2022-06-06 21:30:34 +00:00
< ? php
2022-12-30 19:03:37 +00:00
use Core\Config ;
use Core\Database ;
use Core\Db ;
2022-12-19 18:26:14 +00:00
if ( session_status () == PHP_SESSION_NONE ) {
session_start ();
2022-06-06 21:30:34 +00:00
}
2022-12-30 19:03:37 +00:00
require_once __DIR__ . DIRECTORY_SEPARATOR . '_incl_data/autoload.php' ;
Config :: init ();
Database :: init ();
2022-06-06 21:30:34 +00:00
2022-12-19 18:26:14 +00:00
define ( 'IP' , UserIp :: get ());
$chat = new Chat ();
if ( isset ( $_GET [ 'login' ])) {
$_POST [ 'login' ] = $_GET [ 'login' ];
$_POST [ 'pass' ] = $_GET [ 'pass' ];
$_POST [ 'code' ] = $_GET [ 'code' ];
2022-06-06 21:30:34 +00:00
}
2022-12-19 18:26:14 +00:00
if ( isset ( $_POST [ 'psw' ])) {
$_POST [ 'pass' ] = $_POST [ 'psw' ];
2022-06-06 21:30:34 +00:00
}
2022-12-19 18:26:14 +00:00
if ( isset ( $_SESSION [ 'login' ])) {
$_POST [ 'login' ] = $_SESSION [ 'login' ];
$_POST [ 'pass' ] = $_SESSION [ 'pass' ];
2022-06-06 21:30:34 +00:00
}
2022-12-19 18:26:14 +00:00
if ( isset ( $_GET [ 'cookie_login' ]) && $_GET [ 'cookie_login' ] != '' ) {
2022-12-30 19:03:37 +00:00
setcookie ( 'login' , $_GET [ 'cookie_login' ], time () + 60 * 60 * 24 * 7 , '' , Config :: get ( 'host' ));
setcookie ( 'pass' , $_GET [ 'cookie_pass' ], time () + 60 * 60 * 24 * 7 , '' , Config :: get ( 'host' ));
2022-12-19 18:26:14 +00:00
die ();
2022-06-06 21:30:34 +00:00
}
function error ( $e )
{
2023-01-06 14:57:25 +00:00
die (
'
< link rel = " stylesheet " href = " error.css " >
< div class = " text-wrapper " >
2023-01-10 16:29:32 +00:00
< div class = " title " data - content = " Ошибка " >
Ошибка !!
2022-06-06 21:30:34 +00:00
</ div >
< div class = " subtitle " >
2022-12-19 18:26:14 +00:00
' . $e . '
2022-06-06 21:30:34 +00:00
</ div >
< div class = " buttons " >
2023-01-10 16:29:32 +00:00
< a class = " button " href = " ' . Config::get('https') . ' " > Вернуться назад </ a >
2022-06-06 21:30:34 +00:00
</ div >
</ div >
2023-01-06 14:57:25 +00:00
'
);
2022-06-06 21:30:34 +00:00
}
2023-01-06 14:57:25 +00:00
function checkPassword ( string $password , string $passwordHash , string $login ) : bool
2022-06-06 21:30:34 +00:00
{
2023-01-06 14:57:25 +00:00
if ( password_verify ( $password , $passwordHash )) { // check password
return true ;
} else {
if (
md5 ( $password ) === $passwordHash || // convert old md5() password
password_needs_rehash ( $passwordHash , PASSWORD_DEFAULT ) //rehash if PASSWORD_DEFAULT changed
) {
$hash = password_hash ( $password , PASSWORD_DEFAULT );
Db :: sql ( 'update users set pass = ? where login = ?' , [ $hash , $login ]);
return true ;
2022-12-19 18:26:14 +00:00
}
2023-01-06 14:57:25 +00:00
return false ;
2022-12-19 18:26:14 +00:00
