Хороним $_COOKIE['pass'], отказываемся от md5('pass'). Это не регистрация, а чёрная дыра!

2023-01-06 16:57:25 +02:00
parent e9ec7eb2f2
commit 9e45f170c7
50 changed files with 1470 additions and 2242 deletions
--- a/jx/battle/refresh.php
+++ b/jx/battle/refresh.php
@@ -47,7 +47,7 @@ if (isset($_GET['cron_core'])) {
        if (isset($uzr['id'])) {
            $CRON_CORE = true;
            $_COOKIE['login'] = $uzr['login'];
-            $_COOKIE['pass'] = $uzr['pass'];
+            //$_COOKIE['pass'] = $uzr['pass'];
            $_POST['id'] = 'reflesh';
        }
        unset($uzr);
@@ -254,11 +254,7 @@ if (($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest' || isset($CRON_CORE))
        $rehtml = '';
        if (!isset($CRON_CORE)) {
            $js .= '$("#priems").html("' . $priem->seeMy(2) . '");';
-            $jslog = '';
-            if ($u->info['design'] != 0) {
-                $jslog .= $btl->lookmLog();
-            }
-
+            $jslog = $btl->lookmLog();
            $jslog .= $btl->lookLog();
            if ($jslog != '') {
                $js = $jslog . $js;
--- a/jx/battle/refresh1.php
+++ b/jx/battle/refresh1.php
@@ -206,12 +206,7 @@
 			$rehtml = '';
 			if(!isset($CRON_CORE)) {
 				$js .= '$("#priems").html("'.$priem->seeMy(2).'");';
-				//if(!isset($_POST['usepriem'])) {
-					$jslog='';
-					if( $u->info['design'] == 1 ) {
-						$jslog = $btl->lookmLog();
-					}
-
+					$jslog = $btl->lookmLog();
 					$jslog .= $btl->lookLog();
 					if( $jslog != '' ) {
 						$js .= 'top.btlclearlog();'.$jslog;
--- a/jx/battle/refresh_bot.php
+++ b/jx/battle/refresh_bot.php
@@ -36,7 +36,7 @@ if (isset($_GET['cron_core'])) {
        if (isset($uzr['id'])) {
            $CRON_CORE = true;
            $_COOKIE['login'] = $uzr['login'];
-            $_COOKIE['pass'] = $uzr['pass'];
+            //$_COOKIE['pass'] = $uzr['pass'];
            $_POST['id'] = 'reflesh';


--- a/jx/battle/refresh_vip.php
+++ b/jx/battle/refresh_vip.php
@@ -32,7 +32,7 @@ if (isset($_GET['cron_core'])) {
        if (isset($uzr['id'])) {
            $CRON_CORE = true;
            $_COOKIE['login'] = $uzr['login'];
-            $_COOKIE['pass'] = $uzr['pass'];
+            //$_COOKIE['pass'] = $uzr['pass'];
            $_POST['id'] = 'reflesh';
        }
        unset($uzr);
--- a/jx/post.php
+++ b/jx/post.php
@@ -6,7 +6,7 @@ if ($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
    include_once('../_incl_data/class/__db_connect.php');


-    $u = mysql_fetch_array(mysql_query('SELECT `id` FROM `users` WHERE `login`="' . mysql_real_escape_string($_COOKIE['login']) . '" AND `pass`="' . mysql_real_escape_string($_COOKIE['pass']) . '" LIMIT 1'));
+    $u = mysql_fetch_array(mysql_query('SELECT `id` FROM `users` WHERE `login`="' . mysql_real_escape_string($_COOKIE['login']) . '"'));
    if (!isset($u['id']) || ($u['joinIP'] == 1 && $u['ip'] != $_SERVER['HTTP_X_REAL_IP'])) {
        die('<script>top.location = \'https://' . $c['host'] . '/\';</script>');
    } else {