414 lines
14 KiB
PHP
414 lines
14 KiB
PHP
<?php
|
|
|
|
use Core\Config;
|
|
use Core\Database;
|
|
use Core\Db;
|
|
|
|
if (session_status() == PHP_SESSION_NONE) {
|
|
session_start();
|
|
}
|
|
|
|
require_once __DIR__ . DIRECTORY_SEPARATOR . '_incl_data/autoload.php';
|
|
|
|
Config::init();
|
|
Database::init();
|
|
|
|
define('IP', UserIp::get());
|
|
$chat = new Chat();
|
|
|
|
if (isset($_GET['login'])) {
|
|
$_POST['login'] = $_GET['login'];
|
|
$_POST['pass'] = $_GET['pass'];
|
|
$_POST['code'] = $_GET['code'];
|
|
}
|
|
|
|
if (isset($_POST['psw'])) {
|
|
$_POST['pass'] = $_POST['psw'];
|
|
}
|
|
|
|
if (isset($_SESSION['login'])) {
|
|
$_POST['login'] = $_SESSION['login'];
|
|
$_POST['pass'] = $_SESSION['pass'];
|
|
}
|
|
|
|
if (isset($_GET['cookie_login']) && $_GET['cookie_login'] != '') {
|
|
setcookie('login', $_GET['cookie_login'], time() + 60 * 60 * 24 * 7, '', Config::get('host'));
|
|
setcookie('pass', $_GET['cookie_pass'], time() + 60 * 60 * 24 * 7, '', Config::get('host'));
|
|
die();
|
|
}
|
|
|
|
function error($e)
|
|
{
|
|
die(
|
|
'
|
|
<link rel="stylesheet" href="error.css">
|
|
<div class="text-wrapper">
|
|
<div class="title" data-content="Îøèáêà">
|
|
Îøèáêà!!
|
|
</div>
|
|
|
|
<div class="subtitle">
|
|
' . $e . '
|
|
</div>
|
|
|
|
<div class="buttons">
|
|
<a class="button" href="' . Config::get('https') . '">Âåðíóòüñÿ íàçàä</a>
|
|
</div>
|
|
</div>
|
|
'
|
|
);
|
|
}
|
|
|
|
function checkPassword(string $password, string $passwordHash, string $login): bool
|
|
{
|
|
if (password_verify($password, $passwordHash)) { // check password
|
|
return true;
|
|
} else {
|
|
if (
|
|
md5($password) === $passwordHash || // convert old md5() password
|
|
password_needs_rehash($passwordHash, PASSWORD_DEFAULT) //rehash if PASSWORD_DEFAULT changed
|
|
) {
|
|
$hash = password_hash($password, PASSWORD_DEFAULT);
|
|
Db::sql('update users set pass = ? where login = ?', [$hash, $login]);
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
}
|
|
|
|
//ReCapthca
|
|
require_once "./recaptchalib.php";
|
|
// âàø ñåêðåòíûé êëþ÷
|
|
$secret = "6Lf3EjsaAAAAALe3zRwxyPGf13ZMWZvCmvad3-jQ";
|
|
|
|
// ïóñòîé îòâåò
|
|
$response = null;
|
|
|
|
// ïðîâåðêà ñåêðåòíîãî êëþ÷à
|
|
$reCaptcha = new ReCaptcha($secret);
|
|
|
|
if ($_POST["g-recaptcha-response"]) {
|
|
$response = $reCaptcha->verifyResponse(
|
|
$_SERVER["REMOTE_ADDR"],
|
|
$_POST["g-recaptcha-response"]
|
|
);
|
|
}
|
|
//ReCapthca
|
|
|
|
$u = Db::getRow(
|
|
'select
|
|
users.id,
|
|
users.login,
|
|
auth,
|
|
pass,
|
|
pass2,
|
|
users.city,
|
|
users.ip,
|
|
ipreg,
|
|
admin,
|
|
online,
|
|
banned,
|
|
host_reg,
|
|
timereg,
|
|
securetime,
|
|
users_delo.text as block_reason
|
|
from users
|
|
left join users_delo on users.id = users_delo.uid
|
|
where users.login = ?',
|
|
[$_POST['login']]
|
|
);
|
|
$auth = Db::getValue('select id from logs_auth where uid = ? and ip = ?', [$u['id'], IP]);
|
|
|
|
if (
|
|
Config::get('securetime') > 0 &&
|
|
IP != $u['ip'] &&
|
|
IP != $u['ipreg'] &&
|
|
!isset($auth) &&
|
|
$u['securetime'] < Config::get('securetime') &&
|
|
$u['timereg'] < Config::get('securetime')
|
|
) {
|
|
error(
|
|
'Âû íå ìîæåòå âîéòè íà ïåðñîíàæà "' . $_POST['login'] . '".<br>
|
|
Ñêîðåå âñåãî âû äàâíî íå ìåíÿëè ïàðîëü.