}
}
2022-06-06 21:30:34 +00:00
//ReCapthca
require_once " ./recaptchalib.php " ;
2023-01-10 16:29:32 +00:00
// ваш секретный ключ
2022-06-06 21:30:34 +00:00
$secret = " 6Lf3EjsaAAAAALe3zRwxyPGf13ZMWZvCmvad3-jQ " ;
2022-12-19 18:26:14 +00:00
2023-01-10 16:29:32 +00:00
// пустой ответ
2022-06-06 21:30:34 +00:00
$response = null ;
2022-12-19 18:26:14 +00:00
2023-01-10 16:29:32 +00:00
// проверка секретного ключа
2022-06-06 21:30:34 +00:00
$reCaptcha = new ReCaptcha ( $secret );
if ( $_POST [ " g-recaptcha-response " ]) {
2023-01-06 14:57:25 +00:00
$response = $reCaptcha -> verifyResponse (
2022-06-06 21:30:34 +00:00
$_SERVER [ " REMOTE_ADDR " ],
$_POST [ " g-recaptcha-response " ]
);
}
//ReCapthca
2023-01-06 14:57:25 +00:00
$u = Db :: getRow (
' select
users . id ,
users . login ,
auth ,
pass ,
pass2 ,
users . city ,
users . ip ,
ipreg ,
admin ,
online ,
banned ,
host_reg ,
timereg ,
securetime ,
users_delo . text as block_reason
from users
left join users_delo on users . id = users_delo . uid
where users . login = ? ' ,
[ $_POST [ 'login' ]]
);
2022-12-30 19:03:37 +00:00
$auth = Db :: getValue ( 'select id from logs_auth where uid = ? and ip = ?' , [ $u [ 'id' ], IP ]);
2022-06-06 21:30:34 +00:00
2022-12-19 18:26:14 +00:00
if ( ! isset ( $u [ 'id' ])) {
2023-01-10 16:29:32 +00:00
error ( 'Логин "' . $_POST [ 'login' ] . '" не найден в базе.' );
2022-12-19 18:26:14 +00:00
} elseif ( $u [ 'banned' ] > 0 ) {
2023-01-10 16:29:32 +00:00
$blockstr = " Персонаж <b> { $u [ 'login' ] } </b> заблокирован. " ;
$blockstr .= $u [ 'block_reason' ] ? " Причина блокировки: { $u [ 'block_reason' ] } <br><br> " : '<br><br>' ;
2023-01-06 14:57:25 +00:00
error ( $blockstr );
} elseif ( ! checkPassword ( $_POST [ 'pass' ], $u [ 'pass' ], $u [ 'login' ])) {
2023-01-10 16:29:32 +00:00
error ( " Неверный пароль к персонажу { $u [ 'login' ] } . " );
2023-01-06 14:57:25 +00:00
Db :: sql (
2023-01-11 23:39:26 +00:00
'insert into logs_auth (uid, ip, browser, type, time) values (?,?,?,3,unix_timestamp())' ,
[ $u [ 'id' ], IP , $_SERVER [ 'HTTP_USER_AGENT' ]]
2023-01-06 14:57:25 +00:00
);
2022-12-19 18:26:14 +00:00
} else {
2023-01-10 16:29:32 +00:00
//Второй пароль
2023-01-06 14:57:25 +00:00
if ( ! empty ( $u [ 'pass2' ])) {
2022-12-19 18:26:14 +00:00
$_SESSION [ 'login' ] = $_POST [ 'login' ];
$_SESSION [ 'pass' ] = $_POST [ 'pass' ];
$good2 = false ;
$koko = '' ;
2023-01-06 14:57:25 +00:00
if ( password_verify ( $_POST [ 'code' ], $u [ 'pass2' ])) {
2022-12-19 18:26:14 +00:00
$good2 = true ;
unset ( $_SESSION [ 'login' ], $_SESSION [ 'pass' ]);
} else {
if ( isset ( $_POST [ 'code' ])) {
2023-01-10 16:29:32 +00:00
$koko = 'Неверный второй пароль<br>' ;
