Добавлена возможность перехешировать пароль по запросу.
This commit is contained in:
Igor Barkov [iwork]
93
enter.php
93
enter.php
@@ -7,50 +7,71 @@ foreach ($_POST as $key => $val) { //???????????????
|
||||
}
|
||||
|
||||
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_SPECIAL_CHARS);
|
||||
$password = filter_input(INPUT_POST, 'password');
|
||||
$password = password_hash(filter_input(INPUT_POST, 'password'), PASSWORD_DEFAULT);
|
||||
$battle = filter_input(INPUT_COOKIE, 'battle');
|
||||
$error = "";
|
||||
|
||||
$data = db::c()->query('SELECT `id`, `login` ,`pass`, `room`, `block` FROM `users` WHERE `login` = "?s" AND `pass` = "?s" LIMIT 1', $username, md5($password))->fetch_assoc();
|
||||
if ($username && $password) {
|
||||
$data = db::c()->query('SELECT `id`, `login` ,`pass`, `room`, `block` FROM `users` WHERE `login` = "?s" AND `pass` = "?s"', $username, $password)->fetch_assoc();
|
||||
|
||||
if (!$data['id']) {
|
||||
$error = 'Неверные учётные данные!';
|
||||
} elseif ($data['block'] == 1) {
|
||||
$error = 'Ваш персонаж был заблокирован!';
|
||||
if (!$data['id']) {
|
||||
$error = 'Неверные учётные данные!';
|
||||
} elseif ($data['block'] == 1) {
|
||||
$error = 'Ваш персонаж был заблокирован!';
|
||||
} elseif (password_verify($password, $data['pass'])) {
|
||||
|
||||
if (!$error) {
|
||||
if ($battle != null && $data['id'] != $battle) {
|
||||
db::c()->query('INSERT INTO `delo_multi` (`idperslater`, `idpersnow`) VALUES (?i, ?i)', $battle, $data['id']);
|
||||
}
|
||||
|
||||
setcookie("battle", $data['id']);
|
||||
$_SESSION['uid'] = $data['id'];
|
||||
setcookie("uid", $data['id'], time() + 43200, "/", GAMEDOMAIN);
|
||||
setcookie("hashcode", md5($data['id'] . $data["pass"] . $data["login"]), time() + 43200, "/", GAMEDOMAIN);
|
||||
$_SESSION['sid'] = session_id();
|
||||
|
||||
$onl = db::c()->query('SELECT `id` FROM `online` WHERE `id` = "?s" LIMIT 1', $data['id'])->fetch_assoc();
|
||||
if (isset($onl['id'])) {
|
||||
db::c()->query('UPDATE `online` SET `date` = ?i WHERE `id` = "?s"', time(), $data['id']);
|
||||
} else {
|
||||
db::c()->query('INSERT INTO `online` (`id`, `date`, `room`) VALUES (?i, ?i, ?i)', $data['id'], time(), $data['room']);
|
||||
}
|
||||
|
||||
db::c()->query('UPDATE `users` SET `sid` = "?s", `enter_game` = ?i WHERE `id` = ?i LIMIT 1', session_id(), 1, $data['id']);
|
||||
$_SESSION['sid'] = session_id();
|
||||
|
||||
//TODO Лог IP адресов планировался удаляться из проекта.
|
||||
$ip = $_SERVER['REMOTE_ADDR'];
|
||||
db::c()->query('INSERT INTO `iplog` (`owner`, `ip`, `date`) VALUES (?i, "?s", ?i)', $data['id'], $ip, time());
|
||||
|
||||
$rs = db::c()->query('SELECT * FROM `telegraph` WHERE `owner` = ?i', $data['id']);
|
||||
while ($res = $rs->fetch_assoc()) {
|
||||
addchp($res['text'], '{[]}' . $data['login'] . '{[]}');
|
||||
}
|
||||
db::c()->query('DELETE FROM `telegraph` WHERE `owner` = ?i', $data['id']);
|
||||
header("Location: fight.php");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!$error) {
|
||||
if ($battle != null && $data['id'] != $battle) {
|
||||
db::c()->query('INSERT INTO `delo_multi` (`idperslater`, `idpersnow`) VALUES (?i, ?i)', $battle, $data['id']);
|
||||
/**
|
||||
* Обновляем пароли пользователей...
|
||||
*/
|
||||
|
||||
$username_upd = filter_input(INPUT_POST, 'username_upd', FILTER_SANITIZE_SPECIAL_CHARS);
|
||||
$password_upd = filter_input(INPUT_POST, 'password_upd');
|
||||
|
||||
if ($username_upd && $password_upd) {
|
||||
$data = db::c()->query('SELECT `id`, `login` ,`pass`, `room`, `block` FROM `users` WHERE `login` = "?s" AND `pass` = "?s"', $username, md5($password))->fetch_assoc();
|
||||
if ($data) {
|
||||
$hashed_password = password_hash($password_upd, PASSWORD_DEFAULT);
|
||||
db::c()->query('UPDATE `users` SET `pass` = "?s" WHERE `login` = "?s"', $username_upd, $hashed_password);
|
||||
echo '<span class="greenalert">Пароль обновлён!</span>';
|
||||
}
|
||||
|
||||
setcookie("battle", $data['id']);
|
||||
$_SESSION['uid'] = $data['id'];
|
||||
setcookie("uid", $data['id'], time() + 43200, "/", GAMEDOMAIN);
|
||||
setcookie("hashcode", md5($data['id'] . $data["pass"] . $data["login"]), time() + 43200, "/", GAMEDOMAIN);
|
||||
$_SESSION['sid'] = session_id();
|
||||
|
||||
$onl = db::c()->query('SELECT `id` FROM `online` WHERE `id` = "?s" LIMIT 1', $data['id'])->fetch_assoc();
|
||||
if (isset($onl['id'])) {
|
||||
db::c()->query('UPDATE `online` SET `date` = ?i WHERE `id` = "?s"', time(), $data['id']);
|
||||
} else {
|
||||
db::c()->query('INSERT INTO `online` (`id`, `date`, `room`) VALUES (?i, ?i, ?i)', $data['id'], time(), $data['room']);
|
||||
}
|
||||
|
||||
db::c()->query('UPDATE `users` SET `sid` = "?s", `enter_game` = ?i WHERE `id` = ?i LIMIT 1', session_id(), 1, $data['id']);
|
||||
$_SESSION['sid'] = session_id();
|
||||
|
||||
//TODO Лог IP адресов планировался удаляться из проекта.
|
||||
$ip = $_SERVER['REMOTE_ADDR'];
|
||||
db::c()->query('INSERT INTO `iplog` (`owner`, `ip`, `date`) VALUES (?i, "?s", ?i)', $data['id'], $ip, time());
|
||||
|
||||
$rs = db::c()->query('SELECT * FROM `telegraph` WHERE `owner` = ?i', $data['id']);
|
||||
while ($res = $rs->fetch_assoc()) {
|
||||
addchp($res['text'], '{[]}' . $data['login'] . '{[]}');
|
||||
}
|
||||
db::c()->query('DELETE FROM `telegraph` WHERE `owner` = ?i', $data['id']);
|
||||
header("Location: fight.php");
|
||||
echo '<span class="redalert">Ошибка!</span>';
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
<!doctype html>
|
||||
|
||||
Reference in New Issue
Block a user