<?php use Core\Config; use Core\Database; use Core\Db; use User\Password; use User\UserIp; if (session_status() == PHP_SESSION_NONE) { session_start(); } require_once __DIR__ . DIRECTORY_SEPARATOR . '_incl_data/autoload.php'; Database::init(); define('IP', UserIp::get()); $chat = new Chat(); if (isset($_GET['login'])) { $_POST['login'] = $_GET['login']; $_POST['pass'] = $_GET['pass']; $_POST['code'] = $_GET['code']; } if (isset($_POST['psw'])) { $_POST['pass'] = $_POST['psw']; } if (isset($_SESSION['login'])) { $_POST['login'] = $_SESSION['login']; $_POST['pass'] = $_SESSION['pass']; } function error($e) { die( ' <link rel="stylesheet" href="error.css"> <div class="text-wrapper"> <div class="title" data-content="Ошибка"> Ошибка!! </div> <div class="subtitle"> ' . $e . ' </div> <div class="buttons"> <a class="button" href="' . Config::get('https') . '">Вернуться назад</a> </div> </div> ' ); } $u = Db::getRow( 'select users.id, users.login, auth, pass, pass2, users.city, users.ip, ipreg, admin, online, banned, host_reg, timereg, securetime, users_delo.text as block_reason from users left join users_delo on users.id = users_delo.uid where users.login = ?', [$_POST['login']] ); $auth = Db::getValue('select id from logs_auth where uid = ? and ip = ?', [$u['id'], IP]); if (!isset($u['id'])) { error('Логин "' . $_POST['login'] . '" не найден в базе.'); } elseif ($u['banned'] > 0) { $blockstr = "Персонаж <b>{$u['login']}</b> заблокирован."; $blockstr .= $u['block_reason'] ? "Причина блокировки: {$u['block_reason']}<br><br>" : '<br><br>'; error($blockstr); } elseif (!Password::isGood($_POST['pass'], $u['pass'], $u['login'])) { error("Неверный пароль к персонажу {$u['login']}."); Db::sql( 'insert into logs_auth (uid, ip, browser, type, time) values (?,?,?,3,unix_timestamp())', [$u['id'], IP, $_SERVER['HTTP_USER_AGENT']] ); } else { //Второй пароль if (!empty($u['pass2'])) { $_SESSION['login'] = $_POST['login']; $_SESSION['pass'] = $_POST['pass']; $good2 = false; $koko = ''; if (password_verify($_POST['code'], $u['pass2'])) { $good2 = true; unset($_SESSION['login'], $_SESSION['pass']); } else { if (isset($_POST['code'])) { $koko = 'Неверный второй пароль<br>'; } setcookie('login', '', time() - 60 * 60 * 24, '', Config::get('host')); } if ($koko) { $koko = '<b style="color: red">' . $koko . '</b>'; } if (!$good2) { ?> <!Doctype html> <HTML lang="ru"> <HEAD> <link rel=stylesheet type="text/css"> <meta name="msapplication-config" content="browserconfig.xml"/> <TITLE>Второй пароль</TITLE> </HEAD> <body style="background-color: #dfdfde;"> <H3>Запрос второго пароля к персонажу.</H3> <?= $koko ?> <div style="text-align: center"> <br> <br> <img id="pass" onClick="" width="295" src="i/pin/e0.png" alt="pass"> <br> <br> <img id="p1" onClick="" src="" alt="p1"> <img id="p2" onClick="" src="" alt="p2"> <img id="p3" onClick="" src="" alt="p3"> <br> <img id="p4" onClick="" src="" alt="p4"> <img id="p5" onClick="" src="" alt="p5"> <img id="p6" onClick="" src="" alt="p6"> <br> <img id="p7" onClick="" src="" alt="p7"> <img id="p8" onClick="" src="" alt="p8"> <img id="p9" onClick="" src="" alt="p9"> <br> <img onClick="keypush(12);" src="i/pin/12.png" alt="back"> <img id="p0" name="image" onClick="" src="" alt="nan"> <img onClick="keypush(11);" src="i/pin/11.png" alt="ok"> <br> </div> </BODY> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script> <script> var dopass = ''; var tdopass = ''; var lenth = 0; randomp(); function randomp() { var ss = []; var n = 0; while (n < 10) { ss[n] = n; n++; } var i = 0; var k = 0; var m = 0; var tmpp = 0; while (i < 10) { k = getRandomInt(10); m = getRandomInt(10); if (k != m) { tmpp = ss[k]; ss[k] = ss[m]; ss[m] = tmpp; i++; } } n = 10; while (n > -1) { n = n - 1; document.getElementById('p' + n).setAttribute("src", "i/pin/" + ss[n] + ".png"); document.getElementById('p' + n).setAttribute("onClick", "keypush(" + ss[n] + ");"); } } function getRandomInt(max) { return Math.floor(Math.random() * Math.floor(max)); } function keypush(n) { if (n == 12) { if (lenth > 0) { dopass = ''; lenth = 0; document.getElementById('pass').setAttribute("src", "i/pin/e" + lenth + ".png"); } } else if (n == 11) { var $_POST = <?