2022-12-30 19:03:37 +00:00
}
setcookie ( 'login' , '' , time () - 60 * 60 * 24 , '' , Config :: get ( 'host' ));
2022-12-19 18:26:14 +00:00
}
2023-01-06 14:57:25 +00:00
if ( $koko ) {
2022-12-30 19:03:37 +00:00
$koko = '<b style="color: red">' . $koko . '</b>' ;
2022-12-19 18:26:14 +00:00
}
2022-12-30 19:03:37 +00:00
if ( ! $good2 ) {
2022-12-19 18:26:14 +00:00
?>
<! Doctype html >
2022-12-30 19:03:37 +00:00
< HTML lang = " ru " >
2022-12-19 18:26:14 +00:00
< HEAD >
< link rel = stylesheet type = " text/css " >
2023-01-10 17:26:14 +00:00
2022-12-19 18:26:14 +00:00
< meta name = " msapplication-config " content = " browserconfig.xml " />
2023-01-10 16:29:32 +00:00
< TITLE > Второй пароль </ TITLE >
2022-12-19 18:26:14 +00:00
</ HEAD >
< body bgcolor = dfdfde >
2023-01-10 16:29:32 +00:00
< H3 >< FONT COLOR = " black " > Запрос второго пароля к персонажу .</ FONT ></ H3 >
2022-12-19 18:26:14 +00:00
< ? = $koko ?>
< div align = " center " >
< br >
< br >
< img id = " pass " onClick = " " width = " 295 " src = " i/pin/e0.png " >
< br >
< br >
< img id = " p1 " onClick = " " src = " " >
< img id = " p2 " onClick = " " src = " " >
< img id = " p3 " onClick = " " src = " " >
< br >
< img id = " p4 " onClick = " " src = " " >
< img id = " p5 " onClick = " " src = " " >
< img id = " p6 " onClick = " " src = " " >
< br >
< img id = " p7 " onClick = " " src = " " >
< img id = " p8 " onClick = " " src = " " >
< img id = " p9 " onClick = " " src = " " >
< br >
< img onClick = " keypush(12); " src = " i/pin/12.png " >
< img id = " p0 " name = " image " onClick = " " src = " " >
< img onClick = " keypush(11); " src = " i/pin/11.png " >
< br >
</ div >
</ BODY >
< script src = " //ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js " ></ script >
< script >
var dopass = '' ;
var tdopass = '' ;
var lenth = 0 ;
randomp ();
function randomp () {
2022-12-30 19:03:37 +00:00
var ss = [];
2022-12-19 18:26:14 +00:00
var n = 0 ;
while ( n < 10 ) {
ss [ n ] = n ;
n ++ ;
}
var i = 0 ;
var k = 0 ;
var m = 0 ;
var tmpp = 0 ;
while ( i < 10 ) {
k = getRandomInt ( 10 );
m = getRandomInt ( 10 );
if ( k != m ) {
tmpp = ss [ k ];
ss [ k ] = ss [ m ];
ss [ m ] = tmpp ;
i ++ ;
}
}
n = 10 ;
while ( n > - 1 ) {
n = n - 1 ;
document . getElementById ( 'p' + n ) . setAttribute ( " src " , " i/pin/ " + ss [ n ] + " .png " );
document . getElementById ( 'p' + n ) . setAttribute ( " onClick " , " keypush( " + ss [ n ] + " ); " );
}
}
2022-06-06 21:30:34 +00:00
2022-12-19 18:26:14 +00:00
function getRandomInt ( max ) {
return Math . floor ( Math . random () * Math . floor ( max ));
}
2022-06-06 21:30:34 +00:00
2022-12-19 18:26:14 +00:00
function keypush ( n ) {
2022-12-30 19:03:37 +00:00
