enter.php

<?php

use Core\Config;
use Core\Database;
use Core\Db;

if (session_status() == PHP_SESSION_NONE) {
    session_start();
}

require_once __DIR__ . DIRECTORY_SEPARATOR . '_incl_data/autoload.php';

Config::init();
Database::init();

define('IP', UserIp::get());
$chat = new Chat();

if (isset($_GET['login'])) {
    $_POST['login'] = $_GET['login'];
    $_POST['pass'] = $_GET['pass'];
    $_POST['code'] = $_GET['code'];
}

if (isset($_POST['psw'])) {
    $_POST['pass'] = $_POST['psw'];
}

if (isset($_SESSION['login'])) {
    $_POST['login'] = $_SESSION['login'];
    $_POST['pass'] = $_SESSION['pass'];
}

if (isset($_GET['cookie_login']) && $_GET['cookie_login'] != '') {
    setcookie('login', $_GET['cookie_login'], time() + 60 * 60 * 24 * 7, '', Config::get('host'));
    setcookie('pass', $_GET['cookie_pass'], time() + 60 * 60 * 24 * 7, '', Config::get('host'));
    die();
}

function error($e)
{
    die(' 
	 <link rel="stylesheet" href="error.css">
	 <div class="text-wrapper">
    <div class="title" data-content="Îøèáêà">
        Îøèáêà!!
    </div>

    <div class="subtitle">
        ' . $e . '
    </div>

    <div class="buttons">
        <a class="button" href="https://new-combats.com">Âåðíóòüñÿ íàçàä</a>
    </div>
</div>
	 
	 
	 ');
}

function md5m($src)
{
    $tar = [16];
    $res = [16];
    $src = utf8_encode($src);
    for ($i = 0; $i < strlen($src) || $i < 16; $i++) {
        $res[$i] = ord($src[$i]) ^ $i * 4;
    }
    for ($i = 0; $i < 4; $i++) {
        for ($j = 0; $j < 4; $j++) {
            $tar[$i * 4 + $j] = ($res[$j * 4 + $i] + 256) % 256;
        }
    }
    return ($tar);
}

function array2HStr($src): string
{
    $hex = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "A", "B", "C", "D", "E", "F"];
    $res = "";
    for ($i = 0; $i < 16; $i++) {
        $res = $res . ($hex[$src[$i] >> 4] . $hex[$src[$i] % 16]);
    }
    return ($res);
}

$socauth = false;

//ReCapthca
require_once "./recaptchalib.php";
// âàø ñåêðåòíûé êëþ÷
$secret = "6Lf3EjsaAAAAALe3zRwxyPGf13ZMWZvCmvad3-jQ";

// ïóñòîé îòâåò
$response = null;

// ïðîâåðêà ñåêðåòíîãî êëþ÷à
$reCaptcha = new ReCaptcha($secret);

if ($_POST["g-recaptcha-response"]) {
$response = $reCaptcha->verifyResponse(
        $_SERVER["REMOTE_ADDR"],
        $_POST["g-recaptcha-response"]
    );
}
//ReCapthca

$u = Db::getRow('select id, login, auth, pass, pass2, city, ip, ipreg, admin, online, banned, host_reg, timereg, securetime from users where login = ?', [$_POST['login']]);
$auth = Db::getValue('select id from logs_auth where uid = ? and ip = ?', [$u['id'], IP]);

if (
        Config::get('securetime') > 0 &&
        IP != $u['ip'] &&
        IP != $u['ipreg'] &&
        !isset($auth) &&
        $u['securetime'] < Config::get('securetime') &&
        $u['timereg'] < Config::get('securetime')
) {
    error('Âû íå ìîæåòå âîéòè íà ïåðñîíàæà "' . $_POST['login'] . '".<br>Ñêîðåå âñåãî âû äàâíî íå ìåíÿëè ïàðîëü. Äëÿ ñìåíû ïåðåéäèòå ïî ññûëêå: <a href="/repass.php?login=' . htmlspecialchars($_POST['login'], null, 'cp1251') . '">ÑÌÅÍÀ ÏÀÐÎËß</a><br><br>Âàì íåîáõîäèìî ñìåíèòü ïàðîëü äëÿ áåçîïàñíîñòè ïåðñîíàæà, íà ïî÷òó ïî êîòîðîé çàðåãèñòðèðîâàí ïåðñîíàæ ïðèäåò íîâûé ñëó÷àéíî ñãåíåðèðîâàííûé ïàðîëü.<br>Åñëè ó âàñ íåò äîñòóïà ê E-mail: Çàðåãèñòðèðóéòå íîâîãî ïåðñîíàæà è îáðàòèòåñü ê Àäìèíèñòðàöèè, ëèáî ìîäåðàòîðàì.');
}

if (md5(md5($_POST['pass'])) == $u['pass']) {
    $_POST['pass'] = md5($_POST['pass']);
}

if (!isset($u['id'])) {
    error('Ëîãèí "' . $_POST['login'] . '" íå íàéäåí â áàçå.');
} elseif ($u['pass'] != md5($_POST['pass']) && !$socauth) {
    error('Íåâåðíûé ïàðîëü ê ïåðñîíàæó "' . $_POST['login'] . '".');
    Db::sql('insert into logs_auth (uid, ip, browser, type, time, depass) values (?,?,?,3,unix_timestamp(),?)', [$u['id'], IP, $_SERVER['HTTP_USER_AGENT'], $_POST['pass']]);
} elseif ($u['banned'] > 0) {
    $fm = Db::getValue('select text from users_delo where uid = ? and hb != 0 order by id desc limit 1', [$u['id']]) ?? '';

