Skip to content

Commit

Permalink
zorg Code v4.9.0
Browse files Browse the repository at this point in the history 
Merge pull request #74 from zorgch/develop
  • Loading branch information
@oliveratgithub
oliveratgithub authored Jan 11, 2024
2 parents 9dc8720 + b2ef088 commit 6812576
Show file tree
Hide file tree
Showing 91 changed files with 3,739 additions and 4,432 deletions.
2 changes: 1 addition & 1 deletion cron/tag.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@

error_log(sprintf('[%s] [NOTICE] <%s> Try including files...', date('d.m.Y H:i:s',time()), __FILE__));
define('SITE_ROOT', $wwwroot); // Define own SITE_ROOT before loading general zConfigs
require_once( SITE_ROOT.'/includes/config.inc.php');
(!require_once( SITE_ROOT.'/includes/config.inc.php')) ?? error_log(sprintf('[%s] [ERROR] <%s> Including %s failed', date('d.m.Y H:i:s',time()), __FILE__, SITE_ROOT.'/includes/config.inc.php'));
include_once( INCLUDES_DIR.'addle.inc.php');
include_once( INCLUDES_DIR.'hz_game.inc.php');
include_once( INCLUDES_DIR.'peter.inc.php');
Expand Down
154 changes: 83 additions & 71 deletions www/actions/chess.php
View file
Original file line number Diff line number Diff line change
@@ -1,102 +1,114 @@
<?php
/**
* Chess game actions
*
* @package zorg\Games\Chess
*/

/**
* File includes
*/
require_once dirname(__FILE__).'/../includes/main.inc.php';
require_once __DIR__.'/../includes/config.inc.php';
include_once INCLUDES_DIR.'chess.inc.php';

/** move */
if (isset($_GET['game']) && $_GET['game'] > 0 && isset($_GET['from']) && isset($_GET['to']))
/** Input validation and sanitization */
$doAction = filter_input(INPUT_GET, 'do', FILTER_DEFAULT, FILTER_REQUIRE_SCALAR) ?? null; // $_GET['do']
$gameId = filter_input(INPUT_GET, 'game', FILTER_VALIDATE_INT) ?? 0; // $_GET['game']
$fromField = filter_input(INPUT_GET, 'from', FILTER_DEFAULT, FILTER_REQUIRE_SCALAR) ?? null; // $_GET['from']
$toField = filter_input(INPUT_GET, 'to', FILTER_DEFAULT, FILTER_REQUIRE_SCALAR) ?? null; // $_GET['to']
$viewForm = filter_input(INPUT_POST, 'formid', FILTER_DEFAULT, FILTER_REQUIRE_SCALAR) ?? null; // $_POST['formid']
$userId = filter_input(INPUT_POST, 'user', FILTER_VALIDATE_INT) ?? null; // $_POST['user']

if (isset($gameId) && $gameId > 0)
{
$e = $db->query('SELECT *, IF(white=next_turn, "w", "b") player
FROM chess_games
WHERE id='.$_GET['game'].' AND next_turn='.$user->id,
__FILE__, __LINE__, 'move');
$d = $db->fetch($e);
/** move */
if (!empty($fromField) && !empty($toField))
{
$e = $db->query('SELECT *, IF(white=next_turn, "w", "b") player FROM chess_games WHERE id=? AND next_turn=?',
__FILE__, __LINE__, 'move', [$gameId, $user->id]);
$d = $db->fetch($e);


if ($d && Chess::is_valid_position($_GET['from']) && Chess::is_valid_position($_GET['to'])
&& Chess::do_move($d['id'], $d['player'], $_GET['from'], $_GET['to'])
) {
unset($_GET['from']);
unset($_GET['to']);
header('Location: /?'.url_params());
}else{
echo "Invalid chess move: <br /> game = ".$_GET['game']." <br /> from = ".$_GET['from']." <br /> to = ".$_GET['to'];

if ($d && $chess->is_valid_position($fromField) && $chess->is_valid_position($toField)
&& $chess->do_move($d['id'], $d['player'], $fromField, $toField)
) {
unset($_GET['from']);
unset($_GET['to']);
header('Location: /?'.url_params());
}else{
echo "Invalid chess move: <br /> game = ".$gameId." <br /> from = ".$fromField." <br /> to = ".$toField;
}
exit;
}
}

