $i < $posts_count['posts_count'] / setting('core.forum_threads_per_p $posts = $db->query("SELECT `players`.`id` as `player_id`, `" . FORUM_TABLE_PREFIX . "forum`.`id`,`" . FORUM_TABLE_PREFIX . "forum`.`first_post`, `" . FORUM_TABLE_PREFIX . "forum`.`section`,`" . FORUM_TABLE_PREFIX . "forum`.`post_text`, `" . FORUM_TABLE_PREFIX . "forum`.`post_topic`, `" . FORUM_TABLE_PREFIX . "forum`.`post_date` AS `date`, `" . FORUM_TABLE_PREFIX . "forum`.`post_smile`, `" . FORUM_TABLE_PREFIX . "forum`.`post_html`, `" . FORUM_TABLE_PREFIX . "forum`.`author_aid`, `" . FORUM_TABLE_PREFIX . "forum`.`author_guid`, `" . FORUM_TABLE_PREFIX . "forum`.`last_edit_aid`, `" . FORUM_TABLE_PREFIX . "forum`.`edit_date` FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".$thread_id." ORDER BY `" . FORUM_TABLE_PREFIX . "forum`.`post_date` LIMIT " . setting('core.forum_posts_per_page') . " OFFSET ".($_page * setting('core.forum_posts_per_page')))->fetchAll(); if(isset($posts[0]['player_id'])) { - $db->query("UPDATE `" . FORUM_TABLE_PREFIX . "forum` SET `views`=`views`+1 WHERE `id` = ".(int) $thread_id); + $db->query("UPDATE `" . FORUM_TABLE_PREFIX . "forum` SET `views`=`views`+1 WHERE `id` = " . $thread_id); } $lookaddons = $db->hasColumn('players', 'lookaddons'); diff --git a/system/pages/guilds/accept_invite.php b/system/pages/guilds/accept_invite.php index bc782480..14c55c25 100644 --- a/system/pages/guilds/accept_invite.php +++ b/system/pages/guilds/accept_invite.php @@ -12,11 +12,11 @@ defined('MYAAC') or die('Direct access not allowed!'); require __DIR__ . '/base.php'; -//set rights in guild +// set rights in guild $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null; $name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : null; if(!$logged) { - $errors[] = 'You are not logged in. You can\'t accept invitations.'; + $errors[] = "You are not logged in. You can't accept invitations."; } if(!Validator::guildName($guild_name)) { @@ -27,11 +27,11 @@ if(empty($errors)) { $guild = new OTS_Guild(); $guild->find($guild_name); if(!$guild->isLoaded()) { - $errors[] = 'Guild with name '.$guild_name.' doesn\'t exist.'; + $errors[] = "Guild with name $guild_name doesn't exist."; } } -if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') { +if(isset($_POST['todo']) && $_POST['todo'] == 'save') { if(!Validator::characterName($name)) { $errors[] = 'Invalid name format.'; } @@ -51,7 +51,7 @@ if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') { } } -if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') { +if(isset($_POST['todo']) && $_POST['todo'] == 'save') { if(empty($errors)) { $is_invited = false; include(SYSTEM . 'libs/pot/InvitesDriver.php'); @@ -104,7 +104,7 @@ if(!empty($errors)) { )); } else { - if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') { + if(isset($_POST['todo']) && $_POST['todo'] == 'save') { $guild->acceptInvite($player); $twig->display('success.html.twig', array( 'title' => 'Accept invitation', diff --git a/system/pages/guilds/add_rank.php b/system/pages/guilds/add_rank.php index e66ba49e..b24ff03d 100644 --- a/system/pages/guilds/add_rank.php +++ b/system/pages/guilds/add_rank.php @@ -13,7 +13,7 @@ defined('MYAAC') or die('Direct access not allowed!'); require __DIR__ . '/base.php'; $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null; -$rank_name = isset($_REQUEST['rank_name']) ? $_REQUEST['rank_name'] : null; +$rank_name = $_POST['rank_name'] ?? null; if(!Validator::guildName($guild_name)) { $errors[] = Validator::getLastError(); } @@ -35,7 +35,7 @@ if(empty($errors)) { $rank_list = $guild->getGuildRanksList(); $rank_list->orderBy('level', POT::ORDER_DESC); $guild_leader = false; - $account_players = $account_logged->getPlayers(); + $account_players = $account_logged->getPlayersList(); foreach($account_players as $player) { if($guild_leader_char->getId() == $player->getId()) { $guild_vice = true; diff --git a/system/pages/guilds/change_description.php b/system/pages/guilds/change_description.php index 765665bf..e3c24522 100644 --- a/system/pages/guilds/change_description.php +++ b/system/pages/guilds/change_description.php @@ -31,7 +31,7 @@ if(empty($errors)) { $rank_list = $guild->getGuildRanksList(); $rank_list->orderBy('level', POT::ORDER_DESC); $guild_leader = false; - $account_players = $account_logged->getPlayers(); + $account_players = $account_logged->getPlayersList(); foreach($account_players as $player) { if($guild->getOwner()->getId() == $player->getId()) { $guild_vice = true; @@ -42,8 +42,8 @@ if(empty($errors)) { $saved = false; if($guild_leader) { - if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') { - $description = htmlspecialchars(stripslashes(substr(trim($_REQUEST['description']),0, setting('core.guild_description_chars_limit')))); + if(isset($_POST['todo']) && $_POST['todo'] == 'save') { + $description = htmlspecialchars(stripslashes(substr(trim($_POST['description']),0, setting('core.guild_description_chars_limit')))); $guild->setCustomField('description', $description); $saved = true; } diff --git a/system/pages/guilds/change_logo.php b/system/pages/guilds/change_logo.php index d8257e66..7fa72d99 100644 --- a/system/pages/guilds/change_logo.php +++ b/system/pages/guilds/change_logo.php @@ -30,7 +30,7 @@ if(empty($errors)) { if($logged) { $guild_leader_char = $guild->getOwner(); $guild_leader = false; - $account_players = $account_logged->getPlayers(); + $account_players = $account_logged->getPlayersList(); foreach($account_players as $player) { if($guild_leader_char->getId() == $player->getId()) { @@ -40,14 +40,13 @@ if(empty($errors)) { } } - if($guild_leader) - { + if($guild_leader) { $max_image_size_b = setting('core.guild_image_size_kb') * 1024; $allowed_ext = array('image/gif', 'image/jpg', 'image/pjpeg', 'image/jpeg', 'image/bmp', 'image/png', 'image/x-png'); $ext_name = array('image/gif' => 'gif', 'image/jpg' => 'jpg', 'image/jpeg' => 'jpg', 'image/pjpeg' => 'jpg', 'image/bmp' => 'bmp', 'image/png' => 'png', 'image/x-png' => 'png'); $save_file_name = str_replace(' ', '_', strtolower($guild->getName())); $save_path = GUILD_IMAGES_DIR . $save_file_name; - if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') + if(isset($_POST['todo']) && $_POST['todo'] == 'save') { $file = $_FILES['newlogo']; if(is_uploaded_file($file['tmp_name'])) @@ -97,13 +96,13 @@ if(empty($errors)) { $guild_logo = $guild->getCustomField('logo_name'); if(empty($guild_logo) || !file_exists(GUILD_IMAGES_DIR . $guild_logo)) { - $guild_logo = "default.gif"; + $guild_logo = 'default.gif'; } $twig->display('guilds.change_logo.html.twig', array( 'guild_logo' => $guild_logo, 'guild' => $guild, - 'max_image_size_b' => $max_image_size_b + //'max_image_size_b' => $max_image_size_b )); } diff --git a/system/pages/guilds/change_motd.php b/system/pages/guilds/change_motd.php index babb806c..8d478377 100644 --- a/system/pages/guilds/change_motd.php +++ b/system/pages/guilds/change_motd.php @@ -34,7 +34,7 @@ if(empty($errors)) { $rank_list = $guild->getGuildRanksList(); $rank_list->orderBy('level', POT::ORDER_DESC); $guild_leader = false; - $account_players = $account_logged->getPlayers(); + $account_players = $account_logged->getPlayersList(); foreach($account_players as $player) { if($guild->getOwner()->getId() == $player->getId()) { $guild_vice = true; @@ -45,8 +45,8 @@ if(empty($errors)) { $saved = false; if($guild_leader) { - if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') { - $motd = htmlspecialchars(stripslashes(substr($_REQUEST['motd'],0, setting('core.guild_motd_chars_limit')))); + if(isset($_POST['todo']) && $_POST['todo'] == 'save') { + $motd = htmlspecialchars(stripslashes(substr($_POST['motd'],0, setting('core.guild_motd_chars_limit')))); $guild->setCustomField('motd', $motd); $saved = true; } diff --git a/system/pages/guilds/change_nick.php b/system/pages/guilds/change_nick.php index bf773124..5016ef3e 100644 --- a/system/pages/guilds/change_nick.php +++ b/system/pages/guilds/change_nick.php @@ -20,17 +20,15 @@ if(!$logged) { } $name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : null; -$new_nick = isset($_REQUEST['nick']) ? stripslashes($_REQUEST['nick']) : null; +$new_nick = isset($_POST['nick']) ? stripslashes($_POST['nick']) : null; $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null; if(!$name) { $errors[] = 'Please enter new name.'; - return; } if(!$new_nick) { $errors[] = 'Please enter new nick.'; - return; } if(empty($errors)) diff --git a/system/pages/guilds/change_rank.php b/system/pages/guilds/change_rank.php index 4341db16..6d36bdf1 100644 --- a/system/pages/guilds/change_rank.php +++ b/system/pages/guilds/change_rank.php @@ -17,8 +17,9 @@ if(!$logged) { } else { $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null; - if(!Validator::guildName($guild_name)) + if(!Validator::guildName($guild_name)) { $errors[] = Validator::getLastError(); + } } if(empty($errors)) @@ -42,7 +43,7 @@ $rank_list = $guild->getGuildRanksList(); $rank_list->orderBy('level', POT::ORDER_DESC); $guild_leader = false; $guild_vice = false; -$account_players = $account_logged->getPlayers(); +$account_players = $account_logged->getPlayersList(); foreach($account_players as $player) { $player_rank = $player->getRank(); @@ -65,22 +66,23 @@ foreach($account_players as $player) } } -if($guild_vice) -{ - if(isset($_REQUEST['todo']) && $_REQUEST['todo'] === 'save') - { +if($guild_vice) { + if(isset($_POST['todo']) && $_POST['todo'] === 'save') { $player_name = stripslashes($_REQUEST['name']); - $new_rank = (int) $_REQUEST['rankid']; - if(!Validator::characterName($player_name)) + $new_rank = (int) $_POST['rankid']; + + if(!Validator::characterName($player_name)) { $errors[] = 'Invalid player name format.'; + } + $rank = new OTS_GuildRank(); $rank->load($new_rank); if(!$rank->isLoaded()) $errors[] = "Rank with this ID doesn't exist."; if($level_in_guild <= $rank->getLevel() && !$guild_leader) $errors[] = "You can't set ranks with equal or higher level than your."; - if(empty($errors)) - { + + if(empty($errors)) { $player_to_change = new OTS_Player(); $player_to_change->find($player_name); if(!$player_to_change->isLoaded()) @@ -108,8 +110,7 @@ if($guild_vice) $errors[] = 'This player has higher rank in guild than you. You can\'t change his/her rank.'; } - if(empty($errors)) - { + if(empty($errors)) { $player_to_change->setRank($rank); $twig->display('success.html.twig', array( 'title' => 'Rank Changed', @@ -125,7 +126,7 @@ if($guild_vice) $result = getPlayersWithLowerRank($rank_list, $guild_leader, $db, $level_in_guild, $guild); $twig->display('guilds.change_rank.html.twig', array( - 'players' => isset($result['players']) ? $result['players'] : array(), + 'players' => $result['players'] ?? [], 'guild_name' => $guild->getName(), 'ranks' => $result['ranks'] )); diff --git a/system/pages/guilds/cleanup_players.php b/system/pages/guilds/cleanup_players.php index 7e02fbeb..ad110feb 100644 --- a/system/pages/guilds/cleanup_players.php +++ b/system/pages/guilds/cleanup_players.php @@ -12,33 +12,27 @@ defined('MYAAC') or die('Direct access not allowed!'); require __DIR__ . '/base.php'; -if(!$logged) -{ +if(!