From 1c4d0ba198e6623970303d797ced84f7a41754ea Mon Sep 17 00:00:00 2001
From: paintballrefjosh <paintballrefjosh@gmail.com>
Date: Thu, 30 Mar 2017 23:12:40 -0500
Subject: [PATCH 01/11] Fixed database updater bug

Issue found when looking for remote SQL or PHP files.  Also added some
debug information for troubleshooting.
---
 update/index.php | 30 +++++++++++++++++++++++++-----
 1 file changed, 25 insertions(+), 5 deletions(-)

diff --git a/update/index.php b/update/index.php
index 91cf768..4f20fdc 100644
--- a/update/index.php
+++ b/update/index.php
@@ -35,16 +35,22 @@
 }
 
 $Update->check_for_updates();
+
+$sql_file = "https://raw.githubusercontent.com/paintballrefjosh/MaNGOSWebV4/master/update/scripts/update_" . $Update->next_db_version . ".sql";
+$php_file = "https://raw.githubusercontent.com/paintballrefjosh/MaNGOSWebV4/master/update/scripts/update_" . $Update->next_db_version . ".php";
+$sql_headers = @get_headers($sql_file);
+$php_headers = @get_headers($php_file);
+
 //die($db_act_ver . "---".$Core->db_version."---".$Update->next_db_version);
 if(file_exists("scripts/update_" . $Update->next_db_version . ".php"))
 {
 	// check to see if there is a local PHP script to handle the SQL update
 	include("scripts/update_" . $Update->next_db_version . ".php");
 }
-elseif(file_exists("https://raw.githubusercontent.com/paintballrefjosh/MaNGOSWebV4/master/update/scripts/update_" . $Update->next_db_version . ".php"))
+elseif(stripos($php_headers[0], "200 OK") >= 0)
 {
 	// check for online copy if no local copy exists of the PHP script
-	include("https://raw.githubusercontent.com/paintballrefjosh/MaNGOSWebV4/master/update/scripts/update_" . $Update->next_db_version . ".php");
+	include($php_file);
 }
 else
 {
@@ -53,14 +59,28 @@
 	{
 		// check to see if there is a local SQL script and run
 		$DB->runSQL("scripts/update_" . $Update->next_db_version . ".sql");
+?>
+
+		Database successfully updated using file: "scripts/update_<?= $Update->next_db_version; ?>.sql !!<br /><br />
+		<a href="index.php">Go back</a> to check for additional updates.<br />
+	
+<?php
+
 	}
-	elseif(file_exists("https://raw.githubusercontent.com/paintballrefjosh/MaNGOSWebV4/master/update/scripts/update_" . $Update->next_db_version . ".sql"))
+	elseif(stripos($sql_headers[0], "200 OK") >= 0)
 	{
 		// check for online copy if no local copy exists of the SQL script
-		$DB->runSQL("https://raw.githubusercontent.com/paintballrefjosh/MaNGOSWebV4/master/update/scripts/update_" . $Update->next_db_version . ".sql");
+		$DB->runSQL($sql_file);
+?>
+
+		Database successfully updated using file: <?= $$sql_file; ?> !!<br /><br />
+		<a href="index.php">Go back</a> to check for additional updates.<br />
+	
+<?php
+
 	}
 	else
 	{
-		die("SQL update file not found!");
+		die("SQL update file not found!<br /><br />Current DB Version: $db_act_ver <br />Expected DB Version: $Core->db_version <br />Next DB Version: $Update->next_db_version");
 	}
 }

From 0c9b6d9ee6f6c4cfe66a0e9944ae4c26209fe39f Mon Sep 17 00:00:00 2001
From: paintballrefjosh <paintballrefjosh@gmail.com>
Date: Fri, 31 Mar 2017 13:22:43 -0500
Subject: [PATCH 02/11] Fixed string escape issue in admin -> news

No string escape function was used on the message and subject for news
entries so adding a single or double quote would break the query.

