battles/enter.php

69 lines
2.8 KiB
PHP
Raw Permalink Normal View History

2018-01-28 16:40:49 +00:00
<?php
use Battles\Database\Db;
use Battles\GameLogs;
use Battles\Template;
require_once "config.php";
const ERROR_NO_SUCH_USER = 'Такого пользователя не существует!';
const ERROR_USER_IS_BLOCKED = 'Пользователь заблокирован!';
const ERROR_WRONG_PASSWORD = 'Неверный пароль!';
const ERROR_EMPTY_CREDENTIALS = 'Вы не ввели логин или пароль!';
2019-03-28 15:02:04 +00:00
foreach ($_POST as $key => $val) { //Проверка всех значений массива POST одним махом.
$_POST[$key] = iconv(mb_detect_encoding($val, 'auto'), 'utf-8', $val);
2018-01-28 16:40:49 +00:00
}
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_SPECIAL_CHARS);
2020-06-23 08:49:49 +00:00
$password = $_POST['password'] ?? '';
$battle = $_COOKIE['battle'] ?? '';
2018-01-28 16:40:49 +00:00
$error = "";
if ($username && $password) {
$user_query = Db::getInstance()->ofetch('SELECT id, login, pass, room, block, session_id FROM users WHERE login = ?', $username);
2018-01-28 16:40:49 +00:00
if (!$user_query->id) {
2020-08-27 12:53:01 +00:00
$error = ERROR_NO_SUCH_USER;
} elseif ($user_query->block) {
2020-08-27 12:53:01 +00:00
$error = ERROR_USER_IS_BLOCKED;
} elseif (password_verify($password, $user_query->pass)) {
2018-01-28 16:40:49 +00:00
# Проверка на мультоводство по используемому кукису.
if ($battle != null && $user_query->id != $battle) {
GameLogs::addUserLog($user_query->id,'Разные ID на входе. Возможно используются несколько аккаунтов.', 'multiaccounts');
}
# TEST! Влетаем всегда в одну и ту же сессию.
if ($user_query->session_id) {
session_id($user_query->session_id);
}
$_SESSION['uid'] = $user_query->id;
setcookie("battle", $user_query->id);
setcookie("uid", $user_query->id, time() + 43200, "/", GAMEDOMAIN);
setcookie("hashcode", md5($user_query->id . $user_query->pass . $username), time() + 43200, "/", GAMEDOMAIN);
$onl = Db::getInstance()->ofetch('SELECT 1 FROM online WHERE user_id = ?', $user_query->id);
if ($onl) {
Db::getInstance()->execute('UPDATE online SET login_time = ? WHERE user_id = ?', [time(), $user_query->id]);
} else {
Db::getInstance()->execute('INSERT INTO online (user_id, login_time, room, real_time) VALUES (?,?,?,?)', [$user_query->id, time(), $user_query->room, time()]);
}
Db::getInstance()->execute('UPDATE users SET session_id = ?, enter_game = 1 WHERE id = ?', [session_id(), $user_query->id]);
session_start();
header("Location: fight.php");
2020-08-27 12:45:53 +00:00
} else {
2020-08-27 12:53:01 +00:00
$error = ERROR_WRONG_PASSWORD;
2018-01-28 16:40:49 +00:00
}
2020-08-27 12:45:53 +00:00
} else {
2020-08-27 12:53:01 +00:00
$error = ERROR_EMPTY_CREDENTIALS;
}
2018-01-28 16:40:49 +00:00
Template::header('Входим...');
if ($error) {
echo sprintf('<a href="/"> ← на главную</a><h1>%s</h1>', $error);
}