|
|
Äëÿ ñìåíû ïåðåéäèòå ïî ññûëêå: <a href="/repass.php?login=' . $u['login'] . '">ÑÌÅÍÀ ÏÀÐÎËß</a><br><br>
|
|
Âàì íåîáõîäèìî ñìåíèòü ïàðîëü äëÿ áåçîïàñíîñòè ïåðñîíàæà,
|
|
íà ïî÷òó ïî êîòîðîé çàðåãèñòðèðîâàí ïåðñîíàæ ïðèäåò íîâûé ñëó÷àéíî ñãåíåðèðîâàííûé ïàðîëü.'
|
|
);
|
|
}
|
|
|
|
if (!isset($u['id'])) {
|
|
error('Ëîãèí "' . $_POST['login'] . '" íå íàéäåí â áàçå.');
|
|
} elseif ($u['banned'] > 0) {
|
|
$blockstr = "Ïåðñîíàæ <b>{$u['login']}</b> çàáëîêèðîâàí.";
|
|
$blockstr .= $u['block_reason'] ? "Ïðè÷èíà áëîêèðîâêè: {$u['block_reason']}<br><br>" : '<br><br>';
|
|
error($blockstr);
|
|
} elseif (!checkPassword($_POST['pass'], $u['pass'], $u['login'])) {
|
|
error("Íåâåðíûé ïàðîëü ê ïåðñîíàæó {$u['login']}.");
|
|
Db::sql(
|
|
'insert into logs_auth (uid, ip, browser, type, time, depass) values (?,?,?,3,unix_timestamp(),?)',
|
|
[$u['id'], IP, $_SERVER['HTTP_USER_AGENT'], $_POST['pass']]
|
|
);
|
|
} else {
|
|
|
|
//Âòîðîé ïàðîëü
|
|
if (!empty($u['pass2'])) {
|
|
$_SESSION['login'] = $_POST['login'];
|
|
$_SESSION['pass'] = $_POST['pass'];
|
|
$good2 = false;
|
|
$koko = '';
|
|
if (password_verify($_POST['code'], $u['pass2'])) {
|
|
$good2 = true;
|
|
unset($_SESSION['login'], $_SESSION['pass']);
|
|
} else {
|
|
if (isset($_POST['code'])) {
|
|
$koko = 'Íåâåðíûé âòîðîé ïàðîëü<br>';
|
|
}
|
|
setcookie('login', '', time() - 60 * 60 * 24, '', Config::get('host'));
|
|
setcookie('pass', '', time() - 60 * 60 * 24, '', Config::get('host'));
|
|
}
|
|
|
|
if ($koko) {
|
|
$koko = '<b style="color: red">' . $koko . '</b>';
|
|
}
|
|
if (!$good2) {
|
|
?>
|
|
<!Doctype html>
|
|
<HTML lang="ru">
|
|
<HEAD>
|
|
<link rel=stylesheet type="text/css">
|
|
<meta charset="windows-1251">
|
|
<meta name="msapplication-config" content="browserconfig.xml"/>
|
|
<TITLE>Âòîðîé ïàðîëü</TITLE>
|
|
</HEAD>
|
|
<body bgcolor=dfdfde>
|
|
<H3><FONT COLOR="black">Çàïðîñ âòîðîãî ïàðîëÿ ê ïåðñîíàæó.</FONT></H3>
|
|
<?= $koko ?>
|
|
<div align="center">
|
|
<br>
|
|
<br>
|
|
|
|
<img id="pass" onClick="" width="295" src="i/pin/e0.png">
|
|
<br>
|
|
<br>
|
|
<img id="p1" onClick="" src="">
|
|
<img id="p2" onClick="" src="">
|
|
<img id="p3" onClick="" src="">
|
|
<br>
|
|
<img id="p4" onClick="" src="">
|
|
<img id="p5" onClick="" src="">
|
|
<img id="p6" onClick="" src="">
|
|
<br>
|
|
<img id="p7" onClick="" src="">
|
|
<img id="p8" onClick="" src="">
|
|
<img id="p9" onClick="" src="">
|
|
<br>
|
|
<img onClick="keypush(12);" src="i/pin/12.png">
|
|
<img id="p0" name="image" onClick="" src="">
|
|
<img onClick="keypush(11);" src="i/pin/11.png">
|
|
<br>
|
|
</div>
|
|
</BODY>
|
|
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
|
|
<script>
|
|
|
|
var dopass = '';
|
|
var tdopass = '';
|
|
var lenth = 0;
|
|
randomp();
|
|
|
|
function randomp() {
|
|
var ss = [];
|
|
var n = 0;
|
|
while (n < 10) {
|
|
ss[n] = n;
|
|
n++;
|
|
}
|
|
|
|
