From b5d0593b325ea3de74a0af421cdc42e778e23e4c Mon Sep 17 00:00:00 2001
From: darknoon29 <13015521+darknoon29@users.noreply.github.com>
Date: Mon, 25 Mar 2024 13:40:47 +0100
Subject: [PATCH] Fix Quotes in SQL Queries

---
 includes/CallbackHandler.php | 134 ++++----
 includes/check_callbacks.php |  98 +++---
 includes/functions.php       | 592 +++++++++++++++++------------------
 index.php                    |  16 +-
 uninstall.php                |  41 +--
 update.php                   |  68 ++--
 version.txt                  |   2 +-
 xtense.php                   |  25 +-
 8 files changed, 490 insertions(+), 486 deletions(-)

diff --git a/includes/CallbackHandler.php b/includes/CallbackHandler.php
index 7cdfa8a..6a9e55c 100755
--- a/includes/CallbackHandler.php
+++ b/includes/CallbackHandler.php
@@ -1,67 +1,67 @@
-<?php
-/**
- * @package Xtense 2
- * @author Unibozu
- * @licence GNU
- */
-
-if (!defined('IN_SPYOGAME')) exit;
-
-/**
- * Gestion des fonctions de callback des plugins OGSpyw
- *
- */
-class CallbackHandler {
-	private $list = array();
-	private $calls = array();
-	private $types = array();
-	private $included = array();
-	public $currentCallback = false;
-
-	/**
-	 * @param $type
-	 * @param $params
-     */
-	public function add($type, $params) {
-		if (empty($params)) return;
-		$this->calls[$type][] = $params;
-		if (!in_array($type, $this->types)) {
-			$this->types[] = $type;
-		}
-	}
-
-	/**
-	 * Appels des fonctions des mods
-	 *
-	 */
-	public function apply() {
-		global $io, $db, $get_dev, $server_config;
-		if (empty($this->calls)) return;
-		$success = array();
-		$errors = array();
-		
-		$query = $db->sql_query('SELECT c.id, c.function, c.type, c.mod_id, m.root, m.title FROM '.TABLE_XTENSE_CALLBACKS.' c LEFT JOIN '.TABLE_MOD.' m ON c.mod_id = m.id WHERE c.active = 1 AND m.active = 1 AND c.type IN ("'.implode('", "', $this->types).'")'); 
-		while ($call = $db->sql_fetch_assoc($query)) {
-			foreach ($this->calls[$call['type']] as $params) {
-				$this->currentCallback = $call;
-				
-				try {
-					$instance = Callback::load($call['root']);
-					
-					if (!method_exists($instance, $call['function']) || !is_callable(array($instance, $call['function']))) throw new Exception('Invalid method "'.$call['function'].'"');
-					
-					$execReturn = $instance->{$call['function']}($params);
-					
-					$io->append_call($call, $execReturn);
-				} catch (mysqli_sql_exception $e) {
-					$io->append_call_error($call, 'Erreur MySQL lors de l\'execution'."\n".$e->getFile().' @ '.$e->getLine()."\n".$e->getMessage());
-				} catch (Exception $e) {
-					$io->append_call_error($call, $e->getMessage(), $e);
-				}
-				
-				$this->currentCallback = false;
-			} // Foreach
-		} // while
-		
-	} // Method "apply"
-}
+<?php
+/**
+ * @package Xtense 2
+ * @author Unibozu
+ * @licence GNU
+ */
+
+if (!defined('IN_SPYOGAME')) exit;
+
+/**
+ * Gestion des fonctions de callback des plugins OGSpyw
+ *
+ */
+class CallbackHandler {
+	private $list = array();
+	private $calls = array();
+	private $types = array();
+	private $included = array();
+	public $currentCallback = false;
+
+	/**
+	 * @param $type
+	 * @param $params
+     */
+	public function add($type, $params) {
+		if (empty($params)) return;
+		$this->calls[$type][] = $params;
+		if (!in_array($type, $this->types)) {
+			$this->types[] = $type;
+		}
+	}
+
+	/**
+	 * Appels des fonctions des mods
+	 *
+	 */
+	public function apply() {
+		global $io, $db, $get_dev, $server_config;
+		if (empty($this->calls)) return;
+		$success = array();
+		$errors = array();
+
+		$query = $db->sql_query('SELECT c.`id`, c.`function`, c.`type`, c.`mod_id`, m.`root`, m.`title` FROM '.TABLE_XTENSE_CALLBACKS.' c LEFT JOIN '.TABLE_MOD.' m ON c.`mod_id` = m.`id` WHERE c.`active` = 1 AND m.`active` = 1 AND c.`type` IN ("'.implode('", "', $this->types).'")');
+		while ($call = $db->sql_fetch_assoc($query)) {
+			foreach ($this->calls[$call['type']] as $params) {
+				$this->currentCallback = $call;
+
+				try {
+					$instance = Callback::load($call['root']);
+
+					if (!method_exists($instance, $call['function']) || !is_callable(array($instance, $call['function']))) throw new Exception('Invalid method "'.$call['function'].'"');
+
+					$execReturn = $instance->{$call['function']}($params);
+
+					$io->append_call($call, $execReturn);
+				} catch (mysqli_sql_exception $e) {
+					$io->append_call_error($call, 'Erreur MySQL lors de l\'execution'."\n".$e->getFile().' @ '.$e->getLine()."\n".$e->getMessage());
+				} catch (Exception $e) {
+					$io->append_call_error($call, $e->getMessage(), $e);
+				}
+
+				$this->currentCallback = false;
+			} // Foreach
+		} // while
+
+	} // Method "apply"
+}
diff --git a/includes/check_callbacks.php b/includes/check_callbacks.php
index d519b38..9564d16 100755
--- a/includes/check_callbacks.php
+++ b/includes/check_callbacks.php
@@ -1,49 +1,49 @@
-<?php
-
-/**
- * @package Xtense 2
- * @author Unibozu
- * @licence GNU
- */
-if (!defined('IN_SPYOGAME')) die("Hacking Attempt!");
-
-	require_once("mod/{$root}/includes/Callback.php");
-
-	// Vidange de la table
-	$db->sql_query('TRUNCATE TABLE `'.TABLE_XTENSE_CALLBACKS.'`');
-	
-	
-	$insert = array(); 
-	$callInstall = array('errors' => array(), 'success' => array()); 
-	 
-	$query = $db->sql_query('SELECT action, root, id, title FROM '.TABLE_MOD.' WHERE active = 1');
-	while ($data = $db->sql_fetch_assoc($query)) { 
-	        if (!file_exists('mod/'.$data['root'].'/_xtense.php')) continue;	
-	        try { 
-	                $call = Callback::load($data['root']); 
-					$error = false;
-	        } catch (Exception $e) { 
-	                $callInstall['errors'][] = $data['title'].' (erreur lors du chargement du lien) : '.$e->getMessage(); 
-					$error = true;
-	        } 
-	        if(!$error)
