Sky/Dragon-Knight
Sky/Dragon-Knight
1
0
Fork 0
Code Issues Pull Requests Activity

v1.1.8

Browse Source 
### 1.1.8 (2.6.2005) ###
- Added extra security to prevent SQL injection exploits.
- admin.php is now in the game root directory rather than the /admin/
sub.
This commit is contained in:
Jamin Blount 2017-02-05 11:08:10 -06:00
parent 34747b3c19
commit 6ccb346ee9
2 changed files with 23 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
admin/admin.php → admin.php
View File

@ -1,7 +1,7 @@
<?php // admin.php :: primary administration script.
include('../lib.php');
include('../cookies.php');
include('lib.php');
include('cookies.php');
$link = opendb();
$userrow = checkcookies();
if ($userrow == false) { die("Please log in to the <a href=\"../login.php?do=login\">game</a> before using the control panel."); }

23
lib.php
View File

@ -2,9 +2,28 @@
$starttime = getmicrotime();
$numqueries = 0;
$version = "1.1.7";
$version = "1.1.8";
$build = "";
// Handling for servers with magic_quotes turned on.
// Example from php.net.
if (get_magic_quotes_gpc()) {
function stripslashes_deep($value)
{
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);
return $value;
}
$_POST = array_map('stripslashes_deep', $_POST);
$_GET = array_map('stripslashes_deep', $_GET);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
}
foreach($_POST as $a=>$b) { $_POST[$a] = addslashes($b); }
foreach($_GET as $a=>$b) { $_GET[$a] = addslashes($b); }
function opendb() { // Open database connection.
include('config.php');
@ -159,7 +178,7 @@ function display($content, $title, $topnav=true, $leftnav=true, $rightnav=true,
if ($userrow["longitude"] < 0) { $userrow["longitude"] = $userrow["longitude"] * -1 . "W"; } else { $userrow["longitude"] .= "E"; }
$userrow["experience"] = number_format($userrow["experience"]);
$userrow["gold"] = number_format($userrow["gold"]);
if ($userrow["authlevel"] == 1) { $userrow["adminlink"] = "<a href=\"admin/admin.php\">Admin</a><br />"; } else { $userrow["adminlink"] = ""; }
if ($userrow["authlevel"] == 1) { $userrow["adminlink"] = "<a href=\"admin.php\">Admin</a><br />"; } else { $userrow["adminlink"] = ""; }
// HP/MP/TP bars.
$stathp = ceil($userrow["currenthp"] / $userrow["maxhp"] * 100);