var i = 0;
|
|
var k = 0;
|
|
var m = 0;
|
|
var tmpp = 0;
|
|
while (i < 10) {
|
|
k = getRandomInt(10);
|
|
m = getRandomInt(10);
|
|
if (k != m) {
|
|
tmpp = ss[k];
|
|
ss[k] = ss[m];
|
|
ss[m] = tmpp;
|
|
i++;
|
|
}
|
|
}
|
|
|
|
n = 10;
|
|
while (n > -1) {
|
|
n = n - 1;
|
|
document.getElementById('p' + n).setAttribute("src", "i/pin/" + ss[n] + ".png");
|
|
document.getElementById('p' + n).setAttribute("onClick", "keypush(" + ss[n] + ");");
|
|
|
|
}
|
|
}
|
|
|
|
function getRandomInt(max) {
|
|
return Math.floor(Math.random() * Math.floor(max));
|
|
}
|
|
|
|
function keypush(n) {
|
|
if (n === 12) {
|
|
|
|
if (lenth > 0) {
|
|
|
|
dopass = '';
|
|
|
|
lenth = 0;
|
|
document.getElementById('pass').setAttribute("src", "i/pin/e" + lenth + ".png");
|
|
}
|
|
} else if (n === 11) {
|
|
|
|
var $_POST = <?php echo json_encode($_POST); ?>;
|
|
window.location.replace("https://new-combats.com/enter.php?code=" + dopass + "&login=" + $_POST['login'] + "&pass=" + $_POST['pass']);
|
|
|
|
} else {
|
|
|
|
if (lenth < 8) {
|
|
dopass = dopass + '' + n;
|
|
lenth++;
|
|
document.getElementById('pass').setAttribute("src", "i/pin/e" + lenth + ".png");
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
</script>
|
|
</HTML>
|
|
<?php
|
|
die();
|
|
}
|
|
}
|
|
|
|
if (!Db::getValue('select count(*) from stats where id = ?', [$u['id']])) {
|
|
Db::sql('insert into stats (id, stats) values (?,?)', [$u['id'], 's1=3|s2=3|s3=3|s4=3|rinv=40|m9=5|m6=10']);
|
|
}
|
|
if (!Db::getValue('select count(*) from online where uid = ?', [$u['id']])) {
|
|
Db::sql('insert into online (uid, timeStart) values (?,unix_timestamp())', [$u['id']]);
|
|
}
|
|
|
|
if (isset($_COOKIE['login'])) {
|
|
setcookie('login', '', time() - 60 * 60 * 24, '', Config::get('host'));
|
|
}
|
|
|
|
//ìóëüòû
|
|
if ($u['admin'] === 0) {
|
|
$ipm1 = Db::getValue(
|
|
'select ip from logs_auth where uid = ? and ip != ? order by id limit 1',
|
|
[$u['id'], $u['ip']]
|
|
);
|
|
$ppl = Db::getRows(
|
|
'select * from logs_auth where ip != ? and (ip = ? or ip = ? or ip = ? or ip = ? or ip = ?)',
|
|
['', $u['ip'], $ipm1, $u['ipreg'], IP, $_COOKIE['ip']]
|
|
);
|
|
foreach ($ppl as $item) {
|
|
$ml = Db::getValue(
|
|
'select id from mults where (uid = ? and uid2 = ?) or (uid = ? and uid2 = ?) limit 1',
|
|
[$item['uid'], $u['id'], $u['id'], $item['uid']]
|
|
);
|
|
if (!$ml && $item['ip'] !== '' && $item['ip'] !== '127.0.0.1') {
|
|
Db::sql('insert into mults (uid, uid2, ip) VALUES (?,?,?)', [$u['id'], $item['uid'], $item['ip']]);
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
if (idate('d') === 13) {
|
|
Db::sql('delete from eff_users where id_eff = 365 and uid = ?', [$u['id']]);
|
|
Db::sql(
|
|
'insert into eff_users (id_eff, uid, name, data, overType, timeUse, no_Ace) values (365,?,?,?,47,unix_timestamp(),1)',
|
|
[
|
|
$u['id'],
|
|
'Äåíü Ðîæäåíèÿ Êëóáà',
|
|