-	        foreach ($call->getCallbacks() as $k => $c) { 
-	                try { 
-	                        if (empty($c)) continue; 
-	                        if (!isset($c['function'], $c['type'])) throw new Exception('Donn&eacute;es sur le lien invalides : '.$k); 
-	                        if (!in_array($c['type'], $callbackTypesNames)) throw new Exception('Type de lien ('.$c['type'].') invalide'); 
-	                        if (!isset($c['active'])) $c['active'] = 1; 
-	                        if (!method_exists($call, $c['function'])) throw new Exception('La m&eacute;thode "'.$c['function'].'" n&#039;existe pas'); 
-	                        $insert[] = '('.$data['id'].', "'.$c['function'].'", "'.$c['type'].'", '.$c['active'].')'; 
-	                        $callInstall['success'][] = $data['title'].' (#'.$k.') : '.$c['type']; 
-	                } catch (Exception $e) { 
-	                        $callInstall['errors'][] = $data['title'].' : '.$e->getMessage(); 
-	                } 
-	        } 
-	} 
-	 
-	if (!empty($insert)) { 
-	        $db->sql_query('REPLACE INTO '.TABLE_XTENSE_CALLBACKS.' (mod_id, function, type, active) VALUES '.implode(', ', $insert)); 
-	} 
-	return $callInstall; 
-
+<?php
+
+/**
+ * @package Xtense 2
+ * @author Unibozu
+ * @licence GNU
+ */
+if (!defined('IN_SPYOGAME')) die("Hacking Attempt!");
+
+	require_once("mod/{$root}/includes/Callback.php");
+
+	// Vidange de la table
+	$db->sql_query('TRUNCATE TABLE `'.TABLE_XTENSE_CALLBACKS.'`');
+
+
+	$insert = array();
+	$callInstall = array('errors' => array(), 'success' => array());
+
+	$query = $db->sql_query('SELECT `action`, `root`, `id`, `title` FROM '.TABLE_MOD.' WHERE `active` = 1');
+	while ($data = $db->sql_fetch_assoc($query)) {
+	        if (!file_exists('mod/'.$data['root'].'/_xtense.php')) continue;
+	        try {
+	                $call = Callback::load($data['root']);
+					$error = false;
+	        } catch (Exception $e) {
+	                $callInstall['errors'][] = $data['title'].' (erreur lors du chargement du lien) : '.$e->getMessage();
+					$error = true;
+	        }
+	        if(!$error)
+	        foreach ($call->getCallbacks() as $k => $c) {
+	                try {
+	                        if (empty($c)) continue;
+	                        if (!isset($c['function'], $c['type'])) throw new Exception('Donn&eacute;es sur le lien invalides : '.$k);
+	                        if (!in_array($c['type'], $callbackTypesNames)) throw new Exception('Type de lien ('.$c['type'].') invalide');
+	                        if (!isset($c['active'])) $c['active'] = 1;
+	                        if (!method_exists($call, $c['function'])) throw new Exception('La m&eacute;thode "'.$c['function'].'" n&#039;existe pas');
+	                        $insert[] = '('.$data['id'].', "'.$c['function'].'", "'.$c['type'].'", '.$c['active'].')';
+	                        $callInstall['success'][] = $data['title'].' (#'.$k.') : '.$c['type'];
+	                } catch (Exception $e) {
+	                        $callInstall['errors'][] = $data['title'].' : '.$e->getMessage();
+	                }
+	        }
+	}
+
+	if (!empty($insert)) {
+	        $db->sql_query('REPLACE INTO '.TABLE_XTENSE_CALLBACKS.' (`mod_id`, `function`, `type`, `active`) VALUES '.implode(', ', $insert));
+	}
+	return $callInstall;
+
diff --git a/includes/functions.php b/includes/functions.php
index bd3c985..9e8214e 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -1,296 +1,296 @@
-<?php
-/**
- * @package Xtense 2
- * @author Unibozu
- * @licence GNU
- */
-
-if (!defined('IN_SPYOGAME')) die("Hacking Attempt!");
-
-/**
- * Fonctions commune d'installation des callbacks des mods
- *
- * @param string $action - Action du mod
- * @param array $data - Appels à installer
- * @param string $version - Optionnel, version miniale requise de xtense
- * @return false/int - Retourne false si il y a une erreur ou le nombre d'appels ajoutés
- */
-function install_callbacks ($action, $data, $version = null) {
-	global $db, $table_prefix;
-	
-	define('XTENSE_LITE_CONFIG', 1);
-	require_once('mod/xtense/includes/config.php');
-	
-	if ($version != null && version_compare($version, MOD_VERSION, '<=')) return false;
-	
-	$query = $db->sql_query('SELECT id FROM '.TABLE_MOD.' WHERE action = "'.$action.'"');
-	list($mod_id) = $db->sql_fetch_row($query);
-	
-	$replace = array();
-	foreach ($data as $k => $call) {
-		if (!isset($call['function'], $call['type'])) return false;
-		if (!isset($call['active'])) $call['active'] = 1; 
-		$replace[] = '('.$mod_id.', "'.$call['function'].'", "'.$call['type'].'", '.$call['active'].')';
-	}
-	
-	$db->sql_query('INSERT IGNORE INTO '.TABLE_XTENSE_CALLBACKS.' (mod_id, function, type, active) VALUES '.implode(',', $replace));
-	return $db->sql_affectedrows();
-}
-
-/**
- * @param $string
- * @return mixed
- */
-function js_compatibility($string){
-	return str_replace('<br>','\n',(htmlspecialchars_decode($string)));
-}
-
-/**
- * @param $date
- * @return int
- */
-function parseOgameDate($date) {
-	preg_match('!([0-9]+)-([0-9]+) ([0-9]+):([0-9]+):([0-9]+)!i', $date, $parts);
-	return mktime($parts[3], $parts[4], $parts[5], $parts[1], $parts[2], date('Y') - ($parts[1] == 12 && date('n') == 1 ? 1 : 0));
-}
-
-/**
- * @param $str
- * @return int
- */
-function clean_nb($str) {
-	return (int)str_replace('.', '', $str);
-}
-
-/**
- * Amélioration de var_dump()
- *
- */
-function dump() {
-	$n = func_num_args();
-	ob_start();
-	for ($i = 0; $i < $n; $i++)
-		var_dump(func_get_arg($i));
-	$content = ob_get_clean()."\n";
-	//echo str_replace(array('<', '>'), array('&lt;', '&gt;'), $content)."\n";
-	echo $content."\n";
-}
-
-
-/**
- * Echappement forcé pour la syntaxe Json
- *
- * @param string $str
- * @return string
- */
-function json_quote($str) {
-	return str_replace('"', '\\"', $str);