    error('Ïåðñîíàæ <b>' . $_POST['login'] . '</b> çàáëîêèðîâàí.' . '<br>' . $fm . '<br>' . '<br><b>Âíèìàíèå!</b> Åñëè Âû óâåðåíû, ÷òî ïðîèçîøëà îøèáêà è Âû íè÷åãî íå íàðóøàëè, ïåðåðåãèñòðèðóéòåñü, îáüÿñíèòå ñèòóàöèþ àäìèíèñòðàöèè è îæèäàéòå îòâåòà!</a>' . '<br>Ïåðåä òåì êàê ïèñàòü, <b>ÂÍÈÌÀÒÅËÜÍÎ</b> îçíàêîìèòåñü ñ <a target="_blank" href="https://new-combats.com/lib/zakon/">äåéñòâóþùèìè çàêîíàìè.' . '<br><br>Åñëè Âû çàáëîêèðîâàíû ïðàâîìåðíî, òî ó Âàñ íåò øàíñîâ íà ðàçáëîêèðîâêó âàøåãî èãðîâîãî ïåðñîíàæà.');
} else {

    //Âòîðîé ïàðîëü
    if ($u['pass2'] != '' && $u['pass2'] != '0') {
        $_SESSION['login'] = $_POST['login'];
        $_SESSION['pass'] = $_POST['pass'];
        $good2 = false;
        $koko = '';
        if (md5(array2HStr(md5m($_POST['code']))) == $u['pass2']) {
            $good2 = true;
            unset($_SESSION['login'], $_SESSION['pass']);
        } else {
            if (isset($_POST['code'])) {
                $koko = 'Íåâåðíûé âòîðîé ïàðîëü<br>';
            }
            setcookie('login', '', time() - 60 * 60 * 24, '', Config::get('host'));
            setcookie('pass', '', time() - 60 * 60 * 24, '', Config::get('host'));
            setcookie('login', '', time() - 60 * 60 * 24);
            setcookie('pass', '', time() - 60 * 60 * 24);
        }

        if ($koko != '') {
            $koko = '<b style="color: red">' . $koko . '</b>';
        }
        if (!$good2) {
            ?>
            <!Doctype html>
            <HTML lang="ru">
            <HEAD>
                <link rel=stylesheet type="text/css">
                <meta charset="windows-1251">
                <meta name="msapplication-config" content="browserconfig.xml"/>
                <TITLE>Âòîðîé ïàðîëü</TITLE>
            </HEAD>
            <body bgcolor=dfdfde>
            <H3><FONT COLOR="black">Çàïðîñ âòîðîãî ïàðîëÿ ê ïåðñîíàæó.</FONT></H3>
            <?= $koko ?>
            <div align="center">
                <br>
                <br>

                <img id="pass" onClick="" width="295" src="i/pin/e0.png">
                <br>
                <br>
                <img id="p1" onClick="" src="">
                <img id="p2" onClick="" src="">
                <img id="p3" onClick="" src="">
                <br>
                <img id="p4" onClick="" src="">
                <img id="p5" onClick="" src="">
                <img id="p6" onClick="" src="">
                <br>
                <img id="p7" onClick="" src="">
                <img id="p8" onClick="" src="">
                <img id="p9" onClick="" src="">
                <br>
                <img onClick="keypush(12);" src="i/pin/12.png">
                <img id="p0" name="image" onClick="" src="">
                <img onClick="keypush(11);" src="i/pin/11.png">
                <br>
            </div>
            </BODY>
            <script src="//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
            <script>

                var dopass = '';
                var tdopass = '';
                var lenth = 0;
                randomp();

                function randomp() {
                    var ss = [];
                    var n = 0;
                    while (n < 10) {
                        ss[n] = n;
                        n++;
                    }

                    var i = 0;
                    var k = 0;
                    var m = 0;
                    var tmpp = 0;
                    while (i < 10) {
                        k = getRandomInt(10);
                        m = getRandomInt(10);
                        if (k != m) {
                            tmpp = ss[k];
                            ss[k] = ss[m];
                            ss[m] = tmpp;
                            i++;
                        }
                    }

                    n = 10;
                    while (n > -1) {
                        n = n - 1;
                        document.getElementById('p' + n).setAttribute("src", "i/pin/" + ss[n] + ".png");
                        document.getElementById('p' + n).setAttribute("onClick", "keypush(" + ss[n] + ");");

                    }
                }

                function getRandomInt(max) {
                    return Math.floor(Math.random() * Math.floor(max));
                }

                function keypush(n) {
                    if (n === 12) {

                        if (lenth > 0) {

                            dopass = '';

                            lenth = 0;
                            document.getElementById('pass').setAttribute("src", "i/pin/e" + lenth + ".png");
                        }
                    } else if (n === 11) {

                        var $_POST = <?php echo json_encode($_POST); ?>;
                        window.location.replace("https://new-combats.com/enter.php?code=" + dopass + "&login=" + $_POST['login'] + "&pass=" + $_POST['pass']);

