game/enter.php

414 lines
14 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
use Core\Config;
use Core\Database;
use Core\Db;
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
require_once __DIR__ . DIRECTORY_SEPARATOR . '_incl_data/autoload.php';
Config::init();
Database::init();
define('IP', UserIp::get());
$chat = new Chat();
if (isset($_GET['login'])) {
$_POST['login'] = $_GET['login'];
$_POST['pass'] = $_GET['pass'];
$_POST['code'] = $_GET['code'];
}
if (isset($_POST['psw'])) {
$_POST['pass'] = $_POST['psw'];
}
if (isset($_SESSION['login'])) {
$_POST['login'] = $_SESSION['login'];
$_POST['pass'] = $_SESSION['pass'];
}
if (isset($_GET['cookie_login']) && $_GET['cookie_login'] != '') {
setcookie('login', $_GET['cookie_login'], time() + 60 * 60 * 24 * 7, '', Config::get('host'));
setcookie('pass', $_GET['cookie_pass'], time() + 60 * 60 * 24 * 7, '', Config::get('host'));
die();
}
function error($e)
{
die(
'
<link rel="stylesheet" href="error.css">
<div class="text-wrapper">
<div class="title" data-content="Ошибка">
Ошибка!!
</div>
<div class="subtitle">
' . $e . '
</div>
<div class="buttons">
<a class="button" href="' . Config::get('https') . '">Вернуться назад</a>
</div>
</div>
'
);
}
function checkPassword(string $password, string $passwordHash, string $login): bool
{
if (password_verify($password, $passwordHash)) { // check password
return true;
} else {
if (
md5($password) === $passwordHash || // convert old md5() password
password_needs_rehash($passwordHash, PASSWORD_DEFAULT) //rehash if PASSWORD_DEFAULT changed
) {
$hash = password_hash($password, PASSWORD_DEFAULT);
Db::sql('update users set pass = ? where login = ?', [$hash, $login]);
return true;
}
return false;
}
}
//ReCapthca
require_once "./recaptchalib.php";
// ваш секретный ключ
$secret = "6Lf3EjsaAAAAALe3zRwxyPGf13ZMWZvCmvad3-jQ";
// пустой ответ
$response = null;
// проверка секретного ключа
$reCaptcha = new ReCaptcha($secret);
if ($_POST["g-recaptcha-response"]) {
$response = $reCaptcha->verifyResponse(
$_SERVER["REMOTE_ADDR"],
$_POST["g-recaptcha-response"]
);
}
//ReCapthca
$u = Db::getRow(
'select
users.id,
users.login,
auth,
pass,
pass2,
users.city,
users.ip,
ipreg,
admin,
online,
banned,
host_reg,
timereg,
securetime,
users_delo.text as block_reason
from users
left join users_delo on users.id = users_delo.uid
where users.login = ?',
[$_POST['login']]
);
$auth = Db::getValue('select id from logs_auth where uid = ? and ip = ?', [$u['id'], IP]);
if (
Config::get('securetime') > 0 &&
IP != $u['ip'] &&
IP != $u['ipreg'] &&
!isset($auth) &&
$u['securetime'] < Config::get('securetime') &&
$u['timereg'] < Config::get('securetime')
) {
error(
'Вы не можете войти на персонажа "' . $_POST['login'] . '".<br>
Скорее всего вы давно не меняли пароль.
Для смены перейдите по ссылке: <a href="/repass.php?login=' . $u['login'] . '">СМЕНА ПАРОЛЯ</a><br><br>
Вам необходимо сменить пароль для безопасности персонажа,
на почту по которой зарегистрирован персонаж придет новый случайно сгенерированный пароль.'