-}
-
-
-/**
- * Verification de l'empire (Mise à jour, rajout, empire plein)
- *
- * @param int $type
- * @param string $coords
- * @return mixed(bool/int)
- */
-
-function home_check($type, $coords) {
-	global $db, $user_data;
-	
-	$empty_planets 	= array(101=>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20);
-	$empty_moons 	= array(201=>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20);
-	$planets = $moons = array();
-	$offset = ($type == TYPE_PLANET ? 100 : 200);
-	
-	$query = $db->sql_query("SELECT `planet_id`, `coordinates` FROM ".TABLE_USER_BUILDING." WHERE `user_id` = ".$user_data['user_id']." ORDER BY planet_id ASC");
-	while ($data = $db->sql_fetch_assoc($query)) {
-		if ($data['planet_id'] < 200) {
-			$planets[$data['planet_id']] = $data['coordinates'];
-			unset($empty_planets[$data['planet_id']], $empty_moons[$data['planet_id']+100]);
-		}
-		else {
-			$moons[$data['planet_id']] = $data['coordinates'];
-			unset($empty_moons[$data['planet_id']], $empty_planets[$data['planet_id']-100]);
-		}
-	}
-	foreach ($planets as $id => $p) {
-		if ($p == $coords || $coords == "unknown") {
-			// Si c'est une lune on check si une lune existe déjà
-			if ($type == TYPE_MOON) {
-				if (isset($moons[$id+100])) return array('update', 'id' => $id+100);
-				else return array('add', 'id' => $id+100);
-			}
-			
-			return array('update', 'id' => $id);
-		}
-	}
-	
-	// Si une lune correspond a la planete, on place la planete sous la lune
-	foreach ($moons as $id => $m) {
-		if ($m == $coords) {
-			return array($type == TYPE_PLANET ? 'add' : 'update', 'id' => $id-200+$offset);
-		}
-	}
-	
-	if ($type == TYPE_PLANET) {
-		if (count($empty_planets) == 0) return array('full');
-		foreach ($empty_planets as $p) return array('add', 'id' => $p+$offset);
-	}
-	else {
-		if (count($empty_moons) == 0) return array('full');
-		foreach ($empty_moons as $p) return array('add', 'id' => $p+$offset);
-	}
-}
-
-/**
- * @param     $coords
- * @param int $exp
- * @return bool
- */
-function check_coords($coords, $exp = 0) {
-	global $server_config;
-	if (!preg_match('!^([0-9]{1,2}):([0-9]{1,3}):([0-9]{1,2})$!Usi', $coords, $match)) return false;
-	//$row_error = ($exp ? ($match[3] != 16) : ($match[3] > 15) );
-	//if ($match[1] < 1 || $match[2] < 1 || $match[3] < 1 || $match[1] > $server_config['num_of_galaxies'] || $match[2] > $server_config['num_of_systems'] || ($exp ? ($match[3] != 16) : ($match[3] > 15))) return false;
-	return !($match[1] < 1 || $match[2] < 1 || $match[3] < 1 || $match[1] > $server_config['num_of_galaxies'] || $match[2] > $server_config['num_of_systems'] || ($exp ? ($match[3] != 16) : ($match[3] > 15)));
-	//return true;
-}
-
-/**
- * @param $name
- */
-function icon($name) {
-	global $root;
-	echo "<img src='mod/xtense/img/icons/{$name}.png' class='icon' align='absmiddle' />";
-}
-
-/**
- * @return float
- */
-function get_microtime() {
-	$t = explode(' ', microtime());
-	return ((float)$t[1] + (float)$t[0]);
-}
-
-
-/**
- * @param      $type
- * @param null $data
- */
-function add_log($type, $data = null) {
-	global $server_config, $user_data, $root;
-	$message = '';
-	if(!isset($data['toolbar'])) {$data['toolbar'] = "";}
-	if ($type == 'buildings' || $type == 'overview' || $type == 'defense' || $type == 'research' || $type == 'fleet'||$type == 'info') {
-		if (!$server_config['xtense_log_empire']) return;
-		
-		if ($type == 'buildings') 	$message = 'envoie les batiments de sa planète '.$data['planet_name'].' ('.$data['coords'].')';
-		if ($type == 'overview') 	$message = 'envoie les informations de sa planète '.$data['planet_name'].' ('.$data['coords'].')';
-		if ($type == 'defense') 	$message = 'envoie les defenses de sa planète '.$data['planet_name'].' ('.$data['coords'].')';
-		if ($type == 'research') 	$message = 'envoie ses recherches';
-		if ($type == 'fleet') 		$message = 'envoie la flotte de sa planète '.$data['planet_name'].' ('.$data['coords'].')';
-		if ($type == 'info')		$message = $data['message'];
-	}
-	
-	if ($type == 'system') {
-		if (!$server_config['xtense_log_system']) return;
-		
-		$message = 'envoie le système solaire '.$data['coords'];
-	}
-	
-	if ($type == 'ranking') {
-		if (!$server_config['xtense_log_ranking']) return;
-		
-		$message = 'envoie le classement '.$data['type2'].' des '.$data['type1'].' ('.$data['offset'].'-'.($data['offset']+99).') : '.date('H', $data['time']).'h';
-	}
-	
-	if ($type == 'ally_list') {
-		$message = 'envoie la liste des membres de l\'alliance '.$data['tag'];
-	}
-	
-	if ($type == 'rc') {
-		$message = 'envoie un rapport de combat';
-	}
-	
-	if ($type == 'messages') {
-		$message = 'envoie sa page de messages';
-		
-		$extra = array();
-		if (array_key_exists('msg', $data)) $extra[] = 'messages : '.$data['msg'];
-		if (array_key_exists('ally_msg', $data)) $extra[] = $data['ally_msg'].' messages d\'alliance';
-		if (array_key_exists('ennemy_spy', $data)) $extra[] = $data['ennemy_spy'].' espionnages ennemis';
-		if (array_key_exists('rc_cdr', $data)) $extra[] = $data['rc_cdr'].' rapports de recyclages';
-		if (array_key_exists('expedition', $data)) $extra[] = $data['expedition'].' rapports d\'expedition';
-		if (array_key_exists('added_spy', $data)) $extra[] = ' Rapport d\'espionnage ajouté : '.$data['added_spy_coords'];
-		if (array_key_exists('ignored_spy', $data)) $extra[] = $data['ignored_spy'].' rapports d\'espionnage ignorés';
-		
-		if (!empty($extra)) $message .= ' ('.implode(', ', $extra).')';
-	}
-	if (!empty($message)) {
-		$dir = date('ymd');
-
-        $file = 'log_'.date('ymd').'.log';
-        if (!file_exists('journal/'.$dir)) @mkdir('journal/'.$dir);
-        if (file_exists('journal/'.$dir)) {
-            @chmod('journal/'.$dir, 0777);
-            $fp = @fopen('journal/'.$dir.'/'.$file, 'a+');
-            if ($fp) {