Fixes #42
---
 inc/admin/script_files/admin.news.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/inc/admin/script_files/admin.news.php b/inc/admin/script_files/admin.news.php
index fa9ad40..23ba4d6 100644
--- a/inc/admin/script_files/admin.news.php
+++ b/inc/admin/script_files/admin.news.php
@@ -26,7 +26,7 @@ function addNews($subj,$message,$un)
 	else
 	{
 		$post_time = time();
-		$sql =  "INSERT INTO mw_news(title, message, posted_by, post_time) VALUES('".$subj."','".$message."','".$un."','".$post_time."')";
+		$sql =  "INSERT INTO mw_news(title, message, posted_by, post_time) VALUES('".$DB->real_escape_string($subj)."','".$DB->real_escape_string($message)."','".$un."','".$post_time."')";
         $tabs = $DB->query($sql);
 
 		output_message('success', $lang['news_add_success']);
@@ -41,7 +41,7 @@ function editNews($idz,$mess)
 	}
 	else
 	{
-		$DB->query("UPDATE `mw_news` SET `message`='$mess' WHERE `id`='$idz'");
+		$DB->query("UPDATE `mw_news` SET `message`='".$DB->real_escape_string($mess)."' WHERE `id`='$idz'");
 
 		output_message('success', $lang['news_edit_success']);
 	}

From e070cc9ce3574caee095cfd481afb9fa7af0b56b Mon Sep 17 00:00:00 2001
From: paintballrefjosh <paintballrefjosh@gmail.com>
Date: Fri, 31 Mar 2017 13:44:29 -0500
Subject: [PATCH 03/11] Fixed more info link on frontpage under server info

URL was pointing to a nonexistent page when clicking the more info link
on the home page.  Links now properly redirect to correct server
statistics page.
---
 inc/frontpage/frontpage.index.php  | 7 ++++++-
 inc/server/server.statistic.php    | 8 ++++++++
 templates/blizzlike/body_right.php | 2 +-
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/inc/frontpage/frontpage.index.php b/inc/frontpage/frontpage.index.php
index 34fefe5..dee96bd 100644
--- a/inc/frontpage/frontpage.index.php
+++ b/inc/frontpage/frontpage.index.php
@@ -89,7 +89,12 @@
 		}
 		unset($CHDB_EXTRA, $data); // Free up memory.
 
-		$server['moreinfo'] = $mwe_config['fp_server_more_info'];
+		if($mwe_config['fp_server_more_info'])
+		{
+			$server['moreinfo'] = $mwe_config['fp_server_more_info'];
+			$server['moreinfourl'] = mw_url('server', 'statistic', $changerealmtoparam);
+		}
+
 		$servers[] = $server;
 	}
 }
diff --git a/inc/server/server.statistic.php b/inc/server/server.statistic.php
index 8b78af6..33fc1ff 100644
--- a/inc/server/server.statistic.php
+++ b/inc/server/server.statistic.php
@@ -12,6 +12,14 @@
 	echo "Not Included!"; exit;
 }
 
+// Check to see if the changerealm_to variable is set in the URI.  If so we need to set the selected 
+// realm cookie and reload the page in order to pull the players online from the correct realm
+if(isset($_GET['changerealm_to']))
+{
+	setcookie("cur_selected_realm", $_GET['changerealm_to'], time() + (3600 * 24 * 365));
+	redirect("?p=server&sub=statistic",1);
+}
+
 // build top of page navigation breadcrumbs
 $realm = $RDB->selectRow("SELECT * FROM realmlist WHERE `id`='".$user['cur_selected_realm']."' LIMIT 1");
 $pathway_info[] = array('title' => 'Server Statistics', 'link' => '?p=server&sub=statistic');
diff --git a/templates/blizzlike/body_right.php b/templates/blizzlike/body_right.php
index ef8726a..56897e6 100644
--- a/templates/blizzlike/body_right.php
+++ b/templates/blizzlike/body_right.php
@@ -269,7 +269,7 @@
 					?>
 							<li>
 								<div>
-									<a href="<?php echo mw_url('server', 'info'); ?>"><?php echo $lang['more_info']; ?></a>
+									<a href="<?php echo $server['moreinfourl']; ?>"><?php echo $lang['more_info']; ?></a>
 								</div>
 							</li>
 

From c1d5c55cc7bad0db9e5482b8abd348f078c045c6 Mon Sep 17 00:00:00 2001
From: paintballrefjosh <paintballrefjosh@gmail.com>
Date: Fri, 31 Mar 2017 13:50:43 -0500
Subject: [PATCH 04/11] Disabled remote-include for DB updater script