);
}
if (!isset($u['id'])) {
error('Логин "' . $_POST['login'] . '" не найден в базе.');
} elseif ($u['banned'] > 0) {
$blockstr = "Персонаж <b>{$u['login']}</b> заблокирован.";
$blockstr .= $u['block_reason'] ? "Причина блокировки: {$u['block_reason']}<br><br>" : '<br><br>';
error($blockstr);
} elseif (!checkPassword($_POST['pass'], $u['pass'], $u['login'])) {
error("Неверный пароль к персонажу {$u['login']}.");
Db::sql(
'insert into logs_auth (uid, ip, browser, type, time, depass) values (?,?,?,3,unix_timestamp(),?)',
[$u['id'], IP, $_SERVER['HTTP_USER_AGENT'], $_POST['pass']]
);
} else {
//Второй пароль
if (!empty($u['pass2'])) {
$_SESSION['login'] = $_POST['login'];
$_SESSION['pass'] = $_POST['pass'];
$good2 = false;
$koko = '';
if (password_verify($_POST['code'], $u['pass2'])) {
$good2 = true;
unset($_SESSION['login'], $_SESSION['pass']);
} else {
if (isset($_POST['code'])) {
$koko = 'Неверный второй пароль<br>';
}
setcookie('login', '', time() - 60 * 60 * 24, '', Config::get('host'));
setcookie('pass', '', time() - 60 * 60 * 24, '', Config::get('host'));
}
if ($koko) {
$koko = '<b style="color: red">' . $koko . '</b>';
}
if (!$good2) {
?>
<!Doctype html>
<HTML lang="ru">
<HEAD>
<link rel=stylesheet type="text/css">
<meta name="msapplication-config" content="browserconfig.xml"/>
<TITLE>Второй пароль</TITLE>
</HEAD>
<body bgcolor=dfdfde>
<H3><FONT COLOR="black">Запрос второго пароля к персонажу.</FONT></H3>
<?= $koko ?>
<div align="center">
<br>
<br>
<img id="pass" onClick="" width="295" src="i/pin/e0.png">
<br>
<br>
<img id="p1" onClick="" src="">
<img id="p2" onClick="" src="">
<img id="p3" onClick="" src="">
<br>
<img id="p4" onClick="" src="">
<img id="p5" onClick="" src="">
<img id="p6" onClick="" src="">
<br>
<img id="p7" onClick="" src="">
<img id="p8" onClick="" src="">
<img id="p9" onClick="" src="">
<br>
<img onClick="keypush(12);" src="i/pin/12.png">
<img id="p0" name="image" onClick="" src="">
<img onClick="keypush(11);" src="i/pin/11.png">
<br>
</div>
</BODY>
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
<script>
var dopass = '';
var tdopass = '';
var lenth = 0;
randomp();
function randomp() {
var ss = [];
var n = 0;
while (n < 10) {
ss[n] = n;
n++;
}
var i = 0;
var k = 0;
var m = 0;
var tmpp = 0;
while (i < 10) {
k = getRandomInt(10);
m = getRandomInt(10);
if (k != m) {
tmpp = ss[k];
ss[k] = ss[m];
ss[m] = tmpp;
i++;
}
}
n = 10;
while (n > -1) {
n = n - 1;
document.getElementById('p' + n).setAttribute("src", "i/pin/" + ss[n] + ".png");
document.getElementById('p' + n).setAttribute("onClick", "keypush(" + ss[n] + ");");
}
}
function getRandomInt(max) {
return Math.floor(Math.random() * Math.floor(max));
}
function keypush(n) {
if (n === 12) {
if (lenth > 0) {
dopass = '';
lenth = 0;
document.getElementById('pass').setAttribute("src", "i/pin/e" + lenth + ".png");
}
} else if (n === 11) {
var $_POST = <?php echo json_encode($_POST); ?>;
window.location.replace("https://new-combats.com/enter.php?code=" + dopass + "&login=" + $_POST['login'] + "&pass=" + $_POST['pass']);
} else {
if (lenth < 8) {
dopass = dopass + '' + n;
lenth++;
document.getElementById('pass').setAttribute("src", "i/pin/e" + lenth + ".png");
}
}
}
</script>
</HTML>
<?php
die();
}
}
if (!Db::getValue('select count(*) from stats where id = ?', [$u['id']])) {
Db::sql('insert into stats (id, stats) values (?,?)', [$u['id'], 's1=3|s2=3|s3=3|s4=3|rinv=40|m9=5|m6=10']);
}
if (!Db::getValue('select count(*) from online where uid = ?', [$u['id']])) {
Db::sql('insert into online (uid, timeStart) values (?,unix_timestamp())', [$u['id']]);
}
