tatar قاهر مجاهد
المساهمات : 24 تاريخ التسجيل : 03/05/2017 الموقع : http://www.r8h.org
| موضوع: جميع ثغرات حرب التتار سدها الجمعة مايو 05, 2017 2:58 pm | |
| سد ثغره تخريب الإحصائيات
ارجوا من الله ان يكون يعمل بكل كفائه
يوضع في ملف register.php - الكود:
-
<?php /*********************/ /* */ /* Version : 5.1.0 */ /* Author : RM */ /* Comment : 071223 */ /* */ /*********************/ require( ".".DIRECTORY_SEPARATOR."app".DIRECTORY_SEPARATOR."boot.php" ); require_once( MODEL_PATH."register.php" );
class GPage extends gamepage {
public $err = array ( 0 => "", 1 => "", 2 => "", 3 => "" ); public $success = NULL; public $SNdata = NULL; public $UserID = 0;
public function GPage( ) { parent::gamepage( ); $this->viewFile = "register.phtml"; $this->contentCssClass = "signup"; }
public function load( ) { parent::load( ); $this->SNdata = 0; $this->success = FALSE; if ( $this->isPost( ) ) { if ( $this->globalModel->isGameOver( ) ) { $this->redirect( "over.php" ); } else { $name = trim( $_POST['name'] ); $email = trim( $_POST['email'] ); $pwd = trim( $_POST['pwd'] ); $this->err[0] = strlen( $name ) < 3 ? register_player_txt_notless3 : ""; if ( $this->err[0] == "" ) { $this->err[0] = preg_match( "/[:,\\. \\n\\r\\t\\s]+/", $name ) ? register_player_txt_invalidchar : ""; } if ( $name == "[ally]" || $name == "[<>]" || $name == "<script>" || $name == "<script>" || $name == "<script>" || $name == "[[]]" || $name == "[xxx]" || $name == "admin" || $name == "administrator" || $name == "مدير" || $name == "تتار" || $name == "التتار" || $name == "دعم" || $name == "الدعم" || $name == $this->appConfig['system']['adminName'] || $name == tatar_tribe_player ) { $this->err[0] = register_player_txt_reserved; } $this->err[1] = !preg_match( "/^[^@]+@[a-zA-Z0-9._-]+\\.[a-zA-Z]+\$/", $email ) ? register_player_txt_invalidemail : ""; $this->err[2] = strlen( $pwd ) < 4 ? register_player_txt_notless4 : ""; $this->err[3] = !isset( $_POST['tid'] ) || $_POST['tid'] != 1 && $_POST['tid'] != 2 && $_POST['tid'] != 3 && $_POST['tid'] != 6 && $_POST['tid'] != 7 ? "<li>".register_player_txt_choosetribe."</li>" : ""; $this->err[3] .= !isset( $_POST['kid'] ) || !is_numeric( $_POST['kid'] ) || $_POST['kid'] < 0 || 4 < $_POST['kid'] ? "<li>".register_player_txt_choosestart."</li>" : ""; if ( 0 < strlen( $this->err[0] ) || 0 < strlen( $this->err[1] ) || 0 < strlen( $this->err[2] ) || 0 < strlen( $this->err[3] ) ) { return; } $m = new RegisterModel( ); $this->err[0] = $m->isPlayerNameExists( $name ) ? register_player_txt_usedname : ""; $this->err[1] = $m->isPlayerEmailExists( $email ) ? register_player_txt_usedemail : ""; if ( 0 < strlen( $this->err[0] ) || 0 < strlen( $this->err[1] ) ) { $m->dispose( ); } else { $villageName = new_village_name_prefix." ".$name; #removed 'PLAYERTYPE_NORMAL' right after map_size thing. Dunno why it doesnt make him player_type = 1 but owke. $result = $m->createNewPlayer( $name, $email, $pwd, $_POST['tid'], $_POST['kid'], $villageName, $this->setupMetadata['map_size'], 1, 1, $this->SNdata ); if ( $result['hasErrors'] ) { $this->err[3] = register_player_txt_fullserver; $m->dispose( ); } else { $m->dispose( ); $link = WebHelper::getbaseurl( )."activate.php?id=".$result['activationCode']; $to = $email; $from = $this->appConfig['system']['email']; $subject = register_player_txt_regmail_sub; $message = sprintf( register_player_txt_regmail_body, $name, $name, $pwd, $link, $link ); WebHelper::sendmail( $to, $from, $subject, $message ); $this->success = TRUE; } } } } }
}
$p = new GPage( ); $p->run( ); ?> حل ثغـرة البناء رابط تحميل الملف
السلام عليكم ورحمة الله وبركاته
حصريا حل ثغرة البناء بكود من القرصان
تقوم بالدخول على ملف mywidgets.php الموجود داخل مجلد app