'add_speedhp=500|add_speedmp=500|add_speed_dungeon=50|add_repair_discount=1|',
|
|
]
|
|
);
|
|
|
|
$chat->send(
|
|
'', $u['room'], $u['city'], '', $u['login'],
|
|
' ÷åñòü äíÿ ðîæäåíèÿ ïðîåêòà âû ïîëó÷àåòå ýôôåêò "Äåíü Ðîæäåíèÿ Êëóáà"!(Ýôôåêò îáíîâëÿåòñÿ êàæäûé ðàç êîãäà âû çàõîäèòå íà ïåðñîíàæà)',
|
|
time(), 6, 0, 0, 0, 1
|
|
);
|
|
}
|
|
|
|
if (isset($_COOKIE['ip']) && $_COOKIE['ip'] != IP) {
|
|
Db::sql(
|
|
'insert into logs_auth (uid, ip, browser, type, time, depass) VALUES (?,?,?,1,unix_timestamp(),?)',
|
|
[$u['id'], $_COOKIE['ip'], $_SERVER['HTTP_USER_AGENT'], md5($_POST['pass'])]
|
|
);
|
|
}
|
|
|
|
setcookie('login', $_POST['login'], time() + 60 * 60 * 24 * 7, '', Config::get('host'));
|
|
setcookie('pass', $u['pass'], time() + 60 * 60 * 24 * 7, '', Config::get('host'));
|
|
setcookie('ip', IP, time() + 60 * 60 * 24 * 150, '');
|
|
|
|
if ($u['online'] < time() - 520) {
|
|
$sp = Db::getRows('select room, city, login from users where online > unix_timestamp() - 600 and id in (select user from friends where friend = ?)', [$u['id']]);
|
|
foreach ($sp as $usr) {
|
|
$chat->send(
|
|
'', $usr['room'], $usr['city'], '', $usr['login'], 'Âàñ ïðèâåòñòâóåò: <b>' . $u['login'] . '</b>.',
|
|
time(), 6, 0, 0, 0, 1
|
|
);
|
|
}
|
|
}
|
|
|
|
$apu = '';
|
|
Db::sql('update dump set ver = 1, upd = 2 where uid = ?', [$u['id']]);
|
|
|
|
if (
|
|
$u['auth'] != md5($u['login'] . 'AUTH' . IP) ||
|
|
$_COOKIE['auth'] != md5($u['login'] . 'AUTH' . IP) ||
|
|
$u['auth'] == '' || $u['auth'] == '0'
|
|
) {
|
|
if (
|
|
$u['auth'] != '' &&
|
|
$u['auth'] != '0' &&
|
|
$u['ip'] != IP
|
|
) {
|
|
mysql_query(
|
|
"INSERT INTO `chat` (`new`,`city`,`room`,`login`,`to`,`text`,`time`,`type`,`toChat`) VALUES
|
|
('1',
|
|
'capitalcity',
|
|
'0',
|
|
'',
|
|
'" . $u['login'] . "',
|
|
'Â ïðåäûäóùèé ðàç ýòèì ïåðñîíàæåì çàõîäèëè ñ äðóãîãî êîìïüþòåðà " .
|
|
date('d.m.Y H:i', $u['online']) . ". (Ïðåäûäóùèé ip: %" . $u['ip'] . ")',
|
|
'-1',
|
|
'6',
|
|
'0'
|
|
)"
|
|
);
|
|
}
|
|
$apu = "`auth` = '" . md5($u['login'] . 'AUTH' . IP) . "',";
|
|
setcookie('auth', md5($u['login'] . 'AUTH' . IP), time() + 60 * 60 * 24 * 365, '', 'new-combats.com');
|
|
}
|
|
|
|
if ($u['repass'] == 0) {
|
|
$ipnew = IP;
|
|
} else {
|
|
$ipnew = $u['ip'];
|
|
}
|
|
|
|
|
|
mysql_query(
|
|
"INSERT INTO `logs_auth` (`uid`,`ip`,`browser`,`type`,`time`,`depass`) VALUES ('" . $u['id'] . "','" . IP . "','" .
|
|
$_SERVER['HTTP_USER_AGENT'] . "','0','" . time() . "','" . mysql_real_escape_string(md5($_POST['pass'])) . "')"
|
|
);
|
|
|
|
mysql_query(
|
|
"UPDATE `users` SET " . $apu . "`ip`='" . $ipnew . "',`dateEnter`='" . $_SERVER['HTTP_USER_AGENT'] .
|
|
"',`online`='" . time() . "' WHERE `login` = '" . mysql_real_escape_string($_POST['login']) .
|
|
"' AND `pass` = '" . mysql_real_escape_string(md5($_POST['pass'])) . "' LIMIT 1"
|
|
);
|
|
|
|
|
|
header('location: /bk');
|
|
|
|
}
|