/** offer remis */
if (isset($_GET['game']) && $_GET['game'] > 0 && isset($_GET['do']) && $_GET['do'] == 'offer_remis')
{
$e = $db->query('SELECT * FROM chess_games WHERE id='.$_GET['game'].' AND next_turn='.$user->id, __FILE__, __LINE__, 'offer remis');
$d = $db->fetch($e);
if ($d) {
Chess::do_offer_remis($_GET['game']);
unset($_GET['do']);
header("Location: /?".url_params());
}else{
echo "'offer remis' is not allowed.";
/** offer remis */
if ($doAction === 'offer_remis')
{
$e = $db->query('SELECT * FROM chess_games WHERE id=? AND next_turn=?', __FILE__, __LINE__, 'offer remis', [$gameId, $user->id]);
$d = $db->fetch($e);
if ($d) {
$chess->do_offer_remis($gameId);

unset($_GET['do']);
header("Location: /?".url_params());
}else{
echo "'offer remis' is not allowed.";
}
exit;
}
}

/** accept remis */
if (isset($_GET['game']) && $_GET['game'] > 0 && isset($_GET['do']) && $_GET['do'] == 'accept_remis')
{
$e = $db->query('SELECT *
FROM chess_games
WHERE id='.$_GET['game'].' AND (white='.$user->id.' OR black='.$user->id.') AND next_turn!='.$user->id.' AND offering_remis="1"',
__FILE__, __LINE__, 'accept remis');
$d = $db->fetch($e);
if ($d) {
Chess::do_remis($_GET['game']);
unset($_GET['do']);
header("Location: /?".url_params());
}else{
echo "'accept remis' is not allowed.";
/** accept remis */
if ($doAction === 'accept_remis')
{
$e = $db->query('SELECT * FROM chess_games WHERE id=? AND (white=? OR black=?) AND next_turn!=? AND offering_remis="1"',
__FILE__, __LINE__, 'accept remis', [$gameId, $user->id, $user->id, $user->id]);
$d = $db->fetch($e);
if ($d) {
$chess->do_remis($gameId);

unset($_GET['do']);
header("Location: /?".url_params());
}else{
echo "'accept remis' is not allowed.";
}
exit;
}
}

/** deny remis */
if (isset($_GET['game']) && $_GET['game'] > 0 && isset($_GET['do']) && $_GET['do'] == 'deny_remis')
{
$e = $db->query('SELECT *
FROM chess_games
WHERE id='.$_GET['game'].' AND (white='.$user->id.' OR black='.$user->id.') AND next_turn!='.$user->id.' AND offering_remis="1"',
__FILE__, __LINE__, 'deny remis');
$d = $db->fetch($e);
if ($d) {
Chess::deny_remis($_GET['game']);
header("Location: /?".url_params());
}else{
echo "'deny remis' is not allowed";
/** deny remis */
if ($doAction === 'deny_remis')
{
$e = $db->query('SELECT * FROM chess_games WHERE id=? AND (white=? OR black=?) AND next_turn!=? AND offering_remis="1"',
__FILE__, __LINE__, 'deny remis', [$gameId, $user->id, $user->id, $user->id]);
$d = $db->fetch($e);
if ($d) {
$chess->deny_remis($gameId);

unset($_GET['do']);
header("Location: /?".url_params());
}else{
echo "'deny remis' is not allowed";
}
exit;
}