                    } else {

                        if (lenth < 8) {
                            dopass = dopass + '' + n;
                            lenth++;
                            document.getElementById('pass').setAttribute("src", "i/pin/e" + lenth + ".png");
                        }

                    }

                }
            </script>
            </HTML>
            <?php
            die();
        }
    }

    $st = mysql_fetch_array(mysql_query('SELECT * FROM `stats` WHERE `id`="' . $u['id'] . '" LIMIT 1'));
    if (!isset($st['id'])) {
        mysql_query("INSERT INTO `stats` (`id`,`stats`) VALUES ('" . $u['id'] . "','s1=3|s2=3|s3=3|s4=3|rinv=40|m9=5|m6=10')");
    }
    $on = mysql_fetch_array(mysql_query('SELECT * FROM `online` WHERE `uid`="' . $u['id'] . '" LIMIT 1'));
    if (!isset($on['id'])) {
        mysql_query("INSERT INTO `online` (`uid`,`timeStart`) VALUES ('" . $u['id'] . "','" . time() . "')");
    }
    if (isset($_COOKIE['login']) || isset($_COOKIE['pass'])) {
        setcookie('login', '', time() - 60 * 60 * 24, '', Config::get('host'));
        setcookie('pass', '', time() - 60 * 60 * 24, '', Config::get('host'));
    }

    //ìóëüòû
    if ($u['admin'] === 0) {
        $ipm1 = Db::getValue('select ip from logs_auth where uid = ? and ip != ? order by id limit 1', [$u['id'], $u['ip']]);
        $ppl = Db::getRows('select * from logs_auth where ip != ? and (ip = ? or ip = ? or ip = ? or ip = ? or ip = ?)', ['', $u['ip'], $ipm1, $u['ipreg'], IP, $_COOKIE['ip']]);
        foreach ($ppl as $item) {
            $ml = Db::getValue('select id from mults where (uid = ? and uid2 = ?) or (uid = ? and uid2 = ?) limit 1', [$item['uid'], $u['id'], $u['id'], $item['uid']]);
            if (!$ml && $item['ip'] !== '' && $item['ip'] !== '127.0.0.1') {
                Db::sql('insert into mults (uid, uid2, ip) VALUES (?,?,?)', [$u['id'], $item['uid'], $item['ip']]);
            }
        }
    }


    if (idate('d') === 13) {
        Db::sql('delete from eff_users where id_eff = 365 and uid = ?', [$u['id']]);
        Db::sql(
                'insert into eff_users (id_eff, uid, name, data, overType, timeUse, no_Ace) values (365,?,?,?,47,unix_timestamp(),1)',
                [
                    $u['id'],
                    'Äåíü Ðîæäåíèÿ Êëóáà',
                    'add_speedhp=500|add_speedmp=500|add_speed_dungeon=50|add_repair_discount=1|',
                ]
        );

        $chat->send('', $u['room'], $u['city'], '', $u['login'], 'Â ÷åñòü äíÿ ðîæäåíèÿ ïðîåêòà âû ïîëó÷àåòå ýôôåêò &quot;Äåíü Ðîæäåíèÿ Êëóáà&quot;!(Ýôôåêò îáíîâëÿåòñÿ êàæäûé ðàç êîãäà âû çàõîäèòå íà ïåðñîíàæà)', time(), 6, 0, 0, 0, 1);
    }

    if (isset($_COOKIE['ip']) && $_COOKIE['ip'] != IP) {
        Db::sql('insert into logs_auth (uid, ip, browser, type, time, depass) VALUES (?,?,?,1,unix_timestamp(),?)', [$u['id'], $_COOKIE['ip'], $_SERVER['HTTP_USER_AGENT'], md5($_POST['pass'])]);
    }

    setcookie('login', $_POST['login'], time() + 60 * 60 * 24 * 7, '', Config::get('host'));
    setcookie('pass', $u['pass'], time() + 60 * 60 * 24 * 7, '', Config::get('host'));
    setcookie('login', $_POST['login'], time() + 60 * 60 * 24 * 7);
    setcookie('pass', md5($_POST['pass']), time() + 60 * 60 * 24 * 7);
    setcookie('ip', IP, time() + 60 * 60 * 24 * 150, '');

    if ($u['online'] < time() - 520) {
        $sp = mysql_query('SELECT `user` FROM `friends` WHERE `friend` = ' . $u['id']);
        while ($pl = mysql_fetch_array($sp)) {
            $usr = mysql_fetch_array(mysql_query('SELECT `id`,`online`,`login`,`city`,`room` FROM `users` WHERE `id` = ' . $pl['user']));
            if (isset($usr['id']) && $usr['online'] > time() - 600) {
                $chat->send('', $usr['room'], $usr['city'], '', $usr['login'], 'Âàñ ïðèâåòñòâóåò: <b>' . $u['login'] . '</b>.', time(), 6, 0, 0, 0, 1);
            }
        }
    }

