Query escaping and some formatting.

Author: page

admin/Default/account_close.php

@@ -1,21 +1,21 @@
 <?php
 $close = $_REQUEST['close'];
 if (isset($close)) {
-	
+
 	//get accs to close
 	$reason = $_REQUEST['reason'];
 	//never expire
 	$expire_time = 0;
 	$amount = 0;
 	foreach ($close as $key => $value) {
-		
+
 		$val = 'Match list:';
 		$val .= $value;
 		$bannedAccount =& SmrAccount::getAccount($key);
 		$bannedAccount->banAccount($expire_time,$account,2,$val);
 		$amount++;
 	}
-	
+
 }
 $first = $_REQUEST['first'];
 if (isset($first)) {
@@ -76,7 +76,7 @@
 		$reason = $suspicion[$id];
 		if (empty($reason) || $reason == '')
 			$reason = $suspicion2[$id];
-	    $db->query('SELECT * FROM account_is_closed WHERE account_id = '.$id);
+	    $db->query('SELECT * FROM account_is_closed WHERE account_id = '.$db->escapeNumber($id));
 	    if (!$db->getNumRows())
 	        $amount += 1;
 

admin/Default/account_edit.php

@@ -73,7 +73,7 @@
 
 if ($curr_account!==false) {
 	$editingPlayers = array();
-	$db->query('SELECT game_id FROM player WHERE account_id = ' . $curr_account->getAccountID() . ' ORDER BY game_id ASC');
+	$db->query('SELECT game_id FROM player WHERE account_id = ' . $db->escapeNumber($curr_account->getAccountID()) . ' ORDER BY game_id ASC');
 	while ($db->nextRecord()) {
 		$editingPlayers[] =& SmrPlayer::getPlayer($curr_account->getAccountID(), $db->getInt('game_id'));
 	}
@@ -89,9 +89,9 @@
 		$banReasons[$db->getInt('reason_id')] = $reason;
 	}
 	$template->assign('BanReasons', $banReasons);
-	
+
 	$closingHistory = array();
-	$db->query('SELECT * FROM account_has_closing_history WHERE account_id = ' . $curr_account->getAccountID() . ' ORDER BY time DESC');
+	$db->query('SELECT * FROM account_has_closing_history WHERE account_id = ' . $db->escapeNumber($curr_account->getAccountID()) . ' ORDER BY time DESC');
 	while ($db->nextRecord()) {
 		// if an admin did it we get his/her name
 		if ($admin_id > 0) {
@@ -114,7 +114,7 @@
 	}
 
 	$recentIPs = array();
-	$db->query('SELECT ip, time, host FROM account_has_ip WHERE account_id = ' . $curr_account->getAccountID() . ' ORDER BY time DESC');
+	$db->query('SELECT ip, time, host FROM account_has_ip WHERE account_id = ' . $db->escapeNumber($curr_account->getAccountID()) . ' ORDER BY time DESC');
 	while ($db->nextRecord()) {
 		$recentIPs[] = array(
 			'IP' => $db->getField('ip'),

admin/Default/account_edit_processing.php

@@ -23,7 +23,7 @@
 if (!empty($donation))
 {
 	// add entry to account donated table
-	$db->query('INSERT INTO account_donated (account_id, time, amount) VALUES ('.$account_id.', ' . TIME . ' , '.$donation.')');
+	$db->query('INSERT INTO account_donated (account_id, time, amount) VALUES ('.$db->escapeNumber($account_id).', ' . $db->escapeNumber(TIME) . ' , '.$db->escapeNumber($donation).')');
 
     // add the credits to the players account - if requested
     if (!empty($smr_credit))
@@ -80,7 +80,7 @@
 			$msg .= 'and ';
 		$msg .= 'mail banned ';
 	}
-	
+
 	if($points > 0 && ($bannedDays = $curr_account->addPoints($points,$account,$reason_id,$_REQUEST['suspicion']))!==false)
 	{
 		if ($bannedDays > 0)
@@ -95,7 +95,7 @@
 
 if ($veteran_status != $curr_account->isVeteranBumped()) {
 
-	$db->query('UPDATE account SET veteran = '.$db->escapeString($veteran_status).' WHERE account_id = '.$account_id);
+	$db->query('UPDATE account SET veteran = '.$db->escapeString($veteran_status).' WHERE account_id = '.$db->escapeNumber($account_id));
 	$msg .= 'set the veteran status to '.$db->escapeString($veteran_status).' ';
 
 }
@@ -107,7 +107,7 @@
 }
 if ($except != 'Add An Exception' && $except != '') {
 
-	$db->query('INSERT INTO account_exceptions (account_id, reason) VALUES ('.$account_id.', '.$db->escapeString($except).')');
+	$db->query('INSERT INTO account_exceptions (account_id, reason) VALUES ('.$db->escapeNumber($account_id).', '.$db->escapeString($except).')');
 	$msg .= 'added the exception '.$except.' ';
 
