game/enter.php

394 lines
17 KiB
PHP

<?php
session_start();
const GAME = true;
function GetRealIp()
{
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
return $ip;
}
define('IP', GetRealIp());
include('_incl_data/__config.php');
include('_incl_data/class/__db_connect.php');
$chat = new Chat();
//session_reset();
if (isset($_GET['login'])) {
$_POST['login'] = $_GET['login'];
$_POST['pass'] = $_GET['pass'];
$_POST['code'] = $_GET['code'];
}
if (isset($_POST['psw'])) {
$_POST['pass'] = $_POST['psw'];
}
if (isset($_SESSION['login'])) {
$_POST['login'] = $_SESSION['login'];
$_POST['pass'] = $_SESSION['pass'];
}
if (isset($_GET['cookie_login']) && $_GET['cookie_login'] != '') {
setcookie('login', $_GET['cookie_login'], time() + 60 * 60 * 24 * 7, '', $c['host']);
setcookie('pass', $_GET['cookie_pass'], time() + 60 * 60 * 24 * 7, '', $c['host']);
//header('location: /bk');
die();
}
function error($e)
{
die('
<link rel="stylesheet" href="error.css">
<div class="text-wrapper">
<div class="title" data-content="Îøèáêà">
Îøèáêà!!
</div>
<div class="subtitle">
' . $e . '
</div>
<div class="buttons">
<a class="button" href="https://new-combats.com">Âåðíóòüñÿ íàçàä</a>
</div>
</div>
');
}
function md5m($src)
{
$tar = [16];
$res = [16];
$src = utf8_encode($src);
for ($i = 0; $i < strlen($src) || $i < 16; $i++) {
$res[$i] = ord($src{$i}) ^ $i * 4;
}
for ($i = 0; $i < 4; $i++) {
for ($j = 0; $j < 4; $j++) {
$tar[$i * 4 + $j] = ($res[$j * 4 + $i] + 256) % 256;
}
}
return ($tar);
}
function array2HStr($src)
{
$hex = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "A", "B", "C", "D", "E", "F"];
$res = "";
for ($i = 0; $i < 16; $i++) {
$res = $res . ($hex[$src[$i] >> 4] . $hex[$src[$i] % 16]);
}
return ($res);
}
$socauth = false;
//ReCapthca
require_once "./recaptchalib.php";
// âàø ñåêðåòíûé êëþ÷
$secret = "6Lf3EjsaAAAAALe3zRwxyPGf13ZMWZvCmvad3-jQ";
// ïóñòîé îòâåò
$response = null;
// ïðîâåðêà ñåêðåòíîãî êëþ÷à
$reCaptcha = new ReCaptcha($secret);
if ($_POST["g-recaptcha-response"]) {
$response = $reCaptcha->verifyResponse(
$_SERVER["REMOTE_ADDR"],
$_POST["g-recaptcha-response"]
);
}
//ReCapthca
$u = mysql_fetch_array(mysql_query('SELECT `u`.`pass2`,`u`.`id`,`u`.`auth`,`u`.`login`,`u`.`pass`,`u`.`city`,`u`.`ip`,`u`.`ipreg`,`u`.`online`,`u`.`banned`,`u`.`admin`,`u`.`host_reg`,`u`.`securetime`,`u`.`timereg` FROM `users` AS `u` WHERE `u`.`login`="' . mysql_real_escape_string($_POST['login']) . '" ORDER BY `id` ASC LIMIT 1'));
$auth = mysql_fetch_array(mysql_query('SELECT * FROM `logs_auth` WHERE `uid` = "' . $u['id'] . '" AND `ip` = "' . mysql_real_escape_string(IP) . '" LIMIT 1'));
if ($c['securetime'] > 0 && IP != $u['ip'] && IP != $u['ipreg'] && !isset($auth['id']) && $u['securetime'] < $c['securetime'] && $u['timereg'] < $c['securetime']) {