    $apu = '';

    mysql_query('UPDATE `dump` SET `ver` = 1,`upd` = 2 WHERE `uid` = ' . $u['id']);

    if (
            $u['auth'] != md5($u['login'] . 'AUTH' . IP) ||
            $_COOKIE['auth'] != md5($u['login'] . 'AUTH' . IP) ||
            $u['auth'] == '' || $u['auth'] == '0'
    ) {
        if (
                $u['auth'] != '' &&
                $u['auth'] != '0' &&
                $u['ip'] != IP
        ) {
            mysql_query("INSERT INTO `chat` (`new`,`city`,`room`,`login`,`to`,`text`,`time`,`type`,`toChat`) VALUES ('1','capitalcity','0','','" . $u['login'] . "','Â ïðåäûäóùèé ðàç ýòèì ïåðñîíàæåì çàõîäèëè ñ äðóãîãî êîìïüþòåðà " . date('d.m.Y H:i', $u['online']) . ". (Ïðåäûäóùèé ip: %" . $u['ip'] . ")','-1','6','0')");
        }
        $apu = "`auth` = '" . md5($u['login'] . 'AUTH' . IP) . "',";
        setcookie('auth', md5($u['login'] . 'AUTH' . IP), time() + 60 * 60 * 24 * 365, '', 'new-combats.com');
    }

    if ($u['repass'] == 0) {
        $ipnew = IP;
    } else {
        $ipnew = $u['ip'];
    }


    mysql_query("INSERT INTO `logs_auth` (`uid`,`ip`,`browser`,`type`,`time`,`depass`) VALUES ('" . $u['id'] . "','" . IP . "','" . mysql_real_escape_string($_SERVER['HTTP_USER_AGENT']) . "','0','" . time() . "','" . mysql_real_escape_string(md5($_POST['pass'])) . "')");

    mysql_query("UPDATE `users` SET " . $apu . "`ip`='" . $ipnew . "',`dateEnter`='" . mysql_real_escape_string($_SERVER['HTTP_USER_AGENT']) . "',`online`='" . time() . "' WHERE `login` = '" . mysql_real_escape_string($_POST['login']) . "' AND `pass` = '" . mysql_real_escape_string(md5($_POST['pass'])) . "' LIMIT 1");

    if (isset($_POST['active_code_key'])) {
        header('location: /active.php?code=' . htmlspecialchars($_POST['active_code_key'], null, 'cp1251'));
    } else {
        header('location: /bk');
    }
}
Init. 2022-06-07 00:30:34 +03:00			`<?php`
Mass update 2022-12-30 21:03:37 +02:00
			`use Core\Config;`
			`use Core\Database;`
			`use Core\Db;`

7.4 to the go 2022-12-19 20:26:14 +02:00			`if (session_status() == PHP_SESSION_NONE) {`
			`session_start();`
Init. 2022-06-07 00:30:34 +03:00			`}`

Mass update 2022-12-30 21:03:37 +02:00			`require_once __DIR__ . DIRECTORY_SEPARATOR . '_incl_data/autoload.php';`

			`Config::init();`
			`Database::init();`
Init. 2022-06-07 00:30:34 +03:00
7.4 to the go 2022-12-19 20:26:14 +02:00			`define('IP', UserIp::get());`
			`$chat = new Chat();`

			`if (isset($_GET['login'])) {`
			`$_POST['login'] = $_GET['login'];`
			`$_POST['pass'] = $_GET['pass'];`
			`$_POST['code'] = $_GET['code'];`
Init. 2022-06-07 00:30:34 +03:00			`}`

7.4 to the go 2022-12-19 20:26:14 +02:00			`if (isset($_POST['psw'])) {`
			`$_POST['pass'] = $_POST['psw'];`
Init. 2022-06-07 00:30:34 +03:00			`}`

7.4 to the go 2022-12-19 20:26:14 +02:00			`if (isset($_SESSION['login'])) {`
			`$_POST['login'] = $_SESSION['login'];`
			`$_POST['pass'] = $_SESSION['pass'];`
Init. 2022-06-07 00:30:34 +03:00			`}`

7.4 to the go 2022-12-19 20:26:14 +02:00			`if (isset($_GET['cookie_login']) && $_GET['cookie_login'] != '') {`
Mass update 2022-12-30 21:03:37 +02:00			`setcookie('login', $_GET['cookie_login'], time() + 60 * 60 * 24 * 7, '', Config::get('host'));`
			`setcookie('pass', $_GET['cookie_pass'], time() + 60 * 60 * 24 * 7, '', Config::get('host'));`
7.4 to the go 2022-12-19 20:26:14 +02:00			`die();`
Init. 2022-06-07 00:30:34 +03:00			`}`

			`function error($e)`
			`{`
7.4 to the go 2022-12-19 20:26:14 +02:00			`die('`
Init. 2022-06-07 00:30:34 +03:00			`<link rel="stylesheet" href="error.css">`
			`<div class="text-wrapper">`
			`<div class="title" data-content="Îøèáêà">`
			`Îøèáêà!!`
			`</div>`

			`<div class="subtitle">`
7.4 to the go 2022-12-19 20:26:14 +02:00			`' . $e . '`
Init. 2022-06-07 00:30:34 +03:00			`</div>`

			`<div class="buttons">`
			`<a class="button" href="https://new-combats.com">Âåðíóòüñÿ íàçàä</a>`
			`</div>`
			`</div>`


