66 lines
3.0 KiB
PHP
66 lines
3.0 KiB
PHP
<?php
|
|
|
|
use Battles\Template;
|
|
|
|
session_start();
|
|
require_once "config.php";
|
|
define('ERROR_NO_SUCH_USER', 'Такого пользователя не существует!');
|
|
define('ERROR_USER_IS_BLOCKED', 'Пользователь заблокирован!');
|
|
define('ERROR_WRONG_PASSWORD', 'Неверный пароль!');
|
|
define('ERROR_EMPTY_CREDENTIALS', 'Вы не ввели логин или пароль!');
|
|
foreach ($_POST as $key => $val) { //Проверка всех значений массива POST одним махом.
|
|
$_POST[$key] = iconv(mb_detect_encoding($_POST[$key], 'auto'), 'utf-8', $val);
|
|
}
|
|
|
|
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_SPECIAL_CHARS);
|
|
$password = $_POST['password'] ?? '';
|
|
$battle = $_COOKIE['battle'] ?? '';
|
|
$error = "";
|
|
|
|
if ($username && $password) {
|
|
$user_query = db::c()->query('SELECT `id`, `login` ,`pass`, `room`, `block` FROM `users` WHERE `login` = "?s"', $username)->fetch_assoc();
|
|
|
|
if (!$user_query['id']) {
|
|
$error = ERROR_NO_SUCH_USER;
|
|
} elseif ($user_query['block'] == 1) {
|
|
$error = ERROR_USER_IS_BLOCKED;
|
|
} elseif (password_verify($password, $user_query['pass'])) {
|
|
|
|
if (!$error) {
|
|
# Проверка на мультоводство по используемому кукису.
|
|
if ($battle != null && $user_query['id'] != $battle) {
|
|
$db = new SQLite3('databases/logs.sqlite');
|
|
$logLine = $db->prepare("INSERT INTO users_logs (user_id, type, text) VALUES (?, 'multiaccounts', 'Разные ID на входе. Возможно используются несколько аккаунтов.')");
|
|
$logLine->bindParam(1, $user_query['id'], SQLITE3_INTEGER);
|
|
$logLine->execute();
|
|
$logLine->close();
|
|
}
|
|
|
|
setcookie("battle", $user_query['id']);
|
|
$_SESSION['uid'] = $user_query['id'];
|
|
setcookie("uid", $user_query['id'], time() + 43200, "/", GAMEDOMAIN);
|
|
setcookie("hashcode", md5($user_query['id'] . $user_query["pass"] . $user_query["login"]), time() + 43200, "/", GAMEDOMAIN);
|
|
$_SESSION['sid'] = session_id();
|
|
|
|
$onl = db::c()->query('SELECT user_id FROM online WHERE user_id = "?s"', $user_query['id'])->fetch_assoc();
|
|
if (isset($onl['user_id'])) {
|
|
db::c()->query('UPDATE online SET date = ?i WHERE user_id = "?s"', time(), $user_query['id']);
|
|
} else {
|
|
db::c()->query('INSERT INTO online (user_id, date, room, real_time) VALUES (?i, ?i, ?i, ?i)', $user_query['id'], time(), $user_query['room'], time());
|
|
}
|
|
|
|
db::c()->query('UPDATE `users` SET `session_id` = "?s", `enter_game` = ?i WHERE `id` = ?i', session_id(), 1, $user_query['id']);
|
|
header("Location: fight.php");
|
|
}
|
|
} else {
|
|
$error = ERROR_WRONG_PASSWORD;
|
|
}
|
|
} else {
|
|
$error = ERROR_EMPTY_CREDENTIALS;
|
|
}
|
|
|
|
Template::header('Входим...');
|
|
|
|
if ($error) {
|
|
echo sprintf('<a href="/"> ← на главную</a><h1>%s</h1>', $error);
|
|
} |