$logged) { echo "You are not logged in."; $twig->display('guilds.back_button.html.twig'); return; } -if(admin()) -{ +if(admin()) { $players_list = new OTS_Players_List(); $players_list->init(); } -else +else { $players_list = $account_logged->getPlayersList(); +} -if(count($players_list) > 0) -{ - foreach($players_list as $player) - { +if(count($players_list) > 0) { + foreach($players_list as $player) { $player_rank = $player->getRank(); - if($player_rank->isLoaded()) - { - if($player_rank->isLoaded()) - { + if($player_rank->isLoaded()) { + if($player_rank->isLoaded()) { $rank_guild = $player_rank->getGuild(); - if(!$rank_guild->isLoaded()) - { + if(!$rank_guild->isLoaded()) { $player->setRank(); $player->setGuildNick(''); $changed_ranks_of[] = $player->getName(); @@ -46,8 +40,7 @@ if(count($players_list) > 0) $player_rank->delete(); } } - else - { + else { $player->setRank(); $player->setGuildNick(''); $changed_ranks_of[] = $player->getName(); @@ -55,14 +48,20 @@ if(count($players_list) > 0) } } + echo "Deleted ranks (this ranks guilds doesn't exist [bug fix]):"; - if(!empty($deleted_ranks)) - foreach($deleted_ranks as $rank) - echo "
  • ".$rank; + if(!empty($deleted_ranks)) { + foreach ($deleted_ranks as $rank) { + echo "
  • " . $rank; + } + } echo "

    Changed ranks of players (rank or guild of rank doesn't exist [bug fix]):"; - if(!empty($changed_ranks_of)) - foreach($changed_ranks_of as $name) - echo "
  • ".$name; + + if(!empty($changed_ranks_of)) { + foreach ($changed_ranks_of as $name) { + echo "
  • " . $name; + } + } } else echo "0 players found."; diff --git a/system/pages/guilds/create.php b/system/pages/guilds/create.php index b404c494..ef0117e8 100644 --- a/system/pages/guilds/create.php +++ b/system/pages/guilds/create.php @@ -14,15 +14,15 @@ use MyAAC\Models\GuildRank; require __DIR__ . '/base.php'; -$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL; -$name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : NULL; -$todo = isset($_REQUEST['todo']) ? $_REQUEST['todo'] : NULL; +$guild_name = isset($_POST['guild']) ? urldecode($_POST['guild']) : NULL; +$name = isset($_POST['name']) ? stripslashes($_POST['name']) : NULL; +$todo = isset($_POST['todo']) ? $_POST['todo'] : NULL; if(!$logged) { - $guild_errors[] = 'You are not logged in. You can\'t create guild.'; + $errors[] = 'You are not logged in. You can\'t create guild.'; } $array_of_player_nig = array(); -if(empty($guild_errors)) +if(empty($errors)) { $account_players = $account_logged->getPlayersList(false); foreach($account_players as $player) @@ -41,45 +41,44 @@ if(empty($guild_errors)) if(empty($todo)) { if(count($array_of_player_nig) == 0) { - $guild_errors[] = 'On your account all characters are in guilds, have too low level to create new guild' . (setting('core.guild_need_premium') ? ' or you don\' have a premium account' : '') . '.'; + $errors[] = 'On your account all characters are in guilds, have too low level to create new guild' . (setting('core.guild_need_premium') ? ' or you don\' have a premium account' : '') . '.'; } } if($todo == 'save') { if(!Validator::guildName($guild_name)) { - $guild_errors[] = Validator::getLastError(); + $errors[] = Validator::getLastError(); $guild_name = ''; } if(!Validator::characterName($name)) { - $guild_errors[] = 'Invalid character name format.'; + $errors[] = 'Invalid character name format.'; $name = ''; } - if(empty($guild_errors)) { + if(empty($errors)) { $player = new OTS_Player(); $player->find($name); if(!$player->isLoaded()) { - $guild_errors[] = 'Character '.$name.' doesn\'t exist.'; + $errors[] = 'Character '.$name.' doesn\'t exist.'; } } - - if(empty($guild_errors)) + if(empty($errors)) { $guild = new OTS_Guild(); $guild->find($guild_name); if($guild->isLoaded()) { - $guild_errors[] = 'Guild '.$guild_name.' already exist. Select other name.'; + $errors[] = 'Guild '.$guild_name.' already exist. Select other name.'; } } - if(empty($guild_errors) && $player->isDeleted()) { - $guild_errors[] = "Character $name has been deleted."; + if(empty($errors) && $player->isDeleted()) { + $errors[] = "Character $name has been deleted."; } - if(empty($guild_errors)) + if(empty($errors)) { $bad_char = true; foreach($array_of_player_nig as $nick_from_list) { @@ -88,22 +87,22 @@ if($todo == 'save') } } if($bad_char) { - $guild_errors[] = 'Character '.$name.' isn\'t on your account or is already in guild.'; + $errors[] = 'Character '.$name.' isn\'t on your account or is already in guild.'; } } - if(empty($guild_errors)) { + if(empty($errors)) { if($player->getLevel() < setting('core.guild_need_level')) { - $guild_errors[] = 'Character '.$name.' has too low level. To create guild you need character with level ' . setting('core.guild_need_level') . '.'; + $errors[] = 'Character '.$name.' has too low level. To create guild you need character with level ' . setting('core.guild_need_level') . '.'; } if(setting('core.guild_need_premium') && !$account_logged->isPremium()) { - $guild_errors[] = 'Character '.$name.' is on FREE account. To create guild you need PREMIUM account.'; + $errors[] = 'Character '.$name.' is on FREE account. To create guild you need PREMIUM account.'; } } } -if(!empty($guild_errors)) { - $twig->display('error_box.html.twig', array('errors' => $guild_errors)); +if(!empty($errors)) { + $twig->display('error_box.html.twig', array('errors' => $errors)); unset($todo); } diff --git a/system/pages/guilds/delete_by_admin.php b/system/pages/guilds/delete_by_admin.php index e403cbda..f453cd7a 100644 --- a/system/pages/guilds/delete_by_admin.php +++ b/system/pages/guilds/delete_by_admin.php @@ -45,7 +45,10 @@ if(empty($errors)) { $twig->display('success.html.twig', array( 'title' => 'Delete Guild', 'description' => 'Are you sure you want delete guild ' . $guild_name . '?