if (isset($_COOKIE['login'])) {
setcookie('login', '', time() - 60 * 60 * 24, '', Config::get('host'));
}
//мульты
if ($u['admin'] === 0) {
$ipm1 = Db::getValue(
'select ip from logs_auth where uid = ? and ip != ? order by id limit 1',
[$u['id'], $u['ip']]
);
$ppl = Db::getRows(
'select * from logs_auth where ip != ? and (ip = ? or ip = ? or ip = ? or ip = ? or ip = ?)',
['', $u['ip'], $ipm1, $u['ipreg'], IP, $_COOKIE['ip']]
);
foreach ($ppl as $item) {
$ml = Db::getValue(
'select id from mults where (uid = ? and uid2 = ?) or (uid = ? and uid2 = ?) limit 1',
[$item['uid'], $u['id'], $u['id'], $item['uid']]
);
if (!$ml && $item['ip'] !== '' && $item['ip'] !== '127.0.0.1') {
Db::sql('insert into mults (uid, uid2, ip) VALUES (?,?,?)', [$u['id'], $item['uid'], $item['ip']]);
}
}
}
if (idate('d') === 13) {
Db::sql('delete from eff_users where id_eff = 365 and uid = ?', [$u['id']]);
Db::sql(
'insert into eff_users (id_eff, uid, name, data, overType, timeUse, no_Ace) values (365,?,?,?,47,unix_timestamp(),1)',
[
$u['id'],
'День Рождения Клуба',
'add_speedhp=500|add_speedmp=500|add_speed_dungeon=50|add_repair_discount=1|',
]
);
$chat->send(
'', $u['room'], $u['city'], '', $u['login'],
'В честь дня рождения проекта вы получаете эффект &quot;День Рождения Клуба&quot;!(Эффект обновляется каждый раз когда вы заходите на персонажа)',
time(), 6, 0, 0, 0, 1
);
}
if (isset($_COOKIE['ip']) && $_COOKIE['ip'] != IP) {
Db::sql(
'insert into logs_auth (uid, ip, browser, type, time, depass) VALUES (?,?,?,1,unix_timestamp(),?)',
[$u['id'], $_COOKIE['ip'], $_SERVER['HTTP_USER_AGENT'], md5($_POST['pass'])]
);
}
setcookie('login', $_POST['login'], time() + 60 * 60 * 24 * 7, '', Config::get('host'));
setcookie('pass', $u['pass'], time() + 60 * 60 * 24 * 7, '', Config::get('host'));
setcookie('ip', IP, time() + 60 * 60 * 24 * 150, '');
if ($u['online'] < time() - 520) {
$sp = Db::getRows('select room, city, login from users where online > unix_timestamp() - 600 and id in (select user from friends where friend = ?)', [$u['id']]);
foreach ($sp as $usr) {
$chat->send(
'', $usr['room'], $usr['city'], '', $usr['login'], 'Вас приветствует: <b>' . $u['login'] . '</b>.',
time(), 6, 0, 0, 0, 1
);
}
}
$apu = '';
Db::sql('update dump set ver = 1, upd = 2 where uid = ?', [$u['id']]);
if (
$u['auth'] != md5($u['login'] . 'AUTH' . IP) ||
$_COOKIE['auth'] != md5($u['login'] . 'AUTH' . IP) ||
$u['auth'] == '' || $u['auth'] == '0'
) {
if (
$u['auth'] != '' &&
$u['auth'] != '0' &&
$u['ip'] != IP
) {
mysql_query(
"INSERT INTO `chat` (`new`,`city`,`room`,`login`,`to`,`text`,`time`,`type`,`toChat`) VALUES
('1',
'capitalcity',
'0',
'',
'" . $u['login'] . "',
'В предыдущий раз этим персонажем заходили с другого компьютера " .
date('d.m.Y H:i', $u['online']) . ". (Предыдущий ip: %" . $u['ip'] . ")',
'-1',
'6',
'0'
)"
);
}
$apu = "`auth` = '" . md5($u['login'] . 'AUTH' . IP) . "',";
setcookie('auth', md5($u['login'] . 'AUTH' . IP), time() + 60 * 60 * 24 * 365, '', 'new-combats.com');
}
if ($u['repass'] == 0) {
$ipnew = IP;
} else {
$ipnew = $u['ip'];
}
mysql_query(
"INSERT INTO `logs_auth` (`uid`,`ip`,`browser`,`type`,`time`,`depass`) VALUES ('" . $u['id'] . "','" . IP . "','" .
$_SERVER['HTTP_USER_AGENT'] . "','0','" . time() . "','" . mysql_real_escape_string(md5($_POST['pass'])) . "')"
);
mysql_query(
"UPDATE `users` SET " . $apu . "`ip`='" . $ipnew . "',`dateEnter`='" . $_SERVER['HTTP_USER_AGENT'] .
"',`online`='" . time() . "' WHERE `login` = '" . mysql_real_escape_string($_POST['login']) .
"' AND `pass` = '" . mysql_real_escape_string(md5($_POST['pass'])) . "' LIMIT 1"
);
header('location: /bk');
}