$val) { //Проверка всех значений массива POST одним махом. $_POST[$key] = iconv(mb_detect_encoding($val, 'auto'), 'utf-8', $val); } $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_SPECIAL_CHARS); $password = $_POST['password'] ?? ''; $battle = $_COOKIE['battle'] ?? ''; $error = ""; if ($username && $password) { $user_query = DBPDO::$db->ofetch('SELECT id, login, pass, room, block, session_id FROM users WHERE login = ?', $username); if (!$user_query->id) { $error = ERROR_NO_SUCH_USER; } elseif ($user_query->block) { $error = ERROR_USER_IS_BLOCKED; } elseif (password_verify($password, $user_query->pass)) { # Проверка на мультоводство по используемому кукису. if ($battle != null && $user_query->id != $battle) { GameLogs::addUserLog($user_query->id,'Разные ID на входе. Возможно используются несколько аккаунтов.', 'multiaccounts'); } # TEST! Влетаем всегда в одну и ту же сессию. if ($user_query->session_id) { session_id($user_query->session_id); } $_SESSION['uid'] = $user_query->id; setcookie("battle", $user_query->id); setcookie("uid", $user_query->id, time() + 43200, "/", GAMEDOMAIN); setcookie("hashcode", md5($user_query->id . $user_query->pass . $username), time() + 43200, "/", GAMEDOMAIN); $onl = DBPDO::$db->ofetch('SELECT 1 FROM online WHERE user_id = ?', $user_query->id); if ($onl) { DBPDO::$db->execute('UPDATE online SET login_time = ? WHERE user_id = ?', [time(), $user_query->id]); } else { DBPDO::$db->execute('INSERT INTO online (user_id, login_time, room, real_time) VALUES (?,?,?,?)', [$user_query->id, time(), $user_query->room, time()]); } DBPDO::$db->execute('UPDATE users SET session_id = ?, enter_game = 1 WHERE id = ?', [session_id(), $user_query->id]); session_start(); header("Location: fight.php"); } else { $error = ERROR_WRONG_PASSWORD; } } else { $error = ERROR_EMPTY_CREDENTIALS; } Template::header('Входим...'); if ($error) { echo sprintf(' ← на главную

%s

', $error); }