new-combats/game
3
0
Fork 0
Code Issues 23 Pull Requests Releases Wiki Activity
a0efddefc5
game/enter.php.bac

359 lines
14 KiB
Plaintext
Raw Blame History

<?php
define('GAME',true);
function GetRealIp()
{
if (!empty($_SERVER['HTTP_CLIENT_IP']))
{
$ip=$_SERVER['HTTP_CLIENT_IP'];
}
elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}
else
{
$ip=$_SERVER['REMOTE_ADDR'];
}
return $ip;
}
define('IP',GetRealIp());
require_once('_incl_data/__config.php');
require_once('_incl_data/class/__db_connect.php');
require_once('_incl_data/class/__chat_class.php');
//session_reset();
session_start();
if( isset($_GET['login'])) {
$_POST['login'] = $_GET['login'];
$_POST['pass'] = $_GET['pass'];
}
if(isset($_POST['psw'])) {
$_POST['pass'] = $_POST['psw'];
}
if( isset($_SESSION['login']) ) {
$_POST['login'] = $_SESSION['login'];
$_POST['pass'] = $_SESSION['pass'];
}
if( isset($_GET['cookie_login']) && $_GET['cookie_login'] != '' ) {
setcookie('login',$_GET['cookie_login'],time()+60*60*24*7,'',$c['host']);
setcookie('pass',$_GET['cookie_pass'],time()+60*60*24*7,'',$c['host']);
header('location: /bk');
die();
}
function error($e)
{
global $c;
//$_SESSION['login']='';
//$_SESSION['pass']='';
//die('<script>location = "index.php?error='.$e.'";</script>')
//die('Location: index.php?error='.$e);
die('
<link rel="stylesheet" href="error.css">
<div class="text-wrapper">
<div class="title" data-content="Îøèáêà">
Îøèáêà!!
</div>
<div class="subtitle">
'.$e.'
</div>
<div class="buttons">
<a class="button" href="https://new-combats.com">Âåðíóòüñÿ íàçàä</a>
</div>
</div>
');
}
$socauth = false;
/*
if(isset($_GET['vk-auth'])) {
$client_id = '5145826'; // ID ïðèëîæåíèÿ
$client_secret = 'V90yIzlgSglfgrnHw7Ny'; // Çàùèù¸ííûé êëþ÷
$redirect_uri = 'https://new-combats.com/enter?vk-auth'; // Àäðåñ ñàéòà
$url = 'https://oauth.vk.com/authorize';
$params = array(
'client_id' => $client_id,
'redirect_uri' => $redirect_uri,
'response_type' => 'code'
);
if(isset($_GET['code'])) {
$result = false;
$params = array(
'client_id' => $client_id,
'client_secret' => $client_secret,
'code' => $_GET['code'],
'redirect_uri' => $redirect_uri
);
$token = json_decode(file_get_contents('httpss://oauth.vk.com/access_token' . '?' . urldecode(https_build_query($params))), true);
if (isset($token['access_token'])) {
$params = array(
'uids' => $token['user_id'],
'fields' => 'uid,first_name,last_name,screen_name,sex,bdate,photo_big',
'access_token' => $token['access_token']
);
$userInfo = json_decode(file_get_contents('httpss://api.vk.com/method/users.get' . '?' . urldecode(https_build_query($params))), true);
if (isset($userInfo['response'][0]['uid'])) {
$userInfo = $userInfo['response'][0];
$result = true;
