'
);
}
function checkPassword(string $password, string $passwordHash, string $login): bool
{
if (password_verify($password, $passwordHash)) { // check password
return true;
} else {
if (
md5($password) === $passwordHash || // convert old md5() password
password_needs_rehash($passwordHash, PASSWORD_DEFAULT) //rehash if PASSWORD_DEFAULT changed
) {
$hash = password_hash($password, PASSWORD_DEFAULT);
Db::sql('update users set pass = ? where login = ?', [$hash, $login]);
return true;
}
return false;
}
}
$u = Db::getRow(
'select
users.id,
users.login,
auth,
pass,
pass2,
users.city,
users.ip,
ipreg,
admin,
online,
banned,
host_reg,
timereg,
securetime,
users_delo.text as block_reason
from users
left join users_delo on users.id = users_delo.uid
where users.login = ?',
[$_POST['login']]
);
$auth = Db::getValue('select id from logs_auth where uid = ? and ip = ?', [$u['id'], IP]);
if (!isset($u['id'])) {
error('Логин "' . $_POST['login'] . '" не найден в базе.');
} elseif ($u['banned'] > 0) {
$blockstr = "Персонаж {$u['login']} заблокирован.";
$blockstr .= $u['block_reason'] ? "Причина блокировки: {$u['block_reason']}
" : '
';
error($blockstr);
} elseif (!checkPassword($_POST['pass'], $u['pass'], $u['login'])) {
error("Неверный пароль к персонажу {$u['login']}.");
Db::sql(
'insert into logs_auth (uid, ip, browser, type, time) values (?,?,?,3,unix_timestamp())',
[$u['id'], IP, $_SERVER['HTTP_USER_AGENT']]
);
} else {
//Второй пароль
if (!empty($u['pass2'])) {
$_SESSION['login'] = $_POST['login'];
$_SESSION['pass'] = $_POST['pass'];
$good2 = false;
$koko = '';
if (password_verify($_POST['code'], $u['pass2'])) {
$good2 = true;
unset($_SESSION['login'], $_SESSION['pass']);
} else {
if (isset($_POST['code'])) {
$koko = 'Неверный второй пароль
';
}
setcookie('login', '', time() - 60 * 60 * 24, '', Config::get('host'));
}
if ($koko) {
$koko = '' . $koko . '';
}
if (!$good2) {
?>
Второй пароль
Запрос второго пароля к персонажу.
= $koko ?>
unix_timestamp() - 600 and id in (select user from friends where friend = ?)', [$u['id']]);
foreach ($sp as $usr) {
$chatDto = new ChatMessage();
$chatDto->setRoom($usr['room']);
$chatDto->setCity($usr['city']);
$chatDto->setTo($usr['login']);
$chatDto->setText('Вас приветствует: ' . $u['login'] . '.');
$chatDto->setType(6);
$chat->sendMsg($chatDto);
}
}
$apu = '';
Db::sql('update dump set ver = 1, upd = 2 where uid = ?', [$u['id']]);
if (
$u['auth'] != md5($u['login'] . 'AUTH' . IP) ||
$_COOKIE['auth'] != md5($u['login'] . 'AUTH' . IP) ||
$u['auth'] == '' || $u['auth'] == '0'
) {
if (
$u['auth'] != '' &&
$u['auth'] != '0' &&
$u['ip'] != IP
) {
$cmsg = new ChatMessage();
$cmsg->setTo($u['login']);
$cmsg->setText('В предыдущий раз этим персонажем заходили с другого компьютера ' . date('d.m.Y H:i', $u['online']) . "(Предыдущий ip: %{$u['ip']})");
$cmsg->setType(6);
$chat->sendMsg($cmsg);
}
$apu = "`auth` = '" . md5($u['login'] . 'AUTH' . IP) . "',";
setcookie('auth', md5($u['login'] . 'AUTH' . IP), time() + 60 * 60 * 24 * 365, '', Config::get('host'));
}
if ($u['repass'] == 0) {
$ipnew = IP;
} else {
$ipnew = $u['ip'];
}
Db::sql('insert into logs_auth (uid, ip, browser, time) values (?,?,?,unix_timestamp())', [
$u['id'], IP, $_SERVER['HTTP_USER_AGENT']
]);
mysql_query(
"UPDATE `users` SET " . $apu . "`ip`='" . $ipnew . "',`dateEnter`='" . $_SERVER['HTTP_USER_AGENT'] .
"',`online`='" . time() . "' WHERE `id` = " . $u['id']
);
$_SESSION['uid'] = $u['id'];
header('location: /bk');
}