game/enter.php

209 lines
6.4 KiB
PHP
Raw Normal View History

2022-06-06 21:30:34 +00:00
<?php
2022-12-30 19:03:37 +00:00
use Core\Config;
use Core\Database;
use Core\Db;
use Core\TOTP;
use JetBrains\PhpStorm\NoReturn;
use User\Password;
use User\UserIp;
2022-12-30 19:03:37 +00:00
2022-12-19 18:26:14 +00:00
if (session_status() == PHP_SESSION_NONE) {
session_start();
2022-06-06 21:30:34 +00:00
}
2022-12-30 19:03:37 +00:00
require_once __DIR__ . DIRECTORY_SEPARATOR . '_incl_data/autoload.php';
Database::init();
2022-06-06 21:30:34 +00:00
2022-12-19 18:26:14 +00:00
define('IP', UserIp::get());
2022-06-06 21:30:34 +00:00
$chat = new Chat();
$login = $_SESSION['login'] ?? '';
$password = '';
$otp = '';
2022-06-06 21:30:34 +00:00
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_POST['login'])) {
$login = $_POST['login'];
}
if (isset($_POST['password'])) {
$password = $_POST['password'];
}
if (isset($_POST['otp'])) {
$otp = $_POST['otp'];
}
2022-06-06 21:30:34 +00:00
}
#[NoReturn] function error($e): void
2022-06-06 21:30:34 +00:00
{
$returnLink = Config::get('https');
$html = <<<HTML
<link rel="stylesheet" href="error.css">
<div class="text-wrapper">
<div class="title" data-content="Ошибка">Ошибка!!</div>
<div class="subtitle">$e</div>
<div class="buttons"><a class="button" href="$returnLink">Вернуться назад</a></div>
2022-06-06 21:30:34 +00:00
</div>
HTML;
exit($html);
2022-06-06 21:30:34 +00:00
}
$u = Db::getRow(
'select
users.id,
users.login,
auth,
pass,
totp,
users.ip,
ipreg,
admin,
online,
banned,
users_delo.text as block_reason
from users
left join users_delo on users.id = users_delo.uid
where users.login = ?',
[$login]
);
2022-12-19 18:26:14 +00:00
if (empty($_SESSION['login'])) {
if (!isset($u['id'])) {
error('Логин "' . $login . '" не найден в базе.');
} elseif ($u['banned'] > 0) {
$blockstr = "Персонаж <b>{$u['login']}</b> заблокирован.";
$blockstr .= $u['block_reason'] ? "Причина блокировки: {$u['block_reason']}<br><br>" : '<br><br>';
error($blockstr);
} elseif (!Password::isGood($password, $u['pass'], $u['login'])) {
Db::sql(
'insert into logs_auth (uid, ip, browser, type, time) values (?,?,?,3,unix_timestamp())',
[$u['id'], IP, $_SERVER['HTTP_USER_AGENT']]
);
error("Неверный пароль к персонажу {$u['login']}.");
2022-12-19 18:26:14 +00:00
}
$_SESSION['login'] = $u['login'];
if (!empty($u['totp'])) {
$_SESSION['totp'] = new TOTP($u['totp']);
2022-12-19 18:26:14 +00:00
}
}
if (!empty($_SESSION['totp']) && !empty($_SESSION['login'])) {
if (empty($otp)) {
?>
<!doctype html>
<html lang="ru">
<head>
<title>Второй пароль</title>
</head>
<body>
<form method="post">
<label for="otp">Одноразовый код:</label><br>
<input name="otp" id="otp" minlength="6" maxlength="6" size="6" placeholder="000000" required><br>
<input type="submit">
</form>
</body>
</html>
<?php
exit();
2022-12-19 18:26:14 +00:00
}
if ($_SESSION['totp']->generate() !== $otp) {
unset($_SESSION['login'], $_SESSION['totp']);
error('Неверный одноразовый код!');
2022-12-19 18:26:14 +00:00
}
}
2022-12-19 18:26:14 +00:00
if (!Db::getValue('select count(*) from stats where id = ?', [$u['id']])) {
Db::sql('insert into stats (id, stats) values (?,?)', [$u['id'], 's1=3|s2=3|s3=3|s4=3|rinv=40|m9=5|m6=10']);