}
}
if(isset($userInfo['uid'])) {
$scl = mysql_fetch_array(mysql_query('SELECT * FROM `mini_actions` WHERE `val` = "vkauth" AND `ok` = "'.mysql_real_escape_string($userInfo['uid']).'" ORDER BY `time` DESC LIMIT 1'));
if(isset($scl['id'])) {
$scl = mysql_fetch_array(mysql_query('SELECT * FROM `users` WHERE `id` = "'.$scl['uid'].'" LIMIT 1'));
$_POST['login'] = $scl['login'];
$socauth = true;
}else{
error('Âàø àêêàóíò ÂÊîíòàêòå#'.$userInfo['uid'].' íå ïðèêðåïëåí íè ê îäíîìó èç ïåðñîíàæåé.');
}
}else{
error('Íåóäàëîñü àâòîðèçèðîâàòüñÿ ÷åðåç ñîöèàëüíóþ ñåòü ÂÊîíòàêòå');
}
}
}
*/
//ReCapthca
require_once "./recaptchalib.php";
// âàø ñåêðåòíûé êëþ÷
$secret = "6LcvPFUUAAAAAKM9F9-6F-vkv63FJHAv7GOQ4A9d";
// ïóñòîé îòâåò
$response = null;
// ïðîâåðêà ñåêðåòíîãî êëþ÷à
$reCaptcha = new ReCaptcha($secret);
if ($_POST["g-recaptcha-response"]) {
$response = $reCaptcha->verifyResponse(
$_SERVER["REMOTE_ADDR"],
$_POST["g-recaptcha-response"]
);
}
//ReCapthca
if (($response != null && $response->success=true) || $_POST['code'] != '')
{
$u = mysql_fetch_array(mysql_query('SELECT `u`.`pass2`,`u`.`id`,`u`.`auth`,`u`.`login`,`u`.`pass`,`u`.`city`,`u`.`ip`,`u`.`ipreg`,`u`.`online`,`u`.`banned`,`u`.`admin`,`u`.`host_reg`,`u`.`securetime`,`u`.`timereg` FROM `users` AS `u` WHERE `u`.`login`="'.mysql_real_escape_string($_POST['login']).'" ORDER BY `id` ASC LIMIT 1'));
$auth = mysql_fetch_array(mysql_query('SELECT * FROM `logs_auth` WHERE `uid` = "'.$u['id'].'" AND `ip` = "'.mysql_real_escape_string(IP).'" LIMIT 1'));
if( $c['securetime'] > 0 && IP != $u['ip'] && IP != $u['ipreg'] && !isset($auth['id']) && $u['securetime'] < $c['securetime'] && $u['timereg'] < $c['securetime'] ) {
error('Âû íå ìîæåòå âîéòè íà ïåðñîíàæà "'.$_POST['login'].'".<br>Ñêîðåå âñåãî âû äàâíî íå ìåíÿëè ïàðîëü. Äëÿ ñìåíû ïåðåéäèòå ïî ññûëêå: <a href="/repass.php?login='.htmlspecialchars($_POST['login'],NULL,'cp1251').'">ÑÌÅÍÀ ÏÀÐÎËß</a><br><br>Âàì íåîáõîäèìî ñìåíèòü ïàðîëü äëÿ áåçîïàñíîñòè ïåðñîíàæà, íà ïî÷òó ïî êîòîðîé çàðåãèñòðèðîâàí ïåðñîíàæ ïðèäåò íîâûé ñëó÷àéíî ñãåíåðèðîâàííûé ïàðîëü.<br>Åñëè ó âàñ íåò äîñòóïà ê E-mail: Çàðåãèñòðèðóéòå íîâîãî ïåðñîíàæà è îáðàòèòåñü ê Àäìèíèñòðàöèè, ëèáî ìîäåðàòîðàì.');
}
/*if($u['host_reg'] == 'new-combats.com' && $u['online'] == 0) {
$_POST['pass'] = md5($_POST['pass']);
if($u['pass'] == md5($_POST['pass'])) {
$u['pass'] = $_POST['pass'];
mysql_query('UPDATE `users` SET `pass` = "'.mysql_real_escape_string($_POST['pass']).'",`online` = "'.time().'" WHERE `id` = "'.mysql_real_escape_string($u['id']).'" LIMIT 1');
error('Âîéäèòå ñ ãëàâíîé ñòðàíèöå åùå ðàç. Ïàðîëü áûë ðàñøèôðîâàí.');
}
}*/
if( md5(md5($_POST['pass'])) == $u['pass'] ) {
$_POST['pass'] = md5($_POST['pass']);
