2022-06-07 00:30:34 +03:00
< ? php
2022-12-30 21:03:37 +02:00
use Core\Config ;
use Core\Database ;
use Core\Db ;
2022-12-19 20:26:14 +02:00
if ( session_status () == PHP_SESSION_NONE ) {
session_start ();
2022-06-07 00:30:34 +03:00
}
2022-12-30 21:03:37 +02:00
require_once __DIR__ . DIRECTORY_SEPARATOR . '_incl_data/autoload.php' ;
Config :: init ();
Database :: init ();
2022-06-07 00:30:34 +03:00
2022-12-19 20:26:14 +02:00
define ( 'IP' , UserIp :: get ());
$chat = new Chat ();
if ( isset ( $_GET [ 'login' ])) {
$_POST [ 'login' ] = $_GET [ 'login' ];
$_POST [ 'pass' ] = $_GET [ 'pass' ];
$_POST [ 'code' ] = $_GET [ 'code' ];
2022-06-07 00:30:34 +03:00
}
2022-12-19 20:26:14 +02:00
if ( isset ( $_POST [ 'psw' ])) {
$_POST [ 'pass' ] = $_POST [ 'psw' ];
2022-06-07 00:30:34 +03:00
}
2022-12-19 20:26:14 +02:00
if ( isset ( $_SESSION [ 'login' ])) {
$_POST [ 'login' ] = $_SESSION [ 'login' ];
$_POST [ 'pass' ] = $_SESSION [ 'pass' ];
2022-06-07 00:30:34 +03:00
}
2022-12-19 20:26:14 +02:00
if ( isset ( $_GET [ 'cookie_login' ]) && $_GET [ 'cookie_login' ] != '' ) {
2022-12-30 21:03:37 +02:00
setcookie ( 'login' , $_GET [ 'cookie_login' ], time () + 60 * 60 * 24 * 7 , '' , Config :: get ( 'host' ));
setcookie ( 'pass' , $_GET [ 'cookie_pass' ], time () + 60 * 60 * 24 * 7 , '' , Config :: get ( 'host' ));
2022-12-19 20:26:14 +02:00
die ();
2022-06-07 00:30:34 +03:00
}
function error ( $e )
{
2023-01-06 16:57:25 +02:00
die (
'
<link rel="stylesheet" href="error.css">
<div class="text-wrapper">
2022-06-07 00:30:34 +03:00
<div class="title" data-content="Îøèáêà">
Îøèáêà!!
</div>
<div class="subtitle">
2022-12-19 20:26:14 +02:00
' . $e . '
2022-06-07 00:30:34 +03:00
</div>
<div class="buttons">
2023-01-06 16:57:25 +02:00
<a class="button" href="' . Config :: get ( 'https' ) . '">Âåðíóòüñÿ íàçàä</a>
2022-06-07 00:30:34 +03:00
</div>
</div>
2023-01-06 16:57:25 +02:00
'
);
2022-06-07 00:30:34 +03:00
}
2023-01-06 16:57:25 +02:00
function checkPassword ( string $password , string $passwordHash , string $login ) : bool
2022-06-07 00:30:34 +03:00
{
2023-01-06 16:57:25 +02:00
if ( password_verify ( $password , $passwordHash )) { // check password
return true ;
} else {
if (
md5 ( $password ) === $passwordHash || // convert old md5() password
password_needs_rehash ( $passwordHash , PASSWORD_DEFAULT ) //rehash if PASSWORD_DEFAULT changed
) {
$hash = password_hash ( $password , PASSWORD_DEFAULT );
Db :: sql ( 'update users set pass = ? where login = ?' , [ $hash , $login ]);
return true ;
2022-12-19 20:26:14 +02:00
}
2023-01-06 16:57:25 +02:00
return false ;
2022-12-19 20:26:14 +02:00
}
}
2022-06-07 00:30:34 +03:00
//ReCapthca
require_once " ./recaptchalib.php " ;
// âàø ñåêðåòíûé êëþ÷