Default settings do not allow include to point to remote (http / https)
files.  Disabled this feature to prevent errors.
---
 update/index.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/update/index.php b/update/index.php
index 4f20fdc..0641ed1 100644
--- a/update/index.php
+++ b/update/index.php
@@ -47,11 +47,11 @@
 	// check to see if there is a local PHP script to handle the SQL update
 	include("scripts/update_" . $Update->next_db_version . ".php");
 }
-elseif(stripos($php_headers[0], "200 OK") >= 0)
+/*elseif(stripos($php_headers[0], "200 OK") >= 0) // disabling this feature due to default php settings not allowing remote files to be included
 {
 	// check for online copy if no local copy exists of the PHP script
 	include($php_file);
-}
+}*/
 else
 {
 	// no script required for this DB update, proceed
@@ -73,7 +73,7 @@
 		$DB->runSQL($sql_file);
 ?>
 
-		Database successfully updated using file: <?= $$sql_file; ?> !!<br /><br />
+		Database successfully updated using file: <?= $sql_file; ?> !!<br /><br />
 		<a href="index.php">Go back</a> to check for additional updates.<br />
 	
 <?php

From 5479434b7b88fe8fb741964a6dd4ea815771b9a3 Mon Sep 17 00:00:00 2001
From: paintballrefjosh <paintballrefjosh@gmail.com>
Date: Fri, 31 Mar 2017 18:04:15 -0500
Subject: [PATCH 05/11] Disable remote SQL updates

Remote SQL udpates do not appear to work properly, temporarily
disabling.
---
 update/index.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/update/index.php b/update/index.php
index 0641ed1..bc36556 100644
--- a/update/index.php
+++ b/update/index.php
@@ -67,7 +67,7 @@
 <?php
 
 	}
-	elseif(stripos($sql_headers[0], "200 OK") >= 0)
+/*	elseif(stripos($sql_headers[0], "200 OK") >= 0)
 	{
 		// check for online copy if no local copy exists of the SQL script
 		$DB->runSQL($sql_file);
@@ -78,7 +78,7 @@
 	
 <?php
 
-	}
+	}*/
 	else
 	{
 		die("SQL update file not found!<br /><br />Current DB Version: $db_act_ver <br />Expected DB Version: $Core->db_version <br />Next DB Version: $Update->next_db_version");

From d8d9b69bb7ee9678d3f48fb768fc6aebddfa0f5d Mon Sep 17 00:00:00 2001
From: paintballrefjosh <paintballrefjosh@gmail.com>
Date: Sat, 1 Apr 2017 13:49:05 -0500
Subject: [PATCH 06/11] Fixed database count() function

The count, otherwise known as num_rows, was implemented incorrectly.
Fixed the issue to return proper counts.
---
 core/class.database.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/class.database.php b/core/class.database.php
index 5cf5721..e411054 100644
--- a/core/class.database.php
+++ b/core/class.database.php
@@ -140,7 +140,7 @@ public function count($query)
     {
         $sql = mysqli_query($this->mysql, $query) or die("Couldnt Run Query: ".$query."<br />Error: ".mysqli_error($this->mysql)."");
 		$this->_statistics['count']++;
-		return (int)mysqli_fetch_assoc($sql);
+		return mysqli_num_rows($sql);
     }
 
 //	************************************************************	

From f80627ddf57ecbf83ac228b5c7427415555f7272 Mon Sep 17 00:00:00 2001
From: paintballrefjosh <paintballrefjosh@gmail.com>
Date: Sat, 1 Apr 2017 13:50:13 -0500
Subject: [PATCH 07/11] Fixed password display for realm remote-access

Remote-access password was shown in cleartext, changed it to be a
password field.
---
 inc/admin/template_files/admin.realms.php | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/inc/admin/template_files/admin.realms.php b/inc/admin/template_files/admin.realms.php
index 72e115b..53215f2 100644
--- a/inc/admin/template_files/admin.realms.php
+++ b/inc/admin/template_files/admin.realms.php
@@ -17,16 +17,14 @@
 if(isset($_GET['id'])) 
 {
 	$rlm = $RDB->selectRow("SELECT * FROM `realmlist` WHERE `id`='".$_GET['id']."'");
-	$rlm_ext = $DB->selectRow("SELECT * FROM mw_realm WHERE realm_id = '".$_GET['id']."'");
+	$rlm_ext = $DB->selectRow("SELECT * FROM `mw_realm` WHERE `realm_id` = '".$_GET['id']."'");
 