تقوم بالبحث عن - الكود:
-
$canAddTask = FALSE;
ثم تقوم باضافة هذا الكود تحته مباشرة
- الكود:
-
if(!$this->data['is_capital'] && ($_GET['id'] < 19) && ($this->buildings[$_GET['id']]['level'] == 10)){ return; }
ثغرة v2v.php
قم باستبدال كامل الملف v2v.php بالكود التالي وقم برفعه للسيرفر
- الكود:
-
<?php require '.' . DIRECTORY_SEPARATOR . 'app' . DIRECTORY_SEPARATOR . 'boot.php'; require_once MODEL_PATH . 'v2v.php'; require_once MODEL_PATH . 'build.php'; class GPage extends VillagePage { var $pageState = null; var $targetVillage = array ('x' => NULL, 'y' => NULL); var $troops = null; var $disableFirstTwoAttack = FALSE; var $attackWithCatapult = FALSE; var $transferType = 2; var $errorTable = array (); var $newVillageResources = array (1 => 750, 2 => 750, 3 => 750, 4 => 750); var $rallyPointLevel = 0; var $totalCatapultTroopsCount = 0; var $catapultCanAttackLastIndex = 0; var $availableCatapultTargetsString = ''; var $catapultCanAttack = array (0 => 0, 1 => 10, 2 => 11, 3 => 9, 4 => 6, 5 => 2, 6 => 4, 7 => 8, 8 => 7, 9 => 3, 10 => 5, 11 => 1, 12 => 22, 13 => 13, 14 => 19, 15 => 12, 16 => 35, 17 => 18, 18 => 29, 19 => 30, 20 => 37, 21 => 41, 22 => 15, 23 => 17, 24 => 26, 25 => 16, 26 => 25, 27 => 20, 28 => 14, 29 => 24, 30 => 28, 31 => 40, 32 => 21); var $onlyOneSpyAction = FALSE; var $backTroopsProperty = array (); function GPage () { parent::villagepage (); $this->viewFile = 'v2v.phtml'; $this->contentCssClass = 'a2b'; } function onLoadBuildings ($building) { if (($building['item_id'] == 16 AND $this->rallyPointLevel < $building['level'])) { $this->rallyPointLevel = $building['level']; } } function load () { parent::load (); if ($this->rallyPointLevel <= 0) { $this->redirect ('build.php?id=39'); return null; } if (((isset ($_GET['d1']) OR isset ($_GET['d2'])) OR isset ($_GET['d3']))) { $this->pageState = 3; $this->handleTroopBack (); return null; } $m = new WarModel (); $this->pageState = 1; $map_size = $this->setupMetadata['map_size']; $half_map_size = floor ($map_size / 2); $this->hasHero = $this->data['hero_in_village_id'] == $this->data['selected_village_id']; $t_arr = explode ('|', $this->data['troops_num']); foreach ($t_arr as $t_str) { $t2_arr = explode (':', $t_str); if ($t2_arr[0] == 0 - 1) { $t2_arr = explode (',', $t2_arr[1]); foreach ($t2_arr as $t2_str) { $t = explode (' ', $t2_str); if ($t[0] == 99) { continue; } $this->troops[] = array ('troopId' => $t[0], 'number' => $t[1]); } continue; } } $attackOptions1 = ''; $sendTroops = FALSE; $playerData = NULL; $villageRow = NULL; if (!$this->isPost ()) { if ((isset ($_GET['id']) AND is_numeric ($_GET['id']))) { $vid = intval ($_GET['id']); if ($vid < 1) { $vid = 1; } $villageRow = $m->getVillageDataById ($vid); } } else { if (isset ($_POST['id'])) { $sendTroops = (!$this->isGameTransientStopped () AND !$this->isGameOver ()); $vid = intval ($_POST['id']); $villageRow = $m->getVillageDataById ($vid); } else { if ((isset ($_POST['dname']) AND trim ($_POST['dname']) != '')) { $villageRow = $m->getVillageDataByName (trim ($_POST['dname'])); } else { if ((((isset ($_POST['x']) AND isset ($_POST['y'])) AND trim ($_POST['x']) != '') AND trim ($_POST['y']) != '')) { $vid = $this->__getVillageId ($map_size, $this->__getCoordInRange ($map_size, intval ($_POST['x'])), $this->__getCoordInRange ($map_size, intval ($_POST['y']))); $villageRow = $m->getVillageDataById ($vid); } } } } if ($villageRow == NULL) { if ($this->isPost ()) { $this->errorTable = v2v_p_entervillagedata; } return null; } $this->disableFirstTwoAttack = (intval ($villageRow['player_id']) == 0 AND $villageRow['is_oasis']); $this->targetVillage['x'] = floor (($villageRow['id'] - 1) / $map_size); $this->targetVillage['y'] = $villageRow['id'] - ($this->targetVillage['x'] * $map_size + 1); if ($half_map_size < $this->targetVillage['x']) { $this->targetVillage['x'] -= $map_size; } if ($half_map_size < $this->targetVillage['y']) { $this->targetVillage['y'] -= $map_size; } if ($villageRow['id'] == $this->data['selected_village_id']) { return null; } if ((0 < intval ($villageRow['player_id']) AND $m->getPlayType ($villageRow['player_id']) == PLAYERTYPE_ADMIN)) { return null; } $spyOnly = FALSE; if ((!