2022-06-07 00:30:34 +03:00
< ? php
2022-08-25 14:23:36 +03:00
session_start ();
const GAME = true ;
2022-06-07 00:30:34 +03:00
function GetRealIp ()
{
2022-08-25 14:23:36 +03:00
if ( ! empty ( $_SERVER [ 'HTTP_CLIENT_IP' ])) {
$ip = $_SERVER [ 'HTTP_CLIENT_IP' ];
} elseif ( ! empty ( $_SERVER [ 'HTTP_X_FORWARDED_FOR' ])) {
$ip = $_SERVER [ 'HTTP_X_FORWARDED_FOR' ];
} else {
$ip = $_SERVER [ 'REMOTE_ADDR' ];
}
return $ip ;
2022-06-07 00:30:34 +03:00
}
2022-08-25 14:23:36 +03:00
define ( 'IP' , GetRealIp ());
2022-06-07 00:30:34 +03:00
include ( '_incl_data/__config.php' );
include ( '_incl_data/class/__db_connect.php' );
2022-08-25 14:23:36 +03:00
$chat = new Chat ();
2022-06-07 00:30:34 +03:00
//session_reset();
2022-08-25 14:23:36 +03:00
if ( isset ( $_GET [ 'login' ])) {
$_POST [ 'login' ] = $_GET [ 'login' ];
$_POST [ 'pass' ] = $_GET [ 'pass' ];
$_POST [ 'code' ] = $_GET [ 'code' ];
2022-06-07 00:30:34 +03:00
}
2022-08-25 14:23:36 +03:00
if ( isset ( $_POST [ 'psw' ])) {
$_POST [ 'pass' ] = $_POST [ 'psw' ];
2022-06-07 00:30:34 +03:00
}
2022-08-25 14:23:36 +03:00
if ( isset ( $_SESSION [ 'login' ])) {
$_POST [ 'login' ] = $_SESSION [ 'login' ];
$_POST [ 'pass' ] = $_SESSION [ 'pass' ];
2022-06-07 00:30:34 +03:00
}
2022-08-25 14:23:36 +03:00
if ( isset ( $_GET [ 'cookie_login' ]) && $_GET [ 'cookie_login' ] != '' ) {
setcookie ( 'login' , $_GET [ 'cookie_login' ], time () + 60 * 60 * 24 * 7 , '' , $c [ 'host' ]);
setcookie ( 'pass' , $_GET [ 'cookie_pass' ], time () + 60 * 60 * 24 * 7 , '' , $c [ 'host' ]);
//header('location: /bk');
die ();
2022-06-07 00:30:34 +03:00
}
function error ( $e )
{
2022-08-25 14:23:36 +03:00
die ( '
2022-06-07 00:30:34 +03:00
<link rel="stylesheet" href="error.css">
<div class="text-wrapper">
<div class="title" data-content="Îøèáêà">
Îøèáêà!!
