lopar/battles
lopar/battles
0
0
Fork 0
Code Issues 21 Pull Requests Releases Wiki Activity

Добавлена возможность перехешировать пароль по запросу.

Browse Source
This commit is contained in:
Igor Barkov [iwork] 2018-03-05 20:02:24 +02:00
parent 4f46e7e5ed
commit 9196512713
2 changed files with 66 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
enter.php
View File

@ -7,19 +7,20 @@ foreach ($_POST as $key => $val) { //???????????????
} }
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_SPECIAL_CHARS); $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_SPECIAL_CHARS);
$password = filter_input(INPUT_POST, 'password'); $password = password_hash(filter_input(INPUT_POST, 'password'), PASSWORD_DEFAULT);
$battle = filter_input(INPUT_COOKIE, 'battle'); $battle = filter_input(INPUT_COOKIE, 'battle');
$error = ""; $error = "";
$data = db::c()->query('SELECT `id`, `login` ,`pass`, `room`, `block` FROM `users` WHERE `login` = "?s" AND `pass` = "?s" LIMIT 1', $username, md5($password))->fetch_assoc(); if ($username && $password) {
$data = db::c()->query('SELECT `id`, `login` ,`pass`, `room`, `block` FROM `users` WHERE `login` = "?s" AND `pass` = "?s"', $username, $password)->fetch_assoc();
if (!$data['id']) { if (!$data['id']) {
$error = 'Неверные учётные данные!'; $error = 'Неверные учётные данные!';
} elseif ($data['block'] == 1) { } elseif ($data['block'] == 1) {
$error = 'Ваш персонаж был заблокирован!'; $error = 'Ваш персонаж был заблокирован!';
} } elseif (password_verify($password, $data['pass'])) {
if (!$error) { if (!$error) {
if ($battle != null && $data['id'] != $battle) { if ($battle != null && $data['id'] != $battle) {
db::c()->query('INSERT INTO `delo_multi` (`idperslater`, `idpersnow`) VALUES (?i, ?i)', $battle, $data['id']); db::c()->query('INSERT INTO `delo_multi` (`idperslater`, `idpersnow`) VALUES (?i, ?i)', $battle, $data['id']);
} }
@ -50,7 +51,27 @@ if (!$error) {
} }
db::c()->query('DELETE FROM `telegraph` WHERE `owner` = ?i', $data['id']); db::c()->query('DELETE FROM `telegraph` WHERE `owner` = ?i', $data['id']);
header("Location: fight.php"); header("Location: fight.php");
}
}
} }
/**
* Обновляем пароли пользователей...
*/
$username_upd = filter_input(INPUT_POST, 'username_upd', FILTER_SANITIZE_SPECIAL_CHARS);
$password_upd = filter_input(INPUT_POST, 'password_upd');
if ($username_upd && $password_upd) {
$data = db::c()->query('SELECT `id`, `login` ,`pass`, `room`, `block` FROM `users` WHERE `login` = "?s" AND `pass` = "?s"', $username, md5($password))->fetch_assoc();
if ($data) {
$hashed_password = password_hash($password_upd, PASSWORD_DEFAULT);
db::c()->query('UPDATE `users` SET `pass` = "?s" WHERE `login` = "?s"', $username_upd, $hashed_password);
echo '<span class="greenalert">Пароль обновлён!</span>';
}
echo '<span class="redalert">Ошибка!</span>';
}
?> ?>
<!doctype html> <!doctype html>

9
index.php
View File

@ -17,6 +17,15 @@
<input type=submit value='Отправить'> <input type=submit value='Отправить'>
</form> </form>
<div style="background: seashell; border-radius: 5px; margin: 10px; padding: 10px;">
<form method="post" action="enter.php">
Обновление пароля<br>
<input name='username_upd' placeholder='Логин'>
<input name='password_upd' placeholder='Пароль' type="password">
<input type=submit value='Отправить'>
</form>
</div>
<ul class="menu"> <ul class="menu">
<li><a href="register.php">Регистрация</a></li> <li><a href="register.php">Регистрация</a></li>
<li><a href="rememberpassword.php">Забыли пароль?</a></li> <li><a href="rememberpassword.php">Забыли пароль?</a></li>