$villageRow['is_oasis'] AND intval ($villageRow['player_id']) == 0)) { $this->transferType = 1; $humanTroopId = 0; $renderTroops = array (); foreach ($this->troops as $troop) { $renderTroops[$troop['troopId']] = 0; if ((((((($troop['troopId'] == 10 OR $troop['troopId'] == 20) OR $troop['troopId'] == 30) OR $troop['troopId'] == 109) OR $troop['troopId'] == 60) OR $troop['troopId'] == 70) OR $troop['troopId'] == 80)) { $humanTroopId = $troop['troopId']; $renderTroops[$humanTroopId] = $troop['number']; if($renderTroops[$humanTroopId] >= 3) { $renderTroops[$humanTroopId] = 3; } continue; } } $canBuildNewVillage = (isset ($renderTroops[$humanTroopId]) AND 3 <= $renderTroops[$humanTroopId]); if ($canBuildNewVillage) { $count = (trim ($this->data['child_villages_id']) == '' ? 0 : sizeof (explode (',', $this->data['child_villages_id']))); if (1 < $count) { $this->errorTable = v2v_p_cannotbuildnewvill; return null; } if (!$this->_canBuildNewVillage ()) { $this->errorTable = v2v_p_cannotbuildnewvill1; return null; } if (!$this->isResourcesAvailable ($this->newVillageResources)) { $this->errorTable = sprintf (v2v_p_cannotbuildnewvill2, $this->newVillageResources['1']); return null; } if ($m->hasNewVillageTask ($this->player->playerId)) { $this->errorTable = v2v_p_cannotbuildnewvill3; return null; } } else { $this->errorTable = v2v_p_cannotbuildnewvill4; return null; } $this->pageState = 2; } else { if ($this->isPost ()) { if ((!$villageRow['is_oasis'] AND intval ($villageRow['player_id']) == 0)) { $this->errorTable = v2v_p_novillagehere; return null; } if (((!isset ($_POST['c']) OR intval ($_POST['c']) < 1) OR 4 < intval ($_POST['c']))) { return null; } $this->transferType = ($this->disableFirstTwoAttack ? 4 : intval ($_POST['c'])); if (0 < intval ($villageRow['player_id'])) { $playerData = $m->getPlayerDataById (intval ($villageRow['player_id'])); if ($playerData['is_blocked']) { $this->errorTable = v2v_p_playerwas_blocked; return null; } if (0 < $playerData['protection_remain_sec']) { if ( $this->player->playerId != $villageRow['player_id'] ) { $this->errorTable = v2v_p_playerwas_inprotectedperiod; return null; } } } $totalTroopsCount = 0; $totalSpyTroopsCount = 0; $this->totalCatapultTroopsCount = 0; $hasTroopsSelected = FALSE; $renderTroops = array (); if (isset ($_POST['t'])) { foreach ($this->troops as $troop) { $num = 0; if ((isset ($_POST['t'][$troop['troopId']]) AND 0 < intval ($_POST['t'][$troop['troopId']]))) { if(preg_match('/^[+-]?[0-9]+$/', $_POST['t'][$troop['troopId']]) == 0) { exit; } $num = ($troop['number'] < $_POST['t'][$troop['troopId']] ? $troop['number'] : intval ($_POST['t'][$troop['troopId']])); } $renderTroops[$troop['troopId']] = $num; $totalTroopsCount += $num; if (0 < $num) { $hasTroopsSelected = TRUE; } if ((((((($troop['troopId'] == 4 OR $troop['troopId'] == 14) OR $troop['troopId'] == 23) OR $troop['troopId'] == 103) OR $troop['troopId'] == 54) OR $troop['troopId'] == 64) OR $troop['troopId'] == 74)) { $totalSpyTroopsCount += $num; continue; } else { if ((((((($troop['troopId'] == 8 OR $troop['troopId'] == 18) OR $troop['troopId'] == 28) OR $troop['troopId'] == 107) OR $troop['troopId'] == 58) OR $troop['troopId'] == 68) OR $troop['troopId'] == 