</div>
<div class="subtitle">
2022-08-25 14:23:36 +03:00
' . $e . '
2022-06-07 00:30:34 +03:00
</div>
<div class="buttons">
<a class="button" href="https://new-combats.com">Âåðíóòüñÿ íàçàä</a>
</div>
</div>
' );
}
function md5m ( $src )
{
2022-08-25 14:23:36 +03:00
$tar = [ 16 ];
$res = [ 16 ];
$src = utf8_encode ( $src );
for ( $i = 0 ; $i < strlen ( $src ) || $i < 16 ; $i ++ ) {
2022-06-07 00:30:34 +03:00
$res [ $i ] = ord ( $src { $i }) ^ $i * 4 ;
2022-08-25 14:23:36 +03:00
}
for ( $i = 0 ; $i < 4 ; $i ++ ) {
for ( $j = 0 ; $j < 4 ; $j ++ ) {
2022-06-07 00:30:34 +03:00
$tar [ $i * 4 + $j ] = ( $res [ $j * 4 + $i ] + 256 ) % 256 ;
2022-08-25 14:23:36 +03:00
}
}
2022-06-07 00:30:34 +03:00
return ( $tar );
2022-08-25 14:23:36 +03:00
}
2022-06-07 00:30:34 +03:00
function array2HStr ( $src )
{
2022-08-25 14:23:36 +03:00
$hex = [ " 0 " , " 1 " , " 2 " , " 3 " , " 4 " , " 5 " , " 6 " , " 7 " , " 8 " , " 9 " , " A " , " B " , " C " , " D " , " E " , " F " ];
2022-06-07 00:30:34 +03:00
$res = " " ;
2022-08-25 14:23:36 +03:00
for ( $i = 0 ; $i < 16 ; $i ++ ) {
2022-06-07 00:30:34 +03:00
$res = $res . ( $hex [ $src [ $i ] >> 4 ] . $hex [ $src [ $i ] % 16 ]);
2022-08-25 14:23:36 +03:00
}
2022-06-07 00:30:34 +03:00
return ( $res );
}
$socauth = false ;
//ReCapthca
require_once " ./recaptchalib.php " ;
// âàø ñåêðåòíûé êëþ÷
$secret = " 6Lf3EjsaAAAAALe3zRwxyPGf13ZMWZvCmvad3-jQ " ;
2022-08-25 14:23:36 +03:00
2022-06-07 00:30:34 +03:00
// ïóñòîé îòâåò
$response = null ;
2022-08-25 14:23:36 +03:00
2022-06-07 00:30:34 +03:00
// ïðîâåðêà ñåêðåòíîãî êëþ÷à
$reCaptcha = new ReCaptcha ( $secret );
if ( $_POST [ " g-recaptcha-response " ]) {
$response = $reCaptcha -> verifyResponse (
$_SERVER [ " REMOTE_ADDR " ],
$_POST [ " g-recaptcha-response " ]
);
}
//ReCapthca
2022-08-25 14:23:36 +03:00
$u = mysql_fetch_array ( mysql_query ( 'SELECT `u`.`pass2`,`u`.`id`,`u`.`auth`,`u`.`login`,`u`.`pass`,`u`.`city`,`u`.`ip`,`u`.`ipreg`,`u`.`online`,`u`.`banned`,`u`.`admin`,`u`.`host_reg`,`u`.`securetime`,`u`.`timereg` FROM `users` AS `u` WHERE `u`.`login`="' . mysql_real_escape_string ( $_POST [ 'login' ]) . '" ORDER BY `id` ASC LIMIT 1' ));
2022-06-07 00:30:34 +03:00
2022-08-25 14:23:36 +03:00
$auth = mysql_fetch_array ( mysql_query ( 'SELECT * FROM `logs_auth` WHERE `uid` = "' . $u [ 'id' ] . '" AND `ip` = "' . mysql_real_escape_string ( IP ) . '" LIMIT 1' ));
if ( $c [ 'securetime' ] > 0 && IP != $u [ 'ip' ] && IP != $u [ 'ipreg' ] && ! isset ( $auth [ 'id' ]) && $u [ 'securetime' ] < $c [ 'securetime' ] && $u [ 'timereg' ] < $c [ 'securetime' ]) {
error ( 'Âû íå ìîæåòå âîéòè íà ïåðñîíàæà "' . $_POST [ 'login' ] . '".<br>Ñêîðåå âñåãî âû äàâíî íå ìåíÿëè ïàðîëü. Äëÿ ñìåíû ïåðåéäèòå ïî ññûëêå: <a href="/repass.php?login=' . htmlspecialchars ( $_POST [ 'login' ], null , 'cp1251' ) . '">ÑÌÅÍÀ ÏÀÐÎËß</a><br><br>Âàì íåîáõîäèìî ñìåíèòü ïàðîëü äëÿ áåçîïàñíîñòè ïåðñîíàæà, íà ïî÷òó ïî êîòîðîé çàðåãèñòðèðîâàí ïåðñîíàæ ïðèäåò íîâûé ñëó÷àéíî ñãåíåðèðîâàííûé ïàðîëü.<br>Åñëè ó âàñ íåò äîñòóïà ê E-mail: Çàðåãèñòðèðóéòå íîâîãî ïåðñîíàæà è îáðàòèòåñü ê Àäìèíèñòðàöèè, ëèáî ìîäåðàòîðàì.' );