    -
    ', +
    + ' . csrf(true) . ' + +
    ', 'custom_buttons' => $twig->render('guilds.back_button.html.twig') )); } diff --git a/system/pages/guilds/delete_guild.php b/system/pages/guilds/delete_guild.php index 978ac513..0e4bd0ba 100644 --- a/system/pages/guilds/delete_guild.php +++ b/system/pages/guilds/delete_guild.php @@ -21,7 +21,7 @@ if(empty($errors)) { $guild = new OTS_Guild(); $guild->find($guild_name); if(!$guild->isLoaded()) { - $errors[] = 'Guild with name '.$guild_name.' doesn\'t exist.'; + $errors[] = "Guild with name $guild_name doesn't exist."; } } @@ -31,7 +31,7 @@ if(empty($errors)) { $rank_list = $guild->getGuildRanksList(); $rank_list->orderBy('level', POT::ORDER_DESC); $guild_leader = false; - $account_players = $account_logged->getPlayers(); + $account_players = $account_logged->getPlayersList(); foreach($account_players as $player) { if($guild->getOwner()->getId() == $player->getId()) { diff --git a/system/pages/guilds/delete_invite.php b/system/pages/guilds/delete_invite.php index 7bf4067a..485ca9d0 100644 --- a/system/pages/guilds/delete_invite.php +++ b/system/pages/guilds/delete_invite.php @@ -15,47 +15,43 @@ require __DIR__ . '/base.php'; $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null; $name = stripslashes($_REQUEST['name']); -if(!$logged) +if(!$logged) { $errors[] = 'You are not logged in. You can\'t delete invitations.'; +} -if(!Validator::guildName($guild_name)) +if(!Validator::guildName($guild_name)) { $errors[] = Validator::getLastError(); +} -if(!Validator::characterName($name)) +if(!Validator::characterName($name)) { $errors[] = 'Invalid name format.'; +} -if(empty($errors)) -{ +if(empty($errors)) { $guild = new OTS_Guild(); $guild->find($guild_name); if(!$guild->isLoaded()) $errors[] = "Guild with name " . $guild_name . " doesn't exist."; } -if(empty($errors)) -{ +if(empty($errors)) { $rank_list = $guild->getGuildRanksList(); $rank_list->orderBy('level', POT::ORDER_DESC); $guild_leader = false; $guild_vice = false; - $account_players = $account_logged->getPlayers(); - foreach($account_players as $player) - { + $account_players = $account_logged->getPlayersList(); + foreach($account_players as $player) { $player_rank = $player->getRank(); - if($player_rank->isLoaded()) - { - foreach($rank_list as $rank_in_guild) - { - if($rank_in_guild->getId() == $player_rank->getId()) - { + if($player_rank->isLoaded()) { + foreach($rank_list as $rank_in_guild) { + if($rank_in_guild->getId() == $player_rank->getId()) { $players_from_account_in_guild[] = $player->getName(); - if($player_rank->getLevel() > 1) - { + if($player_rank->getLevel() > 1) { $guild_vice = true; $level_in_guild = $player_rank->getLevel(); } - if($guild->getOwner()->getId() == $player->getId()) - { + + if($guild->getOwner()->getId() == $player->getId()) { $guild_vice = true; $guild_leader = true; } @@ -64,44 +60,46 @@ if(empty($errors)) } } - if(!$guild_vice) + if(!$guild_vice) { $errors[] = 'You are not a leader or vice leader of guild ' . $guild_name . '.'; -} -if(empty($errors)) -{ - $player = new OTS_Player(); - $player->find($name); - if(!$player->isLoaded()) - $errors[] = 'Player with name ' . $name . ' doesn\'t exist.'; + } } -if(empty($errors)) -{ +if(empty($errors)) { + $player = new OTS_Player(); + $player->find($name); + if(!$player->isLoaded()) { + $errors[] = "Player with name $name doesn't exist."; + } +} + +if(empty($errors)) { include(SYSTEM . 'libs/pot/InvitesDriver.php'); new InvitesDriver($guild); $invited_list = $guild->listInvites(); - if(count($invited_list) > 0) - { + if(count($invited_list) > 0) { $is_invited = false; - foreach($invited_list as $invited) - if($invited->getName() == $player->getName()) + foreach($invited_list as $invited) { + if ($invited->getName() == $player->getName()) { $is_invited = true; - if(!$is_invited) - $errors[] = ''.$player->getName().' isn\'t invited to your guild.'; + } + } + if(!$is_invited) { + $errors[] = '' . $player->getName() . ' isn\'t invited to your guild.'; + } } - else + else { $errors[] = 'No one is invited to your guild.'; + } } -if(!empty($errors)) -{ + +if(!empty($errors)) { $twig->display('error_box.html.twig', array('errors' => $errors)); $twig->display('guilds.back_button.html.twig', array('action' => getLink('guilds') . '?action=show&guild=' . $guild_name)); } -else -{ - if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') - { +else { + if(isset($_POST['todo']) && $_POST['todo'] == 'save') { $guild->deleteInvite($player); $twig->display('success.html.twig', array( 'title' => 'Deleted player invitation', diff --git a/system/pages/guilds/delete_rank.php b/system/pages/guilds/delete_rank.php index 56322cd9..ce783137 100644 --- a/system/pages/guilds/delete_rank.php +++ b/system/pages/guilds/delete_rank.php @@ -13,25 +13,27 @@ defined('MYAAC') or die('Direct access not allowed!'); require __DIR__ . '/base.php'; $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null; -$rank_to_delete = isset($_REQUEST['rankid']) ? (int) $_REQUEST['rankid'] : null; +$rank_to_delete = isset($_POST['rankid']) ? (int) $_POST['rankid'] : null; if(!Validator::guildName($guild_name)) { - $guild_errors[] = Validator::getLastError(); + $errors[] = Validator::getLastError(); } -if(empty($guild_errors)) { + +if(empty($errors)) { $guild = new OTS_Guild(); $guild->find($guild_name); if(!