fix: all location headers need to have exit after them!

iopietro · Oct 22, 2017 · 7270a69 · 7270a69
1 parent 43a2775
commit 7270a69
Show file tree

Hide file tree

Showing 74 changed files with 367 additions and 78 deletions.
diff --git a/GameEngine/Account.php b/GameEngine/Account.php
@@ -109,6 +109,7 @@ private function Signup() {
 
 
             header("Location: anmelden.php");
+            exit;
         }
 		else {
 			if(AUTH_EMAIL){
@@ -119,6 +120,7 @@ private function Signup() {
 
 					$mailer->sendActivate($_POST['email'],$_POST['name'],$_POST['pw'],$act);
 					header("Location: activate.php?id=$uid&q=$act2");
+					exit;
 				}
 			}
 			else {
@@ -130,6 +132,7 @@ private function Signup() {
 					$database->updateUserField($uid,"invited",$_POST['invited'],1);
 					$this->generateBase($_POST['kid'],$uid,$_POST['name']);
 					header("Location: login.php");
+					exit;
 				}
 			}
 		}
@@ -148,16 +151,19 @@ private function Activate() {
 				$database->unreg($dbarray['username']);
 				$this->generateBase($dbarray['kid'],$uid,$dbarray['username']);
 				header("Location: activate.php?e=2");
+				exit;
 				}
 			}
 			else
 			{
 				header("Location: activate.php?e=3");
+				exit;
 			}
 	   }
 	   else
 	   {
 			header("Location: activate.php");
+			exit;
 	   }
 
 	}
@@ -170,9 +176,11 @@ private function Unreg() {
 		if(password_verify($_POST['pw'], $dbarray['password'])) {
 			$database->unreg($dbarray['username']);
 			header("Location: anmelden.php");
+			exit;
 		}
 		else {
 			header("Location: activate.php?e=3");
+			exit;
 		}
 	}
 
@@ -207,6 +215,7 @@ private function Login() {
 			$_SESSION['valuearray'] = $_POST;
 
 			header("Location: login.php");
+			exit;
 		} else {
     		$userid = $database->getUserArray($_POST['user'], 0);
     		// Vacation mode by Shadow

diff --git a/GameEngine/Alliance.php b/GameEngine/Alliance.php
@@ -131,7 +131,8 @@ public function sendInvite($post) {
 				$database->insertAlliNotice($session->alliance, '<a href="spieler.php?uid=' . $session->uid . '">' . addslashes($session->username) . '</a> has invited  <a href="spieler.php?uid=' . $UserData['id'] . '">' . addslashes($UserData['username']) . '</a> into the alliance.');
 			}
 			}else{
-			header("Location: banned.php");
+			    header("Location: banned.php");
+			    exit;
 			}
 		}
 
@@ -147,9 +148,11 @@ private function rejectInvite($get) {
 					$database->insertAlliNotice($invite['alliance'], '<a href="spieler.php?uid=' . $session->uid . '">' . addslashes($session->username) . '</a> has rejected the invitation.');
 				}
 			}
-			header("Location: build.php?id=".$get['id']);
+			    header("Location: build.php?id=".$get['id']);
+			    exit;
 			}else{
-			header("Location: banned.php");
+			    header("Location: banned.php");
+			    exit;
 			}
 		}
 
@@ -167,9 +170,11 @@ private function delInvite($get) {
 					$database->insertAlliNotice($session->alliance, '<a href="spieler.php?uid=' . $session->uid . '">' . addslashes($session->username) . '</a> has deleted the invitation for <a href="spieler.php?uid=' . $invitename['id'] . '">' . addslashes($invitename['username']) . '</a>.');
 				}
 			}
-			header("Location: allianz.php?delinvite");
+			    header("Location: allianz.php?delinvite");
+			    exit;
 			}else{
-			header("Location: banned.php");
+			    header("Location: banned.php");
+			    exit;
 			}
 		}
 
@@ -200,10 +205,12 @@ private function acceptInvite($get) {
 			if($accept_error == 1){
 			$form->addError("ally_accept", "The alliance can contain only ".$max." peoples right now.");
 			}else{
-			header("Location: build.php?id=" . $get['id']);
+			    header("Location: build.php?id=" . $get['id']);
+			    exit;
 			}
 			}else{
-			header("Location: banned.php");
+			    header("Location: banned.php");
+			    exit;
 			}
 		}
 