= json_encode($_POST); ?>; window.location.replace("/enter.php?code=" + dopass + "&login=" + $_POST['login'] + "&pass=" + $_POST['pass']); } else { if (lenth < 8) { dopass = dopass + '' + n; lenth++; document.getElementById('pass').setAttribute("src", "i/pin/e" + lenth + ".png"); } } } </script> </HTML> <?php die(); } } if (!Db::getValue('select count(*) from stats where id = ?', [$u['id']])) { Db::sql('insert into stats (id, stats) values (?,?)', [$u['id'], 's1=3|s2=3|s3=3|s4=3|rinv=40|m9=5|m6=10']); } if (!Db::getValue('select count(*) from online where uid = ?', [$u['id']])) { Db::sql('insert into online (uid, timeStart) values (?,unix_timestamp())', [$u['id']]); } if (isset($_COOKIE['login'])) { setcookie('login', '', time() - 60 * 60 * 24, '', Config::get('host')); } //мульты if ($u['admin'] === 0) { $ipm1 = Db::getValue( 'select ip from logs_auth where uid = ? and ip != ? order by id limit 1', [$u['id'], $u['ip']] ); $ppl = Db::getRows( 'select * from logs_auth where ip != ? and (ip = ? or ip = ? or ip = ? or ip = ? or ip = ?)', ['', $u['ip'], $ipm1, $u['ipreg'], IP, $_COOKIE['ip']] ); foreach ($ppl as $item) { $ml = Db::getValue( 'select id from mults where (uid = ? and uid2 = ?) or (uid = ? and uid2 = ?) limit 1', [$item['uid'], $u['id'], $u['id'], $item['uid']] ); if (!$ml && $item['ip'] !== '' && $item['ip'] !== '127.0.0.1') { Db::sql('insert into mults (uid, uid2, ip) VALUES (?,?,?)', [$u['id'], $item['uid'], $item['ip']]); } } } if (isset($_COOKIE['ip']) && $_COOKIE['ip'] != IP) { Db::sql( 'insert into logs_auth (uid, ip, browser, type, time) VALUES (?,?,?,1,unix_timestamp())', [$u['id'], $_COOKIE['ip'], $_SERVER['HTTP_USER_AGENT']] ); } setcookie('login', $_POST['login'] ?? '', time() + 60 * 60 * 24 * 7, '', Config::get('host')); setcookie('ip', IP, time() + 60 * 60 * 24 * 150, ''); if ($u['online'] < time() - 520) { $sp = Db::getRows('select room, city, login from users where online > unix_timestamp() - 600 and id in (select user from friends where friend = ?)', [$u['id']]); foreach ($sp as $usr) { $chatDto = new ChatMessage(); $chatDto->setRoom($usr['room']); $chatDto->setCity($usr['city']); $chatDto->setTo($usr['login']); $chatDto->setText('Вас приветствует: <b>' . $u['login'] . '</b>.'); $chatDto->setType(6); $chat->sendMsg($chatDto); } } $apu = ''; Db::sql('update dump set ver = 1, upd = 2 where uid = ?', [$u['id']]); if ( $u['auth'] != md5($u['login'] . 'AUTH' . IP) || $_COOKIE['auth'] != md5($u['login'] . 'AUTH' . IP) || $u['auth'] == '' || $u['auth'] == '0' ) { if ( $u['auth'] != '' && $u['auth'] != '0' && $u['ip'] != IP ) { $cmsg = new ChatMessage(); $cmsg->setTo($u['login']); $cmsg->setText('В предыдущий раз этим персонажем заходили с другого компьютера ' . date('d.m.Y H:i', $u['online']) . "(Предыдущий ip: %{$u['ip']})"); $cmsg->setType(6); $chat->sendMsg($cmsg); } $apu = "auth = '" . md5($u['login'] . 'AUTH' . IP) . "',"; setcookie('auth', md5($u['login'] . 'AUTH' . IP), time() + 60 * 60 * 24 * 365, '', Config::get('host')); } $ipnew = IP; Db::sql('insert into logs_auth (uid, ip, browser, time) values (?,?,?,unix_timestamp())', [ $u['id'], IP, $_SERVER['HTTP_USER_AGENT'], ]); Db::sql("update users set $apu ip = ?, dateEnter = ?, online = unix_timestamp() where id = ?", [$ipnew, $_SERVER['HTTP_USER_AGENT'], $u['id']]); $_SESSION['uid'] = $u['id']; header('location: /bk'); exit(); }