-	$db_info = explode( ';', $rlm['dbinfo'] ) ;
-	$ra_info = explode( ';', $rlm['ra_info'] ) ;
 ?>
 
 <!-- EDITING A REALM -->
 <div class="content">	
 	<div class="content-header">
-		<h4><a href="?p=admin">Main Menu</a> / <a href="?p=admin&sub=realms">Manage Realms</a> / Edit</h4>
+		<h4><a href="?p=admin">Main Menu</a> / <a href="?p=admin&amp;sub=realms">Manage Realms</a> / Edit</h4>
 	</div> <!-- .content-header -->	
 	<div class="main-content">
 	
@@ -253,7 +251,7 @@
 		<!-- Ra Password -->
 		<div class="field">
 			<label for="dbh"><?php echo $lang['remote_access_pass']; ?>: </label>
-			<input id="dbh" name="ra_pass" size="20" type="text" class="medium" value="<?php echo $rlm_ext['ra_pass']; ?>" />
+			<input id="dbh" name="ra_pass" size="20" type="password" class="medium" value="<?php echo $rlm_ext['ra_pass']; ?>" />
 			<p class="field_help"><?php echo $lang['remote_access_pass_desc']; ?>.</p>
 		</div>
 		

From 542a95d43772c6f5cc918e5d43a86d2468299324 Mon Sep 17 00:00:00 2001
From: paintballrefjosh <paintballrefjosh@gmail.com>
Date: Sat, 1 Apr 2017 13:52:47 -0500
Subject: [PATCH 08/11] Fixed issue with TrinityCore server commands page

Commands were not displayed properly.  Updated the logic to pull the
allowed commands based on user's current gmlevel.
---
 inc/server/server.commands.php                | 21 ++++++++++++-------
 .../blizzlike/server/server.commands.php      |  3 ++-
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/inc/server/server.commands.php b/inc/server/server.commands.php
index 0978100..5ebc3ef 100644
--- a/inc/server/server.commands.php
+++ b/inc/server/server.commands.php
@@ -35,12 +35,19 @@
 	{
 		$userlevel = 0;
 	}
-	
-	$permissions = $RDB->select("SELECT `rbac_linked_permissions`.`linkedId` FROM `rbac_linked_permissions` 
-		LEFT JOIN `rbac_default_permissions` ON (`rbac_linked_permissions`.`id` = `rbac_default_permissions`.`permissionId`)
-		WHERE `rbac_default_permissions`.`secId` =  <= $userlevel"
-	);
-	$permissions = join(",", $permissions);
-	$alltopics  = $WDB->select("SELECT * FROM `command` WHERE `permission` IN ($permissions) ORDER BY `name` ASC");
+	$sql = "SELECT `rbac_linked_permissions`.`linkedId` FROM `rbac_linked_permissions` 
+		LEFT JOIN `rbac_default_permissions` ON (`rbac_linked_permissions`.`id` BETWEEN `rbac_default_permissions`.`permissionId` + 4 AND 199)
+		WHERE `rbac_default_permissions`.`secId` <= $userlevel";
+	$permissions = $RDB->select($sql);
+
+	$permission_id = "";
+	foreach($permissions as $row)
+	{
+		$permission_id .= $row['linkedId'].",";
+	}
+	$permission_id = substr($permission_id, 0, -1);
+
+	$sql = "SELECT * FROM `command` WHERE `permission` IN ($permission_id) ORDER BY `name` ASC";
+	$alltopics  = $WDB->select($sql);
 }
 ?>
\ No newline at end of file
diff --git a/templates/blizzlike/server/server.commands.php b/templates/blizzlike/server/server.commands.php
index b0476f7..3dca3a4 100644
--- a/templates/blizzlike/server/server.commands.php
+++ b/templates/blizzlike/server/server.commands.php
@@ -14,6 +14,7 @@
 {
     $postnum++;
     if($hl=='alt')$hl=''; else $hl='alt';
+	$topic_permission = $RDB->selectCell("SELECT `name` FROM `rbac_permissions` WHERE id IN (SELECT `id` FROM `rbac_linked_permissions` WHERE linkedId = ".$topic['permission'].")");
 ?>
     <script type="text/javascript">
         var postId<?php echo $postnum;?>="<?php echo $postnum;?>";
@@ -50,7 +51,7 @@
 							<li>
 								<div class="letter-box0"></div>
 								<div class="blog-post">
-									<playerlevel><?php echo "Level : ".$topic['security']."<br/>";?></playerlevel>
+									<playerlevel><?= $topic_permission; ?><br/></playerlevel>
 									<description><?php echo str_replace("\r",'<br/>',$topic['help']);?></description>
 								</div>
 							</li>