-                fwrite($fp, '/*'.date('d/m/Y H:i:s').'*/'.'[Xtense]'.'['.$data['toolbar'].'] '.$user_data['user_name'].' '.$message."\n");
-                fclose($fp);
-                @chmod('journal/'.$dir.'/'.$file, 0777);
-            }
-        }
-
-    }
-}
-
-/**
- * @param $size
- * @return string
- */
-function format_size ($size) {
-	if ($size < 1024) $size .= ' octets';
-	elseif ($size < 1024*1024) $size = round($size/1024, 2).' Ko';
-	else $size = round($size/1024/1024, 2).'Mo';
-	return $size;
-}
-
-/**
- * @param $stats
- * @param $value
- */
-function update_statistic($stats, $value){
-	global $db;
-	$request = "update ".TABLE_STATISTIC." set statistic_value = statistic_value + {$value}";
-	$request .= " where statistic_name = '{$stats}'";
-	$db->sql_query($request);
-	if ($db->sql_affectedrows() == 0) {
-		$request = "insert ignore into ".TABLE_STATISTIC." values ('{$stats}', '{$value}')";
-		$db->sql_query($request);
-	}
-}
-
-/**
- * @param $boosterdata
- * @param $current_time
- * @return null|\tableau
- */
-function update_boosters($boosterdata, $current_time ){
-
-	$boosters = booster_decode();
-
-	foreach($boosterdata as $booster) {
-		if(!booster_is_uuid($booster[0])) {
-			log_("mod","Booster Inconnu");
-		} else {
-			if(!isset($booster[1]))
-				$boosters = booster_uuid($boosters, $booster[0]);
-			else
-				$boosters = booster_uuid($boosters, $booster[0], booster_lire_date($booster[1]) + $current_time);
-
-		}
-	}/*$booster_table = array('booster_m_val', 'booster_m_date', 'booster_c_val', 'booster_c_date', 'booster_d_val', 'booster_d_date', 'extention_p', 'extention_m');*/
-	return $boosters;
-}
\ No newline at end of file
+<?php
+/**
+ * @package Xtense 2
+ * @author Unibozu
+ * @licence GNU
+ */
+
+if (!defined('IN_SPYOGAME')) die("Hacking Attempt!");
+
+/**
+ * Fonctions commune d'installation des callbacks des mods
+ *
+ * @param string $action - Action du mod
+ * @param array $data - Appels à installer
+ * @param string $version - Optionnel, version miniale requise de xtense
+ * @return false/int - Retourne false si il y a une erreur ou le nombre d'appels ajoutés
+ */
+function install_callbacks ($action, $data, $version = null) {
+	global $db, $table_prefix;
+
+	define('XTENSE_LITE_CONFIG', 1);
+	require_once('mod/xtense/includes/config.php');
+
+	if ($version != null && version_compare($version, MOD_VERSION, '<=')) return false;
+
+	$query = $db->sql_query('SELECT `id` FROM '.TABLE_MOD.' WHERE `action` = "'.$action.'"');
+	list($mod_id) = $db->sql_fetch_row($query);
+
+	$replace = array();
+	foreach ($data as $k => $call) {
+		if (!isset($call['function'], $call['type'])) return false;
+		if (!isset($call['active'])) $call['active'] = 1;
+		$replace[] = '('.$mod_id.', "'.$call['function'].'", "'.$call['type'].'", '.$call['active'].')';
+	}
+
+	$db->sql_query('INSERT IGNORE INTO '.TABLE_XTENSE_CALLBACKS.' (`mod_id`, `function`, `type`, `active`) VALUES '.implode(',', $replace));
+	return $db->sql_affectedrows();
+}
+
+/**
+ * @param $string
+ * @return mixed
+ */
+function js_compatibility($string){
+	return str_replace('<br>','\n',(htmlspecialchars_decode($string)));
+}
+
+/**
+ * @param $date
+ * @return int
+ */
+function parseOgameDate($date) {
+	preg_match('!([0-9]+)-([0-9]+) ([0-9]+):([0-9]+):([0-9]+)!i', $date, $parts);
+	return mktime($parts[3], $parts[4], $parts[5], $parts[1], $parts[2], date('Y') - ($parts[1] == 12 && date('n') == 1 ? 1 : 0));
+}
+
+/**
+ * @param $str
+ * @return int
+ */
+function clean_nb($str) {
+	return (int)str_replace('.', '', $str);
+}
+
+/**
+ * Amélioration de var_dump()
+ *
+ */
+function dump() {
+	$n = func_num_args();
+	ob_start();
+	for ($i = 0; $i < $n; $i++)
+		var_dump(func_get_arg($i));
+	$content = ob_get_clean()."\n";
+	//echo str_replace(array('<', '>'), array('&lt;', '&gt;'), $content)."\n";
+	echo $content."\n";
+}
+
+
+/**
+ * Echappement forcé pour la syntaxe Json
+ *
+ * @param string $str
+ * @return string
+ */
+function json_quote($str) {
+	return str_replace('"', '\\"', $str);
+}
+
+
+/**
+ * Verification de l'empire (Mise à jour, rajout, empire plein)
+ *
+ * @param int $type
+ * @param string $coords
+ * @return mixed(bool/int)
+ */
+
+function home_check($type, $coords) {
+	global $db, $user_data;
+
+	$empty_planets 	= array(101=>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20);
+	$empty_moons 	= array(201=>1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20);
+	$planets = $moons = array();
+	$offset = ($type == TYPE_PLANET ? 100 : 200);
+
+	$query = $db->sql_query("SELECT `planet_id`, `coordinates` FROM ".TABLE_USER_BUILDING." WHERE `user_id` = ".$user_data['user_id']." ORDER BY `planet_id` ASC");
+	while ($data = $db->sql_fetch_assoc($query)) {
+		if ($data['planet_id'] < 200) {
+			$planets[$data['planet_id']] = $data['coordinates'];
+			unset($empty_planets[$data['planet_id']], $empty_moons[$data['planet_id']+100]);
+		}
+		else {
+			$moons[$data['planet_id']] = $data['coordinates'];
+			unset($empty_moons[$data['planet_id']], $empty_planets[$data['planet_id']-100]);
+		}
+	}
+	foreach ($planets as $id => $p) {
+		if ($p == $coords || $coords == "unknown") {
+			// Si c'est une lune on check si une lune existe déjà
+			if ($type == TYPE_MOON) {
+				if (isset($moons[$id+100])) return array('update', 'id' => $id+100);
+				else return array('add', 'id' => $id+100);
+			}
+
+			return array('update', 'id' => $id);
+		}
+	}
+
+	// Si une lune correspond a la planete, on place la planete sous la lune
+	foreach ($moons as $id => $m) {
+		if ($m == $coords) {
+			return array($type == TYPE_PLANET ? 'add' : 'update', 'id' => $id-200+$offset);
+		}
+	}
+
+	if ($type == TYPE_PLANET) {
+		if (count($empty_planets) == 0) return array('full');
+		foreach ($empty_planets as $p) return array('add', 'id' => $p+$offset);
+	}