}
2022-06-07 00:30:34 +03:00
2022-08-25 14:23:36 +03:00
if ( md5 ( md5 ( $_POST [ 'pass' ])) == $u [ 'pass' ]) {
$_POST [ 'pass' ] = md5 ( $_POST [ 'pass' ]);
2022-06-07 00:30:34 +03:00
}
2022-08-25 14:23:36 +03:00
if ( ! isset ( $u [ 'id' ])) {
error ( 'Ëîãèí "' . $_POST [ 'login' ] . '" íå íàéäåí â áàçå.' );
} elseif ( $u [ 'pass' ] != md5 ( $_POST [ 'pass' ]) && $socauth == false ) {
error ( 'Íåâåðíûé ïàðîëü ê ïåðñîíàæó "' . $_POST [ 'login' ] . '".' );
mysql_query ( " INSERT INTO `logs_auth` (`uid`,`ip`,`browser`,`type`,`time`,`depass`) VALUES (' " . $u [ 'id' ] . " ',' " . mysql_real_escape_string ( IP ) . " ',' " . mysql_real_escape_string ( $_SERVER [ 'HTTP_USER_AGENT' ]) . " ','3',' " . time () . " ',' " . mysql_real_escape_string ( $_POST [ 'pass' ]) . " ') " );
} elseif ( $u [ 'banned' ] > 0 ) {
$fm = mysql_fetch_array ( mysql_query ( 'SELECT * FROM `users_delo` WHERE `uid` = "' . $u [ 'id' ] . '" AND `hb`!=0 ORDER BY `id` DESC LIMIT 1' ));
if ( ! isset ( $fm [ 'id' ])) {
$fm [ 'text' ] = 'Ïðè÷èíà áëîêèðîâêè: <i>Ïðè÷èíà ïîêà-÷òî íå óêàçàíà.</i>' ;
}
error ( 'Ïåðñîíàæ <b>' . $_POST [ 'login' ] . '</b> çàáëîêèðîâàí.' . '<br>' . $fm [ 'text' ] . '<br>' . '<br><b>Âíèìàíèå!</b> Åñëè Âû óâåðåíû, ÷òî ïðîèçîøëà îøèáêà è Âû íè÷åãî íå íàðóøàëè, ïåðåðåãèñòðèðóéòåñü, îáüÿñíèòå ñèòóàöèþ àäìèíèñòðàöèè è îæèäàéòå îòâåòà!</a>' . '<br>Ïåðåä òåì êàê ïèñàòü, <b>ÂÍÈÌÀÒÅËÜÍÎ</b> îçíàêîìèòåñü ñ <a target="_blank" href="https://new-combats.com/lib/zakon/">äåéñòâóþùèìè çàêîíàìè.' . '<br><br>Åñëè Âû çàáëîêèðîâàíû ïðàâîìåðíî, òî ó Âàñ íåò øàíñîâ íà ðàçáëîêèðîâêó âàøåãî èãðîâîãî ïåðñîíàæà.' );
} else {
//Âòîðîé ïàðîëü
if ( $u [ 'pass2' ] != '' && $u [ 'pass2' ] != '0' ) {
$_SESSION [ 'login' ] = $_POST [ 'login' ];
$_SESSION [ 'pass' ] = $_POST [ 'pass' ];
$good2 = false ;
$koko = '' ;
if ( md5 ( array2HStr ( md5m ( $_POST [ 'code' ]))) == $u [ 'pass2' ]) {
$good2 = true ;
unset ( $_SESSION [ 'login' ], $_SESSION [ 'pass' ]);
} else {
if ( isset ( $_POST [ 'code' ])) {
$koko = 'Íåâåðíûé âòîðîé ïàðîëü<br>' ;
};
setcookie ( 'login' , '' , time () - 60 * 60 * 24 , '' , $c [ 'host' ]);
setcookie ( 'pass' , '' , time () - 60 * 60 * 24 , '' , $c [ 'host' ]);
setcookie ( 'login' , '' , time () - 60 * 60 * 24 );
setcookie ( 'pass' , '' , time () - 60 * 60 * 24 );
}
if ( $koko != '' ) {
$koko = '<font color="red"><b>' . $koko . '</b></font>' ;
}
if ( $good2 == false ) {
?>
<!Doctype html>
<HTML>
<HEAD>
<link rel=stylesheet type="text/css">
<meta charset="windows-1251">
<meta name="msapplication-config" content="browserconfig.xml"/>
<TITLE>Âòîðîé ïàðîëü</TITLE>
</HEAD>
<body bgcolor=dfdfde>