/** aufgeben */
if ($doAction === 'aufgeben')
{
$chess->aufgabe($gameId);

unset($_GET['do']);
header("Location: /tpl/141?".url_params());
exit;
}
}

/** start new game */
if (isset($_POST['formid']) && $_POST['formid'] == 'chess_start')
elseif ($viewForm === 'chess_start')
{
if (Chess::new_game($_POST['user'])) {
if ($chess->new_game($userId)) {
header("Location: /?tpl=139");
}else{
echo "invalid chess_start: <br /> user = ".$_POST['user'];
exit;
echo "invalid chess_start: <br /> user = ".$userId;
}
}

/** aufgeben */
if (isset($_GET['game']) && $_GET['game'] > 0 && isset($_GET['do']) && $_GET['do'] == 'aufgeben')
{
Chess::aufgabe($_GET['game']);

unset($_GET['do']);
header("Location: /tpl/141?".url_params());
exit;
}
11 changes: 6 additions & 5 deletions www/actions/comment_gotolastunread.php
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
<?php
require_once dirname(__FILE__).'/../includes/main.inc.php';
require_once __DIR__.'/../includes/config.inc.php';
require_once INCLUDES_DIR.'forum.inc.php';

if(Forum::getNumunreadposts($user->id) > 0) {
if(Forum::getNumunreadposts($user->id) > 0) {
header("Location: ".Forum::getUnreadLink());
die();
exit();
} else {
header("Location: ../index.php?".session_name()."=".session_id());
die();
header("Location: /index.php");
exit();
}
42 changes: 27 additions & 15 deletions www/actions/commenting.php
View file
Original file line number Diff line number Diff line change
@@ -1,33 +1,45 @@
<?php
/**
* Commenting Actions
*
* @package zorg\Forum
*/

/**
* File Includes
*/
require_once dirname(__FILE__).'/../includes/main.inc.php';
require_once __DIR__.'/../includes/config.inc.php';
require_once INCLUDES_DIR.'mysql.inc.php';
require_once INCLUDES_DIR.'usersystem.inc.php';

/** Input validation & sanitization */
$doAction = filter_input(INPUT_GET, 'do', FILTER_DEFAULT, FILTER_REQUIRE_SCALAR) ?? null; // $_GET['do']
$comment = filter_input(INPUT_GET, 'comment_id', FILTER_VALIDATE_INT) ?? 0; // $_GET['comment_id']
$board = filter_input(INPUT_GET, 'board', FILTER_DEFAULT, FILTER_REQUIRE_SCALAR) ?? null; // $_GET['board']
$redirect = base64url_decode(filter_input(INPUT_GET, 'url', FILTER_DEFAULT, FILTER_REQUIRE_SCALAR)) ?? null; // $_GET['url']

if (!$user->is_loggedin()) {
http_response_code(403); // Set response code 403 (Access denied)
user_error('Access denied', E_USER_ERROR);
}
if(empty($comment) || $comment <= 0) {
http_response_code(404); // Set response code 404 (Not found)
user_error('Invalid comment: '.$comment, E_USER_ERROR);
}

/** Subscribe */
if(isset($_GET['do']) && $_GET['do'] == 'subscribe')
if($doAction === 'subscribe')
{
$sql = 'INSERT INTO comments_subscriptions (board, comment_id, user_id)
VALUES("'.$_GET['board'].'", '.$_GET['comment_id'].', '.$user->id.')';
$db->query($sql, __FILE__, __LINE__, 'Commenting subscribe');

header("Location: ".base64url_decode($_GET['url']));
exit;
$sql = 'INSERT INTO comments_subscriptions (board, comment_id, user_id) VALUES(?, ?, ?)';
$db->query($sql, __FILE__, __LINE__, 'Commenting subscribe', [$board, $comment, $user->id]);
}

