v1.1.10

### 1.1.10 (3.13.2005) ###
### Thanks to Gary13579. :)
- Fixed a security error.
- Added verified/banned checking in the built-in forum.

cookies.php

@@ -15,7 +15,7 @@ function checkcookies() {
         if (mysql_num_rows($query) != 1) { die("Invalid cookie data (Error 1). Please clear cookies and log in again."); }
         $row = mysql_fetch_array($query);
         if ($row["id"] != $theuser[0]) { die("Invalid cookie data (Error 2). Please clear cookies and log in again."); }
-        if (md5($row["password"] . "--" . $dbsettings["secretword"]) != $theuser[2]) { die("Invalid cookie data (Error 3). Please clear cookies and log in again."); }
+        if (md5($row["password"] . "--" . $dbsettings["secretword"]) !== $theuser[2]) { die("Invalid cookie data (Error 3). Please clear cookies and log in again."); }
         
         // If we've gotten this far, cookie should be valid, so write a new one.
         $newcookie = implode(" ",$theuser);

forum.php

@@ -8,7 +8,12 @@ if ($userrow == false) { display("The forum is for registered players only.", "F
 $controlquery = doquery("SELECT * FROM {{table}} WHERE id='1' LIMIT 1", "control");
 $controlrow = mysql_fetch_array($controlquery);
 
+// Close game.
 if ($controlrow["gameopen"] == 0) { display("The game is currently closed for maintanence. Please check back later.","Game Closed"); die(); }
+// Force verify if the user isn't verified yet.
+if ($controlrow["verifyemail"] == 1 && $userrow["verify"] != 1) { header("Location: users.php?do=verify"); die(); }
+// Block user if he/she has been banned.
+if ($userrow["authlevel"] == 2) { die("Your account has been blocked. Please try back later."); }
 
 if (isset($_GET["do"])) {
 	$do = explode(":",$_GET["do"]);

lib.php

@@ -2,7 +2,7 @@
 
 $starttime = getmicrotime();
 $numqueries = 0;
-$version = "1.1.9";
+$version = "1.1.10";
 $build = "";
 
 // Handling for servers with magic_quotes turned on.