$guild->isLoaded()) { - $guild_errors[] = 'Guild with name '.$guild_name.' doesn\'t exist.'; + $errors[] = 'Guild with name '.$guild_name.' doesn\'t exist.'; } } -if(empty($guild_errors)) { + +if(empty($errors)) { if($logged) { $guild_leader_char = $guild->getOwner(); $rank_list = $guild->getGuildRanksList(); $rank_list->orderBy('level', POT::ORDER_DESC); $guild_leader = false; - $account_players = $account_logged->getPlayers(); + $account_players = $account_logged->getPlayersList(); foreach($account_players as $player) { if($guild->getOwner()->getId() == $player->getId()) { $guild_vice = true; @@ -39,21 +41,21 @@ if(empty($guild_errors)) { $level_in_guild = 3; } } + if($guild_leader) { $rank = new OTS_GuildRank(); $rank->load($rank_to_delete); if(!$rank->isLoaded()) { - $guild_errors2[] = 'Rank with ID '.$rank_to_delete.' doesn\'t exist.'; + $errors2[] = 'Rank with ID '.$rank_to_delete.' doesn\'t exist.'; } - else - { + else { if($rank->getGuild()->getId() != $guild->getId()) { - $guild_errors2[] = 'Rank with ID '.$rank_to_delete.' isn\'t from your guild.'; + $errors2[] = 'Rank with ID '.$rank_to_delete.' isn\'t from your guild.'; } else { if(count($rank_list) < 2) { - $guild_errors2[] = 'You have only 1 rank in your guild. You can\'t delete this rank.'; + $errors2[] = 'You have only 1 rank in your guild. You can\'t delete this rank.'; } else { @@ -87,19 +89,21 @@ if(empty($guild_errors)) { $player->setRank($new_rank); } } + $rank->delete(); $saved = true; } } } - if($saved) { + + if(isset($saved) && $saved) { $twig->display('success.html.twig', array( 'title' => 'Rank Deleted', 'description' => 'Rank '.$rank->getName().' has been deleted. Players with this rank has now other rank.', 'custom_buttons' => '' )); } else { - $twig->display('error_box.html.twig', array('errors' => $guild_errors2)); + $twig->display('error_box.html.twig', array('errors' => $errors2)); } $twig->display('guilds.back_button.html.twig', array( @@ -107,18 +111,16 @@ if(empty($guild_errors)) { 'action' => getLink('guilds') . '?guild='.$guild->getName().'&action=manager' )); } - else - { - $guild_errors[] = 'You are not a leader of guild!'; + else { + $errors[] = 'You are not a leader of guild!'; } } - else - { - $guild_errors[] = 'You are not logged. You can\'t manage guild.'; + else { + $errors[] = 'You are not logged. You can\'t manage guild.'; } } -if(!empty($guild_errors)) { - $twig->display('error_box.html.twig', array('errors' => $guild_errors)); +if(!empty($errors)) { + $twig->display('error_box.html.twig', array('errors' => $errors)); $twig->display('guilds.back_button.html.twig', array( 'new_line' => true, diff --git a/system/pages/guilds/invite.php b/system/pages/guilds/invite.php index 8fae8e27..9d6c9c06 100644 --- a/system/pages/guilds/invite.php +++ b/system/pages/guilds/invite.php @@ -36,7 +36,7 @@ if(empty($errors)) { $rank_list->orderBy('level', POT::ORDER_DESC); $guild_leader = false; $guild_vice = false; - $account_players = $account_logged->getPlayers(); + $account_players = $account_logged->getPlayersList(); foreach($account_players as $player) { $player_rank = $player->getRank(); if($player_rank->isLoaded()) { @@ -62,7 +62,7 @@ if(!$guild_vice) { $errors[] = 'You are not a leader or vice leader of guild '.$guild_name.'.'.$level_in_guild; } -if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') { +if(isset($_POST['todo']) && $_POST['todo'] == 'save') { if(!Validator::characterName($name)) { $errors[] = 'Invalid name format.'; } @@ -71,7 +71,7 @@ if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') { $player = new OTS_Player(); $player->find($name); if(!$player->isLoaded()) { - $errors[] = 'Player with name ' . $name . ' doesn\'t exist.'; + $errors[] = "Player with name $name doesn't exist."; } else if ($player->isDeleted()) { $errors[] = "Character with name $name has been deleted."; } @@ -102,7 +102,7 @@ if(!empty($errors)) { $twig->display('error_box.html.twig', array('errors' => $errors)); } else { - if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') { + if(isset($_POST['todo']) && $_POST['todo'] == 'save') { $guild->invite($player); $twig->display('success.html.twig', array( 'title' => 'Invite player', diff --git a/system/pages/guilds/kick_player.php b/system/pages/guilds/kick_player.php index 5ce79187..736617b0 100644 --- a/system/pages/guilds/kick_player.php +++ b/system/pages/guilds/kick_player.php @@ -41,7 +41,7 @@ if(empty($errors)) { $rank_list->orderBy('level', POT::ORDER_DESC); $guild_leader = false; $guild_vice = false; - $account_players = $account_logged->getPlayers(); + $account_players = $account_logged->getPlayersList(); foreach($account_players as $player) { $player_rank = $player->getRank(); if($player_rank->isLoaded()) { @@ -102,7 +102,7 @@ if(!empty($errors)) { } else { - if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') { + if(isset($_POST['todo']) && $_POST['todo'] == 'save') { $player->setRank(); $twig->display('success.html.twig', array( diff --git a/system/pages/guilds/leave.php b/system/pages/guilds/leave.php index 9a11595d..50f52a6c 100644 --- a/system/pages/guilds/leave.php +++ b/system/pages/guilds/leave.php @@ -34,7 +34,7 @@ if(empty($errors)) { $array_of_player_ig = array(); if(empty($errors)) { $guild_owner_name = $guild->getOwner()->getName(); - if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') { + if(isset($_POST['todo']) && $_POST['todo'] == 'save') { if(!Validator::characterName($name)) { $errors[] = 'Invalid name format.'; } @@ -72,7 +72,7 @@ if(empty($errors)) { } else { - $account_players = $account_logged->getPlayers(); + $account_players = $account_logged->getPlayersList(); foreach($account_players as $player_fac) { $player_rank = $player_fac->getRank(); if($player_rank->isLoaded()) { @@ -94,7 +94,7 @@ if(!empty($errors)) { } else { - if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') { + if(isset($_POST['todo']) && $_POST['todo'] == 'save') { $player->setRank(); $twig->display('success.html.twig', array( 'title' => 'Leave guild', diff --git a/system/pages/guilds/list.php b/system/pages/guilds/list.php index 96d7bf08..26d77d3a 100644 --- a/system/pages/guilds/list.php +++ b/system/pages/guilds/list.php @@ -14,23 +14,24 @@ defined('MYAAC') or die('Direct access not allowed!'); require __DIR__ . '/base.php'; $guilds_list = new OTS_Guilds_List(); -$guilds_list->orderBy("name"); +$guilds_list->orderBy('name'); $guilds = array(); -if(count($guilds_list) > 0) -{ +if(count($guilds_list) > 0) { /** * @var OTS_Guild $guild */ foreach ($guilds_list as $guild) { $guild_logo = $guild->getCustomField('logo_name'); - if (empty($guild_logo) || !file_exists(GUILD_IMAGES_DIR . $guild_logo)) - $guild_logo = "default.gif"; + if (empty($guild_logo) || !file_exists(GUILD_IMAGES_DIR . $guild_logo)) { + $guild_logo = 'default.gif'; + } $description = $guild->getCustomField('description'); $description_with_lines = str_replace(array("\r\n", "\n", "\r"), '
    ', $description, $count); - if ($count < setting('core.guild_description_lines_limit')) + if ($count < setting('core.guild_description_lines_limit')) { $description = nl2br($description); + } $guildName = $guild->getName(); $guilds[] = array('name' => $guildName, 'logo' => $guild_logo, 'link' => getGuildLink($guildName, false), 'description' => $description); @@ -39,6 +40,6 @@ if(count($guilds_list) > 0) $twig->display('guilds.list.html.twig', array( 'guilds' => $guilds, - 'logged' => isset($logged) ? $logged : false, + 'logged' => $logged ?? false, 'isAdmin' => admin(), )); diff --git a/system/pages/guilds/manager.php b/system/pages/guilds/manager.php index 4d59c22e..cfcc00c6 100644 --- a/system/pages/guilds/manager.php +++ b/system/pages/guilds/manager.php @@ -21,7 +21,7 @@ if(empty($errors)) { $guild = new OTS_Guild(); $guild->find($guild_name); if(!$guild->isLoaded()) { - $errors[] = 'Guild with name '.$guild_name.' doesn\'t exist.'; + $errors[] = "Guild with name $guild_name doesn't exist."; } } @@ -31,7 +31,7 @@ if(empty($errors)) { $rank_list = $guild->getGuildRanksList(); $rank_list->orderBy('level', POT::ORDER_DESC); $guild_leader = false; - $account_players = $account_logged->getPlayers(); + $account_players = $account_logged->getPlayersList(); foreach($account_players as $player) { if($guild_leader_char->getId() == $player->getId()) { $guild_vice = true; @@ -39,22 +39,22 @@ if(empty($errors)) { $level_in_guild = 3; } } + if($guild_leader) { $twig->display('guilds.manager.html.twig', array( 'guild' => $guild, 'rank_list' => $rank_list )); } - else - { + else { $errors[] = 'You are not a leader of guild!'; } } - else - { - $errors[] = 'You are not logged. You can\'t manage guild.'; + else { + $errors[] = "You are not logged. You can't manage guild."; } } + if(!empty($errors)) { $twig->display('error_box.html.twig', array('errors' => $errors)); } diff --git a/system/pages/guilds/pass_leadership.php b/system/pages/guilds/pass_leadership.php index c09b4285..40633b8a 100644 --- a/system/pages/guilds/pass_leadership.php +++ b/system/pages/guilds/pass_leadership.php @@ -15,51 +15,52 @@ require __DIR__ . '/base.php'; $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL; $pass_to = isset($_REQUEST['player']) ? stripslashes($_REQUEST['player']) : NULL; if(!Validator::guildName($guild_name)) { - $guild_errors[] = Validator::getLastError(); + $errors[] = Validator::getLastError(); } -if(empty($guild_errors)) { +if(empty($errors)) { $guild = new OTS_Guild(); $guild->find($guild_name); if(!