$secret = " 6Lf3EjsaAAAAALe3zRwxyPGf13ZMWZvCmvad3-jQ " ;
2022-12-19 20:26:14 +02:00
2022-06-07 00:30:34 +03:00
// ïóñòîé îòâåò
$response = null ;
2022-12-19 20:26:14 +02:00
2022-06-07 00:30:34 +03:00
// ïðîâåðêà ñåêðåòíîãî êëþ÷à
$reCaptcha = new ReCaptcha ( $secret );
if ( $_POST [ " g-recaptcha-response " ]) {
2023-01-06 16:57:25 +02:00
$response = $reCaptcha -> verifyResponse (
2022-06-07 00:30:34 +03:00
$_SERVER [ " REMOTE_ADDR " ],
$_POST [ " g-recaptcha-response " ]
);
}
//ReCapthca
2023-01-06 16:57:25 +02:00
$u = Db :: getRow (
'select
users.id,
users.login,
auth,
pass,
pass2,
users.city,
users.ip,
ipreg,
admin,
online,
banned,
host_reg,
timereg,
securetime,
users_delo.text as block_reason
from users
left join users_delo on users.id = users_delo.uid
where users.login = ?' ,
[ $_POST [ 'login' ]]
);
2022-12-30 21:03:37 +02:00
$auth = Db :: getValue ( 'select id from logs_auth where uid = ? and ip = ?' , [ $u [ 'id' ], IP ]);
if (
2023-01-06 16:57:25 +02:00
Config :: get ( 'securetime' ) > 0 &&
IP != $u [ 'ip' ] &&
IP != $u [ 'ipreg' ] &&
! isset ( $auth ) &&
$u [ 'securetime' ] < Config :: get ( 'securetime' ) &&
$u [ 'timereg' ] < Config :: get ( 'securetime' )
2022-12-30 21:03:37 +02:00
) {
2023-01-06 16:57:25 +02:00
error (
'Âû íå ìîæåòå âîéòè íà ïåðñîíàæà "' . $_POST [ 'login' ] . '".<br>
Ñêîðåå âñåãî âû äàâíî íå ìåíÿëè ïàðîëü.
Äëÿ ñìåíû ïåðåéäèòå ïî ññûëêå: <a href="/repass.php?login=' . $u [ 'login' ] . '">ÑÌÅÍÀ ÏÀÐÎËß</a><br><br>
Âàì íåîáõîäèìî ñìåíèòü ïàðîëü äëÿ áåçîïàñíîñòè ïåðñîíàæà,
íà ïî÷òó ïî êîòîðîé çàðåãèñòðèðîâàí ïåðñîíàæ ïðèäåò íîâûé ñëó÷àéíî ñãåíåðèðîâàííûé ïàðîëü.'
);
2022-06-07 00:30:34 +03:00
}
2022-12-19 20:26:14 +02:00
if ( ! isset ( $u [ 'id' ])) {
error ( 'Ëîãèí "' . $_POST [ 'login' ] . '" íå íàéäåí â áàçå.' );
} elseif ( $u [ 'banned' ] > 0 ) {
2023-01-06 16:57:25 +02:00
$blockstr = " Ïåðñîíàæ <b> { $u [ 'login' ] } </b> çàáëîêèðîâàí. " ;
$blockstr .= $u [ 'block_reason' ] ? " Ïðè÷èíà áëîêèðîâêè: { $u [ 'block_reason' ] } <br><br> " : '<br><br>' ;
error ( $blockstr );
} elseif ( ! checkPassword ( $_POST [ 'pass' ], $u [ 'pass' ], $u [ 'login' ])) {
error ( " Íåâåðíûé ïàðîëü ê ïåðñîíàæó { $u [ 'login' ] } . " );
Db :: sql (
'insert into logs_auth (uid, ip, browser, type, time, depass) values (?,?,?,3,unix_timestamp(),?)' ,
[ $u [ 'id' ], IP , $_SERVER [ 'HTTP_USER_AGENT' ], $_POST [ 'pass' ]]
);
2022-12-19 20:26:14 +02:00
} else {
//Âòîðîé ïàðîëü
2023-01-06 16:57:25 +02:00
if ( ! empty ( $u [ 'pass2' ])) {
2022-12-19 20:26:14 +02:00
$_SESSION [ 'login' ] = $_POST [ 'login' ];
$_SESSION [ 'pass' ] = $_POST [ 'pass' ];
$good2 = false ;
$koko = '' ;
2023-01-06 16:57:25 +02:00
if ( password_verify ( $_POST [ 'code' ], $u [ 'pass2' ])) {