78)) { $this->totalCatapultTroopsCount = $num; //+= 'totalCatapultTroopsCount'; //= $num; continue; } continue; } } } if ((($this->hasHero AND isset ($_POST['_t'])) AND intval ($_POST['_t']) == 1)) { $hasTroopsSelected = TRUE; $totalTroopsCount += 1; } $spyOnly = (($totalSpyTroopsCount == $totalTroopsCount AND ($this->transferType == 3 OR $this->transferType == 4)) AND 0 < intval ($villageRow['player_id'])); if ($spyOnly) { $this->onlyOneSpyAction = $villageRow['is_oasis']; } $this->attackWithCatapult = (((0 < $this->totalCatapultTroopsCount AND $this->transferType == 3) AND 0 < intval ($villageRow['player_id'])) AND !$villageRow['is_oasis']); if ($this->attackWithCatapult) { if (10 <= $this->rallyPointLevel) { $this->catapultCanAttackLastIndex = sizeof ($this->catapultCanAttack) - 1; } else { if (5 <= $this->rallyPointLevel) { $this->catapultCanAttackLastIndex = 11; } else { if (3 <= $this->rallyPointLevel) { $this->catapultCanAttackLastIndex = 2; } else { $this->catapultCanAttackLastIndex = 0; } } } $attackOptions1 = ((isset ($_POST['dtg']) AND $this->_containBuildingTarget ($_POST['dtg'])) ? intval ($_POST['dtg']) : 0); if (($this->rallyPointLevel == 20 AND 20 <= $this->totalCatapultTroopsCount)) { $attackOptions1 = '2:' . ($attackOptions1 . ' ' . ((isset ($_POST['dtg1']) AND $this->_containBuildingTarget ($_POST['dtg1'])) ? intval ($_POST['dtg1']) : 0)); } else { $attackOptions1 = '1:' . $attackOptions1; } $this->availableCatapultTargetsString = ''; $selectComboTargetOptions = ''; $i = 1; while ($i <= 9) { if ($this->_containBuildingTarget ($i)) { $selectComboTargetOptions .= sprintf ('<option value="%s">%s</option>', $i, constant ('item_' . $i)); } ++$i; } if ($selectComboTargetOptions != '') { $this->availableCatapultTargetsString .= '<optgroup label="' . v2v_p_catapult_grp1 . '">' . $selectComboTargetOptions . '</optgroup>'; } $selectComboTargetOptions = ''; $i = 10; while ($i <= 28) { if ((((((((((($i == 10 OR $i == 11) OR $i == 15) OR $i == 17) OR $i == 18) OR $i == 24) OR $i == 25) OR $i == 26) OR $i == 28) OR $i == 38) OR $i == 39)) { if ($this->_containBuildingTarget ($i)) { $selectComboTargetOptions .= sprintf ('<option value="%s">%s</option>', $i, constant ('item_' . $i)); } } ++$i; } if ($selectComboTargetOptions != '') { $this->availableCatapultTargetsString .= '<optgroup label="' . v2v_p_catapult_grp2 . '">' . $selectComboTargetOptions . '</optgroup>'; } $selectComboTargetOptions = ''; $i = 12; while ($i <= 37) { if (((((((((($i == 12 OR $i == 13) OR $i == 14) OR $i == 16) OR $i == 19) OR $i == 20) OR $i == 21) OR $i == 22) OR $i == 35) OR $i == 37)) { if ($this->_containBuildingTarget ($i)) { $selectComboTargetOptions .= sprintf ('<option value="%s">%s</option>', $i, constant ('item_' . $i)); } } ++$i; } if ($selectComboTargetOptions != '') { $this->availableCatapultTargetsString .= '<optgroup label="' . v2v_p_catapult_grp3 . '">' . $selectComboTargetOptions . '</optgroup>'; } } if (!$hasTroopsSelected) { $this->errorTable = v2v_p_thereisnoattacktroops; return null; } $this->pageState = 2; } } if ($this->pageState == 2) { $this->targetVillage['transferType'] = ($this->transferType == 1 ? v2v_p_attacktyp1 : ($this->transferType == 2 ? v2v_p_attacktyp2 . ' ' : ($this->transferType == 3 ? v2v_p_attacktyp3 : ($this->transferType == 4 ? v2v_p_attacktyp4 : '')))); if ($villageRow['is_oasis']) { $this->targetVillage['villageName'] = ($playerData != NULL ? v2v_p_placetyp1 : v2v_p_placetyp2); } else { $this->targetVillage['villageName'] = ($playerData != NULL ? $villageRow['village_name'] : v2v_p_placetyp3); } $this->targetVillage['villageId'] = $villageRow['id']; $this->targetVillage['playerName'] = ($playerData != NULL ? $playerData['name'] : ($villageRow['is_oasis'] ? v2v_p_monster : '')); $this->targetVillage['playerId'] = ($playerData != NULL ? $playerData['id'] : 0); $this->targetVillage['troops'] = $renderTroops; $this->targetVillage['hasHero'] = (((1 < $this->transferType AND $this->hasHero) AND isset ($_POST['_t'])) AND intval ($_POST['_t']) == 1); $distance = WebHelper::getdistance ($this->data['rel_x'], $this->data['rel_y'], $this->targetVillage['x'], $this->targetVillage['y'], $this->setupMetadata['map_size'] / 2); $this->targetVillage['needed_time'] = intval ($distance / $this->_getTheSlowestTroopSpeed ($renderTroops) * 3600); $this->targetVillage['spy'] = $spyOnly; } if ($sendTroops) { $taskType = 0; switch ($this->transferType) { case 1: { $taskType = QS_CREATEVILLAGE; break; } case 2: { $taskType = QS_WAR_REINFORCE; break; } case 3: { $taskType = QS_WAR_ATTACK; break; } case 4: { $taskType = QS_WAR_ATTACK_PLUNDER; break; } default: { } } //return null; $spyAction = 0; if ($spyOnly) { $taskType = QS_WAR_ATTACK_SPY; $spyAction = ((isset ($_POST['spy']) AND (intval ($_POST['spy']) == 1 OR intval ($_POST['spy']) == 2)) ? intval ($_POST['spy']) : 1); if ($this->onlyOneSpyAction) { $spyAction = 1; } } $troopsStr = ''; foreach ($this->targetVillage['troops'] as $tid => $tnum) { if ($troopsStr != '') { $troopsStr .= ','; } $troopsStr .= $tid . ' ' . $tnum; } if ($this->targetVillage['hasHero']) { $troopsStr .= ',' . $this->data['hero_troop_id'] . ' -1'; } $catapultTargets = $attackOptions1; $carryResources = ($taskType == QS_CREATEVILLAGE ? implode (' ', $this->newVillageResources) : ''); $procParams = $troopsStr . '|' . ($this->targetVillage['hasHero'] ? 1 : 0) . '|' . $spyAction . '|' . $catapultTargets . '|' . $carryResources . '|||0'; $newTask = new QueueTask ($taskType, $this->player->playerId, $this->targetVillage['needed_time']); $newTask->villageId = $this->data['selected_village_id']; $newTask->toPlayerId = intval ($villageRow['player_id']); $newTask->toVillageId = $villageRow['id']; $newTask->procParams = $procParams; $newTask->tag = array ('troops' => $this->targetVillage['troops'], 'hasHero' => $this->targetVillage['hasHero'], 'resources' => ($taskType == QS_CREATEVILLAGE ? $this->newVillageResources : NULL)); $this->queueModel->addTask ($newTask); $m->dispose (); $this->redirect ('build.php?id=39'); //return null; } $m->dispose (); } function handleTroopBack () { $qstr = ''; $fromVillageId = 0; $toVillageId = 0; $action = 0; if (isset ($_GET['d1'])) { $action = 1; $qstr = 'd1=' . intval ($_GET['d1']); if (isset ($_GET['o'])) { $qstr .= '&o=' . intval ($_GET['o']); $fromVillageId = intval ($_GET['o']); } else { $fromVillageId = $this->data['selected_village_id']; } $toVillageId = intval ($_GET['d1']); } else { if (isset ($_GET['d2'])) { $action = 2; $qstr = 'd2=' . intval ($_GET['d2']); $fromVillageId = $this->data['selected_village_id']; $toVillageId = intval ($_GET['d2']); } else { if (isset ($_GET['d3'])) { $action = 3; $qstr = 'd3=' . intval ($_GET['d3']); $fromVillageId = intval ($_GET['d3']); $toVillageId = $this->data['selected_village_id']; } else { $this->redirect ('build.php?id=39'); //return null; } } } $this->backTroopsProperty['queryString'] = $qstr; $m = new WarModel (); $fromVillageData = $m->getVillageData2ById ($fromVillageId); $toVillageData = $m->getVillageData2ById ($toVillageId); if (($fromVillageData == NULL OR $toVillageData == NULL)) { $m->dispose (); $this->redirect ('build.php?id=39'); //return null; } $vid = $toVillageId; $_backTroopsStr = ''; $this->backTroopsProperty['headerText'] = v2v_p_backtroops; $this->backTroopsProperty['action1'] = '<a