diff --git a/enter.php b/enter.php index 87289a8..4d743e3 100644 --- a/enter.php +++ b/enter.php @@ -7,50 +7,71 @@ foreach ($_POST as $key => $val) { //??????????????? } $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_SPECIAL_CHARS); -$password = filter_input(INPUT_POST, 'password'); +$password = password_hash(filter_input(INPUT_POST, 'password'), PASSWORD_DEFAULT); $battle = filter_input(INPUT_COOKIE, 'battle'); $error = ""; -$data = db::c()->query('SELECT `id`, `login` ,`pass`, `room`, `block` FROM `users` WHERE `login` = "?s" AND `pass` = "?s" LIMIT 1', $username, md5($password))->fetch_assoc(); +if ($username && $password) { + $data = db::c()->query('SELECT `id`, `login` ,`pass`, `room`, `block` FROM `users` WHERE `login` = "?s" AND `pass` = "?s"', $username, $password)->fetch_assoc(); -if (!$data['id']) { - $error = 'Неверные учётные данные!'; -} elseif ($data['block'] == 1) { - $error = 'Ваш персонаж был заблокирован!'; + if (!$data['id']) { + $error = 'Неверные учётные данные!'; + } elseif ($data['block'] == 1) { + $error = 'Ваш персонаж был заблокирован!'; + } elseif (password_verify($password, $data['pass'])) { + + if (!$error) { + if ($battle != null && $data['id'] != $battle) { + db::c()->query('INSERT INTO `delo_multi` (`idperslater`, `idpersnow`) VALUES (?i, ?i)', $battle, $data['id']); + } + + setcookie("battle", $data['id']); + $_SESSION['uid'] = $data['id']; + setcookie("uid", $data['id'], time() + 43200, "/", GAMEDOMAIN); + setcookie("hashcode", md5($data['id'] . $data["pass"] . $data["login"]), time() + 43200, "/", GAMEDOMAIN); + $_SESSION['sid'] = session_id(); + + $onl = db::c()->query('SELECT `id` FROM `online` WHERE `id` = "?s" LIMIT 1', $data['id'])->fetch_assoc(); + if (isset($onl['id'])) { + db::c()->query('UPDATE `online` SET `date` = ?i WHERE `id` = "?s"', time(), $data['id']); + } else { + db::c()->query('INSERT INTO `online` (`id`, `date`, `room`) VALUES (?i, ?i, ?i)', $data['id'], time(), $data['room']); + } + + db::c()->query('UPDATE `users` SET `sid` = "?s", `enter_game` = ?i WHERE `id` = ?i LIMIT 1', session_id(), 1, $data['id']); + $_SESSION['sid'] = session_id(); + + //TODO Лог IP адресов планировался удаляться из проекта. + $ip = $_SERVER['REMOTE_ADDR']; + db::c()->query('INSERT INTO `iplog` (`owner`, `ip`, `date`) VALUES (?i, "?s", ?i)', $data['id'], $ip, time()); + + $rs = db::c()->query('SELECT * FROM `telegraph` WHERE `owner` = ?i', $data['id']); + while ($res = $rs->fetch_assoc()) { + addchp($res['text'], '{[]}' . $data['login'] . '{[]}'); + } + db::c()->query('DELETE FROM `telegraph` WHERE `owner` = ?i', $data['id']); + header("Location: fight.php"); + } + } } -if (!$error) { - if ($battle != null && $data['id'] != $battle) { - db::c()->query('INSERT INTO `delo_multi` (`idperslater`, `idpersnow`) VALUES (?i, ?i)', $battle, $data['id']); +/** + * Обновляем пароли пользователей... + */ + +$username_upd = filter_input(INPUT_POST, 'username_upd', FILTER_SANITIZE_SPECIAL_CHARS); +$password_upd = filter_input(INPUT_POST, 'password_upd'); + +if ($username_upd && $password_upd) { + $data = db::c()->query('SELECT `id`, `login` ,`pass`, `room`, `block` FROM `users` WHERE `login` = "?s" AND `pass` = "?s"', $username, md5($password))->fetch_assoc(); + if ($data) { + $hashed_password = password_hash($password_upd, PASSWORD_DEFAULT); + db::c()->query('UPDATE `users` SET `pass` = "?s" WHERE `login` = "?s"', $username_upd, $hashed_password); + echo 'Пароль обновлён!'; } - - setcookie("battle", $data['id']); - $_SESSION['uid'] = $data['id']; - setcookie("uid", $data['id'], time() + 43200, "/", GAMEDOMAIN); - setcookie("hashcode", md5($data['id'] . $data["pass"] . $data["login"]), time() + 43200, "/", GAMEDOMAIN); - $_SESSION['sid'] = session_id(); - - $onl = db::c()->query('SELECT `id` FROM `online` WHERE `id` = "?s" LIMIT 1', $data['id'])->fetch_assoc(); - if (isset($onl['id'])) { - db::c()->query('UPDATE `online` SET `date` = ?i WHERE `id` = "?s"', time(), $data['id']); - } else { - db::c()->query('INSERT INTO `online` (`id`, `date`, `room`) VALUES (?i, ?i, ?i)', $data['id'], time(), $data['room']); - } - - db::c()->query('UPDATE `users` SET `sid` = "?s", `enter_game` = ?i WHERE `id` = ?i LIMIT 1', session_id(), 1, $data['id']); - $_SESSION['sid'] = session_id(); - - //TODO Лог IP адресов планировался удаляться из проекта. - $ip = $_SERVER['REMOTE_ADDR']; - db::c()->query('INSERT INTO `iplog` (`owner`, `ip`, `date`) VALUES (?i, "?s", ?i)', $data['id'], $ip, time()); - - $rs = db::c()->query('SELECT * FROM `telegraph` WHERE `owner` = ?i', $data['id']); - while ($res = $rs->fetch_assoc()) { - addchp($res['text'], '{[]}' . $data['login'] . '{[]}'); - } - db::c()->query('DELETE FROM `telegraph` WHERE `owner` = ?i', $data['id']); - header("Location: fight.php"); + echo 'Ошибка!'; } + ?> diff --git a/index.php b/index.php index 342e393..da5a8d9 100644 --- a/index.php +++ b/index.php @@ -17,6 +17,15 @@ +