@@ -230,6 +237,7 @@ private function createAlliance($post) {
 				$_SESSION['valuearray'] = $post;
 
 				header("Location: build.php?id=" . $post['id']);
+				exit;
 			} else {
 				$max = $bid18[$village->resarray['f' . $post['id']]]['attri'];
 				$aid = $database->createAlliance($post['ally1'], $post['ally2'], $session->uid, $max);
@@ -240,9 +248,11 @@ private function createAlliance($post) {
 				// log the notice
 				$database->insertAlliNotice($aid, 'The alliance has been founded by <a href="spieler.php?uid=' . $session->uid . '">' . addslashes($session->username) . '</a>.');
 				header("Location: build.php?id=" . $post['id']);
+				exit;
 			}
 			}else{
-			header("Location: banned.php");
+			    header("Location: banned.php");
+			    exit;
 			}
 		}
 
@@ -277,7 +287,8 @@ private function changeAliName($get) {
 				$database->insertAlliNotice($session->alliance, '<a href="spieler.php?uid=' . $session->uid . '">' . addslashes($session->username) . '</a> has changed the alliance name.');
 			}
 			}else{
-			header("Location: banned.php");
+			    header("Location: banned.php");
+			    exit;
 			}
 		}
 
@@ -300,7 +311,8 @@ private function updateAlliProfile($post) {
 				$database->insertAlliNotice($session->alliance, '<a href="spieler.php?uid=' . $session->uid . '">' . addslashes($session->username) . '</a> has changed the alliance description.');
 			}
 			}else{
-			header("Location: banned.php");
+			    header("Location: banned.php");
+			    exit;
 			}
 		}
 
@@ -323,7 +335,8 @@ private function changeUserPermissions($post) {
 				$database->insertAlliNotice($session->alliance, '<a href="spieler.php?uid=' . $session->uid . '">' . addslashes($session->username) . '</a> has changed permissions.');
 			}
 			}else{
-			header("Location: banned.php");
+			    header("Location: banned.php");
+			    exit;
 			}
 		}
 		/*****************************************
@@ -351,7 +364,8 @@ private function kickAlliUser($post) {
 				}
 				}
 			}else{
-			header("Location: banned.php");
+			    header("Location: banned.php");
+			    exit;
 			}
 		}
 		/*****************************************
@@ -362,10 +376,12 @@ public function setForumLink($post) {
 			if($session->access != BANNED){
 				if(isset($post['f_link'])){
 				    $database->setAlliForumdblink($session->alliance, $post['f_link']);
-				header("Location: allianz.php?s=5");
+				    header("Location: allianz.php?s=5");
+				    exit;
 				}
 			}else{
-			header("Location: banned.php");
+			    header("Location: banned.php");
+			    exit;
 			}
 		}
 		/*****************************************
@@ -379,9 +395,11 @@ public function Vote($post) {
 			$text = ''.$survey['voted'].','.$session->uid.',';
 			$database->Vote($post['tid'], $post['vote'], $text);
 			}
-			header("Location: allianz.php?s=2&fid2=".$post['fid2']."&pid=".$post['pid']."&tid=".$post['tid']);
+			    header("Location: allianz.php?s=2&fid2=".$post['fid2']."&pid=".$post['pid']."&tid=".$post['tid']);
+			    exit;
 			}else{
-			header("Location: banned.php");
+			    header("Location: banned.php");
+			    exit;
 			}
 		}
 		/*****************************************
@@ -409,9 +427,11 @@ private function quitally($post) {
 				$database->deleteAlliance($session->alliance);
 				$database->insertAlliNotice($session->alliance, '<a href="spieler.php?uid=' . $session->uid . '">' . addslashes($session->username) . '</a> has quit the alliance.');
 				header("Location: spieler.php?uid=".$session->uid);
+				exit;
 			}
 			}else{
-			header("Location: banned.php");
+			    header("Location: banned.php");
+			    exit;
 			}
 		}
 