<H3><FONT COLOR="black">Çàïðîñ âòîðîãî ïàðîëÿ ê ïåðñîíàæó.</FONT></H3>
<?= $koko ?>
<div align="center">
<br>
<br>
<img id="pass" onClick="" width="295" src="i/pin/e0.png">
<br>
<br>
<img id="p1" onClick="" src="">
<img id="p2" onClick="" src="">
<img id="p3" onClick="" src="">
<br>
<img id="p4" onClick="" src="">
<img id="p5" onClick="" src="">
<img id="p6" onClick="" src="">
<br>
<img id="p7" onClick="" src="">
<img id="p8" onClick="" src="">
<img id="p9" onClick="" src="">
<br>
<img onClick="keypush(12);" src="i/pin/12.png">
<img id="p0" name="image" onClick="" src="">
<img onClick="keypush(11);" src="i/pin/11.png">
<br>
</div>
</BODY>
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
<!--<script src="https://new-combats.com/js/jquery.js" type="text/javascript"></script>-->
<script>
var dopass = '';
var tdopass = '';
var lenth = 0;
randomp();
function randomp() {
var ss = new Array();
var n = 0;
while (n < 10) {
ss[n] = n;
n++;
}
var i = 0;
var k = 0;
var m = 0;
var tmpp = 0;
while (i < 10) {
k = getRandomInt(10);
m = getRandomInt(10);
if (k != m) {
tmpp = ss[k];
ss[k] = ss[m];
ss[m] = tmpp;
i++;
}
}
n = 10;
while (n > -1) {
n = n - 1;
document.getElementById('p' + n).setAttribute("src", "i/pin/" + ss[n] + ".png");
document.getElementById('p' + n).setAttribute("onClick", "keypush(" + ss[n] + ");");
}
}
2022-06-07 00:30:34 +03:00
2022-08-25 14:23:36 +03:00
function getRandomInt(max) {
return Math.floor(Math.random() * Math.floor(max));
}
2022-06-07 00:30:34 +03:00
2022-08-25 14:23:36 +03:00
function keypush(n) {
if (n == 12) {
if (lenth > 0) {
dopass = '';
lenth = 0;
document.getElementById('pass').setAttribute("src", "i/pin/e" + lenth + ".png");
}
} else if (n == 11) {
var $_POST = <?php echo json_encode($_POST); ?>;
/*$.ajax({
url: "https://new-combats.com/enter.php",
type: "POST",
data: {
code: "ab6d4bf6593416306881a9e54260b0af",
login: ""+$_POST['login'],
pass: ""+$_POST['pass']
},
success: function (response) {
if (response.successFlag) {
//Replace current location from the history via history API
window.history.replaceState({}, 'foo', '/foo');
window.location = "url of target location here if you want to send a get request";
$("#form-id").submit();//if you want to post something up
}
}
});
/*$.ajax({
type: 'post',
url: 'https://new-combats.com/enter.php',
data: "code=ab6d4bf6593416306881a9e54260b0af",//ïàðàìåòðû çàïðîñà
success: function(data) {
alert($_POST['login']);
}
});
//window.setTimeout('location.reload()', 1000);
*/
window.location.replace("https://new-combats.com/enter.php?code=" + dopass + "&login=" + $_POST['login'] + "&pass=" + $_POST['pass']);
} else {
if (lenth < 8) {
dopass = dopass + '' + n;
lenth++;
document.getElementById('pass').setAttribute("src", "i/pin/e" + lenth + ".png");
}
}
2022-06-07 00:30:34 +03:00
}
2022-08-25 14:23:36 +03:00
</script>
</HTML>
<?