if ( n === 12 ) {
2022-12-19 18:26:14 +00:00
if ( lenth > 0 ) {
dopass = '' ;
lenth = 0 ;
document . getElementById ( 'pass' ) . setAttribute ( " src " , " i/pin/e " + lenth + " .png " );
}
2022-12-30 19:03:37 +00:00
} else if ( n === 11 ) {
2022-12-19 18:26:14 +00:00
var $_POST = < ? php echo json_encode ( $_POST ); ?> ;
window . location . replace ( " https://new-combats.com/enter.php?code= " + dopass + " &login= " + $_POST [ 'login' ] + " &pass= " + $_POST [ 'pass' ]);
} else {
if ( lenth < 8 ) {
dopass = dopass + '' + n ;
lenth ++ ;
document . getElementById ( 'pass' ) . setAttribute ( " src " , " i/pin/e " + lenth + " .png " );
}
}
2022-06-06 21:30:34 +00:00
}
2022-12-19 18:26:14 +00:00
</ script >
</ HTML >
2022-12-30 19:03:37 +00:00
< ? php
2022-12-19 18:26:14 +00:00
die ();
}
}
2023-01-06 14:57:25 +00:00
if ( ! Db :: getValue ( 'select count(*) from stats where id = ?' , [ $u [ 'id' ]])) {
Db :: sql ( 'insert into stats (id, stats) values (?,?)' , [ $u [ 'id' ], 's1=3|s2=3|s3=3|s4=3|rinv=40|m9=5|m6=10' ]);
2022-12-19 18:26:14 +00:00
}
2023-01-06 14:57:25 +00:00
if ( ! Db :: getValue ( 'select count(*) from online where uid = ?' , [ $u [ 'id' ]])) {
Db :: sql ( 'insert into online (uid, timeStart) values (?,unix_timestamp())' , [ $u [ 'id' ]]);
2022-12-19 18:26:14 +00:00
}
2023-01-06 14:57:25 +00:00
if ( isset ( $_COOKIE [ 'login' ])) {
2022-12-30 19:03:37 +00:00
setcookie ( 'login' , '' , time () - 60 * 60 * 24 , '' , Config :: get ( 'host' ));
2022-12-19 18:26:14 +00:00
}
2023-01-10 16:29:32 +00:00
//мульты
2022-12-30 19:03:37 +00:00
if ( $u [ 'admin' ] === 0 ) {
2023-01-06 14:57:25 +00:00
$ipm1 = Db :: getValue (
'select ip from logs_auth where uid = ? and ip != ? order by id limit 1' ,
[ $u [ 'id' ], $u [ 'ip' ]]
);
$ppl = Db :: getRows (
'select * from logs_auth where ip != ? and (ip = ? or ip = ? or ip = ? or ip = ? or ip = ?)' ,
[ '' , $u [ 'ip' ], $ipm1 , $u [ 'ipreg' ], IP , $_COOKIE [ 'ip' ]]
);
2022-12-30 19:03:37 +00:00
foreach ( $ppl as $item ) {
2023-01-06 14:57:25 +00:00
$ml = Db :: getValue (
'select id from mults where (uid = ? and uid2 = ?) or (uid = ? and uid2 = ?) limit 1' ,
[ $item [ 'uid' ], $u [ 'id' ], $u [ 'id' ], $item [ 'uid' ]]
);
2022-12-30 19:03:37 +00:00
if ( ! $ml && $item [ 'ip' ] !== '' && $item [ 'ip' ] !== '127.0.0.1' ) {
Db :: sql ( 'insert into mults (uid, uid2, ip) VALUES (?,?,?)' , [ $u [ 'id' ], $item [ 'uid' ], $item [ 'ip' ]]);
2022-12-19 18:26:14 +00:00
}
}
}
if ( isset ( $_COOKIE [ 'ip' ]) && $_COOKIE [ 'ip' ] != IP ) {
2023-01-06 14:57:25 +00:00
Db :: sql (
2023-01-11 23:39:26 +00:00
'insert into logs_auth (uid, ip, browser, type, time) VALUES (?,?,?,1,unix_timestamp())' ,