}
if(!isset($u['id']))
{
error('Ëîãèí "'.$_POST['login'].'" íå íàéäåí â áàçå.');
}elseif($u['pass']!=md5($_POST['pass']) && $socauth == false)
{
error('Íåâåðíûé ïàðîëü ê ïåðñîíàæó "'.$_POST['login'].'".');
mysql_query("INSERT INTO `logs_auth` (`uid`,`ip`,`browser`,`type`,`time`,`depass`) VALUES ('".$u['id']."','".mysql_real_escape_string(IP)."','".mysql_real_escape_string($_SERVER['HTTP_USER_AGENT'])."','3','".time()."','".mysql_real_escape_string($_POST['pass'])."')");
}elseif($u['banned']>0)
{
$fm = mysql_fetch_array(mysql_query('SELECT * FROM `users_delo` WHERE `uid` = "'.$u['id'].'" AND `hb`!=0 ORDER BY `id` DESC LIMIT 1'));
if(!isset($fm['id'])) {
$fm['text'] = 'Ïðè÷èíà áëîêèðîâêè: <i>Ïðè÷èíà ïîêà-÷òî íå óêàçàíà.</i>';
}
error(
'Ïåðñîíàæ <b>'.$_POST['login'].'</b> çàáëîêèðîâàí.'.
'<br>'.$fm['text'].'<br>'.
'<br><b>Âíèìàíèå!</b> Åñëè Âû óâåðåíû, ÷òî ïðîèçîøëà îøèáêà è Âû íè÷åãî íå íàðóøàëè, ïåðåðåãèñòðèðóéòåñü, îáüÿñíèòå ñèòóàöèþ àäìèíèñòðàöèè è îæèäàéòå îòâåòà!</a>'.
'<br>Ïåðåä òåì êàê ïèñàòü, <b>ÂÍÈÌÀÒÅËÜÍÎ</b> îçíàêîìèòåñü ñ <a target="_blank" href="https://new-combats.com/lib/zakon/">äåéñòâóþùèìè çàêîíàìè.'
.'<br><br>Åñëè Âû çàáëîêèðîâàíû ïðàâîìåðíî, òî ó Âàñ íåò øàíñîâ íà ðàçáëîêèðîâêó âàøåãî èãðîâîãî ïåðñîíàæà.'
);
}else{
//Âòîðîé ïàðîëü
if( $u['pass2'] != '' && $u['pass2'] != '0' ) {
$_SESSION['login'] = $_POST['login'];
$_SESSION['pass'] = $_POST['pass'];
$good2 = false;
$koko = '';
if( md5($_POST['code']) == $u['pass2'] ) {
$good2 = true;
unset($_SESSION['login'],$_SESSION['pass']);
}else{
$koko = 'Íåâåðíûé âòîðîé ïàðîëü';
setcookie('login','',time()-60*60*24,'',$c['host']);
setcookie('pass','',time()-60*60*24,'',$c['host']);
setcookie('login','',time()-60*60*24);
setcookie('pass','',time()-60*60*24);
}
if( $koko != '' ) {
$koko = '<font color="red"><b>'.$koko.'</b></font>';
}
if( $good2 == false ) {
?>
<!Doctype html>
<HTML>
<HEAD>
<link rel=stylesheet type="text/css" href="https://img.new-combats.com/i/main.css">
<meta charset="windows-1251">
<meta name="msapplication-config" content="browserconfig.xml"/>
<TITLE>Âòîðîé ïàðîëü</TITLE>
</HEAD>
<body bgcolor=666666>
<H3><FONT COLOR="black">Çàïðîñ âòîðîãî ïàðîëÿ ê ïåðñîíàæó.</FONT></H3>
<?=$koko?>
<div align="center">
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" width="100%" height="100%">
<param name="movie" value="https://new-combats.com/psw2.swf" />
<param name="quality" value="high" />
<param name="wmode" value="transparent">
<embed src="https://new-combats.com/psw2.swf"
quality="high"
type="application/x-shockwave-flash"
WMODE="transparent"
width="600"
height="250"
pluginspage="https://www.macromedia.com/go/getflashplayer" />
</object>
</div>
</BODY>
</HTML>
<?