2022-12-19 20:26:14 +02:00
$good2 = true ;
unset ( $_SESSION [ 'login' ], $_SESSION [ 'pass' ]);
} else {
if ( isset ( $_POST [ 'code' ])) {
$koko = 'Íåâåðíûé âòîðîé ïàðîëü<br>' ;
2022-12-30 21:03:37 +02:00
}
setcookie ( 'login' , '' , time () - 60 * 60 * 24 , '' , Config :: get ( 'host' ));
setcookie ( 'pass' , '' , time () - 60 * 60 * 24 , '' , Config :: get ( 'host' ));
2022-12-19 20:26:14 +02:00
}
2023-01-06 16:57:25 +02:00
if ( $koko ) {
2022-12-30 21:03:37 +02:00
$koko = '<b style="color: red">' . $koko . '</b>' ;
2022-12-19 20:26:14 +02:00
}
2022-12-30 21:03:37 +02:00
if ( ! $good2 ) {
2022-12-19 20:26:14 +02:00
?>
<!Doctype html>
2022-12-30 21:03:37 +02:00
<HTML lang="ru">
2022-12-19 20:26:14 +02:00
<HEAD>
<link rel=stylesheet type="text/css">
<meta charset="windows-1251">
<meta name="msapplication-config" content="browserconfig.xml"/>
<TITLE>Âòîðîé ïàðîëü</TITLE>
</HEAD>
<body bgcolor=dfdfde>
<H3><FONT COLOR="black">Çàïðîñ âòîðîãî ïàðîëÿ ê ïåðñîíàæó.</FONT></H3>
<?= $koko ?>
<div align="center">
<br>
<br>
<img id="pass" onClick="" width="295" src="i/pin/e0.png">
<br>
<br>
<img id="p1" onClick="" src="">
<img id="p2" onClick="" src="">
<img id="p3" onClick="" src="">
<br>
<img id="p4" onClick="" src="">
<img id="p5" onClick="" src="">
<img id="p6" onClick="" src="">
<br>
<img id="p7" onClick="" src="">
<img id="p8" onClick="" src="">
<img id="p9" onClick="" src="">
<br>
<img onClick="keypush(12);" src="i/pin/12.png">
<img id="p0" name="image" onClick="" src="">
<img onClick="keypush(11);" src="i/pin/11.png">
<br>
</div>
</BODY>
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
<script>
var dopass = '';
var tdopass = '';
var lenth = 0;
randomp();
function randomp() {
2022-12-30 21:03:37 +02:00
var ss = [];
2022-12-19 20:26:14 +02:00
var n = 0;
while (n < 10) {
ss[n] = n;
n++;
}
var i = 0;
var k = 0;
var m = 0;
var tmpp = 0;
while (i < 10) {
k = getRandomInt(10);
m = getRandomInt(10);
if (k != m) {
tmpp = ss[k];
ss[k] = ss[m];
ss[m] = tmpp;
i++;
}
}
n = 10;
while (n > -1) {
n = n - 1;
document.getElementById('p' + n).setAttribute("src", "i/pin/" + ss[n] + ".png");
document.getElementById('p' + n).setAttribute("onClick", "keypush(" + ss[n] + ");");
}
}
2022-06-07 00:30:34 +03:00
2022-12-19 20:26:14 +02:00
function getRandomInt(max) {
return Math.floor(Math.random() * Math.floor(max));
}
2022-06-07 00:30:34 +03:00
2022-12-19 20:26:14 +02:00
function keypush(n) {
2022-12-30 21:03:37 +02:00
if (n === 12) {
2022-12-19 20:26:14 +02:00
if (lenth > 0) {
dopass = '';
lenth = 0;
document.getElementById('pass').setAttribute("src", "i/pin/e" + lenth + ".png");
}
2022-12-30 21:03:37 +02:00
} else if (n === 11) {
2022-12-19 20:26:14 +02:00
