From 06963ce42861f26140692386ba641f8f3bca70e2 Mon Sep 17 00:00:00 2001
From: "Igor Barkov (iwork)" <lopar@lopar.us>
Date: Fri, 29 Jan 2021 17:21:14 +0200
Subject: [PATCH] =?UTF-8?q?=D0=92=D1=85=D0=BE=D0=B4=20=D0=B2=20=D0=B8?=
 =?UTF-8?q?=D0=B3=D1=80=D1=83=20=D1=81=D0=BD=D0=BE=D0=B2=D0=B0=20=D1=80?=
 =?UTF-8?q?=D0=B0=D0=B1=D0=BE=D1=82=D0=B0=D0=B5=D1=82.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 config.php    |  6 +-----
 enter.php     | 32 +++++++++++++++++---------------
 functions.php |  7 ++++++-
 3 files changed, 24 insertions(+), 21 deletions(-)

diff --git a/config.php b/config.php
index ac4b7ef..172bc5e 100644
--- a/config.php
+++ b/config.php
@@ -4,10 +4,7 @@
  * Author: Igor Barkov <lopar.4ever@gmail.com>
  * Project name: Battles-Game
  */
-if (empty($_SESSION['uid']) && $_SERVER['REQUEST_URI'] != "/enter.php") {
-    header("Location: index.php");
-    exit;
-}
+
 ini_set('display_errors', 'On');
 error_reporting(E_ALL);
 define("GAMEDOMAIN", "battles.lan");
@@ -16,7 +13,6 @@ define("GAMEDOMAIN", "battles.lan");
  */
 header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
 header("Cache-Control: post-check=0, pre-check=0", false);
-header("Pragma: no-cache");
 
 /**
  * Классы для работы с базой данных.
diff --git a/enter.php b/enter.php
index 9ea620e..8b7c401 100644
--- a/enter.php
+++ b/enter.php
@@ -1,5 +1,6 @@
 <?php
 
+use Battles\Database\DBPDO;
 use Battles\GameLogs;
 use Battles\Template;
 
@@ -9,6 +10,7 @@ define('ERROR_NO_SUCH_USER', 'Такого пользователя не сущ
 define('ERROR_USER_IS_BLOCKED', 'Пользователь заблокирован!');
 define('ERROR_WRONG_PASSWORD', 'Неверный пароль!');
 define('ERROR_EMPTY_CREDENTIALS', 'Вы не ввели логин или пароль!');
+$db = new DBPDO();
 foreach ($_POST as $key => $val) { //Проверка всех значений массива POST одним махом.
     $_POST[$key] = iconv(mb_detect_encoding($_POST[$key], 'auto'), 'utf-8', $val);
 }
@@ -19,34 +21,34 @@ $battle = $_COOKIE['battle'] ?? '';
 $error = "";
 
 if ($username && $password) {
-    $user_query = db::c()->query('SELECT `id`, `login` ,`pass`, `room`, `block` FROM `users` WHERE `login` = "?s"', $username)->fetch_assoc();
+    $user_query = $db->ofetch('SELECT id, login, pass, room, block FROM users WHERE login = ?', $username);
 
-    if (!$user_query['id']) {
+    if (!$user_query->id) {
         $error = ERROR_NO_SUCH_USER;
-    } elseif ($user_query['block'] == 1) {
+    } elseif ($user_query->block) {
         $error = ERROR_USER_IS_BLOCKED;
-    } elseif (password_verify($password, $user_query['pass'])) {
+    } elseif (password_verify($password, $user_query->pass)) {
 
         if (!$error) {
             # Проверка на мультоводство по используемому кукису.
-            if ($battle != null && $user_query['id'] != $battle) {
-                GameLogs::addUserLog($user_query['id'],'Разные ID на входе. Возможно используются несколько аккаунтов.', 'multiaccounts');
+            if ($battle != null && $user_query->id != $battle) {
+                GameLogs::addUserLog($user_query->id,'Разные ID на входе. Возможно используются несколько аккаунтов.', 'multiaccounts');
             }
 
-            setcookie("battle", $user_query['id']);
-            $_SESSION['uid'] = $user_query['id'];
-            setcookie("uid", $user_query['id'], time() + 43200, "/", GAMEDOMAIN);
-            setcookie("hashcode", md5($user_query['id'] . $user_query["pass"] . $user_query["login"]), time() + 43200, "/", GAMEDOMAIN);
+            setcookie("battle", $user_query->id);
+            $_SESSION['uid'] = $user_query->id;
+            setcookie("uid", $user_query->id, time() + 43200, "/", GAMEDOMAIN);
+            setcookie("hashcode", md5($user_query->id . $user_query->pass . $username), time() + 43200, "/", GAMEDOMAIN);
             $_SESSION['sid'] = session_id();
 
-            $onl = db::c()->query('SELECT user_id FROM online WHERE user_id = "?s"', $user_query['id'])->fetch_assoc();
-            if (isset($onl['user_id'])) {
-                db::c()->query('UPDATE online SET date = ?i WHERE user_id = "?s"', time(), $user_query['id']);
+            $onl = $db->ofetch('SELECT user_id FROM online WHERE user_id = ?', $user_query->id);
+            if (isset($onl->user_id)) {
+                $db->execute('UPDATE online SET date = ? WHERE user_id = ?', [time(), $user_query->id]);
             } else {
-                db::c()->query('INSERT INTO online (user_id, date, room, real_time) VALUES (?i, ?i, ?i, ?i)', $user_query['id'], time(), $user_query['room'], time());
+                $db->execute('INSERT INTO online (user_id, date, room, real_time) VALUES (?,?,?,?)', [$user_query->id, time(), $user_query->room, time()]);
             }
 
-            db::c()->query('UPDATE `users` SET `session_id` = "?s", `enter_game` = ?i WHERE `id` = ?i', session_id(), 1, $user_query['id']);
+            $db->execute('UPDATE users SET session_id = ?, enter_game = 1 WHERE id = ?', [session_id(), $user_query->id]);
             header("Location: fight.php");
         }
     } else {
diff --git a/functions.php b/functions.php
index ce9f122..3d58614 100644
--- a/functions.php
+++ b/functions.php
@@ -9,8 +9,13 @@ use Battles\Travel;
 use Battles\User;
 
 require_once 'config.php';
+if (empty($_SESSION['uid'])) {
+    header("Location: index.php");
+    exit;
+} else {
+    $user = new User($_SESSION['uid']);
+}
 
-$user = new User($_SESSION['uid']);
 if ($user->id && $user->block) {
     exit('user blocked!');
 }