error('Âû íå ìîæåòå âîéòè íà ïåðñîíàæà "' . $_POST['login'] . '".<br>Ñêîðåå âñåãî âû äàâíî íå ìåíÿëè ïàðîëü. Äëÿ ñìåíû ïåðåéäèòå ïî ññûëêå: <a href="/repass.php?login=' . htmlspecialchars($_POST['login'], null, 'cp1251') . '">ÑÌÅÍÀ ÏÀÐÎËß</a><br><br>Âàì íåîáõîäèìî ñìåíèòü ïàðîëü äëÿ áåçîïàñíîñòè ïåðñîíàæà, íà ïî÷òó ïî êîòîðîé çàðåãèñòðèðîâàí ïåðñîíàæ ïðèäåò íîâûé ñëó÷àéíî ñãåíåðèðîâàííûé ïàðîëü.<br>Åñëè ó âàñ íåò äîñòóïà ê E-mail: Çàðåãèñòðèðóéòå íîâîãî ïåðñîíàæà è îáðàòèòåñü ê Àäìèíèñòðàöèè, ëèáî ìîäåðàòîðàì.');
}
if (md5(md5($_POST['pass'])) == $u['pass']) {
$_POST['pass'] = md5($_POST['pass']);
}
if (!isset($u['id'])) {
error('Ëîãèí "' . $_POST['login'] . '" íå íàéäåí â áàçå.');
} elseif ($u['pass'] != md5($_POST['pass']) && $socauth == false) {
error('Íåâåðíûé ïàðîëü ê ïåðñîíàæó "' . $_POST['login'] . '".');
mysql_query("INSERT INTO `logs_auth` (`uid`,`ip`,`browser`,`type`,`time`,`depass`) VALUES ('" . $u['id'] . "','" . mysql_real_escape_string(IP) . "','" . mysql_real_escape_string($_SERVER['HTTP_USER_AGENT']) . "','3','" . time() . "','" . mysql_real_escape_string($_POST['pass']) . "')");
} elseif ($u['banned'] > 0) {
$fm = mysql_fetch_array(mysql_query('SELECT * FROM `users_delo` WHERE `uid` = "' . $u['id'] . '" AND `hb`!=0 ORDER BY `id` DESC LIMIT 1'));
if (!isset($fm['id'])) {
$fm['text'] = 'Ïðè÷èíà áëîêèðîâêè: <i>Ïðè÷èíà ïîêà-÷òî íå óêàçàíà.</i>';
}
error('Ïåðñîíàæ <b>' . $_POST['login'] . '</b> çàáëîêèðîâàí.' . '<br>' . $fm['text'] . '<br>' . '<br><b>Âíèìàíèå!</b> Åñëè Âû óâåðåíû, ÷òî ïðîèçîøëà îøèáêà è Âû íè÷åãî íå íàðóøàëè, ïåðåðåãèñòðèðóéòåñü, îáüÿñíèòå ñèòóàöèþ àäìèíèñòðàöèè è îæèäàéòå îòâåòà!</a>' . '<br>Ïåðåä òåì êàê ïèñàòü, <b>ÂÍÈÌÀÒÅËÜÍÎ</b> îçíàêîìèòåñü ñ <a target="_blank" href="https://new-combats.com/lib/zakon/">äåéñòâóþùèìè çàêîíàìè.' . '<br><br>Åñëè Âû çàáëîêèðîâàíû ïðàâîìåðíî, òî ó Âàñ íåò øàíñîâ íà ðàçáëîêèðîâêó âàøåãî èãðîâîãî ïåðñîíàæà.');
} else {
//Âòîðîé ïàðîëü
if ($u['pass2'] != '' && $u['pass2'] != '0') {
$_SESSION['login'] = $_POST['login'];
$_SESSION['pass'] = $_POST['pass'];
$good2 = false;
$koko = '';
if (md5(array2HStr(md5m($_POST['code']))) == $u['pass2']) {
$good2 = true;
unset($_SESSION['login'], $_SESSION['pass']);
} else {
if (isset($_POST['code'])) {
$koko = 'Íåâåðíûé âòîðîé ïàðîëü<br>';
};
setcookie('login', '', time() - 60 * 60 * 24, '', $c['host']);
setcookie('pass', '', time() - 60 * 60 * 24, '', $c['host']);
setcookie('login', '', time() - 60 * 60 * 24);
setcookie('pass', '', time() - 60 * 60 * 24);
}
if ($koko != '') {
$koko = '<font color="red"><b>' . $koko . '</b></font>';
}
if ($good2 == false) {
?>
<!Doctype html>
<HTML>
<HEAD>
<link rel=stylesheet type="text/css">
<meta charset="windows-1251">
<meta name="msapplication-config" content="browserconfig.xml"/>
