2022-06-06 21:30:34 +00:00
< ? php
2022-12-30 19:03:37 +00:00
use Core\Config ;
use Core\Database ;
use Core\Db ;
2024-05-09 16:19:14 +00:00
use Core\TOTP ;
use JetBrains\PhpStorm\NoReturn ;
2023-07-07 15:36:23 +00:00
use User\Password ;
2023-04-15 19:52:33 +00:00
use User\UserIp ;
2022-12-30 19:03:37 +00:00
2022-12-19 18:26:14 +00:00
if ( session_status () == PHP_SESSION_NONE ) {
session_start ();
2022-06-06 21:30:34 +00:00
}
2022-12-30 19:03:37 +00:00
require_once __DIR__ . DIRECTORY_SEPARATOR . '_incl_data/autoload.php' ;
Database :: init ();
2022-06-06 21:30:34 +00:00
2022-12-19 18:26:14 +00:00
define ( 'IP' , UserIp :: get ());
2022-06-06 21:30:34 +00:00
2024-05-09 16:19:14 +00:00
$chat = new Chat ();
$login = $_SESSION [ 'login' ] ? ? '' ;
$password = '' ;
$otp = '' ;
2022-06-06 21:30:34 +00:00
2024-05-09 16:19:14 +00:00
if ( $_SERVER [ 'REQUEST_METHOD' ] === 'POST' ) {
if ( isset ( $_POST [ 'login' ])) {
$login = $_POST [ 'login' ];
}
if ( isset ( $_POST [ 'password' ])) {
$password = $_POST [ 'password' ];
}
if ( isset ( $_POST [ 'otp' ])) {
$otp = $_POST [ 'otp' ];
}
2022-06-06 21:30:34 +00:00
}
2024-05-09 16:19:14 +00:00
#[NoReturn] function error($e): void
2022-06-06 21:30:34 +00:00
{
2024-05-09 16:19:14 +00:00
$returnLink = Config :: get ( 'https' );
$html = <<< HTML
< link rel = " stylesheet " href = " error.css " >
< div class = " text-wrapper " >
< div class = " title " data - content = " Ошибка " > Ошибка !!</ div >
< div class = " subtitle " > $e </ div >
< div class = " buttons " >< a class = " button " href = " $returnLink " > Вернуться назад </ a ></ div >
2022-06-06 21:30:34 +00:00
</ div >
2024-05-09 16:19:14 +00:00
HTML ;
exit ( $html );
2022-06-06 21:30:34 +00:00
}
2023-01-06 14:57:25 +00:00
$u = Db :: getRow (
' select
users . id ,
users . login ,
auth ,
pass ,
2024-05-09 16:19:14 +00:00
totp ,
2023-01-06 14:57:25 +00:00
users . ip ,
ipreg ,
admin ,
online ,
banned ,
users_delo . text as block_reason
from users
left join users_delo on users . id = users_delo . uid
where users . login = ? ' ,
2024-05-09 16:19:14 +00:00
[ $login ]
2023-01-06 14:57:25 +00:00
);
2022-12-19 18:26:14 +00:00
2024-05-09 16:19:14 +00:00
if ( empty ( $_SESSION [ 'login' ])) {
if ( ! isset ( $u [ 'id' ])) {
error ( 'Логин "' . $login . '" не найден в базе.' );
} elseif ( $u [ 'banned' ] > 0 ) {
$blockstr = " Персонаж <b> { $u [ 'login' ] } </b> заблокирован. " ;
$blockstr .= $u [ 'block_reason' ] ? " Причина блокировки: { $u [ 'block_reason' ] } <br><br> " : '<br><br>' ;
error ( $blockstr );
} elseif ( ! Password :: isGood ( $password , $u [ 'pass' ], $u [ 'login' ])) {
Db :: sql (
'insert into logs_auth (uid, ip, browser, type, time) values (?,?,?,3,unix_timestamp())' ,