}
if (!Db::getValue('select count(*) from online where uid = ?', [$u['id']])) {
Db::sql('insert into online (uid, timeStart) values (?,unix_timestamp())', [$u['id']]);
}
if (isset($_COOKIE['login'])) {
setcookie('login', '', time() - 60 * 60 * 24, '', Config::get('host'));
}
//мульты
if ($u['admin'] === 0) {
$ipm1 = Db::getValue(
'select ip from logs_auth where uid = ? and ip != ? order by id limit 1',
[$u['id'], $u['ip']]
);
$ppl = Db::getRows(
'select * from logs_auth where ip != ? and (ip = ? or ip = ? or ip = ? or ip = ? or ip = ?)',
['', $u['ip'], $ipm1, $u['ipreg'], IP, $_COOKIE['ip']]
);
foreach ($ppl as $item) {
$ml = Db::getValue(
'select id from mults where (uid = ? and uid2 = ?) or (uid = ? and uid2 = ?) limit 1',
[$item['uid'], $u['id'], $u['id'], $item['uid']]
);
if (!$ml && $item['ip'] !== '' && $item['ip'] !== '127.0.0.1') {
Db::sql('insert into mults (uid, uid2, ip) VALUES (?,?,?)', [$u['id'], $item['uid'], $item['ip']]);
}
2022-12-19 18:26:14 +00:00
}
}
2022-12-19 18:26:14 +00:00
if (isset($_COOKIE['ip']) && $_COOKIE['ip'] != IP) {
Db::sql(
'insert into logs_auth (uid, ip, browser, type, time) VALUES (?,?,?,1,unix_timestamp())',
[$u['id'], $_COOKIE['ip'], $_SERVER['HTTP_USER_AGENT']]
);
}
2022-12-19 18:26:14 +00:00
setcookie('login', $_POST['login'] ?? '', time() + 60 * 60 * 24 * 7, '', Config::get('host'));
setcookie('ip', IP, time() + 60 * 60 * 24 * 150, '');
if ($u['online'] < time() - 520) {
$sp = Db::getRows('select room, login from users where online > unix_timestamp() - 600 and id in (select user from friends where friend = ?)', [$u['id']]);
foreach ($sp as $usr) {
$chatDto = new ChatMessage();
$chatDto->setRoom($usr['room']);
$chatDto->setTo($usr['login']);
$chatDto->setText('Вас приветствует: <b>' . $u['login'] . '</b>.');
$chatDto->setType(6);
$chat->sendMsg($chatDto);
2022-12-19 18:26:14 +00:00
}
}
2022-12-19 18:26:14 +00:00
$apu = '';
Db::sql('update dump set ver = 1, upd = 2 where uid = ?', [$u['id']]);
2022-12-30 19:03:37 +00:00
if (
$u['auth'] != md5($u['login'] . 'AUTH' . IP) ||
$_COOKIE['auth'] != md5($u['login'] . 'AUTH' . IP) ||
$u['auth'] == '' || $u['auth'] == '0'
) {
2022-12-30 19:03:37 +00:00
if (
$u['auth'] != '' &&
$u['auth'] != '0' &&
$u['ip'] != IP
2022-12-30 19:03:37 +00:00
) {
$cmsg = new ChatMessage();
$cmsg->setTo($u['login']);
$cmsg->setText('В предыдущий раз этим персонажем заходили с другого компьютера ' . date('d.m.Y H:i', $u['online']) . "(Предыдущий ip: %{$u['ip']})");
$cmsg->setType(6);
$chat->sendMsg($cmsg);
2022-12-19 18:26:14 +00:00
}
$apu = "auth = '" . md5($u['login'] . 'AUTH' . IP) . "',";
setcookie('auth', md5($u['login'] . 'AUTH' . IP), time() + 60 * 60 * 24 * 365, '', Config::get('host'));
}
2022-12-19 18:26:14 +00:00
$ipnew = IP;
2022-12-19 18:26:14 +00:00
Db::sql('insert into logs_auth (uid, ip, browser, time) values (?,?,?,unix_timestamp())', [
$u['id'], IP, $_SERVER['HTTP_USER_AGENT'],
]);
2022-12-19 18:26:14 +00:00
Db::sql("update users set $apu ip = ?, dateEnter = ?, online = unix_timestamp() where id = ?", [$ipnew, $_SERVER['HTTP_USER_AGENT'], $u['id']]);
$_SESSION['uid'] = $u['id'];
unset($_SESSION['login'], $_SESSION['totp']);
header('location: /bk');
exit();