<TITLE>Âòîðîé ïàðîëü</TITLE>
</HEAD>
<body bgcolor=dfdfde>
<H3><FONT COLOR="black">Çàïðîñ âòîðîãî ïàðîëÿ ê ïåðñîíàæó.</FONT></H3>
<?= $koko ?>
<div align="center">
<br>
<br>
<img id="pass" onClick="" width="295" src="i/pin/e0.png">
<br>
<br>
<img id="p1" onClick="" src="">
<img id="p2" onClick="" src="">
<img id="p3" onClick="" src="">
<br>
<img id="p4" onClick="" src="">
<img id="p5" onClick="" src="">
<img id="p6" onClick="" src="">
<br>
<img id="p7" onClick="" src="">
<img id="p8" onClick="" src="">
<img id="p9" onClick="" src="">
<br>
<img onClick="keypush(12);" src="i/pin/12.png">
<img id="p0" name="image" onClick="" src="">
<img onClick="keypush(11);" src="i/pin/11.png">
<br>
</div>
</BODY>
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
<!--<script src="https://new-combats.com/js/jquery.js" type="text/javascript"></script>-->
<script>
var dopass = '';
var tdopass = '';
var lenth = 0;
randomp();
function randomp() {
var ss = new Array();
var n = 0;
while (n < 10) {
ss[n] = n;
n++;
}
var i = 0;
var k = 0;
var m = 0;
var tmpp = 0;
while (i < 10) {
k = getRandomInt(10);
m = getRandomInt(10);
if (k != m) {
tmpp = ss[k];
ss[k] = ss[m];
ss[m] = tmpp;
i++;
}
}
n = 10;
while (n > -1) {
n = n - 1;
document.getElementById('p' + n).setAttribute("src", "i/pin/" + ss[n] + ".png");
document.getElementById('p' + n).setAttribute("onClick", "keypush(" + ss[n] + ");");
}
}
function getRandomInt(max) {
return Math.floor(Math.random() * Math.floor(max));
}
function keypush(n) {
if (n == 12) {
if (lenth > 0) {
dopass = '';
lenth = 0;
document.getElementById('pass').setAttribute("src", "i/pin/e" + lenth + ".png");
}
} else if (n == 11) {
var $_POST = <?php echo json_encode($_POST); ?>;
/*$.ajax({
url: "https://new-combats.com/enter.php",
type: "POST",
data: {
code: "ab6d4bf6593416306881a9e54260b0af",
login: ""+$_POST['login'],
pass: ""+$_POST['pass']
},
success: function (response) {
if (response.successFlag) {
//Replace current location from the history via history API
window.history.replaceState({}, 'foo', '/foo');
window.location = "url of target location here if you want to send a get request";
$("#form-id").submit();//if you want to post something up
}
}
});
/*$.ajax({
type: 'post',
url: 'https://new-combats.com/enter.php',
data: "code=ab6d4bf6593416306881a9e54260b0af",//ïàðàìåòðû çàïðîñà
success: function(data) {
alert($_POST['login']);
}
});
//window.setTimeout('location.reload()', 1000);
*/
window.location.replace("https://new-combats.com/enter.php?code=" + dopass + "&login=" + $_POST['login'] + "&pass=" + $_POST['pass']);
} else {
if (lenth < 8) {
dopass = dopass + '' + n;
lenth++;
document.getElementById('pass').setAttribute("src", "i/pin/e" + lenth + ".png");
}
}
}
</script>
</HTML>
<?