[ $u [ 'id' ], IP , $_SERVER [ 'HTTP_USER_AGENT' ]]
);
error ( " Неверный пароль к персонажу { $u [ 'login' ] } . " );
2022-12-19 18:26:14 +00:00
}
2024-05-09 16:19:14 +00:00
$_SESSION [ 'login' ] = $u [ 'login' ];
if ( ! empty ( $u [ 'totp' ])) {
$_SESSION [ 'totp' ] = new TOTP ( $u [ 'totp' ]);
2022-12-19 18:26:14 +00:00
}
2024-05-09 16:19:14 +00:00
}
2023-01-06 14:57:25 +00:00
2024-05-09 16:19:14 +00:00
if ( ! empty ( $_SESSION [ 'totp' ]) && ! empty ( $_SESSION [ 'login' ])) {
if ( empty ( $otp )) {
?>
<! doctype html >
< html lang = " ru " >
< head >
< title > Второй пароль </ title >
</ head >
< body >
< form method = " post " >
< label for = " otp " > Одноразовый код :</ label >< br >
< input name = " otp " id = " otp " minlength = " 6 " maxlength = " 6 " size = " 6 " placeholder = " 000000 " required >< br >
< input type = " submit " >
</ form >
</ body >
</ html >
< ? php
exit ();
2022-12-19 18:26:14 +00:00
}
2024-05-09 16:19:14 +00:00
if ( $_SESSION [ 'totp' ] -> generate () !== $otp ) {
unset ( $_SESSION [ 'login' ], $_SESSION [ 'totp' ]);
error ( 'Неверный одноразовый код!' );
2022-12-19 18:26:14 +00:00
}
2024-05-09 16:19:14 +00:00
}
2022-12-19 18:26:14 +00:00
2024-05-09 16:19:14 +00:00
if ( ! Db :: getValue ( 'select count(*) from stats where id = ?' , [ $u [ 'id' ]])) {
Db :: sql ( 'insert into stats (id, stats) values (?,?)' , [ $u [ 'id' ], 's1=3|s2=3|s3=3|s4=3|rinv=40|m9=5|m6=10' ]);
}
if ( ! Db :: getValue ( 'select count(*) from online where uid = ?' , [ $u [ 'id' ]])) {
Db :: sql ( 'insert into online (uid, timeStart) values (?,unix_timestamp())' , [ $u [ 'id' ]]);
}
if ( isset ( $_COOKIE [ 'login' ])) {
setcookie ( 'login' , '' , time () - 60 * 60 * 24 , '' , Config :: get ( 'host' ));
}
//мульты
if ( $u [ 'admin' ] === 0 ) {
$ipm1 = Db :: getValue (
'select ip from logs_auth where uid = ? and ip != ? order by id limit 1' ,
[ $u [ 'id' ], $u [ 'ip' ]]
);
$ppl = Db :: getRows (
'select * from logs_auth where ip != ? and (ip = ? or ip = ? or ip = ? or ip = ? or ip = ?)' ,
[ '' , $u [ 'ip' ], $ipm1 , $u [ 'ipreg' ], IP , $_COOKIE [ 'ip' ]]
);
foreach ( $ppl as $item ) {
$ml = Db :: getValue (
'select id from mults where (uid = ? and uid2 = ?) or (uid = ? and uid2 = ?) limit 1' ,
[ $item [ 'uid' ], $u [ 'id' ], $u [ 'id' ], $item [ 'uid' ]]
2023-01-06 14:57:25 +00:00
);
2024-05-09 16:19:14 +00:00
if ( ! $ml && $item [ 'ip' ] !== '' && $item [ 'ip' ] !== '127.0.0.1' ) {
Db :: sql ( 'insert into mults (uid, uid2, ip) VALUES (?,?,?)' , [ $u [ 'id' ], $item [ 'uid' ], $item [ 'ip' ]]);
}
2022-12-19 18:26:14 +00:00
}
2024-05-09 16:19:14 +00:00
}
2022-12-19 18:26:14 +00:00
2024-05-09 16:19:14 +00:00
if ( isset ( $_COOKIE [ 'ip' ]) && $_COOKIE [ 'ip' ] != IP ) {