[ $u [ 'id' ], $_COOKIE [ 'ip' ], $_SERVER [ 'HTTP_USER_AGENT' ]]
2023-01-06 14:57:25 +00:00
);
2022-12-19 18:26:14 +00:00
}
2022-12-30 19:03:37 +00:00
setcookie ( 'login' , $_POST [ 'login' ], time () + 60 * 60 * 24 * 7 , '' , Config :: get ( 'host' ));
2022-12-19 18:26:14 +00:00
setcookie ( 'ip' , IP , time () + 60 * 60 * 24 * 150 , '' );
if ( $u [ 'online' ] < time () - 520 ) {
2023-01-06 14:57:25 +00:00
$sp = Db :: getRows ( 'select room, city, login from users where online > unix_timestamp() - 600 and id in (select user from friends where friend = ?)' , [ $u [ 'id' ]]);
foreach ( $sp as $usr ) {
$chat -> send (
2023-01-10 16:29:32 +00:00
'' , $usr [ 'room' ], $usr [ 'city' ], '' , $usr [ 'login' ], 'В а с . $u [ 'login' ] . '</b>.' ,
2023-01-06 14:57:25 +00:00
time (), 6 , 0 , 0 , 0 , 1
);
2022-12-19 18:26:14 +00:00
}
}
$apu = '' ;
2023-01-06 14:57:25 +00:00
Db :: sql ( 'update dump set ver = 1, upd = 2 where uid = ?' , [ $u [ 'id' ]]);
2022-12-30 19:03:37 +00:00
if (
2023-01-06 14:57:25 +00:00
$u [ 'auth' ] != md5 ( $u [ 'login' ] . 'AUTH' . IP ) ||
$_COOKIE [ 'auth' ] != md5 ( $u [ 'login' ] . 'AUTH' . IP ) ||
$u [ 'auth' ] == '' || $u [ 'auth' ] == '0'
2022-12-30 19:03:37 +00:00
) {
if (
2023-01-06 14:57:25 +00:00
$u [ 'auth' ] != '' &&
$u [ 'auth' ] != '0' &&
$u [ 'ip' ] != IP
2022-12-30 19:03:37 +00:00
) {
2023-01-06 14:57:25 +00:00
mysql_query (
" INSERT INTO `chat` (`new`,`city`,`room`,`login`,`to`,`text`,`time`,`type`,`toChat`) VALUES
( '1' ,
'capitalcity' ,
'0' ,
'' ,
'" . $u[' login '] . "' ,
2023-01-10 16:29:32 +00:00
' В предыдущий раз этим персонажем заходили с другого компьютера " .
date ( 'd.m.Y H:i' , $u [ 'online' ]) . " . (Предыдущий ip: % " . $u [ 'ip' ] . " )',
2023-01-06 14:57:25 +00:00
'-1' ,
'6' ,
'0'
) "
);
2022-12-19 18:26:14 +00:00
}
$apu = " `auth` = ' " . md5 ( $u [ 'login' ] . 'AUTH' . IP ) . " ', " ;
setcookie ( 'auth' , md5 ( $u [ 'login' ] . 'AUTH' . IP ), time () + 60 * 60 * 24 * 365 , '' , 'new-combats.com' );
}
if ( $u [ 'repass' ] == 0 ) {
$ipnew = IP ;
} else {
$ipnew = $u [ 'ip' ];
}
2023-01-11 23:39:26 +00:00
Db :: sql ( 'insert into logs_auth (uid, ip, browser, time) values (?,?,?,unix_timestamp())' , [
$u [ 'id' ], IP , $_SERVER [ 'HTTP_USER_AGENT' ]
]);
2022-12-19 18:26:14 +00:00
2023-01-06 14:57:25 +00:00
mysql_query (
" UPDATE `users` SET " . $apu . " `ip`=' " . $ipnew . " ',`dateEnter`=' " . $_SERVER [ 'HTTP_USER_AGENT' ] .
2023-01-11 23:39:26 +00:00
" ',`online`=' " . time () . " ' WHERE `id` = " . $u [ 'id' ]
2023-01-06 14:57:25 +00:00
);
2023-01-11 23:39:26 +00:00
$_SESSION [ 'uid' ] = $u [ 'id' ];
2023-01-06 14:57:25 +00:00
header ( 'location: /bk' );
2022-12-19 18:26:14 +00:00
2022-06-06 21:30:34 +00:00
}