die();
}
}
$st = mysql_fetch_array(mysql_query('SELECT * FROM `stats` WHERE `id`="' . $u['id'] . '" LIMIT 1'));
if (!isset($st['id'])) {
mysql_query("INSERT INTO `stats` (`id`,`stats`) VALUES ('" . $u['id'] . "','s1=3|s2=3|s3=3|s4=3|rinv=40|m9=5|m6=10')");
}
$on = mysql_fetch_array(mysql_query('SELECT * FROM `online` WHERE `uid`="' . $u['id'] . '" LIMIT 1'));
if (!isset($on['id'])) {
mysql_query("INSERT INTO `online` (`uid`,`timeStart`) VALUES ('" . $u['id'] . "','" . time() . "')");
}
if (isset($_COOKIE['login']) || isset($_COOKIE['pass'])) {
setcookie('login', '', time() - 60 * 60 * 24, '', $c['host']);
setcookie('pass', '', time() - 60 * 60 * 24, '', $c['host']);
}
//ìóëüòû
if ($u['admin'] == 0) {
$ipm1 = mysql_fetch_array(mysql_query('SELECT * FROM `logs_auth` WHERE `uid` = "' . mysql_real_escape_string($u['id']) . '" AND `ip`!="' . mysql_real_escape_string($u['ip']) . '" ORDER BY `id` ASC LIMIT 1'));
$ppl = mysql_query('SELECT * FROM `logs_auth` WHERE `ip`!="" AND (`ip` = "' . mysql_real_escape_string($u['ip']) . '" OR `ip`="' . mysql_real_escape_string($ipm1['ip']) . '" OR `ip`="' . mysql_real_escape_string($u['ipreg']) . '" OR `ip`="' . mysql_real_escape_string(IP) . '" OR `ip`="' . mysql_real_escape_string($_COOKIE['ip']) . '")');
while ($spl = mysql_fetch_array($ppl)) {
$ml = mysql_fetch_array(mysql_query('SELECT `id` FROM `mults` WHERE (`uid` = "' . $spl['uid'] . '" AND `uid2` = "' . $u['id'] . '") OR (`uid2` = "' . $spl['uid'] . '" AND `uid` = "' . $u['id'] . '") LIMIT 1'));
if (!isset($ml['id']) && $spl['uid'] != $inf['id'] && $spl['ip'] != '' && $spl['ip'] != '127.0.0.1' && $spl['ip'] != '188.120.246.101') {
mysql_query('INSERT INTO `mults` (`uid`,`uid2`,`ip`) VALUES ("' . $u['id'] . '","' . $spl['uid'] . '","' . $spl['ip'] . '")');
}
}
}
if ((int)date('d') >= 13 && (int)date('d') <= 13) {
mysql_query('DELETE FROM `eff_users` WHERE `id_eff` = 365 AND `uid` = "' . $u['id'] . '"');
mysql_query('INSERT INTO `eff_users` (
`id_eff`,`uid`,`name`,`data`,`overType`,`timeUse`,`no_Ace`
) VALUES (
"365","' . $u['id'] . '","Äåíü Ðîæäåíèÿ Êëóáà","add_speedhp=500|add_speedmp=500|add_speed_dungeon=50|add_repair_discount=1|","47","' . time() . '",1
)');
$chat->send('', $u['room'], $u['city'], '', $u['login'], ' ÷åñòü äíÿ ðîæäåíèÿ ïðîåêòà âû ïîëó÷àåòå ýôôåêò &quot;Äåíü Ðîæäåíèÿ Êëóáà&quot;! (Ýôôåêò îáíîâëÿåòñÿ êàæäûé ðàç êîãäà âû çàõîäèòå íà ïåðñîíàæà)', time(), 6, 0, 0, 0, 1);
}
if (isset($_COOKIE['ip']) && $_COOKIE['ip'] != IP) {
