69 lines
2.8 KiB
PHP
69 lines
2.8 KiB
PHP
<?php
|
|
session_start();
|
|
include("config.php");
|
|
|
|
foreach ($_POST as $key => $val) { //Проверка всех значений массива POST одним махом.
|
|
$_POST[$key] = iconv(mb_detect_encoding($_POST[$key], 'auto'), 'utf-8', $val);
|
|
}
|
|
|
|
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_SPECIAL_CHARS);
|
|
$password = $_POST['password'] ?? '';
|
|
$battle = $_COOKIE['battle'] ?? '';
|
|
$error = "";
|
|
|
|
if ($username && $password) {
|
|
$data = db::c()->query('SELECT `id`, `login` ,`pass`, `room`, `block` FROM `users` WHERE `login` = "?s"', $username)->fetch_assoc();
|
|
|
|
if (!$data['id']) {
|
|
$error = 'Ой! Такого пользователя нет!';
|
|
} elseif ($data['block'] == 1) {
|
|
$error = 'Ой! Вы заблокированы!';
|
|
} elseif (password_verify($password, $data['pass'])) {
|
|
|
|
if (!$error) {
|
|
# Проверка на мультоводство по используемому кукису.
|
|
if ($battle != null && $data['id'] != $battle) {
|
|
db::c()->query('INSERT INTO log_multiaccounts (older_data, current_data) VALUES (?i, ?i)', $battle, $data['id']);
|
|
}
|
|
|
|
setcookie("battle", $data['id']);
|
|
$_SESSION['uid'] = $data['id'];
|
|
setcookie("uid", $data['id'], time() + 43200, "/", GAMEDOMAIN);
|
|
setcookie("hashcode", md5($data['id'] . $data["pass"] . $data["login"]), time() + 43200, "/", GAMEDOMAIN);
|
|
$_SESSION['sid'] = session_id();
|
|
|
|
$onl = db::c()->query('SELECT user_id FROM online WHERE user_id = "?s"', $data['id'])->fetch_assoc();
|
|
if (isset($onl['user_id'])) {
|
|
db::c()->query('UPDATE online SET date = ?i WHERE user_id = "?s"', time(), $data['id']);
|
|
} else {
|
|
db::c()->query('INSERT INTO online (user_id, date, room) VALUES (?i, ?i, ?i)', $data['id'], time(), $data['room']);
|
|
}
|
|
|
|
db::c()->query('UPDATE `users` SET `session_id` = "?s", `enter_game` = ?i WHERE `id` = ?i', session_id(), 1, $data['id']);
|
|
// DEPRECATED. NO TABLE IN DB!
|
|
// $sms = db::c()->query('SELECT * FROM `telegraph` WHERE `receiver` = ?i', $data['id']);
|
|
// while ($res = $sms->fetch_assoc()) {
|
|
// db::c()->query('INSERT INTO `chat` (`touid`, `msg`, `type`) VALUES (?i, "?s", "?s")', $res['receiver'], $res['text'], 'sms');
|
|
// }
|
|
// db::c()->query('DELETE FROM `telegraph` WHERE `receiver` = ?i', $data['id']);
|
|
|
|
header("Location: fight.php");
|
|
}
|
|
}
|
|
}
|
|
?>
|
|
|
|
<!doctype html>
|
|
<html lang="ru-RU">
|
|
<head>
|
|
<meta charset=UTF-8">
|
|
<link href="css/main.css" rel="stylesheet">
|
|
<title>Входим...</title>
|
|
</head>
|
|
<body>
|
|
<?php if (!empty($error)): ?>
|
|
<a href="/"> ← на главную</a>
|
|
<h1><?php echo $error; ?></h1>
|
|
<?php endif; ?>
|
|
</body>
|
|
</html>
|