var $_POST = <?php echo json_encode($_POST); ?>;
window.location.replace("https://new-combats.com/enter.php?code=" + dopass + "&login=" + $_POST['login'] + "&pass=" + $_POST['pass']);
} else {
if (lenth < 8) {
dopass = dopass + '' + n;
lenth++;
document.getElementById('pass').setAttribute("src", "i/pin/e" + lenth + ".png");
}
}
2022-06-07 00:30:34 +03:00
}
2022-12-19 20:26:14 +02:00
</script>
</HTML>
2022-12-30 21:03:37 +02:00
<?php
2022-12-19 20:26:14 +02:00
die();
}
}
2023-01-06 16:57:25 +02:00
if (!Db::getValue('select count(*) from stats where id = ?', [$u['id']])) {
Db::sql('insert into stats (id, stats) values (?,?)', [$u['id'], 's1=3|s2=3|s3=3|s4=3|rinv=40|m9=5|m6=10']);
2022-12-19 20:26:14 +02:00
}
2023-01-06 16:57:25 +02:00
if (!Db::getValue('select count(*) from online where uid = ?', [$u['id']])) {
Db::sql('insert into online (uid, timeStart) values (?,unix_timestamp())', [$u['id']]);
2022-12-19 20:26:14 +02:00
}
2023-01-06 16:57:25 +02:00
if (isset($_COOKIE['login'])) {
2022-12-30 21:03:37 +02:00
setcookie('login', '', time() - 60 * 60 * 24, '', Config::get('host'));
2022-12-19 20:26:14 +02:00
}
//ìóëüòû
2022-12-30 21:03:37 +02:00
if ($u['admin'] === 0) {
2023-01-06 16:57:25 +02:00
$ipm1 = Db::getValue(
'select ip from logs_auth where uid = ? and ip != ? order by id limit 1',
[$u['id'], $u['ip']]
);
$ppl = Db::getRows(
'select * from logs_auth where ip != ? and (ip = ? or ip = ? or ip = ? or ip = ? or ip = ?)',
['', $u['ip'], $ipm1, $u['ipreg'], IP, $_COOKIE['ip']]
);
2022-12-30 21:03:37 +02:00
foreach ($ppl as $item) {
2023-01-06 16:57:25 +02:00
$ml = Db::getValue(
'select id from mults where (uid = ? and uid2 = ?) or (uid = ? and uid2 = ?) limit 1',
[$item['uid'], $u['id'], $u['id'], $item['uid']]
);
2022-12-30 21:03:37 +02:00
if (!$ml && $item['ip'] !== '' && $item['ip'] !== '127.0.0.1') {
Db::sql('insert into mults (uid, uid2, ip) VALUES (?,?,?)', [$u['id'], $item['uid'], $item['ip']]);
2022-12-19 20:26:14 +02:00
}
}
}
2022-12-30 21:03:37 +02:00
if (idate('d') === 13) {
Db::sql('delete from eff_users where id_eff = 365 and uid = ?', [$u['id']]);
Db::sql(
2023-01-06 16:57:25 +02:00
'insert into eff_users (id_eff, uid, name, data, overType, timeUse, no_Ace) values (365,?,?,?,47,unix_timestamp(),1)',
[
$u['id'],
'Äåíü Ðîæäåíèÿ Êëóáà',
'add_speedhp=500|add_speedmp=500|add_speed_dungeon=50|add_repair_discount=1|',
]
2022-12-30 21:03:37 +02:00
);
2023-01-06 16:57:25 +02:00
$chat->send(
'', $u['room'], $u['city'], '', $u['login'],
' ÷åñòü äíÿ ðîæäåíèÿ ïðîåêòà âû ïîëó÷àåòå ýôôåêò "Äåíü Ðîæäåíèÿ Êëóáà"!(Ýôôåêò îáíîâëÿåòñÿ êàæäûé ðàç êîãäà âû çàõîäèòå íà ïåðñîíàæà)',
time(), 6, 0, 0, 0, 1
);
2022-12-19 20:26:14 +02:00
}
if (isset($_COOKIE['ip']) && $_COOKIE['ip'] != IP) {
