$val) { //Проверка всех значений массива POST одним махом. $_POST[$key] = iconv(mb_detect_encoding($_POST[$key], 'auto'), 'utf-8', $val); } $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_SPECIAL_CHARS); $password = $_POST['password'] ?? ''; $battle = $_COOKIE['battle'] ?? ''; $error = ""; if ($username && $password) { $user_query = db::c()->query('SELECT `id`, `login` ,`pass`, `room`, `block` FROM `users` WHERE `login` = "?s"', $username)->fetch_assoc(); if (!$user_query['id']) { $error = ERROR_NO_SUCH_USER; } elseif ($user_query['block'] == 1) { $error = ERROR_USER_IS_BLOCKED; } elseif (password_verify($password, $user_query['pass'])) { if (!$error) { # Проверка на мультоводство по используемому кукису. if ($battle != null && $user_query['id'] != $battle) { db::c()->query('INSERT INTO users_logs (user_id, type, text) VALUES (?i, "?s", "?s")', $user_query['id'], "multiaccounts", "Разные ID на входе. Возможно используются несколько аккаунтов."); } setcookie("battle", $user_query['id']); $_SESSION['uid'] = $user_query['id']; setcookie("uid", $user_query['id'], time() + 43200, "/", GAMEDOMAIN); setcookie("hashcode", md5($user_query['id'] . $user_query["pass"] . $user_query["login"]), time() + 43200, "/", GAMEDOMAIN); $_SESSION['sid'] = session_id(); $onl = db::c()->query('SELECT user_id FROM online WHERE user_id = "?s"', $user_query['id'])->fetch_assoc(); if (isset($onl['user_id'])) { db::c()->query('UPDATE online SET date = ?i WHERE user_id = "?s"', time(), $user_query['id']); } else { db::c()->query('INSERT INTO online (user_id, date, room) VALUES (?i, ?i, ?i)', $user_query['id'], time(), $user_query['room']); } db::c()->query('UPDATE `users` SET `session_id` = "?s", `enter_game` = ?i WHERE `id` = ?i', session_id(), 1, $user_query['id']); header("Location: fight.php"); } } else { $error = ERROR_WRONG_PASSWORD; } } else { $error = ERROR_EMPTY_CREDENTIALS; } ?> ← на главную