game/enter.php

<?php

use Core\Config;
use Core\Database;
use Core\Db;
use Core\TOTP;
use JetBrains\PhpStorm\NoReturn;
use User\Password;
use User\UserIp;

if (session_status() == PHP_SESSION_NONE) {
    session_start();
}

require_once __DIR__ . DIRECTORY_SEPARATOR . '_incl_data/autoload.php';

Database::init();

define('IP', UserIp::get());

$chat = new Chat();
$login = $_SESSION['login'] ?? '';
$password = '';
$otp = '';

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    if (isset($_POST['login'])) {
        $login = $_POST['login'];
    }
    if (isset($_POST['password'])) {
        $password = $_POST['password'];
    }
    if (isset($_POST['otp'])) {
        $otp = $_POST['otp'];
    }
}

#[NoReturn] function error($e): void
{
    $returnLink = Config::get('https');
    $html = <<<HTML
    <link rel="stylesheet" href="error.css">
    <div class="text-wrapper">
        <div class="title" data-content="Ошибка">Ошибка!!</div>
        <div class="subtitle">$e</div>
        <div class="buttons"><a class="button" href="$returnLink">Вернуться назад</a></div>
    </div>
    HTML;
    exit($html);
}

$u = Db::getRow(
    'select
    users.id,
    users.login,
    auth,
    pass,
    totp,
    users.ip,
    ipreg,
    admin,
    online,
    banned,
    users_delo.text as block_reason
            from users
                left join users_delo on users.id = users_delo.uid
            where users.login = ?',
    [$login]
);

if (empty($_SESSION['login'])) {
    if (!isset($u['id'])) {
        error('Логин "' . $login . '" не найден в базе.');
    } elseif ($u['banned'] > 0) {
        $blockstr = "Персонаж <b>{$u['login']}</b> заблокирован.";
        $blockstr .= $u['block_reason'] ? "Причина блокировки: {$u['block_reason']}<br><br>" : '<br><br>';
        error($blockstr);
    } elseif (!Password::isGood($password, $u['pass'], $u['login'])) {
        Db::sql(
            'insert into logs_auth (uid, ip, browser, type, time) values (?,?,?,3,unix_timestamp())',
            [$u['id'], IP, $_SERVER['HTTP_USER_AGENT']]
        );
        error("Неверный пароль к персонажу {$u['login']}.");
    }

    $_SESSION['login'] = $u['login'];
    if (!empty($u['totp'])) {
        $_SESSION['totp'] = new TOTP($u['totp']);
    }
}

if (!empty($_SESSION['totp']) && !empty($_SESSION['login'])) {
    if (empty($otp)) {
        ?>
        <!doctype html>
        <html lang="ru">
        <head>
            <title>Второй пароль</title>
        </head>
        <body>
        <form method="post">
            <label for="otp">Одноразовый код:</label><br>
            <input name="otp" id="otp" minlength="6" maxlength="6" size="6" placeholder="000000" required><br>
            <input type="submit">
        </form>
        </body>
        </html>
        <?php
        exit();
    }

    if ($_SESSION['totp']->generate() !== $otp) {
        unset($_SESSION['login'], $_SESSION['totp']);
        error('Неверный одноразовый код!');
    }
}

if (!Db::getValue('select count(*) from stats where id = ?', [$u['id']])) {
    Db::sql('insert into stats (id, stats) values (?,?)', [$u['id'], 's1=3|s2=3|s3=3|s4=3|rinv=40|m9=5|m6=10']);
}
if (!Db::getValue('select count(*) from online where uid = ?', [$u['id']])) {
    Db::sql('insert into online (uid, timeStart) values (?,unix_timestamp())', [$u['id']]);
}

if (isset($_COOKIE['login'])) {
    setcookie('login', '', time() - 60 * 60 * 24, '', Config::get('host'));
}

//мульты
if ($u['admin'] === 0) {
    $ipm1 = Db::getValue(
        'select ip from logs_auth where uid = ? and ip != ? order by id limit 1',
        [$u['id'], $u['ip']]
    );
    $ppl = Db::getRows(
        'select * from logs_auth where ip != ? and (ip = ? or ip = ? or ip = ? or ip = ? or ip = ?)',
        ['', $u['ip'], $ipm1, $u['ipreg'], IP, $_COOKIE['ip']]
    );
    foreach ($ppl as $item) {
        $ml = Db::getValue(
            'select id from mults where (uid = ? and uid2 = ?) or (uid = ? and uid2 = ?) limit 1',
            [$item['uid'], $u['id'], $u['id'], $item['uid']]
        );
        if (!$ml && $item['ip'] !== '' && $item['ip'] !== '127.0.0.1') {
            Db::sql('insert into mults (uid, uid2, ip) VALUES (?,?,?)', [$u['id'], $item['uid'], $item['ip']]);
        }
    }
}

if (isset($_COOKIE['ip']) && $_COOKIE['ip'] != IP) {
    Db::sql(
        'insert into logs_auth (uid, ip, browser, type, time) VALUES (?,?,?,1,unix_timestamp())',
        [$u['id'], $_COOKIE['ip'], $_SERVER['HTTP_USER_AGENT']]
    );
}

setcookie('login', $_POST['login'] ?? '', time() + 60 * 60 * 24 * 7, '', Config::get('host'));
setcookie('ip', IP, time() + 60 * 60 * 24 * 150, '');

if ($u['online'] < time() - 520) {
    $sp = Db::getRows('select room, login from users where online > unix_timestamp() - 600 and id in (select user from friends where friend = ?)', [$u['id']]);
    foreach ($sp as $usr) {
        $chatDto = new ChatMessage();
        $chatDto->setRoom($usr['room']);
        $chatDto->setTo($usr['login']);
        $chatDto->setText('Вас приветствует: <b>' . $u['login'] . '</b>.');
        $chatDto->setType(6);
        $chat->sendMsg($chatDto);
    }
}

$apu = '';
Db::sql('update dump set ver = 1, upd = 2 where uid = ?', [$u['id']]);

if (
    $u['auth'] != md5($u['login'] . 'AUTH' . IP) ||
    $_COOKIE['auth'] != md5($u['login'] . 'AUTH' . IP) ||
    $u['auth'] == '' || $u['auth'] == '0'
) {
    if (
        $u['auth'] != '' &&
        $u['auth'] != '0' &&
        $u['ip'] != IP
    ) {
        $cmsg = new ChatMessage();
        $cmsg->setTo($u['login']);
        $cmsg->setText('В предыдущий раз этим персонажем заходили с другого компьютера ' . date('d.m.Y H:i', $u['online']) . "(Предыдущий ip: %{$u['ip']})");
        $cmsg->setType(6);
        $chat->sendMsg($cmsg);
    }
    $apu = "auth = '" . md5($u['login'] . 'AUTH' . IP) . "',";
    setcookie('auth', md5($u['login'] . 'AUTH' . IP), time() + 60 * 60 * 24 * 365, '', Config::get('host'));
}

$ipnew = IP;

Db::sql('insert into logs_auth (uid, ip, browser, time) values (?,?,?,unix_timestamp())', [
    $u['id'], IP, $_SERVER['HTTP_USER_AGENT'],
]);

Db::sql("update users set $apu ip = ?, dateEnter = ?, online = unix_timestamp() where id = ?", [$ipnew, $_SERVER['HTTP_USER_AGENT'], $u['id']]);

$_SESSION['uid'] = $u['id'];

unset($_SESSION['login'], $_SESSION['totp']);

header('location: /bk');
exit();