From a9444d5eb27d2682e49fe1650340d5c0ead5a634 Mon Sep 17 00:00:00 2001
From: paintballrefjosh <paintballrefjosh@gmail.com>
Date: Sat, 1 Apr 2017 13:54:49 -0500
Subject: [PATCH 09/11] Fixed issue with locked accounts

When requiring account activation is true the user must follow the
provided link in email to help prevent bots from creating many accounts.
If an admin were to set a users account to activated, or "unlocked", the
user still wasn't able to login due to bug in the logic.
---
 core/SDL/class.account.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/core/SDL/class.account.php b/core/SDL/class.account.php
index 20168ee..20fc63f 100644
--- a/core/SDL/class.account.php
+++ b/core/SDL/class.account.php
@@ -83,7 +83,7 @@ function check()
             }
 			
 			// Make sure the activation code is NULL in the DB
-            if($res['activation_code'] != NULL)
+            if($res['locked'] == 1)
 			{
                 $this->setgroup();
                 return false;
@@ -169,8 +169,8 @@ function login($params)
 			return 4;
         }
 		
-		// If the activation code is not NULL, the account is not activated, return 5
-        if($res2['activation_code'] != NULL)
+		// If the account is locked or "inactive" then return 5, do not allow login
+        if($res['locked'] == 1)
 		{
             $success = 0;
 			return 5;

From 80c6ab8aafc95508ac1d33147a6f300f98b48001 Mon Sep 17 00:00:00 2001
From: paintballrefjosh <paintballrefjosh@gmail.com>
Date: Sat, 1 Apr 2017 13:56:26 -0500
Subject: [PATCH 10/11] Fixed remote-access issues

Remote access was left out of SQL queries for adding / updateing realms.
Rewrote the RA socket class to be more user friendly and work with the
new database structure.
Fixes #43
---
 core/SDL/class.rasocket.php             | 34 ++++++++++++-------------
 inc/admin/script_files/admin.realms.php | 11 ++++++++
 2 files changed, 27 insertions(+), 18 deletions(-)

diff --git a/core/SDL/class.rasocket.php b/core/SDL/class.rasocket.php
index 00e381b..c304f5e 100644
--- a/core/SDL/class.rasocket.php
+++ b/core/SDL/class.rasocket.php
@@ -209,16 +209,16 @@ private function writeDebugLog()
       Returns 2 if it's not authenticated
       @param $command the command to enter on console
     */
-    public function executeCommand($type, $shost, $remote, $command)
+    public function executeCommand($type, $host, $port, $user, $pass, $command)
     {
 		if($type == 0)
 		{
-			if(!$this->connect($shost, $remote[1]))
+			if(!$this->connect($host, $port))
 			{
 				return 0;
 			}
 			
-			if(!$this->auth($remote[2], $remote[3]))
+			if(!$this->auth($user, $pass))
 			{
 				return 2;
 			}
@@ -272,7 +272,7 @@ public function executeCommand($type, $shost, $remote, $command)
 		}
 		else # type is SOAP
 		{
-			$client = $this->soapHandle($shost, $remote);
+			$client = $this->soapHandle($host, $port, $user, $pass);
 			// If multiple commands
 			if(is_array($command))
 			{
@@ -338,29 +338,29 @@ public function executeCommand($type, $shost, $remote, $command)
 
 //	************************************************************
 // Setups the Soap Handle	
-	private function soapHandle($shost, $remote)
+	private function soapHandle($host, $port, $user, $pass)
 	{
 		global $mwe_config;
 		if($mwe_config['emulator'] == 'mangos')
 		{
 			$client = new SoapClient(NULL,
 			array(
-			"location" => "http://".$shost.":".$remote[1]."/",
+			"location" => "http://".$host.":".$port."/",
 			"uri" => "urn:MaNGOS",
 			"style" => SOAP_RPC,
-			"login" => $remote[2],
-			"password" => $remote[3]
+			"login" => $user,
+			"password" => $pass
 			));
 		}
 		else
 		{
 			$client = new SoapClient(NULL,
 			array(
-			"location" => "http://".$shost.":".$remote[1]."/",
+			"location" => "http://".$host.":".$port."/",
 			"uri" => "urn:TC",
 			"style" => SOAP_RPC,
-			"login" => $remote[2],
-			"password" => $remote[3]
+			"login" => $user,
+			"password" => $pass
 			));
 		}
 		return $client;
@@ -378,17 +378,15 @@ private function soapHandle($shost, $remote)
 	*/
 	function send($command, $realm)
 	{
-		global $RDB;
+		global $RDB, $DB;
 		
