<?php
session_start();
include("config.php");

foreach ($_POST as $key => $val) { //???????????????
    $_POST[$key] = iconv(mb_detect_encoding($_POST[$key], 'auto'), 'utf-8', $val);
}

$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_SPECIAL_CHARS);
$password = filter_input(INPUT_POST, 'password');
$battle = filter_input(INPUT_COOKIE, 'battle');
$error = "";

if ($username && $password) {
    $data = db::c()->query('SELECT `id`, `login` ,`pass`, `room`, `block` FROM `users` WHERE `login` = "?s"', $username)->fetch_assoc();

    if (!$data['id']) {
        $error = 'Ой! Такого пользователя нет!';
    } elseif ($data['block'] == 1) {
        $error = 'Ой! Вы заблокированы!';
    } elseif (password_verify($password, $data['pass'])) {

        if (!$error) {
            # Проверка на мультоводство по используемому кукису.
            if ($battle != null && $data['id'] != $battle) {
                db::c()->query('INSERT INTO `delo_multi` (`idperslater`, `idpersnow`) VALUES (?i, ?i)', $battle, $data['id']);
            }

            setcookie("battle", $data['id']);
            $_SESSION['uid'] = $data['id'];
            setcookie("uid", $data['id'], time() + 43200, "/", GAMEDOMAIN);
            setcookie("hashcode", md5($data['id'] . $data["pass"] . $data["login"]), time() + 43200, "/", GAMEDOMAIN);
            $_SESSION['sid'] = session_id();

            $onl = db::c()->query('SELECT `id` FROM `online` WHERE `id` = "?s" LIMIT 1', $data['id'])->fetch_assoc();
            if (isset($onl['id'])) {
                db::c()->query('UPDATE `online` SET `date` = ?i WHERE `id` = "?s"', time(), $data['id']);
            } else {
                db::c()->query('INSERT INTO `online` (`id`, `date`, `room`) VALUES (?i, ?i, ?i)', $data['id'], time(), $data['room']);
            }

            db::c()->query('UPDATE `users` SET `sid` = "?s", `enter_game` = ?i WHERE `id` = ?i LIMIT 1', session_id(), 1, $data['id']);
            $_SESSION['sid'] = session_id();

            //TODO Лог IP адресов планировался удаляться из проекта.
            $ip = $_SERVER['REMOTE_ADDR'];
            db::c()->query('INSERT INTO `iplog` (`owner`, `ip`, `date`) VALUES (?i, "?s", ?i)', $data['id'], $ip, time());

            $sms = db::c()->query('SELECT * FROM `telegraph` WHERE `receiver` = ?i', $data['id']);
            while ($res = $sms->fetch_assoc()) {
                db::c()->query('INSERT INTO `chat` (`touid`, `msg`, `type`) VALUES (?i, "?s", "?s")', $res['receiver'], $res['msg'], 'sms');
            }
            db::c()->query('DELETE FROM `telegraph` WHERE `receiver` = ?i', $data['id']);
            header("Location: fight.php");
        }
    }
}

/**
 * Обновляем пароли пользователей...
 */

$username_upd = filter_input(INPUT_POST, 'username_upd', FILTER_SANITIZE_SPECIAL_CHARS);
$password_upd = filter_input(INPUT_POST, 'password_upd');

if ($username_upd && $password_upd) {
    $data = db::c()->query('SELECT `id`, `login` ,`pass`, `room`, `block` FROM `users` WHERE `login` = "?s" AND `pass` = "?s"', $username_upd, md5($password_upd))->fetch_assoc();
    if ($data['id']) {
        db::c()->query('UPDATE `users` SET `pass` = "?s" WHERE `login` = "?s"', password_hash($password_upd, PASSWORD_DEFAULT), $username_upd);
        header("Location: index.php");
    } else {
        $error = 'Ошибка!';
    }
}

?>

<!doctype html>
<html lang="ru-RU">
<head>
    <meta charset=UTF-8">
    <link href="css/main.css" rel="stylesheet">
    <title>Входим...</title>
</head>
<body>
<?php if (!empty($error)): ?>
    <a href="/"> ← на главную</a>
    <h1><?php echo $error; ?></h1>
<? endif; ?>
</body>
</html>