mysql_query("INSERT INTO `logs_auth` (`uid`,`ip`,`browser`,`type`,`time`,`depass`) VALUES ('" . $u['id'] . "','" . mysql_real_escape_string($_COOKIE['ip']) . "','" . mysql_real_escape_string($_SERVER['HTTP_USER_AGENT']) . "','1','" . time() . "','" . mysql_real_escape_string(md5($_POST['pass'])) . "')");
}
setcookie('login', $_POST['login'], time() + 60 * 60 * 24 * 7, '', $c['host']);
setcookie('pass', $u['pass'], time() + 60 * 60 * 24 * 7, '', $c['host']);
setcookie('login', $_POST['login'], time() + 60 * 60 * 24 * 7);
setcookie('pass', md5($_POST['pass']), time() + 60 * 60 * 24 * 7);
setcookie('ip', IP, time() + 60 * 60 * 24 * 150, '');
if ($u['online'] < time() - 520) {
$sp = mysql_query('SELECT `user` FROM `friends` WHERE `friend` = "' . $u['id'] . '"');
while ($pl = mysql_fetch_array($sp)) {
$usr = mysql_fetch_array(mysql_query('SELECT `id`,`online`,`login`,`city`,`room` FROM `users` WHERE `id` = "' . $pl['user'] . '" LIMIT 1'));
if (isset($usr['id']) && $usr['online'] > time() - 600) {
$chat->send('', $usr['room'], $usr['city'], '', $usr['login'], 'Âàñ ïðèâåòñòâóåò: <b>' . $u['login'] . '</b>.', time(), 6, 0, 0, 0, 1);
}
}
}
$apu = '';
mysql_query('UPDATE `dump` SET `ver` = "1",`upd` = "2" WHERE `uid` = "' . $u['id'] . '"');
if ($u['auth'] != md5($u['login'] . 'AUTH' . IP) || $_COOKIE['auth'] != md5($u['login'] . 'AUTH' . IP) || $u['auth'] == '' || $u['auth'] == '0') {
if ($u['auth'] != '' && $u['auth'] != '0' && $u['ip'] != IP) {
mysql_query("INSERT INTO `chat` (`new`,`city`,`room`,`login`,`to`,`text`,`time`,`type`,`toChat`) VALUES ('1','capitalcity','0','','" . $u['login'] . "','Â ïðåäûäóùèé ðàç ýòèì ïåðñîíàæåì çàõîäèëè ñ äðóãîãî êîìïüþòåðà " . date('d.m.Y H:i', $u['online']) . ". (Ïðåäûäóùèé ip: %" . $u['ip'] . ")','-1','6','0')");
}
$apu = "`auth` = '" . md5($u['login'] . 'AUTH' . IP) . "',";
setcookie('auth', md5($u['login'] . 'AUTH' . IP), time() + 60 * 60 * 24 * 365, '', 'new-combats.com');
}
if ($u['repass'] == 0) {
$ipnew = IP;
} else {
$ipnew = $u['ip'];
}
mysql_query("INSERT INTO `logs_auth` (`uid`,`ip`,`browser`,`type`,`time`,`depass`) VALUES ('" . $u['id'] . "','" . IP . "','" . mysql_real_escape_string($_SERVER['HTTP_USER_AGENT']) . "','0','" . time() . "','" . mysql_real_escape_string(md5($_POST['pass'])) . "')");
mysql_query("UPDATE `users` SET " . $apu . "`ip`='" . $ipnew . "',`dateEnter`='" . mysql_real_escape_string($_SERVER['HTTP_USER_AGENT']) . "',`online`='" . time() . "' WHERE `login` = '" . mysql_real_escape_string($_POST['login']) . "' AND `pass` = '" . mysql_real_escape_string(md5($_POST['pass'])) . "' LIMIT 1");
if (isset($_POST['active_code_key'])) {
header('location: /active.php?code=' . htmlspecialchars($_POST['active_code_key'], null, 'cp1251'));
} else {
header('location: /bk');
}
}