			`');`
			`}`

			`function md5m($src)`
			`{`
7.4 to the go 2022-12-19 20:26:14 +02:00			`$tar = [16];`
			`$res = [16];`
			`$src = utf8_encode($src);`
			`for ($i = 0; $i < strlen($src) \|\| $i < 16; $i++) {`
			`$res[$i] = ord($src[$i]) ^ $i * 4;`
			`}`
			`for ($i = 0; $i < 4; $i++) {`
			`for ($j = 0; $j < 4; $j++) {`
Init. 2022-06-07 00:30:34 +03:00			`$tar[$i * 4 + $j] = ($res[$j * 4 + $i] + 256) % 256;`
7.4 to the go 2022-12-19 20:26:14 +02:00			`}`
			`}`
Init. 2022-06-07 00:30:34 +03:00			`return ($tar);`
7.4 to the go 2022-12-19 20:26:14 +02:00			`}`

Mass update 2022-12-30 21:03:37 +02:00			`function array2HStr($src): string`
Init. 2022-06-07 00:30:34 +03:00			`{`
7.4 to the go 2022-12-19 20:26:14 +02:00			`$hex = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "A", "B", "C", "D", "E", "F"];`
Init. 2022-06-07 00:30:34 +03:00			`$res = "";`
7.4 to the go 2022-12-19 20:26:14 +02:00			`for ($i = 0; $i < 16; $i++) {`
Init. 2022-06-07 00:30:34 +03:00			`$res = $res . ($hex[$src[$i] >> 4] . $hex[$src[$i] % 16]);`
7.4 to the go 2022-12-19 20:26:14 +02:00			`}`
Init. 2022-06-07 00:30:34 +03:00			`return ($res);`
			`}`

			`$socauth = false;`

			`//ReCapthca`
			`require_once "./recaptchalib.php";`
			`// âàø ñåêðåòíûé êëþ÷`
			`$secret = "6Lf3EjsaAAAAALe3zRwxyPGf13ZMWZvCmvad3-jQ";`
7.4 to the go 2022-12-19 20:26:14 +02:00
Init. 2022-06-07 00:30:34 +03:00			`// ïóñòîé îòâåò`
			`$response = null;`
7.4 to the go 2022-12-19 20:26:14 +02:00
Init. 2022-06-07 00:30:34 +03:00			`// ïðîâåðêà ñåêðåòíîãî êëþ÷à`
			`$reCaptcha = new ReCaptcha($secret);`

			`if ($_POST["g-recaptcha-response"]) {`
			`$response = $reCaptcha->verifyResponse(`
			`$_SERVER["REMOTE_ADDR"],`
			`$_POST["g-recaptcha-response"]`
			`);`
			`}`
			`//ReCapthca`

Mass update 2022-12-30 21:03:37 +02:00			`$u = Db::getRow('select id, login, auth, pass, pass2, city, ip, ipreg, admin, online, banned, host_reg, timereg, securetime from users where login = ?', [$_POST['login']]);`
			`$auth = Db::getValue('select id from logs_auth where uid = ? and ip = ?', [$u['id'], IP]);`

			`if (`
			`Config::get('securetime') > 0 &&`
			`IP != $u['ip'] &&`
			`IP != $u['ipreg'] &&`
			`!isset($auth) &&`
			`$u['securetime'] < Config::get('securetime') &&`
			`$u['timereg'] < Config::get('securetime')`
			`) {`
7.4 to the go 2022-12-19 20:26:14 +02:00			error('Âû íå ìîæåòå âîéòè íà ïåðñîíàæà "' . $_POST['login'] . '".<br>Ñêîðåå âñåãî âû äàâíî íå ìåíÿëè ïàðîëü. Äëÿ ñìåíû ïåðåéäèòå ïî ññûëêå: <a href="/repass.php?login=' . htmlspecialchars($_POST['login'], null, 'cp1251') . '">ÑÌÅÍÀ ÏÀÐÎËß</a><br><br>Âàì íåîáõîäèìî ñìåíèòü ïàðîëü äëÿ áåçîïàñíîñòè ïåðñîíàæà, íà ïî÷òó ïî êîòîðîé çàðåãèñòðèðîâàí ïåðñîíàæ ïðèäåò íîâûé ñëó÷àéíî ñãåíåðèðîâàííûé ïàðîëü.<br>Åñëè ó âàñ íåò äîñòóïà ê E-mail: Çàðåãèñòðèðóéòå íîâîãî ïåðñîíàæà è îáðàòèòåñü ê Àäìèíèñòðàöèè, ëèáî ìîäåðàòîðàì.');
			`}`
Init. 2022-06-07 00:30:34 +03:00
7.4 to the go 2022-12-19 20:26:14 +02:00			`if (md5(md5($_POST['pass'])) == $u['pass']) {`
			`$_POST['pass'] = md5($_POST['pass']);`
Init. 2022-06-07 00:30:34 +03:00			`}`