+	else {
+		if (count($empty_moons) == 0) return array('full');
+		foreach ($empty_moons as $p) return array('add', 'id' => $p+$offset);
+	}
+}
+
+/**
+ * @param     $coords
+ * @param int $exp
+ * @return bool
+ */
+function check_coords($coords, $exp = 0) {
+	global $server_config;
+	if (!preg_match('!^([0-9]{1,2}):([0-9]{1,3}):([0-9]{1,2})$!Usi', $coords, $match)) return false;
+	//$row_error = ($exp ? ($match[3] != 16) : ($match[3] > 15) );
+	//if ($match[1] < 1 || $match[2] < 1 || $match[3] < 1 || $match[1] > $server_config['num_of_galaxies'] || $match[2] > $server_config['num_of_systems'] || ($exp ? ($match[3] != 16) : ($match[3] > 15))) return false;
+	return !($match[1] < 1 || $match[2] < 1 || $match[3] < 1 || $match[1] > $server_config['num_of_galaxies'] || $match[2] > $server_config['num_of_systems'] || ($exp ? ($match[3] != 16) : ($match[3] > 15)));
+	//return true;
+}
+
+/**
+ * @param $name
+ */
+function icon($name) {
+	global $root;
+	echo "<img src='mod/xtense/img/icons/{$name}.png' class='icon' align='absmiddle' />";
+}
+
+/**
+ * @return float
+ */
+function get_microtime() {
+	$t = explode(' ', microtime());
+	return ((float)$t[1] + (float)$t[0]);
+}
+
+
+/**
+ * @param      $type
+ * @param null $data
+ */
+function add_log($type, $data = null) {
+	global $server_config, $user_data, $root;
+	$message = '';
+	if(!isset($data['toolbar'])) {$data['toolbar'] = "";}
+	if ($type == 'buildings' || $type == 'overview' || $type == 'defense' || $type == 'research' || $type == 'fleet'||$type == 'info') {
+		if (!$server_config['xtense_log_empire']) return;
+
+		if ($type == 'buildings') 	$message = 'envoie les batiments de sa planète '.$data['planet_name'].' ('.$data['coords'].')';
+		if ($type == 'overview') 	$message = 'envoie les informations de sa planète '.$data['planet_name'].' ('.$data['coords'].')';
+		if ($type == 'defense') 	$message = 'envoie les defenses de sa planète '.$data['planet_name'].' ('.$data['coords'].')';
+		if ($type == 'research') 	$message = 'envoie ses recherches';
+		if ($type == 'fleet') 		$message = 'envoie la flotte de sa planète '.$data['planet_name'].' ('.$data['coords'].')';
+		if ($type == 'info')		$message = $data['message'];
+	}
+
+	if ($type == 'system') {
+		if (!$server_config['xtense_log_system']) return;
+
+		$message = 'envoie le système solaire '.$data['coords'];
+	}
+
+	if ($type == 'ranking') {
+		if (!$server_config['xtense_log_ranking']) return;
+
+		$message = 'envoie le classement '.$data['type2'].' des '.$data['type1'].' ('.$data['offset'].'-'.($data['offset']+99).') : '.date('H', $data['time']).'h';
+	}
+
+	if ($type == 'ally_list') {
+		$message = 'envoie la liste des membres de l\'alliance '.$data['tag'];
+	}
+
+	if ($type == 'rc') {
+		$message = 'envoie un rapport de combat';
+	}
+
+	if ($type == 'messages') {
+		$message = 'envoie sa page de messages';
+
+		$extra = array();
+		if (array_key_exists('msg', $data)) $extra[] = 'messages : '.$data['msg'];
+		if (array_key_exists('ally_msg', $data)) $extra[] = $data['ally_msg'].' messages d\'alliance';
+		if (array_key_exists('ennemy_spy', $data)) $extra[] = $data['ennemy_spy'].' espionnages ennemis';
+		if (array_key_exists('rc_cdr', $data)) $extra[] = $data['rc_cdr'].' rapports de recyclages';
+		if (array_key_exists('expedition', $data)) $extra[] = $data['expedition'].' rapports d\'expedition';
+		if (array_key_exists('added_spy', $data)) $extra[] = ' Rapport d\'espionnage ajouté : '.$data['added_spy_coords'];
+		if (array_key_exists('ignored_spy', $data)) $extra[] = $data['ignored_spy'].' rapports d\'espionnage ignorés';
+
+		if (!empty($extra)) $message .= ' ('.implode(', ', $extra).')';
+	}
+	if (!empty($message)) {
+		$dir = date('ymd');
+
+        $file = 'log_'.date('ymd').'.log';
+        if (!file_exists('journal/'.$dir)) @mkdir('journal/'.$dir);
+        if (file_exists('journal/'.$dir)) {
+            @chmod('journal/'.$dir, 0777);
+            $fp = @fopen('journal/'.$dir.'/'.$file, 'a+');
+            if ($fp) {
+                fwrite($fp, '/*'.date('d/m/Y H:i:s').'*/'.'[Xtense]'.'['.$data['toolbar'].'] '.$user_data['user_name'].' '.$message."\n");
+                fclose($fp);
+                @chmod('journal/'.$dir.'/'.$file, 0777);
+            }
+        }
+
+    }
+}
+
+/**
+ * @param $size
+ * @return string
+ */
+function format_size ($size) {
+	if ($size < 1024) $size .= ' octets';
+	elseif ($size < 1024*1024) $size = round($size/1024, 2).' Ko';
+	else $size = round($size/1024/1024, 2).'Mo';
+	return $size;
+}
+
+/**
+ * @param $stats
+ * @param $value
+ */
+function update_statistic($stats, $value){
+	global $db;
+	$request = "update ".TABLE_STATISTIC." set statistic_value = statistic_value + {$value}";
+	$request .= " where statistic_name = '{$stats}'";
+	$db->sql_query($request);
+	if ($db->sql_affectedrows() == 0) {
+		$request = "insert ignore into ".TABLE_STATISTIC." values ('{$stats}', '{$value}')";
+		$db->sql_query($request);
+	}
+}
+
+/**
+ * @param $boosterdata
+ * @param $current_time
+ * @return null|\tableau
+ */
+function update_boosters($boosterdata, $current_time ){
+
+	$boosters = booster_decode();
+
+	foreach($boosterdata as $booster) {
+		if(!booster_is_uuid($booster[0])) {
+			log_("mod","Booster Inconnu");
+		} else {
+			if(!isset($booster[1]))
+				$boosters = booster_uuid($boosters, $booster[0]);
+			else
+				$boosters = booster_uuid($boosters, $booster[0], booster_lire_date($booster[1]) + $current_time);
+
+		}
+	}/*$booster_table = array('booster_m_val', 'booster_m_date', 'booster_c_val', 'booster_c_date', 'booster_d_val', 'booster_d_date', 'extention_p', 'extention_m');*/
+	return $boosters;
+}
diff --git a/index.php b/index.php
index f3a6627..049b796 100755
--- a/index.php
+++ b/index.php
@@ -1,4 +1,4 @@
-<?php
+<?php global $server_config, $user_data;
 