$guild->isLoaded()) { - $guild_errors[] = "Guild with name " . $guild_name . " doesn't exist."; + $errors[] = "Guild with name " . $guild_name . " doesn't exist."; } } -if(empty($guild_errors)) { + +if(empty($errors)) { if(isset($_POST['todo']) && $_POST['todo'] == 'save') { if(!Validator::characterName($pass_to)) { - $guild_errors2[] = 'Invalid player name format.'; + $errors2[] = 'Invalid player name format.'; } - if(empty($guild_errors2)) { + if(empty($errors2)) { $to_player = new OTS_Player(); $to_player->find($pass_to); if(!$to_player->isLoaded()) { - $guild_errors2[] = 'Player with name '.$pass_to.' doesn\'t exist.'; + $errors2[] = 'Player with name '.$pass_to.' doesn\'t exist.'; } else if ($to_player->isDeleted()) { - $guild_errors2[] = "Character with name $pass_to has been deleted."; + $errors2[] = "Character with name $pass_to has been deleted."; } - if(empty($guild_errors2)) { + if(empty($errors2)) { $to_player_rank = $to_player->getRank(); if($to_player_rank->isLoaded()) { $to_player_guild = $to_player_rank->getGuild(); if($to_player_guild->getId() != $guild->getId()) { - $guild_errors2[] = 'Player with name '.$to_player->getName().' isn\'t from your guild.'; + $errors2[] = 'Player with name '.$to_player->getName().' isn\'t from your guild.'; } } else { - $guild_errors2[] = 'Player with name '.$to_player->getName().' isn\'t from your guild.'; + $errors2[] = 'Player with name '.$to_player->getName().' isn\'t from your guild.'; } } } } } -if(empty($guild_errors) && empty($guild_errors2)) { +if(empty($errors) && empty($errors2)) { if($logged) { $guild_leader_char = $guild->getOwner(); $guild_leader = false; - $account_players = $account_logged->getPlayers(); + $account_players = $account_logged->getPlayersList(); foreach($account_players as $player) { if($guild_leader_char->getId() == $player->getId()) { $guild_vice = true; @@ -99,23 +100,23 @@ if(empty($guild_errors) && empty($guild_errors2)) { } } else { - $guild_errors[] = 'You are not a leader of guild!'; + $errors[] = 'You are not a leader of guild!'; } } else { - $guild_errors[] = "You are not logged. You can't manage guild."; + $errors[] = "You are not logged. You can't manage guild."; } } -if(empty($guild_errors) && !empty($guild_errors2)) { - $twig->display('error_box.html.twig', array('errors' => $guild_errors2)); +if(empty($errors) && !empty($errors2)) { + $twig->display('error_box.html.twig', array('errors' => $errors2)); echo '
    ' . $twig->render('buttons.back.html.twig') . '
    '; } -if(!empty($guild_errors)) { - if(!empty($guild_errors2)) { - $guild_errors = array_merge($guild_errors, $guild_errors2); +if(!empty($errors)) { + if(!empty($errors2)) { + $errors = array_merge($errors, $errors2); } - $twig->display('error_box.html.twig', array('errors' => $guild_errors)); + $twig->display('error_box.html.twig', array('errors' => $errors)); echo '
    ' . $twig->render('buttons.back.html.twig') . '
    '; } diff --git a/system/pages/guilds/save_ranks.php b/system/pages/guilds/save_ranks.php index e1483659..2a36e595 100644 --- a/system/pages/guilds/save_ranks.php +++ b/system/pages/guilds/save_ranks.php @@ -31,7 +31,7 @@ if(empty($errors)) { $rank_list = $guild->getGuildRanksList(); $rank_list->orderBy('level', POT::ORDER_DESC); $guild_leader = false; - $account_players = $account_logged->getPlayers(); + $account_players = $account_logged->getPlayersList(); foreach($account_players as $player) { if($guild_leader_char->getId() == $player->getId()) { @@ -61,6 +61,7 @@ if(empty($errors)) { $rank->save(); } + //show errors or redirect if(empty($errors)) { header("Location: " . getLink('guilds') . "?action=manager&guild=".$guild->getName()); @@ -73,10 +74,10 @@ if(empty($errors)) { } else { - $errors[] = 'You are not logged. You can\'t manage guild.'; + $errors[] = "You are not logged. You can't manage guild."; } } if(!empty($errors)) { - $twig->display('error_box.html.twig', array('errors' => $errors)); + $twig->display('error_box.html.twig', ['errors' => $errors]); } diff --git a/system/pages/guilds/show.php b/system/pages/guilds/show.php index 33039ad3..6fd07a91 100644 --- a/system/pages/guilds/show.php +++ b/system/pages/guilds/show.php @@ -16,19 +16,18 @@ $title = 'Guilds'; require __DIR__ . '/base.php'; $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null; -if(!Validator::guildName($guild_name)) +if(!Validator::guildName($guild_name)) { $errors[] = Validator::getLastError(); +} -if(empty($errors)) -{ +if(empty($errors)) { $guild = new OTS_Guild(); $guild->find($guild_name); if(!$guild->isLoaded()) $errors[] = 'Guild with name '.$guild_name.' doesn\'t exist.'; } -if(!empty($errors)) -{ +if(!empty($errors)) { $twig->display('error_box.html.twig', array('errors' => $errors)); $twig->display('guilds.back_button.html.twig'); return; @@ -47,9 +46,8 @@ $level_in_guild = 0; $players_from_account_in_guild = array(); $players_from_account_ids = array(); -if($logged) -{ - $account_players = $account_logged->getPlayers(); +if($logged) { + $account_players = $account_logged->getPlayersList(); foreach($account_players as $player) { $players_from_account_ids[] = $player->getId(); diff --git a/system/templates/forum.new_thread.html.twig b/system/templates/forum.new_thread.html.twig index 3b5e080d..e37bda08 100644 --- a/system/templates/forum.new_thread.html.twig +++ b/system/templates/forum.new_thread.html.twig @@ -1,4 +1,4 @@ -
