game/enter.php

209 lines
6.4 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
use Core\Config;
use Core\Database;
use Core\Db;
use Core\TOTP;
use JetBrains\PhpStorm\NoReturn;
use User\Password;
use User\UserIp;
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
require_once __DIR__ . DIRECTORY_SEPARATOR . '_incl_data/autoload.php';
Database::init();
define('IP', UserIp::get());
$chat = new Chat();
$login = $_SESSION['login'] ?? '';
$password = '';
$otp = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_POST['login'])) {
$login = $_POST['login'];
}
if (isset($_POST['password'])) {
$password = $_POST['password'];
}
if (isset($_POST['otp'])) {
$otp = $_POST['otp'];
}
}
#[NoReturn] function error($e): void
{
$returnLink = Config::get('https');
$html = <<<HTML
<link rel="stylesheet" href="error.css">
<div class="text-wrapper">
<div class="title" data-content="Ошибка">Ошибка!!</div>
<div class="subtitle">$e</div>
<div class="buttons"><a class="button" href="$returnLink">Вернуться назад</a></div>
</div>
HTML;
exit($html);
}
$u = Db::getRow(
'select
users.id,
users.login,
auth,
pass,
totp,
users.ip,
ipreg,
admin,
online,
banned,
users_delo.text as block_reason
from users
left join users_delo on users.id = users_delo.uid
where users.login = ?',
[$login]
);
if (empty($_SESSION['login'])) {
if (!isset($u['id'])) {
error('Логин "' . $login . '" не найден в базе.');
} elseif ($u['banned'] > 0) {
$blockstr = "Персонаж <b>{$u['login']}</b> заблокирован.";
$blockstr .= $u['block_reason'] ? "Причина блокировки: {$u['block_reason']}<br><br>" : '<br><br>';
error($blockstr);
} elseif (!Password::isGood($password, $u['pass'], $u['login'])) {
Db::sql(
'insert into logs_auth (uid, ip, browser, type, time) values (?,?,?,3,unix_timestamp())',
[$u['id'], IP, $_SERVER['HTTP_USER_AGENT']]
);
error("Неверный пароль к персонажу {$u['login']}.");
}
$_SESSION['login'] = $u['login'];
if (!empty($u['totp'])) {
$_SESSION['totp'] = new TOTP($u['totp']);
}
}
if (!empty($_SESSION['totp']) && !empty($_SESSION['login'])) {
if (empty($otp)) {
?>
<!doctype html>
<html lang="ru">
<head>
<title>Второй пароль</title>
</head>
<body>
<form method="post">
<label for="otp">Одноразовый код:</label><br>
<input name="otp" id="otp" minlength="6" maxlength="6" size="6" placeholder="000000" required><br>
<input type="submit">
</form>
</body>
</html>
<?php
exit();
}
if ($_SESSION['totp']->generate() !== $otp) {
unset($_SESSION['login'], $_SESSION['totp']);
error('Неверный одноразовый код!');
}
}
if (!Db::getValue('select count(*) from stats where id = ?', [$u['id']])) {
Db::sql('insert into stats (id, stats) values (?,?)', [$u['id'], 's1=3|s2=3|s3=3|s4=3|rinv=40|m9=5|m6=10']);
}
if (!Db::getValue('select count(*) from online where uid = ?', [$u['id']])) {
Db::sql('insert into online (uid, timeStart) values (?,unix_timestamp())', [$u['id']]);
}
if (isset($_COOKIE['login'])) {
setcookie('login', '', time() - 60 * 60 * 24, '', Config::get('host'));
}
//мульты
if ($u['admin'] === 0) {
$ipm1 = Db::getValue(
'select ip from logs_auth where uid = ? and ip != ? order by id limit 1',
[$u['id'], $u['ip']]
);
$ppl = Db::getRows(
'select * from logs_auth where ip != ? and (ip = ? or ip = ? or ip = ? or ip = ? or ip = ?)',
['', $u['ip'], $ipm1, $u['ipreg'], IP, $_COOKIE['ip']]
);
foreach ($ppl as $item) {
$ml = Db::getValue(
'select id from mults where (uid = ? and uid2 = ?) or (uid = ? and uid2 = ?) limit 1',
[$item['uid'], $u['id'], $u['id'], $item['uid']]
);
if (!$ml && $item['ip'] !== '' && $item['ip'] !== '127.0.0.1') {
Db::sql('insert into mults (uid, uid2, ip) VALUES (?,?,?)', [$u['id'], $item['uid'], $item['ip']]);
}
}
}
if (isset($_COOKIE['ip']) && $_COOKIE['ip'] != IP) {
Db::sql(
'insert into logs_auth (uid, ip, browser, type, time) VALUES (?,?,?,1,unix_timestamp())',
[$u['id'], $_COOKIE['ip'], $_SERVER['HTTP_USER_AGENT']]
);
}
setcookie('login', $_POST['login'] ?? '', time() + 60 * 60 * 24 * 7, '', Config::get('host'));
setcookie('ip', IP, time() + 60 * 60 * 24 * 150, '');
if ($u['online'] < time() - 520) {
$sp = Db::getRows('select room, login from users where online > unix_timestamp() - 600 and id in (select user from friends where friend = ?)', [$u['id']]);
foreach ($sp as $usr) {
$chatDto = new ChatMessage();
$chatDto->setRoom($usr['room']);
$chatDto->setTo($usr['login']);
$chatDto->setText('Вас приветствует: <b>' . $u['login'] . '</b>.');
$chatDto->setType(6);
$chat->sendMsg($chatDto);
}
}
$apu = '';
Db::sql('update dump set ver = 1, upd = 2 where uid = ?', [$u['id']]);
if (
$u['auth'] != md5($u['login'] . 'AUTH' . IP) ||
$_COOKIE['auth'] != md5($u['login'] . 'AUTH' . IP) ||
$u['auth'] == '' || $u['auth'] == '0'
) {
if (
$u['auth'] != '' &&
$u['auth'] != '0' &&
$u['ip'] != IP
) {
$cmsg = new ChatMessage();
$cmsg->setTo($u['login']);
$cmsg->setText('В предыдущий раз этим персонажем заходили с другого компьютера ' . date('d.m.Y H:i', $u['online']) . "(Предыдущий ip: %{$u['ip']})");
$cmsg->setType(6);
$chat->sendMsg($cmsg);
}
$apu = "auth = '" . md5($u['login'] . 'AUTH' . IP) . "',";
setcookie('auth', md5($u['login'] . 'AUTH' . IP), time() + 60 * 60 * 24 * 365, '', Config::get('host'));
}
$ipnew = IP;
Db::sql('insert into logs_auth (uid, ip, browser, time) values (?,?,?,unix_timestamp())', [
$u['id'], IP, $_SERVER['HTTP_USER_AGENT'],
]);
Db::sql("update users set $apu ip = ?, dateEnter = ?, online = unix_timestamp() where id = ?", [$ipnew, $_SERVER['HTTP_USER_AGENT'], $u['id']]);
$_SESSION['uid'] = $u['id'];
unset($_SESSION['login'], $_SESSION['totp']);
header('location: /bk');
exit();