7.4 to the go 2022-12-19 20:26:14 +02:00			`if (!isset($u['id'])) {`
			`error('Ëîãèí "' . $_POST['login'] . '" íå íàéäåí â áàçå.');`
Mass update 2022-12-30 21:03:37 +02:00			`} elseif ($u['pass'] != md5($_POST['pass']) && !$socauth) {`
7.4 to the go 2022-12-19 20:26:14 +02:00			`error('Íåâåðíûé ïàðîëü ê ïåðñîíàæó "' . $_POST['login'] . '".');`
Mass update 2022-12-30 21:03:37 +02:00			`Db::sql('insert into logs_auth (uid, ip, browser, type, time, depass) values (?,?,?,3,unix_timestamp(),?)', [$u['id'], IP, $_SERVER['HTTP_USER_AGENT'], $_POST['pass']]);`
7.4 to the go 2022-12-19 20:26:14 +02:00			`} elseif ($u['banned'] > 0) {`
Mass update 2022-12-30 21:03:37 +02:00			`$fm = Db::getValue('select text from users_delo where uid = ? and hb != 0 order by id desc limit 1', [$u['id']]) ?? '';`

			error('Ïåðñîíàæ <b>' . $_POST['login'] . '</b> çàáëîêèðîâàí.' . '<br>' . $fm . '<br>' . '<br><b>Âíèìàíèå!</b> Åñëè Âû óâåðåíû, ÷òî ïðîèçîøëà îøèáêà è Âû íè÷åãî íå íàðóøàëè, ïåðåðåãèñòðèðóéòåñü, îáüÿñíèòå ñèòóàöèþ àäìèíèñòðàöèè è îæèäàéòå îòâåòà!</a>' . '<br>Ïåðåä òåì êàê ïèñàòü, <b>ÂÍÈÌÀÒÅËÜÍÎ</b> îçíàêîìèòåñü ñ <a target="_blank" href="https://new-combats.com/lib/zakon/">äåéñòâóþùèìè çàêîíàìè.' . '<br><br>Åñëè Âû çàáëîêèðîâàíû ïðàâîìåðíî, òî ó Âàñ íåò øàíñîâ íà ðàçáëîêèðîâêó âàøåãî èãðîâîãî ïåðñîíàæà.');
7.4 to the go 2022-12-19 20:26:14 +02:00			`} else {`

			`//Âòîðîé ïàðîëü`
			`if ($u['pass2'] != '' && $u['pass2'] != '0') {`
			`$_SESSION['login'] = $_POST['login'];`
			`$_SESSION['pass'] = $_POST['pass'];`
			`$good2 = false;`
			`$koko = '';`
			`if (md5(array2HStr(md5m($_POST['code']))) == $u['pass2']) {`
			`$good2 = true;`
			`unset($_SESSION['login'], $_SESSION['pass']);`
			`} else {`
			`if (isset($_POST['code'])) {`
			`$koko = 'Íåâåðíûé âòîðîé ïàðîëü<br>';`
Mass update 2022-12-30 21:03:37 +02:00			`}`
			`setcookie('login', '', time() - 60 * 60 * 24, '', Config::get('host'));`
			`setcookie('pass', '', time() - 60 * 60 * 24, '', Config::get('host'));`
7.4 to the go 2022-12-19 20:26:14 +02:00			`setcookie('login', '', time() - 60 * 60 * 24);`
			`setcookie('pass', '', time() - 60 * 60 * 24);`
			`}`

			`if ($koko != '') {`
Mass update 2022-12-30 21:03:37 +02:00			`$koko = '<b style="color: red">' . $koko . '</b>';`
7.4 to the go 2022-12-19 20:26:14 +02:00			`}`
Mass update 2022-12-30 21:03:37 +02:00			`if (!$good2) {`
7.4 to the go 2022-12-19 20:26:14 +02:00			`?>`
			`<!Doctype html>`
Mass update 2022-12-30 21:03:37 +02:00			`<HTML lang="ru">`
7.4 to the go 2022-12-19 20:26:14 +02:00			`<HEAD>`
			`<link rel=stylesheet type="text/css">`
			`<meta charset="windows-1251">`
			`<meta name="msapplication-config" content="browserconfig.xml"/>`
			`<TITLE>Âòîðîé ïàðîëü</TITLE>`
			`</HEAD>`
			`<body bgcolor=dfdfde>`
			`<H3><FONT COLOR="black">Çàïðîñ âòîðîãî ïàðîëÿ ê ïåðñîíàæó.</FONT></H3>`
			`<?= $koko ?>`
			`<div align="center">`
			`<br>`
			`<br>`

			`<img id="pass" onClick="" width="295" src="i/pin/e0.png">`
			`<br>`
			`<br>`
			`<img id="p1" onClick="" src="">`
			`<img id="p2" onClick="" src="">`
			`<img id="p3" onClick="" src="">`
			`<br>`
			`<img id="p4" onClick="" src="">`
			`<img id="p5" onClick="" src="">`
			`<img id="p6" onClick="" src="">`
			`<br>`
			`<img id="p7" onClick="" src="">`
			`<img id="p8" onClick="" src="">`
			`<img id="p9" onClick="" src="">`
			`<br>`
			`<img onClick="keypush(12);" src="i/pin/12.png">`
			`<img id="p0" name="image" onClick="" src="">`
			`<img onClick="keypush(11);" src="i/pin/11.png">`
			`<br>`
			`</div>`
			`</BODY>`
			`<script src="//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>`
			`<script>`

			`var dopass = '';`
			`var tdopass = '';`
			`var lenth = 0;`
			`randomp();`

			`function randomp() {`
Mass update 2022-12-30 21:03:37 +02:00			`var ss = [];`
7.4 to the go 2022-12-19 20:26:14 +02:00			`var n = 0;`
			`while (n < 10) {`
			`ss[n] = n;`
			`n++;`
			`}`

			`var i = 0;`
			`var k = 0;`
			`var m = 0;`
			`var tmpp = 0;`
			`while (i < 10) {`
			`k = getRandomInt(10);`
			`m = getRandomInt(10);`
			`if (k != m) {`
			`tmpp = ss[k];`
			`ss[k] = ss[m];`
			`ss[m] = tmpp;`
			`i++;`
			`}`
			`}`