 }
@@ -117,84 +117,123 @@
 	{
 		if(!empty($new_name))
 		{
-			$db->query('SELECT * FROM player WHERE game_id = '.$game_id.' AND player_name = ' . $db->escape_string($new_name, FALSE));
+			$db->query('SELECT * FROM player WHERE game_id = '.$db->escapeNumber($game_id).' AND player_name = ' . $db->escape_string($new_name, FALSE));
 			if (!$db->nextRecord()) {
-				$db->query('SELECT player_name, player_id FROM player WHERE game_id='.$game_id.' AND account_id = '.$account_id.' LIMIT 1');
+				$db->query('SELECT player_name, player_id FROM player WHERE game_id='.$db->escapeNumber($game_id).' AND account_id = '.$db->escapeNumber($account_id).' LIMIT 1');
 				$db->nextRecord();
 				$old_name = $db->getField('player_name');
-				$player_id = $db->getField('player_id');
-				
-				$db->query('UPDATE player SET player_name = ' . $db->escape_string($new_name, FALSE) . ' WHERE game_id = '.$game_id.' AND account_id = '.$account_id);
+				$player_id = $db->getInt('player_id');
+
+				$db->query('UPDATE player SET player_name = ' . $db->escape_string($new_name, FALSE) . ' WHERE game_id = '.$db->escapeNumber($game_id).' AND account_id = '.$db->escapeNumber($account_id));
 				$msg .= 'changed players name to '.$new_name.' ';
 				//insert news message
-	
+
 				$news = '<span class="blue">ADMIN</span> Please be advised that <span class="yellow">' . $old_name . '(' . $player_id . ')</span> has had their name changed to <span class="yellow">' . $new_name . '(' . $player_id . ')</span>';
-				
-				$db->query('INSERT INTO news (time, news_message, game_id) VALUES (' . TIME . ',' . $db->escape_string($news, FALSE) . ','.$game_id.')');
+
+				$db->query('INSERT INTO news (time, news_message, game_id) VALUES (' . $db->escapeNumber(TIME) . ',' . $db->escape_string($news, FALSE) . ','.$db->escapeNumber($game_id).')');
 			}
 		}
-		
+
 	}
 
 if (!empty($delete)) {
 	foreach ($delete as $game_id => $value) {
 		if($value == 'TRUE') {
 			// Check for bank transactions into the alliance account
-			$db->query('SELECT * FROM alliance_bank_transactions WHERE payee_id=' . $account_id . ' AND game_id=' . $game_id . ' LIMIT 1');
+			$db->query('SELECT * FROM alliance_bank_transactions WHERE payee_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id) . ' LIMIT 1');
 			if($db->getNumRows() != 0){
 				// Can't delete
 				$msg .= 'player has made alliance transaction ';
 				continue;
 			}
 			// Check anon accounts for transactions
-			$db->query('SELECT * FROM anon_bank_transactions WHERE account_id=' . $account_id . ' AND game_id=' . $game_id . ' LIMIT 1');
+			$db->query('SELECT * FROM anon_bank_transactions WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id) . ' LIMIT 1');
 			if($db->getNumRows() != 0){
 				// Can't delete
 				$msg .= 'player has made anonymous transaction ';
 				continue;
 			}
 
-			$db->query('DELETE FROM alliance_thread WHERE sender_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM blackjack WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM bounty WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM force_refresh WHERE owner_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM galactic_post_applications WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM galactic_post_article WHERE writer_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM galactic_post_writer WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM kills WHERE (dead_id=' . $account_id . ' OR killer_id=' . $account_id .') AND game_id=' . $game_id);
-			$db->query('DELETE FROM message WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM message_notify WHERE (from_id=' . $account_id . ' OR to_id=' . $account_id .') AND game_id=' . $game_id);
-			$db->query('DELETE FROM message WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('UPDATE planet SET owner_id=0,planet_name=\'\',password=\'\',shields=0,drones=0,credits=0,bonds=0 WHERE owner_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM planet_attack WHERE trigger_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM player_attacks_planet WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM player_attacks_port WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM player_cache WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM player_has_alliance_role WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM player_has_drinks WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM player_has_relation WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM player_has_ticker WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM player_has_ticket WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM player_has_unread_messages WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM player_is_president WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM player_plotted_course WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM player_read_thread WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM player_visited_port WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM player_visited_sector WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM player_votes_pact WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM player_votes_relation WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM ship_has_cargo WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM ship_has_hardware WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM ship_has_illusion WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM ship_has_name WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM ship_has_weapon WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM ship_is_cloaked WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM player WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-			$db->query('DELETE FROM player_has_stats WHERE account_id=' . $account_id . ' AND game_id=' . $game_id);
-
-			$db->query('UPDATE account_has_stats SET games_joined=games_joined-1 WHERE account_id=' . $account_id);
-
-			$db->query('UPDATE active_session SET game_id=0 WHERE account_id=' . $account_id . ' AND game_id=' . $game_id .' LIMIT 1');
+			$db->query('DELETE FROM alliance_thread
+						WHERE sender_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM blackjack
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM bounty
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM force_refresh
+						WHERE owner_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM galactic_post_applications
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM galactic_post_article
+						WHERE writer_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM galactic_post_writer
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM kills
+						WHERE (dead_id=' . $db->escapeNumber($account_id) . ' OR killer_id=' . $db->escapeNumber($account_id) .') AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM message
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM message_notify
+						WHERE (from_id=' . $db->escapeNumber($account_id) . ' OR to_id=' . $db->escapeNumber($account_id) .') AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM message
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('UPDATE planet SET owner_id=0,planet_name=\'\',password=\'\',shields=0,drones=0,credits=0,bonds=0
+						WHERE owner_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM planet_attack
+						WHERE trigger_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM player_attacks_planet
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM player_attacks_port
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM player_cache
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM player_has_alliance_role
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM player_has_drinks
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM player_has_relation
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM player_has_ticker
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM player_has_ticket
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM player_has_unread_messages
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM player_is_president
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM player_plotted_course
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM player_read_thread
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM player_visited_port
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM player_visited_sector
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM player_votes_pact
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM player_votes_relation
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM ship_has_cargo
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM ship_has_hardware
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM ship_has_illusion
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM ship_has_name
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM ship_has_weapon
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM ship_is_cloaked
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM player
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+			$db->query('DELETE FROM player_has_stats
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id));
+
+			$db->query('UPDATE account_has_stats SET games_joined=games_joined-1
+						WHERE account_id=' . $db->escapeNumber($account_id));
+
+			$db->query('UPDATE active_session SET game_id=0
+						WHERE account_id=' . $db->escapeNumber($account_id) . ' AND game_id=' . $db->escapeNumber($game_id) .' LIMIT 1');
 
