fix: last batch of manual INT typecastings

GameEngine/Alliance.php

@@ -344,7 +344,7 @@ private function kickAlliUser($post) {
 				if($database->isAllianceOwner($UserData['id'])){
 				$newowner = $database->getAllMember2($session->alliance);
 				$newleader = $newowner['id'];
-				$q = "UPDATE " . TB_PREFIX . "alidata set leader = ".$newleader." where id = ".$session->alliance."";
+				$q = "UPDATE " . TB_PREFIX . "alidata set leader = ".(int) $newleader." where id = ".(int) $session->alliance."";
 				$database->query($q);
 				$database->updateAlliPermissions($newleader, 1, 1, 1, 1, 1, 1, 1, 1, 1);
 				$this->updateMax($newleader);
@@ -399,7 +399,7 @@ private function quitally($post) {
 				if($database->isAllianceOwner($session->uid)){
 				$newowner = $database->getAllMember2($session->alliance);
 				$newleader = $newowner['id'];
-				$q = "UPDATE " . TB_PREFIX . "alidata set leader = ".$newleader." where id = ".$session->alliance."";
+				$q = "UPDATE " . TB_PREFIX . "alidata set leader = ".(int) $newleader." where id = ".(int) $session->alliance."";
 				$database->query($q);
 				$database->updateAlliPermissions($newleader, 1, 1, 1, 1, 1, 1, 1, 1, 1);
 				$this->updateMax($newleader);
@@ -471,7 +471,7 @@ private function updateMax($leader) {
 			$max = $attri;
 			}
 			}
-			$q = "UPDATE ".TB_PREFIX."alidata set max = $max where leader = $leader";
+			$q = "UPDATE ".TB_PREFIX."alidata set max = ".(int) $max." where leader = ".(int) $leader;
 			$database->query($q);
 			}
 		}

GameEngine/Building.php

@@ -748,13 +748,13 @@ public function finishAll() {
                 $newgold = $session->gold-1;
                 $database->updateUserField($session->uid, "gold", $newgold, 1);
                 $enought_res = 1;
-                $q = "UPDATE ".TB_PREFIX."fdata set f".$jobs['field']." = ".$jobs['level'].", f".$jobs['field']."t = ".$jobs['type']." where vref = ".$jobs['wid'];
+                $q = "UPDATE ".TB_PREFIX."fdata set f".$jobs['field']." = ".$jobs['level'].", f".$jobs['field']."t = ".(int) $jobs['type']." where vref = ".(int) $jobs['wid'];
                 }
                 }
                 if($database->query($q) && ($enought_res == 1 or $jobs['master'] == 0)) {
                     $database->modifyPop($jobs['wid'],$resource['pop'],0);
                     $database->addCP($jobs['wid'],$resource['cp']);
-                    $q = "DELETE FROM ".TB_PREFIX."bdata where id = ".$jobs['id'];
+                    $q = "DELETE FROM ".TB_PREFIX."bdata where id = ".(int) $jobs['id'];
                     $database->query($q);
                     if($jobs['type'] == 18) {
                         $owner = $database->getVillageField($jobs['wid'],"owner");
@@ -779,7 +779,7 @@ public function finishAll() {
         if(count($stillbuildingarray) == 1) {
             if($stillbuildingarray[0]['loopcon'] == 1) {
                 //$q = "UPDATE ".TB_PREFIX."bdata SET loopcon=0,timestamp=".(time()+$stillbuildingarray[0]['timestamp']-$innertimestamp)." WHERE id=".$stillbuildingarray[0]['id'];
-                $q = "UPDATE ".TB_PREFIX."bdata SET loopcon=0 WHERE id=".$stillbuildingarray[0]['id'];
+                $q = "UPDATE ".TB_PREFIX."bdata SET loopcon=0 WHERE id=".(int) $stillbuildingarray[0]['id'];
                 $database->query($q);
             }
         }