			`n = 10;`
			`while (n > -1) {`
			`n = n - 1;`
			`document.getElementById('p' + n).setAttribute("src", "i/pin/" + ss[n] + ".png");`
			`document.getElementById('p' + n).setAttribute("onClick", "keypush(" + ss[n] + ");");`

			`}`
			`}`
Init. 2022-06-07 00:30:34 +03:00
7.4 to the go 2022-12-19 20:26:14 +02:00			`function getRandomInt(max) {`
			`return Math.floor(Math.random() * Math.floor(max));`
			`}`
Init. 2022-06-07 00:30:34 +03:00
7.4 to the go 2022-12-19 20:26:14 +02:00			`function keypush(n) {`
Mass update 2022-12-30 21:03:37 +02:00			`if (n === 12) {`
7.4 to the go 2022-12-19 20:26:14 +02:00
			`if (lenth > 0) {`

			`dopass = '';`

			`lenth = 0;`
			`document.getElementById('pass').setAttribute("src", "i/pin/e" + lenth + ".png");`
			`}`
Mass update 2022-12-30 21:03:37 +02:00			`} else if (n === 11) {`
7.4 to the go 2022-12-19 20:26:14 +02:00
			`var $_POST = <?php echo json_encode($_POST); ?>;`
			`window.location.replace("https://new-combats.com/enter.php?code=" + dopass + "&login=" + $_POST['login'] + "&pass=" + $_POST['pass']);`

			`} else {`

			`if (lenth < 8) {`
			`dopass = dopass + '' + n;`
			`lenth++;`
			`document.getElementById('pass').setAttribute("src", "i/pin/e" + lenth + ".png");`
			`}`

			`}`
Init. 2022-06-07 00:30:34 +03:00
			`}`
7.4 to the go 2022-12-19 20:26:14 +02:00			`</script>`
			`</HTML>`
Mass update 2022-12-30 21:03:37 +02:00			`<?php`
7.4 to the go 2022-12-19 20:26:14 +02:00			`die();`
			`}`
			`}`

			$st = mysql_fetch_array(mysql_query('SELECT * FROM `stats` WHERE `id`="' . $u['id'] . '" LIMIT 1'));
			`if (!isset($st['id'])) {`
			mysql_query("INSERT INTO `stats` (`id`,`stats`) VALUES ('" . $u['id'] . "','s1=3\|s2=3\|s3=3\|s4=3\|rinv=40\|m9=5\|m6=10')");
			`}`
			$on = mysql_fetch_array(mysql_query('SELECT * FROM `online` WHERE `uid`="' . $u['id'] . '" LIMIT 1'));
			`if (!isset($on['id'])) {`
			mysql_query("INSERT INTO `online` (`uid`,`timeStart`) VALUES ('" . $u['id'] . "','" . time() . "')");
			`}`
			`if (isset($_COOKIE['login']) \|\| isset($_COOKIE['pass'])) {`
Mass update 2022-12-30 21:03:37 +02:00			`setcookie('login', '', time() - 60 * 60 * 24, '', Config::get('host'));`
			`setcookie('pass', '', time() - 60 * 60 * 24, '', Config::get('host'));`
7.4 to the go 2022-12-19 20:26:14 +02:00			`}`

			`//ìóëüòû`
Mass update 2022-12-30 21:03:37 +02:00			`if ($u['admin'] === 0) {`
			`$ipm1 = Db::getValue('select ip from logs_auth where uid = ? and ip != ? order by id limit 1', [$u['id'], $u['ip']]);`
			`$ppl = Db::getRows('select * from logs_auth where ip != ? and (ip = ? or ip = ? or ip = ? or ip = ? or ip = ?)', ['', $u['ip'], $ipm1, $u['ipreg'], IP, $_COOKIE['ip']]);`
			`foreach ($ppl as $item) {`
			`$ml = Db::getValue('select id from mults where (uid = ? and uid2 = ?) or (uid = ? and uid2 = ?) limit 1', [$item['uid'], $u['id'], $u['id'], $item['uid']]);`
			`if (!$ml && $item['ip'] !== '' && $item['ip'] !== '127.0.0.1') {`
			`Db::sql('insert into mults (uid, uid2, ip) VALUES (?,?,?)', [$u['id'], $item['uid'], $item['ip']]);`
7.4 to the go 2022-12-19 20:26:14 +02:00			`}`
			`}`
			`}`


Mass update 2022-12-30 21:03:37 +02:00			`if (idate('d') === 13) {`
			`Db::sql('delete from eff_users where id_eff = 365 and uid = ?', [$u['id']]);`
			`Db::sql(`
			`'insert into eff_users (id_eff, uid, name, data, overType, timeUse, no_Ace) values (365,?,?,?,47,unix_timestamp(),1)',`
			`[`
			`$u['id'],`
			`'Äåíü Ðîæäåíèÿ Êëóáà',`
			`'add_speedhp=500\|add_speedmp=500\|add_speed_dungeon=50\|add_repair_discount=1\|',`
			`]`
			`);`