die();
}
}
$st = mysql_fetch_array(mysql_query('SELECT * FROM `stats` WHERE `id`="'.$u['id'].'" LIMIT 1'));
if(!isset($st['id']))
{
mysql_query("INSERT INTO `stats` (`id`,`stats`) VALUES ('".$u['id']."','s1=3|s2=3|s3=3|s4=3|rinv=40|m9=5|m6=10')");
}
$on = mysql_fetch_array(mysql_query('SELECT * FROM `online` WHERE `uid`="'.$u['id'].'" LIMIT 1'));
if(!isset($on['id']))
{
mysql_query("INSERT INTO `online` (`uid`,`timeStart`) VALUES ('".$u['id']."','".time()."')");
}
if(isset($_COOKIE['login']) || isset($_COOKIE['pass']))
{
setcookie('login','',time()-60*60*24,'',$c['host']);
setcookie('pass','',time()-60*60*24,'',$c['host']);
}
//ìóëüòû
if($u['admin']==0)
{
$ipm1 = mysql_fetch_array(mysql_query('SELECT * FROM `logs_auth` WHERE `uid` = "'.mysql_real_escape_string($u['id']).'" AND `ip`!="'.mysql_real_escape_string($u['ip']).'" ORDER BY `id` ASC LIMIT 1'));
$ppl = mysql_query('SELECT * FROM `logs_auth` WHERE `ip`!="" AND (`ip` = "'.mysql_real_escape_string($u['ip']).'" OR `ip`="'.mysql_real_escape_string($ipm1['ip']).'" OR `ip`="'.mysql_real_escape_string($u['ipreg']).'" OR `ip`="'.mysql_real_escape_string(IP).'" OR `ip`="'.mysql_real_escape_string($_COOKIE['ip']).'")');
while($spl = mysql_fetch_array($ppl))
{
$ml = mysql_fetch_array(mysql_query('SELECT `id` FROM `mults` WHERE (`uid` = "'.$spl['uid'].'" AND `uid2` = "'.$u['id'].'") OR (`uid2` = "'.$spl['uid'].'" AND `uid` = "'.$u['id'].'") LIMIT 1'));
if(!isset($ml['id']) && $spl['uid']!=$inf['id'] && $spl['ip']!='' && $spl['ip']!='127.0.0.1' && $spl['ip']!='188.120.246.101')
{
mysql_query('INSERT INTO `mults` (`uid`,`uid2`,`ip`) VALUES ("'.$u['id'].'","'.$spl['uid'].'","'.$spl['ip'].'")');
}
}
}
if( (int)date('d') >= 13 && (int)date('d') <= 13) {
mysql_query('DELETE FROM `eff_users` WHERE `id_eff` = 365 AND `uid` = "'.$u['id'].'"');
mysql_query('INSERT INTO `eff_users` (
`id_eff`,`uid`,`name`,`data`,`overType`,`timeUse`,`no_Ace`
) VALUES (
"365","'.$u['id'].'","Äåíü Ðîæäåíèÿ Êëóáà","add_speedhp=500|add_speedmp=500|add_speed_dungeon=50|add_repair_discount=1|add_repair_z=1|add_repair_r=1|","47","'.time().'",1
)');
$chat->send('',$u['room'],$u['city'],'',$u['login'],' ÷åñòü äíÿ ðîæäåíèÿ ïðîåêòà âû ïîëó÷àåòå ýôôåêò &quot;Äåíü Ðîæäåíèÿ Êëóáà&quot;! (Ýôôåêò îáíîâëÿåòñÿ êàæäûé ðàç êîãäà âû çàõîäèòå íà ïåðñîíàæà)',time(),6,0,0,0,1);
}
if(isset($_COOKIE['ip']) && $_COOKIE['ip']!=IP)
{
mysql_query("INSERT INTO `logs_auth` (`uid`,`ip`,`browser`,`type`,`time`,`depass`) VALUES ('".$u['id']."','".mysql_real_escape_string($_COOKIE['ip'])."','".mysql_real_escape_string($_SERVER['HTTP_USER_AGENT'])."','1','".time()."','".mysql_real_escape_string(md5($_POST['pass']))."')");