href="village3.php?id=' . $fromVillageData['id'] . '">' . $fromVillageData['village_name'] . '</a>'; $this->backTroopsProperty['action2'] = '<a href="profile.php?uid=' . $fromVillageData['player_id'] . '">' . v2v_p_troopsinvillagenow . '</a>'; $column1 = ''; $column2 = ''; if ($action == 1) { $_backTroopsStr = $fromVillageData['troops_num']; $column1 = 'troops_num'; $column2 = 'troops_out_num'; } else { if ($action == 2) { $this->backTroopsProperty['headerText'] = v2v_p_backcaptivitytroops; $_backTroopsStr = $fromVillageData['troops_intrap_num']; $column1 = 'troops_intrap_num'; $column2 = 'troops_out_intrap_num'; } else { if ($action == 3) { $_backTroopsStr = $toVillageData['troops_out_num']; $vid = $fromVillageId; $column1 = 'troops_num'; $column2 = 'troops_out_num'; } } } $this->backTroopsProperty['backTroops'] = $this->_getTroopsForVillage ($_backTroopsStr, $vid); if ($this->backTroopsProperty['backTroops'] == NULL) { $m->dispose (); $this->redirect ('build.php?id=39'); //return null; } $distance = WebHelper::getdistance ($fromVillageData['rel_x'], $fromVillageData['rel_y'], $toVillageData['rel_x'], $toVillageData['rel_y'], $this->setupMetadata['map_size'] / 2); if ($this->isPost ()) { $canSend = FALSE; $troopsGoBack = array (); foreach ($this->backTroopsProperty['backTroops']['troops'] as $tid => $tnum) { if ((isset ($_POST['t']) AND isset ($_POST['t'][$tid]))) { $selNum = intval ($_POST['t'][$tid]); if ($selNum < 0) { $selNum = 0; } if ($tnum < $selNum) { $selNum = $tnum; } $troopsGoBack[$tid] = $selNum; if (0 < $selNum) { $canSend = TRUE; continue; } continue; } else { $troopsGoBack[$tid] = 0; continue; } } $sendTroopsArray = array ('troops' => $troopsGoBack, 'hasHero' => FALSE, 'heroTroopId' => 0); $hasHeroTroop = (($this->backTroopsProperty['backTroops']['hasHero'] AND isset ($_POST['_t'])) AND intval ($_POST['_t']) == 1); if ($hasHeroTroop) { $sendTroopsArray['hasHero'] = TRUE; $sendTroopsArray['heroTroopId'] = $this->backTroopsProperty['backTroops']['heroTroopId']; $canSend = TRUE; } if (!$canSend) { $m->dispose (); $this->redirect ('build.php?id=39'); //return null; } if ((!$this->isGameTransientStopped () AND !$this->isGameOver ())) { $troops1 = $this->_getTroopsAfterReduction ($fromVillageData[$column1], $toVillageId, $sendTroopsArray); $troops2 = $this->_getTroopsAfterReduction ($toVillageData[$column2], $fromVillageId, $sendTroopsArray); $m->backTroopsFrom ($fromVillageId, $column1, $troops1, $toVillageId, $column2, $troops2); $timeInSeconds = intval ($distance / $this->_getTheSlowestTroopSpeed2 ($sendTroopsArray) * 3600); $procParams = $this->_getTroopAsString ($sendTroopsArray) . '|0||||||1'; $newTask = new QueueTask (QS_WAR_REINFORCE, intval ($fromVillageData['player_id']), $timeInSeconds); $newTask->villageId = $fromVillageId; $newTask->toPlayerId = intval ($toVillageData['player_id']); $newTask->toVillageId = $toVillageId; $newTask->procParams = $procParams; $newTask->tag = array ('troops' => NULL, 'hasHero' => FALSE, 'resources' => NULL, 'troopsCropConsume' => $this->_getTroopCropConsumption ($sendTroopsArray)); $this->queueModel->addTask ($newTask); $m->dispose (); $this->redirect ('build.php?id=39'); //return null; } } else { $this->backTroopsProperty['time'] = intval ($distance / $this->_getTheSlowestTroopSpeed2 ($this->backTroopsProperty['backTroops']) * 3600); } $m->dispose (); } function _getTroopCropConsumption ($troopsArray) { $GameMetadata = $GLOBALS['GameMetadata']; $consume = 0; foreach ($troopsArray['troops'] as $tid => $tnum) { $consume += $GameMetadata['troops'][$tid]['crop_consumption'] * $tnum; } if ($troopsArray['hasHero']) { $consume += $GameMetadata['troops'][$troopsArray['heroTroopId']]['crop_consumption']; } return $consume; } function _getTroopAsString ($troopsArray) { $str = ''; foreach ($troopsArray['troops'] as $tid => $num) { if ($str != '') { $str .