Db :: sql (
'insert into logs_auth (uid, ip, browser, type, time) VALUES (?,?,?,1,unix_timestamp())' ,
[ $u [ 'id' ], $_COOKIE [ 'ip' ], $_SERVER [ 'HTTP_USER_AGENT' ]]
);
}
2022-12-19 18:26:14 +00:00
2024-05-09 16:19:14 +00:00
setcookie ( 'login' , $_POST [ 'login' ] ? ? '' , time () + 60 * 60 * 24 * 7 , '' , Config :: get ( 'host' ));
setcookie ( 'ip' , IP , time () + 60 * 60 * 24 * 150 , '' );
if ( $u [ 'online' ] < time () - 520 ) {
$sp = Db :: getRows ( 'select room, login from users where online > unix_timestamp() - 600 and id in (select user from friends where friend = ?)' , [ $u [ 'id' ]]);
foreach ( $sp as $usr ) {
$chatDto = new ChatMessage ();
$chatDto -> setRoom ( $usr [ 'room' ]);
$chatDto -> setTo ( $usr [ 'login' ]);
$chatDto -> setText ( 'В а с приветствует: <b>' . $u [ 'login' ] . '</b>.' );
$chatDto -> setType ( 6 );
$chat -> sendMsg ( $chatDto );
2022-12-19 18:26:14 +00:00
}
2024-05-09 16:19:14 +00:00
}
2022-12-19 18:26:14 +00:00
2024-05-09 16:19:14 +00:00
$apu = '' ;
Db :: sql ( 'update dump set ver = 1, upd = 2 where uid = ?' , [ $u [ 'id' ]]);
2022-12-30 19:03:37 +00:00
2024-05-09 16:19:14 +00:00
if (
$u [ 'auth' ] != md5 ( $u [ 'login' ] . 'AUTH' . IP ) ||
$_COOKIE [ 'auth' ] != md5 ( $u [ 'login' ] . 'AUTH' . IP ) ||
$u [ 'auth' ] == '' || $u [ 'auth' ] == '0'
) {
2022-12-30 19:03:37 +00:00
if (
2024-05-09 16:19:14 +00:00
$u [ 'auth' ] != '' &&
$u [ 'auth' ] != '0' &&
$u [ 'ip' ] != IP
2022-12-30 19:03:37 +00:00
) {
2024-05-09 16:19:14 +00:00
$cmsg = new ChatMessage ();
$cmsg -> setTo ( $u [ 'login' ]);
$cmsg -> setText ( 'В предыдущий раз этим персонажем заходили с другого компьютера ' . date ( 'd.m.Y H:i' , $u [ 'online' ]) . " (Предыдущий ip: % { $u [ 'ip' ] } ) " );
$cmsg -> setType ( 6 );
$chat -> sendMsg ( $cmsg );
2022-12-19 18:26:14 +00:00
}
2024-05-09 16:19:14 +00:00
$apu = " auth = ' " . md5 ( $u [ 'login' ] . 'AUTH' . IP ) . " ', " ;
setcookie ( 'auth' , md5 ( $u [ 'login' ] . 'AUTH' . IP ), time () + 60 * 60 * 24 * 365 , '' , Config :: get ( 'host' ));
}
2022-12-19 18:26:14 +00:00
2024-05-09 16:19:14 +00:00
$ipnew = IP ;
2022-12-19 18:26:14 +00:00
2024-05-09 16:19:14 +00:00
Db :: sql ( 'insert into logs_auth (uid, ip, browser, time) values (?,?,?,unix_timestamp())' , [
$u [ 'id' ], IP , $_SERVER [ 'HTTP_USER_AGENT' ],
]);
2022-12-19 18:26:14 +00:00
2024-05-09 16:19:14 +00:00
Db :: sql ( " update users set $apu ip = ?, dateEnter = ?, online = unix_timestamp() where id = ? " , [ $ipnew , $_SERVER [ 'HTTP_USER_AGENT' ], $u [ 'id' ]]);
2023-01-06 14:57:25 +00:00
2024-05-09 16:19:14 +00:00
$_SESSION [ 'uid' ] = $u [ 'id' ];
unset ( $_SESSION [ 'login' ], $_SESSION [ 'totp' ]);
header ( 'location: /bk' );
exit ();