2023-01-06 16:57:25 +02:00
Db::sql(
'insert into logs_auth (uid, ip, browser, type, time, depass) VALUES (?,?,?,1,unix_timestamp(),?)',
[$u['id'], $_COOKIE['ip'], $_SERVER['HTTP_USER_AGENT'], md5($_POST['pass'])]
);
2022-12-19 20:26:14 +02:00
}
2022-12-30 21:03:37 +02:00
setcookie('login', $_POST['login'], time() + 60 * 60 * 24 * 7, '', Config::get('host'));
setcookie('pass', $u['pass'], time() + 60 * 60 * 24 * 7, '', Config::get('host'));
2022-12-19 20:26:14 +02:00
setcookie('ip', IP, time() + 60 * 60 * 24 * 150, '');
if ($u['online'] < time() - 520) {
2023-01-06 16:57:25 +02:00
$sp = Db::getRows('select room, city, login from users where online > unix_timestamp() - 600 and id in (select user from friends where friend = ?)', [$u['id']]);
foreach ($sp as $usr) {
$chat->send(
'', $usr['room'], $usr['city'], '', $usr['login'], 'Âàñ ïðèâåòñòâóåò: <b>' . $u['login'] . '</b>.',
time(), 6, 0, 0, 0, 1
);
2022-12-19 20:26:14 +02:00
}
}
$apu = '';
2023-01-06 16:57:25 +02:00
Db::sql('update dump set ver = 1, upd = 2 where uid = ?', [$u['id']]);
2022-12-30 21:03:37 +02:00
if (
2023-01-06 16:57:25 +02:00
$u['auth'] != md5($u['login'] . 'AUTH' . IP) ||
$_COOKIE['auth'] != md5($u['login'] . 'AUTH' . IP) ||
$u['auth'] == '' || $u['auth'] == '0'
2022-12-30 21:03:37 +02:00
) {
if (
2023-01-06 16:57:25 +02:00
$u['auth'] != '' &&
$u['auth'] != '0' &&
$u['ip'] != IP
2022-12-30 21:03:37 +02:00
) {
2023-01-06 16:57:25 +02:00
mysql_query(
"INSERT INTO `chat` (`new`,`city`,`room`,`login`,`to`,`text`,`time`,`type`,`toChat`) VALUES
('1',
'capitalcity',
'0',
'',
'" . $u['login'] . "',
'Â ïðåäûäóùèé ðàç ýòèì ïåðñîíàæåì çàõîäèëè ñ äðóãîãî êîìïüþòåðà " .
date('d.m.Y H:i', $u['online']) . ". (Ïðåäûäóùèé ip: %" . $u['ip'] . ")',
'-1',
'6',
'0'
)"
);
2022-12-19 20:26:14 +02:00
}
$apu = "`auth` = '" . md5($u['login'] . 'AUTH' . IP) . "',";
setcookie('auth', md5($u['login'] . 'AUTH' . IP), time() + 60 * 60 * 24 * 365, '', 'new-combats.com');
}
if ($u['repass'] == 0) {
$ipnew = IP;
} else {
$ipnew = $u['ip'];
}
2023-01-06 16:57:25 +02:00
mysql_query(
"INSERT INTO `logs_auth` (`uid`,`ip`,`browser`,`type`,`time`,`depass`) VALUES ('" . $u['id'] . "','" . IP . "','" .
$_SERVER['HTTP_USER_AGENT'] . "','0','" . time() . "','" . mysql_real_escape_string(md5($_POST['pass'])) . "')"
);
2022-12-19 20:26:14 +02:00
2023-01-06 16:57:25 +02:00
mysql_query(
"UPDATE `users` SET " . $apu . "`ip`='" . $ipnew . "',`dateEnter`='" . $_SERVER['HTTP_USER_AGENT'] .
"',`online`='" . time() . "' WHERE `login` = '" . mysql_real_escape_string($_POST['login']) .
"' AND `pass` = '" . mysql_real_escape_string(md5($_POST['pass'])) . "' LIMIT 1"
);
header('location: /bk');
2022-12-19 20:26:14 +02:00
2022-06-07 00:30:34 +03:00
}