= ','; } $str .= $tid . ' ' . $num; } if ($troopsArray['hasHero']) { if ($str != '') { $str .= ','; } $str .= $troopsArray['heroTroopId'] . ' -1'; } return $str; } function _getTroopsAfterReduction ($troopString, $targetVillageId, $sendTroopsArray) { if (trim ($troopString) == '') { return ''; } $reductionTroopsString = ''; $t_arr = explode ('|', $troopString); foreach ($t_arr as $t_str) { $t2_arr = explode (':', $t_str); if ($t2_arr[0] == $targetVillageId) { $completelyBacked = TRUE; $newTroopStr = ''; $t2_arr = explode (',', $t2_arr[1]); foreach ($t2_arr as $t2_str) { list ($tid, $tnum) = explode (' ', $t2_str); if ($tnum == 0 - 1) { if (!$sendTroopsArray['hasHero']) { if ($newTroopStr != '') { $newTroopStr .= ','; } $newTroopStr .= $tid . ' ' . $tnum; $completelyBacked = FALSE; continue; } continue; } else { if (isset ($sendTroopsArray['troops'][$tid])) { $n = $sendTroopsArray['troops'][$tid]; if ($n < 0) { $n = 0; } if ($tnum < $n) { $n = $tnum; } $tnum -= $n; if (0 < $tnum) { $completelyBacked = FALSE; } } if ($newTroopStr != '') { $newTroopStr .= ','; } $newTroopStr .= $tid . ' ' . $tnum; continue; } } if (!$completelyBacked) { if ($reductionTroopsString != '') { $reductionTroopsString .= '|'; } $reductionTroopsString .= $targetVillageId . ':' . $newTroopStr; continue; } continue; } else { if ($reductionTroopsString != '') { $reductionTroopsString .= '|'; } $reductionTroopsString .= $t_str; continue; } } return $reductionTroopsString; } function _getTroopsForVillage ($troopString, $villageId) { if (trim ($troopString) == '') { return 0 - 1; } $t_arr = explode ('|', $troopString); foreach ($t_arr as $t_str) { $t2_arr = explode (':', $t_str); if ($t2_arr[0] == $villageId) { $troopTable = array ('hasHero' => FALSE, 'heroTroopId' => 0, 'troops' => array ()); $t2_arr = explode (',', $t2_arr[1]); foreach ($t2_arr as $t2_str) { list ($tid, $tnum) = explode (' ', $t2_str); if ($tid == 99) { continue; } if ($tnum == 0 - 1) { $troopTable['heroTroopId'] = $tid; $troopTable['hasHero'] = TRUE; continue; } $troopTable['troops'][$tid] = $tnum; } return $troopTable; } } //return NULL; } function _getMaxBuildingLevel ($itemId) { $result = 0; foreach ($this->buildings as $villageBuild) { if (($villageBuild['item_id'] == $itemId AND $result < $villageBuild['level'])) { $result = $villageBuild['level']; continue; } } return $result; } function _getTheSlowestTroopSpeed2 ($troopsArray) { $minSpeed = 0 - 1; foreach ($troopsArray['troops'] as $tid => $num) { if (0 < $num) { $speed = $this->gameMetadata['troops'][$tid]['velocity']; if (($minSpeed == 0 - 1 OR $speed < $minSpeed)) { $minSpeed = $speed; continue; } continue; } } if ($troopsArray['hasHero']) { $htid = $troopsArray['heroTroopId']; $speed = $this->gameMetadata['troops'][$htid]['velocity']; if (($minSpeed == 0 - 1 OR $speed < $minSpeed)) { $minSpeed = $speed; } } $blvl = $this->_getMaxBuildingLevel (14); $factor = ($blvl == 0 ? 100 : $this->gameMetadata['items'][14]['levels'][$blvl - 1]['value']); $factor *= $this->gameMetadata['game_speed']; return $minSpeed * ($factor / 100); } function _getTheSlowestTroopSpeed ($troopsArray) { $minSpeed = 0 - 1; foreach ($troopsArray as $tid => $num) { if (0 < $num) { $speed = $this->gameMetadata['troops'][$tid]['velocity']; if (($minSpeed == 0 - 1 OR $speed < $minSpeed)) { $minSpeed = $speed; continue; } continue; } } if ((($this->hasHero AND isset ($_POST['_t'])) AND intval ($_POST['_t']) == 1)) { $htid = $this->data['hero_troop_id']; $speed = $this->gameMetadata['troops'][$htid]['velocity']; if (($minSpeed == 0 - 1 OR $speed < $minSpeed)) { $minSpeed = $speed; } } $blvl = $this->_getMaxBuildingLevel (14); $factor = ($blvl == 0 ? 