die();
}
}
$st = mysql_fetch_array(mysql_query('SELECT * FROM `stats` WHERE `id`="' . $u['id'] . '" LIMIT 1'));
if (!isset($st['id'])) {
mysql_query("INSERT INTO `stats` (`id`,`stats`) VALUES ('" . $u['id'] . "','s1=3|s2=3|s3=3|s4=3|rinv=40|m9=5|m6=10')");
}
$on = mysql_fetch_array(mysql_query('SELECT * FROM `online` WHERE `uid`="' . $u['id'] . '" LIMIT 1'));
if (!isset($on['id'])) {
mysql_query("INSERT INTO `online` (`uid`,`timeStart`) VALUES ('" . $u['id'] . "','" . time() . "')");
}
if (isset($_COOKIE['login']) || isset($_COOKIE['pass'])) {
setcookie('login', '', time() - 60 * 60 * 24, '', $c['host']);
setcookie('pass', '', time() - 60 * 60 * 24, '', $c['host']);
}
//ìóëüòû
if ($u['admin'] == 0) {
$ipm1 = mysql_fetch_array(mysql_query('SELECT * FROM `logs_auth` WHERE `uid` = "' . mysql_real_escape_string($u['id']) . '" AND `ip`!="' . mysql_real_escape_string($u['ip']) . '" ORDER BY `id` ASC LIMIT 1'));
$ppl = mysql_query('SELECT * FROM `logs_auth` WHERE `ip`!="" AND (`ip` = "' . mysql_real_escape_string($u['ip']) . '" OR `ip`="' . mysql_real_escape_string($ipm1['ip']) . '" OR `ip`="' . mysql_real_escape_string($u['ipreg']) . '" OR `ip`="' . mysql_real_escape_string(IP) . '" OR `ip`="' . mysql_real_escape_string($_COOKIE['ip']) . '")');
while ($spl = mysql_fetch_array($ppl)) {
$ml = mysql_fetch_array(mysql_query('SELECT `id` FROM `mults` WHERE (`uid` = "' . $spl['uid'] . '" AND `uid2` = "' . $u['id'] . '") OR (`uid2` = "' . $spl['uid'] . '" AND `uid` = "' . $u['id'] . '") LIMIT 1'));
if (!isset($ml['id']) && $spl['uid'] != $inf['id'] && $spl['ip'] != '' && $spl['ip'] != '127.0.0.1' && $spl['ip'] != '188.120.246.101') {
mysql_query('INSERT INTO `mults` (`uid`,`uid2`,`ip`) VALUES ("' . $u['id'] . '","' . $spl['uid'] . '","' . $spl['ip'] . '")');
}
}
}
if ((int)date('d') >= 13 && (int)date('d') <= 13) {
mysql_query('DELETE FROM `eff_users` WHERE `id_eff` = 365 AND `uid` = "' . $u['id'] . '"');
mysql_query('INSERT INTO `eff_users` (
2022-06-07 00:30:34 +03:00
`id_eff`,`uid`,`name`,`data`,`overType`,`timeUse`,`no_Ace`
) VALUES (
2022-08-25 14:23:36 +03:00
"365","' . $u['id'] . '","Äåíü Ðîæäåíèÿ Êëóáà","add_speedhp=500|add_speedmp=500|add_speed_dungeon=50|add_repair_discount=1|","47","' . time() . '",1
2022-06-07 00:30:34 +03:00
)');
2022-08-25 14:23:36 +03:00
$chat->send('', $u['room'], $u['city'], '', $u['login'], ' ÷åñòü äíÿ ðîæäåíèÿ ïðîåêòà âû ïîëó÷àåòå ýôôåêò "Äåíü Ðîæäåíèÿ Êëóáà"! (Ýôôåêò îáíîâëÿåòñÿ êàæäûé ðàç êîãäà âû çàõîäèòå íà ïåðñîíàæà)', time(), 6, 0, 0, 0, 1);
}
if (isset($_COOKIE['ip']) && $_COOKIE['ip'] != IP) {