			`$chat->send('', $u['room'], $u['city'], '', $u['login'], 'Â ÷åñòü äíÿ ðîæäåíèÿ ïðîåêòà âû ïîëó÷àåòå ýôôåêò "Äåíü Ðîæäåíèÿ Êëóáà"!(Ýôôåêò îáíîâëÿåòñÿ êàæäûé ðàç êîãäà âû çàõîäèòå íà ïåðñîíàæà)', time(), 6, 0, 0, 0, 1);`
7.4 to the go 2022-12-19 20:26:14 +02:00			`}`

			`if (isset($_COOKIE['ip']) && $_COOKIE['ip'] != IP) {`
Mass update 2022-12-30 21:03:37 +02:00			`Db::sql('insert into logs_auth (uid, ip, browser, type, time, depass) VALUES (?,?,?,1,unix_timestamp(),?)', [$u['id'], $_COOKIE['ip'], $_SERVER['HTTP_USER_AGENT'], md5($_POST['pass'])]);`
7.4 to the go 2022-12-19 20:26:14 +02:00			`}`

Mass update 2022-12-30 21:03:37 +02:00			`setcookie('login', $_POST['login'], time() + 60 * 60 * 24 * 7, '', Config::get('host'));`
			`setcookie('pass', $u['pass'], time() + 60 * 60 * 24 * 7, '', Config::get('host'));`
7.4 to the go 2022-12-19 20:26:14 +02:00			`setcookie('login', $_POST['login'], time() + 60 * 60 * 24 * 7);`
			`setcookie('pass', md5($_POST['pass']), time() + 60 * 60 * 24 * 7);`
			`setcookie('ip', IP, time() + 60 * 60 * 24 * 150, '');`

			`if ($u['online'] < time() - 520) {`
Mass update 2022-12-30 21:03:37 +02:00			$sp = mysql_query('SELECT `user` FROM `friends` WHERE `friend` = ' . $u['id']);
7.4 to the go 2022-12-19 20:26:14 +02:00			`while ($pl = mysql_fetch_array($sp)) {`
Mass update 2022-12-30 21:03:37 +02:00			$usr = mysql_fetch_array(mysql_query('SELECT `id`,`online`,`login`,`city`,`room` FROM `users` WHERE `id` = ' . $pl['user']));
7.4 to the go 2022-12-19 20:26:14 +02:00			`if (isset($usr['id']) && $usr['online'] > time() - 600) {`
			`$chat->send('', $usr['room'], $usr['city'], '', $usr['login'], 'Âàñ ïðèâåòñòâóåò: <b>' . $u['login'] . '</b>.', time(), 6, 0, 0, 0, 1);`
			`}`
			`}`
			`}`

			`$apu = '';`

Mass update 2022-12-30 21:03:37 +02:00			mysql_query('UPDATE `dump` SET `ver` = 1,`upd` = 2 WHERE `uid` = ' . $u['id']);

			`if (`
			`$u['auth'] != md5($u['login'] . 'AUTH' . IP) \|\|`
			`$_COOKIE['auth'] != md5($u['login'] . 'AUTH' . IP) \|\|`
			`$u['auth'] == '' \|\| $u['auth'] == '0'`
			`) {`
			`if (`
			`$u['auth'] != '' &&`
			`$u['auth'] != '0' &&`
			`$u['ip'] != IP`
			`) {`
7.4 to the go 2022-12-19 20:26:14 +02:00			mysql_query("INSERT INTO `chat` (`new`,`city`,`room`,`login`,`to`,`text`,`time`,`type`,`toChat`) VALUES ('1','capitalcity','0','','" . $u['login'] . "','Â ïðåäûäóùèé ðàç ýòèì ïåðñîíàæåì çàõîäèëè ñ äðóãîãî êîìïüþòåðà " . date('d.m.Y H:i', $u['online']) . ". (Ïðåäûäóùèé ip: %" . $u['ip'] . ")','-1','6','0')");
			`}`
			$apu = "`auth` = '" . md5($u['login'] . 'AUTH' . IP) . "',";
			`setcookie('auth', md5($u['login'] . 'AUTH' . IP), time() + 60 * 60 * 24 * 365, '', 'new-combats.com');`
			`}`

			`if ($u['repass'] == 0) {`
			`$ipnew = IP;`
			`} else {`
			`$ipnew = $u['ip'];`
			`}`


			mysql_query("INSERT INTO `logs_auth` (`uid`,`ip`,`browser`,`type`,`time`,`depass`) VALUES ('" . $u['id'] . "','" . IP . "','" . mysql_real_escape_string($_SERVER['HTTP_USER_AGENT']) . "','0','" . time() . "','" . mysql_real_escape_string(md5($_POST['pass'])) . "')");

			mysql_query("UPDATE `users` SET " . $apu . "`ip`='" . $ipnew . "',`dateEnter`='" . mysql_real_escape_string($_SERVER['HTTP_USER_AGENT']) . "',`online`='" . time() . "' WHERE `login` = '" . mysql_real_escape_string($_POST['login']) . "' AND `pass` = '" . mysql_real_escape_string(md5($_POST['pass'])) . "' LIMIT 1");

			`if (isset($_POST['active_code_key'])) {`
			`header('location: /active.php?code=' . htmlspecialchars($_POST['active_code_key'], null, 'cp1251'));`
			`} else {`
			`header('location: /bk');`
			`}`
Init. 2022-06-07 00:30:34 +03:00			`}`