100 : $this->gameMetadata['items'][14]['levels'][$blvl - 1]['value']); $factor *= $this->gameMetadata['game_speed']; return $minSpeed * ($factor / 100); } function _canBuildNewVillage () { $GameMetadata = $GLOBALS['GameMetadata']; $neededCpValue = $totalCpRate = $totalCpValue = 0; $m = new BuildModel (); $result = $m->getVillagesCp ($this->data['villages_id']); while ($result->next ()) { list ($cpValue, $cpRate) = explode (' ', $result->row['cp']); $cpValue += $result->row['elapsedTimeInSeconds'] * ($cpRate / 86400); $totalCpRate += $cpRate; $totalCpValue += $cpValue; $neededCpValue += intval ($this->gameMetadata['cp_for_new_village'] / $GameMetadata['game_speed']); } $totalCpRate = 0; $totalCpValue = 0; $m = new BuildModel (); foreach ( $this->playerVillages as $vid => $pvillage ) { $result = $m->getVillagesCp ($vid); while ($result->next ()) { $tempdata = explode(' ', $result->row['cp']); $totalCpValue += $tempdata[0]; $totalCpRate += $tempdata[1]; } } $totalCpRate = floor($totalCpRate); $totalCpValue = floor ($totalCpValue); $m->dispose (); return $neededCpValue <= $totalCpValue; } function __getCoordInRange ($map_size, $x) { if ($map_size <= $x) { $x -= $map_size; } else { if ($x < 0) { $x = $map_size + $x; } } return $x; } function __getVillageId ($map_size, $x, $y) { return $x * $map_size + ($y + 1); } function _containBuildingTarget ($item_id) { $i = 0; while ($i <= $this->catapultCanAttackLastIndex) { if ($this->catapultCanAttack[$i] == $item_id) { return TRUE; } ++$i; } return FALSE; } } $p = new GPage (); $p->run (); ?>
سد ثغره ملف password.php
فقط استبدل الملف بالملف الموجود وشكرا
- الكود:
-
<?php
class GPage extends gamepage {
public $pageState = -1; public $playerId = NULL;
public function GPage( ) { parent::gamepage( ); $this->viewFile = "password.phtml"; $this->contentCssClass = "activate"; }
public function load( ) { parent::load( ); $m = new PasswordModel( ); if ( $this->isPost( ) && isset( $_POST['id'] ) && isset( $_POST['email'] ) && is_numeric( $_POST['id'] ) ) { $playerId = intval( $_POST['id'] ); $email = $_POST['email']; $this->pageState = $m->isPlayerIdHasEmail( $playerId, $email ) ? 3 : 2; if ( $this->pageState == 3 ) { $name = $m->getPlayerName( $playerId ); $newPassword = substr( md5( dechex( $playerId * mt_rand( 10, 100 ) ) ), mt_rand( 1, 5 ), 7 ); $n = dechex( hexdec( $newPassword ) ^ hexdec( substr( md5( $name ), 2, 7 ) ) ); $link = WebHelper::getbaseurl( )."password.php?id=".$playerId."&n=".$n."&c=".substr( md5( dechex( $playerId ).$name."666" ), 7, 7 ); $to = $email; $from = $this->appConfig['system']['email']; $subject = forget_password_subject; $message = sprintf( forget_password_body, $name, $name, $newPassword, $link, $link ); WebHelper::sendmail( $to, $from, $subject, $message ); } } else if ( isset( $_GET['id'] ) && is_numeric( $_GET['id'] ) ) { $this->playerId = intval( $_GET['id'] ); $this->pageState = $m->isPlayerIdExists( $this->playerId ) ? 1 : 0 - 1; if ( isset( $_GET['n'] ) && trim( $_GET['n'] ) != "" && isset( $_GET['c'] ) ) { if ( $this->pageState == 1 ) { $name = $m->getPlayerName( $this->playerId ); if ( trim( $_GET['c'] ) == substr( md5( dechex( $this->playerId ).$name."666" ), 7, 7 ) ) { $newPassword = dechex( hexdec( $_GET['n'] ) ^ hexdec( substr( md5( $name ), 2, 7 ) ) ); $m->setPlayerPassword( $this->playerId, $newPassword ); $this->pageState = 4; } else { $this->pageState = 5; } } else { $this->pageState = 5; } } } $m->dispose( ); }
}
require( ".".DIRECTORY_SEPARATOR."app".DIRECTORY_SEPARATOR."boot.php" ); require_once( MODEL_PATH."password.php" ); $p = new GPage( ); $p->run( ); ?> | |
|