}
setcookie('login',$_POST['login'],time()+60*60*24*7,'',$c['host']);
setcookie('pass',$u['pass'],time()+60*60*24*7,'',$c['host']);
setcookie('login',$_POST['login'],time()+60*60*24*7);
setcookie('pass',md5($_POST['pass']),time()+60*60*24*7);
setcookie('ip',IP,time()+60*60*24*150,'');
if($u['online'] < time()-520) {
$sp = mysql_query('SELECT `user` FROM `friends` WHERE `friend` = "'.$u['id'].'"');
while( $pl = mysql_fetch_array($sp) ) {
$usr = mysql_fetch_array(mysql_query('SELECT `id`,`online`,`login`,`city`,`room` FROM `users` WHERE `id` = "'.$pl['user'].'" LIMIT 1'));
if( isset($usr['id']) && $usr['online'] > time()-600 ) {
$chat->send('',$usr['room'],$usr['city'],'',$usr['login'],'Âàñ ïðèâåòñòâóåò: <b>'.$u['login'].'</b>.',time(),6,0,0,0,1);
}
}
}
$apu = '';
mysql_query('UPDATE `dump` SET `ver` = "1",`upd` = "2" WHERE `uid` = "'.$u['id'].'"');
if($u['auth'] != md5($u['login'].'AUTH'.IP) || $_COOKIE['auth'] != md5($u['login'].'AUTH'.IP) || $u['auth']=='' || $u['auth']=='0')
{
if($u['auth'] != '' && $u['auth'] != '0' && $u['ip'] != IP) {
mysql_query("INSERT INTO `chat` (`new`,`city`,`room`,`login`,`to`,`text`,`time`,`type`,`toChat`) VALUES ('1','capitalcity','0','','".$u['login']."','Â ïðåäûäóùèé ðàç ýòèì ïåðñîíàæåì çàõîäèëè ñ äðóãîãî êîìïüþòåðà ".date('d.m.Y H:i',$u['online']).". (Ïðåäûäóùèé ip: %".$u['ip'].")','-1','6','0')");
}
$apu = "`auth` = '".md5($u['login'].'AUTH'.IP)."',";
setcookie('auth',md5($u['login'].'AUTH'.IP),time()+60*60*24*365,'','new-combats.com');
}
if($u['repass'] == 0) {
$ipnew = IP;
}else{
$ipnew = $u['ip'];
}
mysql_query("INSERT INTO `logs_auth` (`uid`,`ip`,`browser`,`type`,`time`,`depass`) VALUES ('".$u['id']."','".IP."','".mysql_real_escape_string($_SERVER['HTTP_USER_AGENT'])."','0','".time()."','".mysql_real_escape_string(md5($_POST['pass']))."')");
mysql_query("UPDATE `users` SET ".$apu."`ip`='".$ipnew."',`dateEnter`='".mysql_real_escape_string($_SERVER['HTTP_USER_AGENT'])."',`online`='".time()."' WHERE `login` = '".mysql_real_escape_string($_POST['login'])."' AND `pass` = '".mysql_real_escape_string(md5($_POST['pass']))."' LIMIT 1");
if(isset($_POST['active_code_key'])) {
header('location: /active.php?code='.htmlspecialchars($_POST['active_code_key'],NULL,'cp1251'));
}else{
header('location: /bk');
}
}
}
else
{
error('Íå âûïîëíåíà ReCaptcha!');
//echo "Íå âûïîëíåíà ReCaptcha! <br>";
}
?>
Reference in New Issue View Git Blame Copy Permalink