 		// Get the remote access information from the realm database
-		$get_remote = $RDB->selectRow("SELECT * FROM `realmlist` WHERE id='".$realm."'");
-		$remote = explode(';', $get_remote['ra_info']);
-		$shost = $get_remote['address'];
-		
+		$remote = $DB->selectRow("SELECT ra_type, ra_port, ra_user, ra_pass FROM `mw_realm` WHERE `realm_id`='".$realm."'");
+		$host = $RDB->selectCell("SELECT `address` FROM `realmlist` WHERE `id` = '$realm'");
 		// Make sure the remote access type is either 1 or 0
-		if($remote[0] == 0 || $remote[0] == 1)
+		if((int)$remote['ra_type'] == 0 || (int)$remote['ra_type'] == 1)
 		{
-			$result = $this->executeCommand($remote[0], $shost, $remote, $command);
+			$result = $this->executeCommand($remote['ra_type'], $host, $remote['ra_port'], $remote['ra_user'], $remote['ra_pass'], $command);
 			if($result != 1)
 			{
 				if($result == 0)
diff --git a/inc/admin/script_files/admin.realms.php b/inc/admin/script_files/admin.realms.php
index f29200c..8f4762d 100644
--- a/inc/admin/script_files/admin.realms.php
+++ b/inc/admin/script_files/admin.realms.php
@@ -40,6 +40,9 @@ function updateRealm()
 	if(empty($_POST['db_char_port']))
 		$_POST['db_char_port'] = 0;
 	
+	if(empty($_POST['ra_port']))
+		$_POST['ra_port'] = 0;
+	
 	if($realm > 0)
 	{
 		$DB->query("UPDATE `mw_realm` SET 
@@ -53,6 +56,10 @@ function updateRealm()
 			`db_char_port` = '".$_POST['db_char_port']."',
 			`db_char_user` = '".$_POST['db_char_user']."',
 			`db_char_pass` = '".$_POST['db_char_pass']."',
+			`ra_type` = '".$_POST['ra_type']."',
+			`ra_port` = '".$_POST['ra_port']."',
+			`ra_user` = '".$_POST['ra_user']."',
+			`ra_pass` = '".$_POST['ra_pass']."',
 			`site_enabled` = '".$_POST['site_enabled']."'
 		WHERE `realm_id` = ".$_GET['id']."
 		");
@@ -70,6 +77,10 @@ function updateRealm()
 			`db_char_port` = '".$_POST['db_char_port']."',
 			`db_char_user` = '".$_POST['db_char_user']."',
 			`db_char_pass` = '".$_POST['db_char_pass']."',
+			`ra_type` = '".$_POST['ra_type']."',
+			`ra_port` = '".$_POST['ra_port']."',
+			`ra_user` = '".$_POST['ra_user']."',
+			`ra_pass` = '".$_POST['ra_pass']."',
 			`site_enabled` = '".$_POST['site_enabled']."',
 			`realm_id` = ".$_GET['id'].";
 		");

From 18d3ab9eafa3f8c68a9699d79538b94bc89fd2cf Mon Sep 17 00:00:00 2001
From: paintballrefjosh <paintballrefjosh@gmail.com>
Date: Sun, 2 Apr 2017 15:42:05 -0500
Subject: [PATCH 11/11] Updated core code version

---
 core/core.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/core.php b/core/core.php
index fe1210a..af5a2d2 100644
--- a/core/core.php
+++ b/core/core.php
@@ -10,8 +10,8 @@
 
 class Core
 {
-	public $version = '4.1.1';
-	public $version_date = '2017-03-29, 13:17';
+	public $version = '4.1.2';
+	public $version_date = '2017-04-02, 15:41';
 	public $db_version = '4.1.0';
 	private $conf;