 /**
  * @package Xtense 2
@@ -59,7 +59,7 @@
             $replace .= ' ,("xtense_' . $name . '", "' . $server_config['xtense_' . $name] . '")';
         }
 
-        $db->sql_query('REPLACE INTO ' . TABLE_CONFIG . ' (config_name, config_value) VALUES ("xtense_universe", "' . $universe . '")' . $replace);
+        $db->sql_query('REPLACE INTO ' . TABLE_CONFIG . ' (`config_name`, `config_value`) VALUES ("xtense_universe", "' . $universe . '")' . $replace);
         generate_config_cache();
         $server_config['xtense_universe'] = $universe;
 
@@ -69,8 +69,8 @@
     if (isset($pub_do)) {
 
         if ($pub_do == 'repair') {
-            $db->sql_query('DELETE FROM ' . TABLE_USER_BUILDING . ' WHERE planet_id < 1');
-            $db->sql_query('DELETE FROM ' . TABLE_USER_DEFENCE . ' WHERE planet_id < 1');
+            $db->sql_query('DELETE FROM ' . TABLE_USER_BUILDING . ' WHERE `planet_id` < 1');
+            $db->sql_query('DELETE FROM ' . TABLE_USER_DEFENCE . ' WHERE `planet_id` < 1');
             $action = 'repair';
         }
 
@@ -94,14 +94,14 @@
             $empire = (isset($_POST['empire_' . $group_id]) ? 1 : 0);
             $messages = (isset($_POST['messages_' . $group_id]) ? 1 : 0);
 
-            $db->sql_query('REPLACE INTO ' . TABLE_XTENSE_GROUPS . ' (group_id,  system, ranking, empire, messages) VALUES (' . $group_id . ', ' . $system . ',     ' . $ranking . ', ' . $empire . ', ' . $messages . ')');
+            $db->sql_query('REPLACE INTO ' . TABLE_XTENSE_GROUPS . ' (`group_id`,  `system`, `ranking`, `empire`, `messages`) VALUES (' . $group_id . ', ' . $system . ',     ' . $ranking . ', ' . $empire . ', ' . $messages . ')');
         }
 
         $update = true;
     }
 
 
-    $query = $db->sql_query('SELECT g.group_id, group_name,  system, ranking, empire, messages FROM ' . TABLE_GROUP . ' g LEFT JOIN ' . TABLE_XTENSE_GROUPS . ' x ON x.group_id = g.group_id ORDER BY g.group_name ASC');
+    $query = $db->sql_query('SELECT g.`group_id`, `group_name`,  `system`, `ranking`, `empire`, `messages` FROM ' . TABLE_GROUP . ' g LEFT JOIN ' . TABLE_XTENSE_GROUPS . ' x ON x.`group_id` = g.`group_id` ORDER BY g.`group_name` ASC');
     $groups = array();
     $groups_id = array();
 
@@ -119,12 +119,12 @@
     if (isset($pub_toggle, $pub_state)) {
         $mod_id = (int)$pub_toggle;
         $state = $pub_state == 1 ? 1 : 0;
-        $db->sql_query('UPDATE ' . TABLE_XTENSE_CALLBACKS . ' SET active = ' . $state . ' WHERE id = ' . $mod_id);
+        $db->sql_query('UPDATE ' . TABLE_XTENSE_CALLBACKS . ' SET `active` = ' . $state . ' WHERE id = ' . $mod_id);
 
         $update = true;
     }
 
-    $query = $db->sql_query('SELECT c.id, c.type, c.active AS callback_active, m.title, m.active, m.version FROM ' . TABLE_XTENSE_CALLBACKS . ' c LEFT JOIN ' . TABLE_MOD . ' m ON m.id = c.mod_id ORDER BY m.title ASC');
+    $query = $db->sql_query('SELECT c.`id`, c.`type`, c.`active` AS callback_active, m.`title`, m.`active`, m.`version` FROM ' . TABLE_XTENSE_CALLBACKS . ' c LEFT JOIN ' . TABLE_MOD . ' m ON m.`id` = c.`mod_id` ORDER BY m.`title` ASC');
     $callbacks = array();
     $calls_id = array();
 