GameEngine/Logging.php

@@ -13,7 +13,7 @@ class Logging {
 
 	public function addIllegal($uid,$ref,$type) {
 		global $database;
-		list($uid,$ref,$type) = $database->escape_input($uid,$ref,$type);
+		list($uid,$ref,$type) = $database->escape_input((int) $uid,$ref,$type);
 		if(LOG_ILLEGAL) {
 			$log = "Attempted to ";
 			switch($type) {
@@ -28,7 +28,7 @@ public function addIllegal($uid,$ref,$type) {
 
 	public function addLoginLog($id,$ip) {
 		global $database;
-		list($id,$ip) = $database->escape_input($id,$ip);
+		list($id,$ip) = $database->escape_input((int) $id,$ip);
 		if(LOG_LOGIN) {
 			$q = "Insert into ".TB_PREFIX."login_log values (0,$id,'$ip')";
 			$database->query($q);
@@ -37,7 +37,7 @@ public function addLoginLog($id,$ip) {
 
 	public function addBuildLog($wid,$building,$level,$type) {
 		global $database;
-		list($wid,$building,$level,$type) = $database->escape_input($wid,$building,$level,$type);
+		list($wid,$building,$level,$type) = $database->escape_input((int) $wid,$building,$level,$type);
 		if(LOG_BUILD) {
 			if($type) {
 				$log = "Start Construction of ";
@@ -53,7 +53,7 @@ public function addBuildLog($wid,$building,$level,$type) {
 
 	public function addTechLog($wid,$tech,$level) {
 		global $database;
-		list($wid,$tech,$level) = $database->escape_input($wid,$tech,$level);
+		list($wid,$tech,$level) = $database->escape_input((int) $wid,$tech,$level);
 		if(LOG_TECH) {
 			$log = "Upgrading of tech ".$tech." to level ".$level;
 			$q = "Insert into ".TB_PREFIX."tech_log values (0,$wid,'$log')";
@@ -63,7 +63,7 @@ public function addTechLog($wid,$tech,$level) {
 
 	public function goldFinLog($wid) {
 		global $database;
-		list($wid) = $database->escape_input($wid);
+		list($wid) = $database->escape_input((int) $wid);
 		if(LOG_GOLD_FIN) {
 			$log = "Finish construction and research with gold";
 			$q = "Insert into ".TB_PREFIX."gold_fin_log values (0,$wid,'$log')";
@@ -77,7 +77,7 @@ public function addAdminLog() {
 
 	public function addMarketLog($wid,$type,$data) {
 		global $database;
-		list($wid,$type,$data) = $database->escape_input($wid,$type,$data);
+		list($wid,$type,$data) = $database->escape_input((int) $wid,$type,$data);
 		if(LOG_MARKET) {
 			if($type == 1) {
 				$log = "Sent ".$data[0].",".$data[1].",".$data[2].",".$data[3]." to village ".$data[4];
@@ -100,7 +100,7 @@ public function clearLogs() {
 
 	public function debug($time,$uid,$debug_info) {
 		global $database;
-		list($time,$uid,$debug_info) = $database->escape_input($time,$uid,$debug_info);
+		list($time,$uid,$debug_info) = $database->escape_input((int) $time,(int) $uid,$debug_info);
 
 		//$debugFile = "/tmp/debug";
 		//$fh = fopen($debugFile, 'a') or die('No debug file');

GameEngine/Technology.php

@@ -722,7 +722,7 @@ public function getUnitName($i) {
 
 	public function finishTech() {
         	global $database,$village;
-        	$q = "UPDATE ".TB_PREFIX."research SET timestamp=".(time()-1)." WHERE vref = ".$village->wid;
+        	$q = "UPDATE ".TB_PREFIX."research SET timestamp=".(time()-1)." WHERE vref = ".(int) $village->wid;
         	$result = $database->query($q);
         	return mysqli_affected_rows();
     	}  