 			$msg .= 'deleted player from game '.$game_id.' ';
 		}

admin/Default/account_ip_view_result.php

@@ -62,7 +62,7 @@
 
 			$new_acc =& SmrAccount::getAccount($account_wanted);
 			$last_acc =& SmrAccount::getAccount($last_acc_id);
-			$db2->query('SELECT * FROM account_is_closed WHERE account_id = '.$acc_id);
+			$db2->query('SELECT * FROM account_is_closed WHERE account_id = '.$db2->escapeNumber($acc_id));
 			if ($db2->getNumRows() && $db_ip != $last_ip) continue;
 			$PHP_OUTPUT.=('<tr>');
 			$PHP_OUTPUT.=('<td align=center>'.$new_acc->getLogin().' ('.$new_acc->getAccountID().')</td>');

admin/Default/admin_message_send.php

@@ -21,7 +21,7 @@
 	if ($gameID != 20000)
 	{
 		$gamePlayers = array();
-		$db->query('SELECT account_id,player_id,player_name FROM player WHERE game_id = '.$gameID.' ORDER BY player_name');
+		$db->query('SELECT account_id,player_id,player_name FROM player WHERE game_id = '.$db->escapeNumber($gameID).' ORDER BY player_name');
 		while ($db->nextRecord())
 			$gamePlayers[]= array('AccountID' => $db->getField('account_id'), 'PlayerID' => $db->getField('player_id'), 'Name' => $db->getField('player_name'));
 		$template->assignByRef('GamePlayers',$gamePlayers);

admin/Default/album_approve_processing.php

@@ -1,13 +1,15 @@
 <?php
 
-if ($_POST['action'] == 'Approve')
+if ($_REQUEST['action'] == 'Approve') {
 	$approved = 'YES';
-else
+}
+else {
 	$approved = 'NO';
+}
 
 $db->query('UPDATE album
 			SET approved = '.$db->escapeString($approved).'
-			WHERE account_id = ' . $var['album_id']);
+			WHERE account_id = ' . $db->escapeNumber($var['album_id']));
 
 forward(create_container('skeleton.php', 'album_approve.php'));
 

admin/Default/album_moderate.php

@@ -30,7 +30,7 @@
 	// check if the givin account really has an entry
 	if ($account_id > 0)
 	{
-		$db->query('SELECT * FROM album WHERE account_id = '.$account_id.' AND Approved = \'YES\'');
+		$db->query('SELECT * FROM album WHERE account_id = '.$db->escapeNumber($account_id).' AND Approved = \'YES\'');
 		if ($db->nextRecord())
 		{
 			$disabled = $db->getBoolean('disabled');
@@ -157,12 +157,12 @@
 
 	$db->query('SELECT *
 				FROM album_has_comments
-				WHERE album_id = '.$account_id);
+				WHERE album_id = '.$db->escapeNumber($account_id));
 	while ($db->nextRecord())
 	{
-		$comment_id	= $db->getField('comment_id');
-		$time		= $db->getField('time');
-		$postee		= get_album_nick($db->getField('post_id'));
+		$comment_id	= $db->getInt('comment_id');
+		$time		= $db->getInt('time');
+		$postee		= get_album_nick($db->getInt('post_id'));
 		$msg		= stripslashes($db->getField('msg'));
 
 		$PHP_OUTPUT.=('<tr><td align="center"><input type="checkbox" name="comment_ids[]" value="'.$comment_id.'"></td><td colspan="3"><span style="font-size:85%;">[' . date('Y/n/j g:i A', $time) . '] &lt;'.$postee.'&gt; '.$msg.'</span></td></tr>');