diff --git a/uninstall.php b/uninstall.php
index 18588ba..960bcd1 100755
--- a/uninstall.php
+++ b/uninstall.php
@@ -1,20 +1,21 @@
-<?php
-/**
- * @package Xtense 2
- * @author Unibozu
- * @version 1.0
- * @licence GNU
- */
-
-if (!defined('IN_SPYOGAME')) die("Hacking Attempt!");
-
-global $de,$table_prefix;
-$mod_uninstall_name = "xtense";
-$mod_uninstall_table = $table_prefix."xtense_groups".','.$table_prefix."xtense_callbacks".','.$table_prefix."parsedRec".','.$table_prefix."parsedSpyEn";
-uninstall_mod ($mod_uninstall_name, $mod_uninstall_table);
-
-require_once("mod/{$root}/includes/config.php");
-
-$db->sql_query('DELETE FROM '.TABLE_CONFIG.' WHERE config_name LIKE "xtense_%"');
-generate_config_cache();
-
+<?php
+global $db;
+/**
+ * @package Xtense 2
+ * @author Unibozu
+ * @version 1.0
+ * @licence GNU
+ */
+
+if (!defined('IN_SPYOGAME')) die("Hacking Attempt!");
+
+global $de,$table_prefix;
+$mod_uninstall_name = "xtense";
+$mod_uninstall_table = $table_prefix."xtense_groups".','.$table_prefix."xtense_callbacks".','.$table_prefix."parsedRec".','.$table_prefix."parsedSpyEn";
+uninstall_mod ($mod_uninstall_name, $mod_uninstall_table);
+
+require_once("mod/{$root}/includes/config.php");
+
+$db->sql_query('DELETE FROM '.TABLE_CONFIG.' WHERE `config_name` LIKE "xtense_%"');
+generate_config_cache();
+
diff --git a/update.php b/update.php
index 188885d..edab9ea 100755
--- a/update.php
+++ b/update.php
@@ -1,34 +1,34 @@
-<?php
-/**
- * @package Xtense 2
- * @author Unibozu
- * @version 1.0
- * @licence GNU
- */
-
-if (!defined('IN_SPYOGAME')) die("Hacking Attempt!");
-global $db,$table_prefix;
-
-define("TABLE_XTENSE_CALLBACKS", $table_prefix . "xtense_callbacks");
-
-$mod_folder = "xtense";
-$mod_name = "xtense";
-
-$db->sql_query("ALTER TABLE ".$table_prefix."parsedRec"." CONVERT TO CHARACTER SET utf8");
-$db->sql_query("ALTER TABLE ".TABLE_XTENSE_CALLBACKS." CONVERT TO CHARACTER SET utf8");
-$db->sql_query("ALTER TABLE ".$table_prefix."xtense_groups"." CONVERT TO CHARACTER SET utf8");
-$db->sql_query("ALTER TABLE ".$table_prefix."parsedSpyEn"." CONVERT TO CHARACTER SET utf8");
-
-
-$db->sql_query('DELETE FROM '.TABLE_CONFIG.' WHERE config_name LIKE "xtense_log_ogspy"');
-$db->sql_query('DELETE FROM '.TABLE_CONFIG.' WHERE config_name LIKE "xtense_keep_log"');
-
-$result = $db->sql_query("SELECT `version` FROM ".TABLE_MOD." WHERE `title` = 'xtense'");
-list($version) = $db->sql_fetch_row($result);
-
-if(version_compare($version, '2.7.2', '<')){
-    $db->sql_query("ALTER TABLE ".TABLE_XTENSE_CALLBACKS." MODIFY `type` enum('overview','system','ally_list','buildings','research','fleet','fleetSending','defense','spy', 'spy_shared', 'ennemy_spy','rc', 'rc_shared','rc_cdr', 'msg', 'ally_msg', 'expedition','expedition_shared', 'ranking', 'trade', 'trade_me','hostiles') NOT NULL");
-}
-
-update_mod($mod_folder, $mod_name);
-
+<?php
+/**
+ * @package Xtense 2
+ * @author Unibozu
+ * @version 1.0
+ * @licence GNU
+ */
+
+if (!defined('IN_SPYOGAME')) die("Hacking Attempt!");
+global $db,$table_prefix;
+
+define("TABLE_XTENSE_CALLBACKS", $table_prefix . "xtense_callbacks");
+
+$mod_folder = "xtense";
+$mod_name = "xtense";
+
+$db->sql_query("ALTER TABLE ".$table_prefix."parsedRec"." CONVERT TO CHARACTER SET utf8");
+$db->sql_query("ALTER TABLE ".TABLE_XTENSE_CALLBACKS." CONVERT TO CHARACTER SET utf8");
+$db->sql_query("ALTER TABLE ".$table_prefix."xtense_groups"." CONVERT TO CHARACTER SET utf8");
+$db->sql_query("ALTER TABLE ".$table_prefix."parsedSpyEn"." CONVERT TO CHARACTER SET utf8");
+
+
+$db->sql_query('DELETE FROM '.TABLE_CONFIG.' WHERE `config_name` LIKE "xtense_log_ogspy"');
+$db->sql_query('DELETE FROM '.TABLE_CONFIG.' WHERE `config_name` LIKE "xtense_keep_log"');
+
+$result = $db->sql_query("SELECT `version` FROM ".TABLE_MOD." WHERE `title` = 'xtense'");
+list($version) = $db->sql_fetch_row($result);
+
+if(version_compare($version, '2.7.2', '<')){
+    $db->sql_query("ALTER TABLE ".TABLE_XTENSE_CALLBACKS." MODIFY `type` enum('overview','system','ally_list','buildings','research','fleet','fleetSending','defense','spy', 'spy_shared', 'ennemy_spy','rc', 'rc_shared','rc_cdr', 'msg', 'ally_msg', 'expedition','expedition_shared', 'ranking', 'trade', 'trade_me','hostiles') NOT NULL");
+}
+
+update_mod($mod_folder, $mod_name);
+
diff --git a/version.txt b/version.txt
index dad3e59..76f0698 100755
--- a/version.txt
+++ b/version.txt
@@ -1,5 +1,5 @@
 Xtense
-2.9.7
+2.9.8
 Xtense,Xtense,xtense,xtense,index.php,1,1
 3.3.6
 2.9.0
diff --git a/xtense.php b/xtense.php
index afbd455..2083bcd 100755
--- a/xtense.php
+++ b/xtense.php
@@ -1,4 +1,5 @@
 <?php
+global $db;
 
 /**
  * @package Xtense 2
@@ -9,6 +10,7 @@
 define('IN_SPYOGAME', true);
 define('IN_XTENSE', true);
 
+
 date_default_timezone_set(@date_default_timezone_get());
 
 $currentFolder = getcwd();
@@ -25,7 +27,7 @@
 header('Access-Control-Max-Age: 86400');    // cache for 1 day
 header('Access-Control-Request-Headers: Content-Type');    // cache for 1 day
 header("Content-Type: text/plain");
-header("Access-Control-Allow-Methods: POST, GET");
+header("Access-Control-Allow-Methods: POST");
 header('X-Content-Type-Options: nosniff');
 
 require_once("mod/{$root}/includes/config.php");
@@ -36,8 +38,8 @@
 require_once("mod/{$root}/includes/Check.php");
 require_once("mod/{$root}/includes/auth.php");
 
-$start_time = get_microtime();
 
+$start_time = get_microtime();
 $io = new Io();
 $time = time() - 60 * 4;
 if ($time > mktime(0, 0, 0) && $time < mktime(8, 0, 0)) {
@@ -87,6 +89,7 @@
 
 //print_r($data);
 