mysql_query("INSERT INTO `logs_auth` (`uid`,`ip`,`browser`,`type`,`time`,`depass`) VALUES ('" . $u['id'] . "','" . mysql_real_escape_string($_COOKIE['ip']) . "','" . mysql_real_escape_string($_SERVER['HTTP_USER_AGENT']) . "','1','" . time() . "','" . mysql_real_escape_string(md5($_POST['pass'])) . "')");
}
setcookie('login', $_POST['login'], time() + 60 * 60 * 24 * 7, '', $c['host']);
setcookie('pass', $u['pass'], time() + 60 * 60 * 24 * 7, '', $c['host']);
setcookie('login', $_POST['login'], time() + 60 * 60 * 24 * 7);
setcookie('pass', md5($_POST['pass']), time() + 60 * 60 * 24 * 7);
setcookie('ip', IP, time() + 60 * 60 * 24 * 150, '');
if ($u['online'] < time() - 520) {
$sp = mysql_query('SELECT `user` FROM `friends` WHERE `friend` = "' . $u['id'] . '"');
while ($pl = mysql_fetch_array($sp)) {
$usr = mysql_fetch_array(mysql_query('SELECT `id`,`online`,`login`,`city`,`room` FROM `users` WHERE `id` = "' . $pl['user'] . '" LIMIT 1'));
if (isset($usr['id']) && $usr['online'] > time() - 600) {
$chat->send('', $usr['room'], $usr['city'], '', $usr['login'], 'Âàñ ïðèâåòñòâóåò: <b>' . $u['login'] . '</b>.', time(), 6, 0, 0, 0, 1);
}
}
}
$apu = '';
mysql_query('UPDATE `dump` SET `ver` = "1",`upd` = "2" WHERE `uid` = "' . $u['id'] . '"');
if ($u['auth'] != md5($u['login'] . 'AUTH' . IP) || $_COOKIE['auth'] != md5($u['login'] . 'AUTH' . IP) || $u['auth'] == '' || $u['auth'] == '0') {
if ($u['auth'] != '' && $u['auth'] != '0' && $u['ip'] != IP) {
mysql_query("INSERT INTO `chat` (`new`,`city`,`room`,`login`,`to`,`text`,`time`,`type`,`toChat`) VALUES ('1','capitalcity','0','','" . $u['login'] . "','Â ïðåäûäóùèé ðàç ýòèì ïåðñîíàæåì çàõîäèëè ñ äðóãîãî êîìïüþòåðà " . date('d.m.Y H:i', $u['online']) . ". (Ïðåäûäóùèé ip: %" . $u['ip'] . ")','-1','6','0')");
}
$apu = "`auth` = '" . md5($u['login'] . 'AUTH' . IP) . "',";
setcookie('auth', md5($u['login'] . 'AUTH' . IP), time() + 60 * 60 * 24 * 365, '', 'new-combats.com');
}
if ($u['repass'] == 0) {
$ipnew = IP;
} else {
$ipnew = $u['ip'];
}
mysql_query("INSERT INTO `logs_auth` (`uid`,`ip`,`browser`,`type`,`time`,`depass`) VALUES ('" . $u['id'] . "','" . IP . "','" . mysql_real_escape_string($_SERVER['HTTP_USER_AGENT']) . "','0','" . time() . "','" . mysql_real_escape_string(md5($_POST['pass'])) . "')");
mysql_query("UPDATE `users` SET " . $apu . "`ip`='" . $ipnew . "',`dateEnter`='" . mysql_real_escape_string($_SERVER['HTTP_USER_AGENT']) . "',`online`='" . time() . "' WHERE `login` = '" . mysql_real_escape_string($_POST['login']) . "' AND `pass` = '" . mysql_real_escape_string(md5($_POST['pass'])) . "' LIMIT 1");
if (isset($_POST['active_code_key'])) {
header('location: /active.php?code=' . htmlspecialchars($_POST['active_code_key'], null, 'cp1251'));
} else {
header('location: /bk');
}
2022-06-07 00:30:34 +03:00
}