GameEngine/Units.php

@@ -246,10 +246,10 @@ public function returnTroops($wref,$mode=0) {
         }
         //set oasis to default
         if (count($getenforce1)>0) {
-            $q = "DELETE FROM ".TB_PREFIX."ndata WHERE toWref=".$getenforce1[0]['vref'];
+            $q = "DELETE FROM ".TB_PREFIX."ndata WHERE toWref=".(int) $getenforce1[0]['vref'];
             $database->query($q);
             $database->populateOasisUnits($getenforce1[0]['vref'],$getenforce1[0]['high']);
-            $q = "UPDATE ".TB_PREFIX."odata SET conqured=0,wood=800,iron=800,clay=800,maxstore=800,crop=800,maxcrop=800,lastupdated=". time().",lastupdated2=".time().",loyalty=100,owner=2,name='Unoccupied Oasis' WHERE conqured=$wref";
+            $q = "UPDATE ".TB_PREFIX."odata SET conqured=0,wood=800,iron=800,clay=800,maxstore=800,crop=800,maxcrop=800,lastupdated=". time().",lastupdated2=".time().",loyalty=100,owner=2,name='Unoccupied Oasis' WHERE conqured=".(int) $wref;
             $database->query($q);
         }    
     }

Templates/a2b/startRaid.tpl

@@ -4,7 +4,7 @@
     $lid = $_POST['lid'];
     $tribe = $_POST['tribe'];
     $getFLData = $database->getFLData($lid);
-    $sql = "SELECT * FROM ".TB_PREFIX."raidlist WHERE lid = ".$database->escape($lid)." order by id asc";
+    $sql = "SELECT * FROM ".TB_PREFIX."raidlist WHERE lid = ".$database->escape((int) $lid)." order by id asc";
 	$array = $database->query_return($sql);
     foreach($array as $row){
 	$sql1 = mysqli_fetch_array(mysqli_query($GLOBALS['link'],"SELECT * FROM ".TB_PREFIX."units WHERE vref = ".(int) $getFLData['wref']));

build.php

@@ -236,12 +236,12 @@
 $now=time();
 if(($now-$oldmovement[0]['starttime'])<90 && $oldmovement[0]['from'] == $village->wid){
 
-    $qc="SELECT * FROM " . TB_PREFIX . "movement where proc = 0 and moveid = ".$database->escape($_GET['moveid']);
+    $qc="SELECT * FROM " . TB_PREFIX . "movement where proc = 0 and moveid = ".$database->escape((int) $_GET['moveid']);
 $resultc=$database->query($qc) or die(mysqli_error($database->dblink));
 
 	if (mysqli_num_rows($resultc)==1){
 
-	    $q = "UPDATE " . TB_PREFIX . "movement set proc  = 1 where proc = 0 and moveid = ".$database->escape($_GET['moveid']);
+	    $q = "UPDATE " . TB_PREFIX . "movement set proc  = 1 where proc = 0 and moveid = ".$database->escape((int) $_GET['moveid']);
 	$database->query($q);
 	$end=$now+($now-$oldmovement[0]['starttime']);
 	//echo "6,".$oldmovement[0]['to'].",".$oldmovement[0]['from'].",0,".$now.",".$end;

dorf2.php

@@ -13,7 +13,7 @@
 $start = $generator->pageLoadTimeStart();
 if(isset($_GET['newdid'])) {
     $_SESSION['wid'] = $_GET['newdid'];
-    $database->query("UPDATE ".TB_PREFIX."users SET village_select=".$database->escape($_GET['newdid'])." WHERE id=".$session->uid);  
+    $database->query("UPDATE ".TB_PREFIX."users SET village_select=".$database->escape((int) $_GET['newdid'])." WHERE id=".$session->uid);  
 	header("Location: ".$_SERVER['PHP_SELF']);
 }else{
 $building->procBuild($_GET);

dorf3.php

@@ -15,7 +15,7 @@
 $start = $generator->pageLoadTimeStart();
 if(isset($_GET['newdid'])) {
     $_SESSION['wid'] = $_GET['newdid'];
-    $database->query("UPDATE ".TB_PREFIX."users SET village_select=".$database->escape($_GET['newdid'])." WHERE id=".$session->uid);  
+    $database->query("UPDATE ".TB_PREFIX."users SET village_select=".$database->escape((int) $_GET['newdid'])." WHERE id=".$session->uid);  
 	if(isset($_GET['s'])){
 	header("Location: ".$_SERVER['PHP_SELF']."?s=".$_GET['s']);
 	}else{