+
 switch ($received_game_data['type']) {
     case 'overview': { //PAGE OVERVIEW
             if (!$user_data['grant']['empire']) {
@@ -592,8 +595,8 @@
                         VALUES (" . $galaxy . ", " . $system . ", " . $row . ", '" . $v['planet_name'] . "', '" . $v['player_name'] . "', '" . $v['ally_tag'] . "', '" . $statusTemp . "', " . $time . ", " . $user_data['user_id'] . ", '" . $v['moon'] . "')");
                 else {
                     $db->sql_query(
-                        "UPDATE " . TABLE_UNIVERSE . " SET name = '" . $v['planet_name'] . "', player = '" . $v['player_name'] . "' , ally = '" . $v['ally_tag'] . "', status = '" . $statusTemp . "', moon = '" . $v['moon'] . "', last_update = " . $time . ", last_update_user_id = " . $user_data['user_id']
-                            . " WHERE galaxy = " . $galaxy . " AND system = " . $system . " AND row = " . $row
+                        "UPDATE " . TABLE_UNIVERSE . " SET `name` = '" . $v['planet_name'] . "', `player` = '" . $v['player_name'] . "' , `ally` = '" . $v['ally_tag'] . "', `status` = '" . $statusTemp . "', `moon` = '" . $v['moon'] . "', `last_update` = " . $time . ", `last_update_user_id` = " . $user_data['user_id']
+                            . " WHERE `galaxy` = " . $galaxy . " AND `system` = " . $system . " AND `row` = " . $row
                     );
                 }
             }
@@ -604,10 +607,10 @@
                     $toDelete[] = $galaxy . ':' . $system . ':' . $n;
                 }
 
-                $db->sql_query("UPDATE " . TABLE_PARSEDSPY . " SET active = 0 WHERE coordinates IN ('" . implode("', '", $toDelete) . "')");
+                $db->sql_query("UPDATE " . TABLE_PARSEDSPY . " SET `active` = 0 WHERE coordinates IN ('" . implode("', '", $toDelete) . "')");
             }
 
-            $db->sql_query("UPDATE " . TABLE_USER . " SET planet_added_ogs = planet_added_ogs + 15 WHERE user_id = " . $user_data['user_id']);
+            $db->sql_query("UPDATE " . TABLE_USER . " SET `planet_added_ogs` = `planet_added_ogs` + 15 WHERE `user_id` = " . $user_data['user_id']);
 
             $call->add('system', array(
                 'data' => $data['rows'],
@@ -819,7 +822,7 @@
 
             update_statistic('rankimport_ogs', 100);
             add_log('ranking', array('type1' => $type1, 'type2' => $type2, 'offset' => $offset, 'time' => $timestamp, 'toolbar' => $toolbar_info));
-        
+
     break;
 
     case 'rc': //PAGE RC
@@ -1180,7 +1183,7 @@
                     $test = $db->sql_numrows($db->sql_query("SELECT `id_spy` FROM " . TABLE_PARSEDSPY . " WHERE `coordinates` = '$coords' AND `dateRE` = '$spy_time'"));
                     if (!$test) {
                         $db->sql_query("INSERT INTO " . TABLE_PARSEDSPY . " ( " . $fields . ") VALUES (" . $values . ")");
-                        $query = $db->sql_query('SELECT last_update' . ($moon ? '_moon' : '') . ' FROM ' . TABLE_UNIVERSE . ' WHERE galaxy = ' . $spy['coords'][0] . ' AND system = ' . $spy['coords'][1] . ' AND row = ' . $spy['coords'][2]);
+                        $query = $db->sql_query('SELECT `last_update`' . ($moon ? '_moon' : '') . ' FROM ' . TABLE_UNIVERSE . ' WHERE `galaxy` = ' . $spy['coords'][0] . ' AND `system` = ' . $spy['coords'][1] . ' AND `row` = ' . $spy['coords'][2]);
                         //log_('debug', 'SELECT last_update' . ($moon ? '_moon' : '') . ' FROM ' . TABLE_UNIVERSE . ' WHERE galaxy = ' . $spy['coords'][0] . ' AND system = ' . $spy['coords'][1] . ' AND row = ' . $spy['coords'][2]);
                         if ($db->sql_numrows($query) > 0) {
                             $assoc = $db->sql_fetch_assoc($query);
@@ -1189,13 +1192,13 @@
                                     (isset($spy['content'][42]) ? $phalanx = $spy['content'][42] : $phalanx = 0);
                                     (isset($spy['content'][43]) ? $gate = $spy['content'][43] : $gate = 0);
                                     //log_('debug', "Lune détectée avec phalange $phalanx et porte $gate");
-                                    $db->sql_query('UPDATE ' . TABLE_UNIVERSE . ' SET moon = "1", phalanx = ' . $phalanx . ', gate = "' . $gate . '", last_update_moon = ' . $date . ', last_update_user_id = ' . $user_data['user_id'] . ' WHERE galaxy = ' . $spy['coords'][0] . ' AND system = ' . $spy['coords'][1] . ' AND row = ' . $spy['coords'][2]);
+                                    $db->sql_query('UPDATE ' . TABLE_UNIVERSE . ' SET `moon` = "1", `phalanx` = ' . $phalanx . ', `gate` = "' . $gate . '", `last_update_moon` = ' . $date . ', `last_update_user_id` = ' . $user_data['user_id'] . ' WHERE `galaxy` = ' . $spy['coords'][0] . ' AND `system` = ' . $spy['coords'][1] . ' AND `row` = ' . $spy['coords'][2]);
                                 } else { //we do nothing if buildings are not in the report
-                                    $db->sql_query('UPDATE ' . TABLE_UNIVERSE . ' SET name = "' . $spy['planet_name'] . '", last_update_user_id = ' . $user_data['user_id'] . ' WHERE galaxy = ' . $spy['coords'][0] . ' AND system = ' . $spy['coords'][1] . ' AND row = ' . $spy['coords'][2]);
+                                    $db->sql_query('UPDATE ' . TABLE_UNIVERSE . ' SET `name` = "' . $spy['planet_name'] . '", `last_update_user_id` = ' . $user_data['user_id'] . ' WHERE `galaxy` = ' . $spy['coords'][0] . ' AND `system` = ' . $spy['coords'][1] . ' AND `row` = ' . $spy['coords'][2]);
                                 }
                             }
                         }
-                        $db->sql_query('UPDATE ' . TABLE_USER . ' SET spy_added_ogs = spy_added_ogs + 1 WHERE user_id = ' . $user_data['user_id']);
+                        $db->sql_query('UPDATE ' . TABLE_USER . ' SET `spy_added_ogs` = spy_added_ogs + 1 WHERE `user_id` = ' . $user_data['user_id']);
                         update_statistic('spyimport_ogs', '1');
                         add_log('messages', array('added_spy' => $spy['planet_name'], 'added_spy_coords' => $coords, 'toolbar' => $toolbar_info));
                     }