    + {{ csrf() }} diff --git a/system/templates/forum.remove_post.html.twig b/system/templates/forum.remove_post.html.twig new file mode 100644 index 00000000..85684e41 --- /dev/null +++ b/system/templates/forum.remove_post.html.twig @@ -0,0 +1,12 @@ + + {{ csrf() }} + + + +
    diff --git a/system/templates/forum.show_thread.html.twig b/system/templates/forum.show_thread.html.twig index 2626c2de..71812be7 100644 --- a/system/templates/forum.show_thread.html.twig +++ b/system/templates/forum.show_thread.html.twig @@ -53,15 +53,16 @@ Page: {{ links_to_pages|raw }}
    		•  {% if is_moderator %} {% if post.first_post != post.id %} - + {{ include('forum.remove_post.html.twig') }} {% else %} - + {{ include('forum.remove_post.html.twig') }} {% endif %} {% endif %} {% if logged and (post.player.getAccount().getId() == account_logged.getId() or is_moderator) %} - + + {% endif %} {% if logged %} diff --git a/system/templates/guilds.accept_invite.html.twig b/system/templates/guilds.accept_invite.html.twig index 0c2d0dc3..7a3acff5 100644 --- a/system/templates/guilds.accept_invite.html.twig +++ b/system/templates/guilds.accept_invite.html.twig @@ -7,12 +7,15 @@
    -
    + {{ csrf() }} + + + {% set i = 0 %} {% for player in invited_players %} - - {% set i = i + 1 %} + + {% set i = i + 1 %} {% endfor %} {{ include('buttons.submit.html.twig') }}
    diff --git a/system/templates/guilds.change_logo.html.twig b/system/templates/guilds.change_logo.html.twig index 13813e9b..5cdc8eda 100644 --- a/system/templates/guilds.change_logo.html.twig +++ b/system/templates/guilds.change_logo.html.twig @@ -8,7 +8,7 @@
    {{ csrf() }} - + Select new logo:
    diff --git a/system/templates/guilds.change_rank.html.twig b/system/templates/guilds.change_rank.html.twig index 13ad7cf4..bbeb4602 100644 --- a/system/templates/guilds.change_rank.html.twig +++ b/system/templates/guilds.change_rank.html.twig @@ -1,5 +1,6 @@ -
    + {{ csrf() }} + diff --git a/system/templates/guilds.create.html.twig b/system/templates/guilds.create.html.twig index c2326416..1f016567 100644 --- a/system/templates/guilds.create.html.twig +++ b/system/templates/guilds.create.html.twig @@ -1,5 +1,6 @@ - + {{ csrf() }} +
    Change Rank
    diff --git a/system/templates/guilds.delete_invite.html.twig b/system/templates/guilds.delete_invite.html.twig index 012f7d46..7367ccf2 100644 --- a/system/templates/guilds.delete_invite.html.twig +++ b/system/templates/guilds.delete_invite.html.twig @@ -7,9 +7,10 @@
    Create a {{ config.lua.serverName }} Guild
    diff --git a/system/templates/guilds.invite.html.twig b/system/templates/guilds.invite.html.twig index b0a35ac7..ee6af769 100644 --- a/system/templates/guilds.invite.html.twig +++ b/system/templates/guilds.invite.html.twig @@ -1,5 +1,6 @@ - + {{ csrf() }} + Invite player with name:       {{ include('buttons.submit.html.twig') }} diff --git a/system/templates/guilds.kick_player.html.twig b/system/templates/guilds.kick_player.html.twig index ded31cc8..521631c2 100644 --- a/system/templates/guilds.kick_player.html.twig +++ b/system/templates/guilds.kick_player.html.twig @@ -7,8 +7,9 @@
    - - {{ csrf() }} - {{ include('buttons.submit.html.twig') }} + + {{ csrf() }} + + {{ include('buttons.submit.html.twig') }}
    diff --git a/system/templates/guilds.leave_guild.html.twig b/system/templates/guilds.leave_guild.html.twig index 86642156..4d865cef 100644 --- a/system/templates/guilds.leave_guild.html.twig +++ b/system/templates/guilds.leave_guild.html.twig @@ -1,5 +1,6 @@ - + {{ csrf() }} +
    -
    + {{ csrf() }} + {{ include('buttons.submit.html.twig') }}
    diff --git a/system/templates/guilds.manager.html.twig b/system/templates/guilds.manager.html.twig index c932ce2b..adebdff2 100644 --- a/system/templates/guilds.manager.html.twig +++ b/system/templates/guilds.manager.html.twig @@ -101,7 +101,12 @@ Here you can change names of ranks, delete and add ranks, pass leadership to oth {% set i = 0 %} {% for rank in rank_list %} -
    Leave guild
    {{ rank.getId() }} // Delete Rank + {{ rank.getId() }} // + + {{ csrf() }} + + + diff --git a/templates/tibiacom/account.login.html.twig b/templates/tibiacom/account.login.html.twig index f406d0c1..505cb38a 100644 --- a/templates/tibiacom/account.login.html.twig +++ b/templates/tibiacom/account.login.html.twig @@ -1,8 +1,11 @@ {{ hook('HOOK_ACCOUNT_LOGIN_BEFORE_PAGE') }} -
    + + {{ csrf() }} + {% if redirect is not null %} {% endif %} +