@@ -448,7 +468,8 @@ private function changediplomacy($post) {
 				$form->addError("name", "Alliance does not exist");
 			}
 			}else{
-			header("Location: banned.php");
+			    header("Location: banned.php");
+			    exit;
 			}
 		}
 

diff --git a/GameEngine/Automation.php b/GameEngine/Automation.php
@@ -35,7 +35,8 @@ public function isWinner() {
 		$isThere = mysqli_num_rows($q);
 		if($isThere > 0)
 		{
-		header('Location: winner.php');
+		    header('Location: winner.php');
+		    exit;
 		}else{
 		## there is no winner
 		}
@@ -3100,6 +3101,7 @@ private function sendTroopsBack($post) {
 					$_SESSION['errorarray'] = $form->getErrors();
 					$_SESSION['valuearray'] = $_POST;
 					header("Location: a2b.php");
+					exit;
 				} else {
 
 					//change units
@@ -3176,6 +3178,7 @@ private function sendTroopsBack($post) {
 				$technology->checkReinf($post['ckey']);
 
 						header("Location: build.php?id=39");
+						exit;
 
 				}
 	}

diff --git a/GameEngine/Building.php b/GameEngine/Building.php
@@ -47,14 +47,16 @@ public function canProcess($id,$tid) {
                 global $session;
         if($session->access==BANNED){
             header("Location: banned.php");
-                        exit;
+            exit;
         } else {
             if ($this->checkResource($id,$tid)!=4) {
                 if($tid >= 19) {
                     header("Location: dorf2.php");
+                    exit;
                              }
                 else {
                     header("Location: dorf1.php");
+                    exit;
                               }
                                 exit;
              		}
@@ -85,8 +87,10 @@ public function procBuild($get) {
             $database->modifyGold($session->uid,1,0);
             if($get['id'] > 18) {
                 header("Location: dorf2.php");
+                exit;
             } else {
                 header("Location: dorf1.php");
+                exit;
             }
         }
         if(isset($get['a']) && $get['c'] == $session->checker && isset($get['id'])) {
@@ -319,9 +323,11 @@ private function removeBuilding($d) {
 					}
 					if($jobs['field'] >= 19) {
 						header("Location: dorf2.php");
+						exit;
 					}
 					else {
 						header("Location: dorf1.php");
+						exit;
 					}
 				}
 			}
@@ -370,13 +376,16 @@ private function upgradeBuilding($id) {
 				$logging->addBuildLog($village->wid,$this->procResType($village->resarray['f'.$id.'t']),($village->resarray['f'.$id]+($loopsame>0?2:1)),0);
 				if($id >= 19) {
 					header("Location: dorf2.php");
+					exit;
 				}
 				else {
 					header("Location: dorf1.php");
+					exit;
 				}
 			}
 			}else{
-			header("Location: banned.php");
+			    header("Location: banned.php");
+			    exit;
 			}
 		}
 	}
@@ -413,9 +422,11 @@ private function downgradeBuilding($id) {
 			if($database->addBuilding($village->wid,$id,$village->resarray['f'.$id.'t'],$loop,$time,0,0,$level['f'.$id] + 1 + count($database->getBuildingByField($village->wid,$id)))) {
 				$logging->addBuildLog($village->wid,$this->procResType($village->resarray['f'.$id.'t']),($village->resarray['f'.$id]-1),2);
 				header("Location: dorf2.php");
+				exit;
 			}
 			}else{
-			header("Location: banned.php");
+			    header("Location: banned.php");
+			    exit;
 			}
 		}
 	}
@@ -449,9 +460,11 @@ private function constructBuilding($id,$tid) {
 					$logging->addBuildLog($village->wid,$this->procResType($tid),($village->resarray['f'.$id]+1),1);
 					$database->modifyResource($village->wid,$uprequire['wood'],$uprequire['clay'],$uprequire['iron'],$uprequire['crop'],0);
 					header("Location: dorf2.php");
+					exit;
 				}
 			}else{
-			header("Location: banned.php");
+			    header("Location: banned.php");
+			    exit;
 			}
 			}
 		}
@@ -819,9 +832,11 @@ public function finishAll() {
             }
         }
         }
-        header("Location: ".$session->referrer);
+            header("Location: ".$session->referrer);
+            exit;
         }else{
-        header("Location: banned.php");
+            header("Location: banned.php");
+            exit;
         }
     }