Merge remote-tracking branch 'origin/master'

2018-03-07 01:39:16 +02:00 · 2018-03-07 01:39:16 +02:00 · 10cb7594d7
commit 10cb7594d7
parent 5cf4bd51d3 6aaf2e84b7
3 changed files with 68 additions and 36 deletions
--- a/enter.php
+++ b/enter.php
@ -11,13 +11,14 @@ $password = filter_input(INPUT_POST, 'password');
 $battle = filter_input(INPUT_COOKIE, 'battle');
 $error = "";

-$data = db::c()->query('SELECT `id`, `login` ,`pass`, `room`, `block` FROM `users` WHERE `login` = "?s" AND `pass` = "?s" LIMIT 1', $username, md5($password))->fetch_assoc();
+if ($username && $password) {
+    $data = db::c()->query('SELECT `id`, `login` ,`pass`, `room`, `block` FROM `users` WHERE `login` = "?s"', $username)->fetch_assoc();

    if (!$data['id']) {
-    $error = 'Неверные учётные данные!';
+        $error = 'Ой! Такого пользователя нет!';
    } elseif ($data['block'] == 1) {
-    $error = 'Ваш персонаж был заблокирован!';
-}
+        $error = 'Ой! Вы заблокированы!';
+    } elseif (password_verify($password, $data['pass'])) {

        if (!$error) {
            if ($battle != null && $data['id'] != $battle) {
@ -51,6 +52,26 @@ if (!$error) {
            db::c()->query('DELETE FROM `telegraph` WHERE `owner` = ?i', $data['id']);
            header("Location: fight.php");
        }
+    }
+}
+
+/**
+ * Обновляем пароли пользователей...
+ */
+
+$username_upd = filter_input(INPUT_POST, 'username_upd', FILTER_SANITIZE_SPECIAL_CHARS);
+$password_upd = filter_input(INPUT_POST, 'password_upd');
+
+if ($username_upd && $password_upd) {
+    $data = db::c()->query('SELECT `id`, `login` ,`pass`, `room`, `block` FROM `users` WHERE `login` = "?s" AND `pass` = "?s"', $username_upd, md5($password_upd))->fetch_assoc();
+    if ($data['id']) {
+        db::c()->query('UPDATE `users` SET `pass` = "?s" WHERE `login` = "?s"', password_hash($password_upd, PASSWORD_DEFAULT), $username_upd);
+        header("Location: index.php");
+    } else {
+        $error = 'Ошибка!';
+    }
+}
+
 ?>

 <!doctype html>
--- a/index.php
+++ b/index.php
@ -17,6 +17,16 @@
    <input type=submit value='Отправить'>
 </form>

+<div style="background: seashell; border-radius: 5px; margin-top: 10px; padding: 10px; display: inline-block;">
+    <form method="post" action="enter.php">
+        Обновление пароля<br>
+        <input name='username_upd' placeholder='Логин'>
+        <input name='password_upd' placeholder='Пароль' type="password">
+        <input type=submit value='Отправить'>
+    </form>
+    <p>Если не пускает внутрь, обнови пароль!</p>
+</div>
+
 <ul class="menu">
    <li><a href="register.php">Регистрация</a></li>
    <li><a href="rememberpassword.php">Забыли пароль?</a></li>
--- a/orden.php
+++ b/orden.php
@ -4,7 +4,8 @@ if(!isset($_SESSION['uid'])) header("Location: index.php");
 include("config.php");
 include("functions.php");
 if($user['in_tower'] == 1) { header('Location: towerin.php'); die(); }
-$al = mysql_fetch_assoc(mysql_query("SELECT * FROM `aligns` WHERE `align` = '{$user['align']}' LIMIT 1"));
+//$al = mysql_fetch_assoc(mysql_query("SELECT * FROM `aligns` WHERE `align` = '{$user['align']}' LIMIT 1"));
+$al = db::c()->query('SELECT `accses`,`name` FROM `aligns` WHERE `align` = ?i', $user['align'])->fetch_assoc();
 header("Cache-Control: no-cache");

 # Защита для свитков.
@ -28,9 +29,9 @@ $arr = array(
 );

 ?>
-
-<HTML>
-<HEAD>
+<!doctype html>
+<html>
+<head>
 <link rel=stylesheet href="css/main.css">
 <meta charset="utf-8">
 <style>