new-combats/game
3
0
Fork 0
Code Issues 23 Pull Requests Releases Wiki Activity

Хороним $_COOKIE['pass'], отказываемся от md5('pass'). Это не регистрация, а чёрная дыра!

Browse Source
This commit is contained in:
Ivor Barhansky
2023-01-06 16:57:25 +02:00
parent e9ec7eb2f2
commit 9e45f170c7
50 changed files with 1470 additions and 2242 deletions
Download Patch File Download Diff File Expand all files Collapse all files
_incl_data/class/User/Confirmation.php
+120
View File
@@ -0,0 +1,120 @@
<?php
namespace User;
use Core\Config;
use Core\Db;
use Core\Mail;
use UserIp;
class Confirmation
{
/**
* Äëÿ îäíîòèïíûõ ïèñåì ñ ïîäòâåðæäåíèåì.
* @param array $userinfo Äàííûå èç (User)->info.
* @param mixed $value Íîâîå çíà÷åíèå
* @param ?int $code Ïðîâåðî÷íûé êîä
* @param string $type Òèï ìåíÿåìîãî çíà÷åíèÿ. Ñ ìàëåíüêîé áóêâû, èìåíèòåëüíûé ïàäåæ.
* @return void
*/
public static function byEmail(array $userinfo, string $type, $value, ?int $code = null)
{
if ($type === 'pass2' && is_null($code)) {
self::pass2ByEmailCustom($userinfo, $value);
return;
}
$ip = UserIp::get();
$date = date('d.m.y H:i');
$https = Config::get('https');
$support = Config::get('support');
$activationLink = 'https://' . $userinfo['city'] . Config::get('host') .
"/confirm.php?id={$userinfo['id']}&code=$code";
$fulllogin = $userinfo['login'] . "[{$userinfo['level']}]";
Mail::send(
$userinfo['mail'],
<<<HTML
<html lang="ru">
<head><title>Ñìåíèòü $type</title></head>
<body>
$date<br>
Êòî-òî ñ IP: $ip ïûòàåòñÿ ñìåíèòü $type ê ïåðñîíàæó $fulllogin.<br>
Ò.ê. â àíêåòå ó ýòîãî ïåðñîíàæà óêàçàí email: {$userinfo['mail']}, òî âû è ïîëó÷èëè ýòî ïèñüìî.<br>
login: {$userinfo['login']}<br>
Íîâûé $type: <span style="background-color: wheat; font-family: Consolas, monospace;">$value</span><br><br>
Äëÿ òîãî ÷òîáû ñìåíèòü $type, ïåðåéäèòå ïî ññûëêå:<br>
$activationLink<br>
<br>--<br>
Áîéöîâñêèé Êëóá $https<br>
Àäìèíèñòðàöèÿ Áîéöîâñêîãî Êëóáà: $support<br>
P.S. Äàííîå ïèñüìî ñãåíåðèðîâàíî àâòîìàòè÷åñêè, îòâå÷àòü íà íåãî íå íóæíî.
</body>
</html>
HTML,
"Ñìåíà $type ó ïåðñîíàæà $fulllogin"
);
}
private static function pass2ByEmailCustom(array $userinfo, string $pass2)
{
$ip = UserIp::get();
$fulllogin = $userinfo['login'] . "[{$userinfo['level']}]";
Mail::send(
$userinfo['mail'],
<<<HTML
<html lang="ru">
<head><title>Âòîðîé ïàðîëü îò ïåðñîíàæà $fulllogin.</title></head>
<body>
Âàìè, ñ IP àäðåñà - $ip, áûë óñòàíîâëåí âòîðîé ïàðîëü â èãðå Áîéöîâñêèé Êëóá.<br>
Åñëè ýòî áûëè íå Âû, ñâÿæèòåñü ñ àäìèíèñòðàöèåé ñàéòà.<br><br>
------------------------------------------------------------------<br>
Âàø ëîãèí | {$userinfo['login']}<br>
Âòîðîé ïàðîëü | ' . $pass2 . '<br>
------------------------------------------------------------------<br>
<br><br>Æåëàåì Âàì ïðèÿòíîé èãðû.<br><br><i>Àäìèíèñòðàöèÿ</i>
</body>
HTML,
"Âòîðîé ïàðîëü îò ïåðñîíàæà $fulllogin"
);
}
public static function byCode(int $uid, int $code): string
{
$status = '';
if ($uid <= 0 || $code <= 0) {
return $status;
}
$codes = Db::getRow(
'select * from emailconfirmation where id = ? and code = ? and (active = 1 or pass = 1 or email = 1)',
[$uid, $code]
);
if (!$codes['id']) {
$status = 'Ññûëêà óñòàðåëà!';
} elseif ($codes['active'] === 1) {
Db::sql(
'update users set emailconfirmation = 1, securetime = unix_timestamp() + 259200 where id = ?',
[$codes['id']]
);
$status = "Ïîäòâåðæäåíèå ñìåíû ïàðîëÿ/email ÷åðåç ïî÷òó âêëþ÷åíî";
} elseif ($codes['pass'] === 1) {
Db::sql(
'update users as u inner join emailconfirmation as e on u.id = e.id set u.pass = e.pa_em, u.securetime = unix_timestamp() + 259200 where u.id = ?',
[$codes['id']]
);
$status = "Óäà÷íî ñìåíèëè ïàðîëü<";
} elseif ($codes['email'] === 1) {
Db::sql(
'update users as u inner join emailconfirmation as e on u.id = e.id set u.mail = e.pa_em, u.securetime = unix_timestamp() + 259200 where u.id = ?',
[$codes['id']]
);
$status = "Óäà÷íî ñìåíèëè email";
}
Db::sql('delete from emailconfirmation where id = ? and code = ?', [$_GET['id'], $_GET['code']]);
if ($status) {
$status = "<h3>$status</h3>";
}
return $status;
}
}