/** Unsubscribe */
if(isset($_GET['do']) && $_GET['do'] == 'unsubscribe')
elseif($doAction === 'unsubscribe' && $user->is_loggedin())
{
$sql = 'DELETE FROM comments_subscriptions
WHERE board = "'.$_GET['board'].'" AND comment_id = '.$_GET['comment_id'].' AND user_id = '.$user->id;
$db->query($sql, __FILE__, __LINE__, 'Commenting unsubscribe');

header("Location: ".base64url_decode($_GET['url']));
exit;
$sql = 'DELETE FROM comments_subscriptions WHERE board=? AND comment_id=? AND user_id=?';
$db->query($sql, __FILE__, __LINE__, 'Commenting unsubscribe', [$board, $comment, $user->id]);
}

header("Location: ".$redirect);
exit;
51 changes: 32 additions & 19 deletions www/actions/error_action.php
View file
Original file line number Diff line number Diff line change
@@ -1,39 +1,52 @@
<?php
require_once dirname(__FILE__).'/../includes/main.inc.php';
require_once __DIR__.'/../includes/config.inc.php';
require_once INCLUDES_DIR.'mysql.inc.php';
require_once INCLUDES_DIR.'usersystem.inc.php';

if(count($_POST) > 0)
if($user->is_loggedin() && count($_POST) > 0)
{
/** Input validation & sanitization */
$errorId = filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT) ?? null; // $_GET['id']
$tplId = filter_input(INPUT_GET, 'tpl', FILTER_VALIDATE_INT) ?? null; // $_GET['tpl']
$doDelete = filter_input(INPUT_POST, 'del', FILTER_DEFAULT, FILTER_REQUIRE_SCALAR) ?? null; // $_POST['del']
$showQuery = filter_input(INPUT_POST, 'query', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? 0; // $_POST['query']
$del_ids = filter_input(INPUT_POST, 'to_del', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY) ?? []; // $_POST['to_del']
$showNum = filter_input(INPUT_POST, 'num', FILTER_VALIDATE_INT) ?? 0; // $_POST['num']
$urlParams = '';

/** Delete SQL-Error */
if($_POST['del'] && !empty($_GET['id']))
if($doDelete === 'delete' && $errorId>0)
{
$sql_del = 'DELETE FROM sql_error WHERE id='.$_GET['id'];
$db->query($sql_del, __FILE__, __LINE__, 'Delete SQL-Error');
header('Location: /tpl/'.$_GET['tpl']);
die();
$sql_del = 'DELETE FROM sql_error WHERE id=?';
$db->query($sql_del, __FILE__, __LINE__, 'Delete SQL-Error', [$errorId]);
}

/** Show Query details */
if($_POST['query'])
if(!empty($showQuery))
{
header('Location: /tpl/'.$_GET['tpl'].'&id='.$_GET['id'].'&query='.base64url_encode($_POST['query']));
die();
$urlParams = '?id='.$errorId.'&query='.base64url_encode($showQuery);
}

/** Delete multiple SQL-Errors */
if(count($_POST['to_del']) > 0)
if(count($del_ids) > 0 && $user->type >= USER_MEMBER)
{
$del_ids = implode(',', $_POST['to_del']);
$sql = 'DELETE FROM sql_error WHERE id IN ('.$del_ids.')';
$db->query($sql, __FILE__, __LINE__, 'Delete multiple SQL-Errors');
header('Location: /tpl/'.$_GET['tpl']);
die();
$placeholders = implode(',', array_fill(0, count($del_ids), '?'));
$sql = 'DELETE FROM sql_error WHERE id IN (' . $placeholders . ')';
$params = array_map('intval', $del_ids); // $del_ids must be integers
$db->query($sql, __FILE__, __LINE__, 'Delete multiple SQL-Errors', $params);
}

/** Change displayed number of SQL-Error */
if($_POST['num'])
if($showNum > 0)
{
$_SESSION['error_num'] = $_POST['num'];
header('Location: /tpl/'.$_GET['tpl'].'?error_num='.$_POST['num']);
die();
$urlParams = '?error_num='.$showNum;
}

header('Location: /tpl/'.$tplId.$urlParams);
exit;
}
else {
http_response_code(403); // Set response code 403 (Access denied)
user_error('Access denied', E_USER_ERROR);
}
Loading

0 comments on commit 6812576

Please sign in to comment.