game/enter.php

327 lines
11 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
use Core\Config;
use Core\Database;
use Core\Db;
use User\Password;
use User\UserIp;
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
require_once __DIR__ . DIRECTORY_SEPARATOR . '_incl_data/autoload.php';
Database::init();
define('IP', UserIp::get());
$chat = new Chat();
if (isset($_GET['login'])) {
$_POST['login'] = $_GET['login'];
$_POST['pass'] = $_GET['pass'];
$_POST['code'] = $_GET['code'];
}
if (isset($_POST['psw'])) {
$_POST['pass'] = $_POST['psw'];
}
if (isset($_SESSION['login'])) {
$_POST['login'] = $_SESSION['login'];
$_POST['pass'] = $_SESSION['pass'];
}
function error($e)
{
die(
'
<link rel="stylesheet" href="error.css">
<div class="text-wrapper">
<div class="title" data-content="Ошибка">
Ошибка!!
</div>
<div class="subtitle">
' . $e . '
</div>
<div class="buttons">
<a class="button" href="' . Config::get('https') . '">Вернуться назад</a>
</div>
</div>
'
);
}
$u = Db::getRow(
'select
users.id,
users.login,
auth,
pass,
pass2,
users.city,
users.ip,
ipreg,
admin,
online,
banned,
host_reg,
timereg,
securetime,
users_delo.text as block_reason
from users
left join users_delo on users.id = users_delo.uid
where users.login = ?',
[$_POST['login']]
);
$auth = Db::getValue('select id from logs_auth where uid = ? and ip = ?', [$u['id'], IP]);
if (!isset($u['id'])) {
error('Логин "' . $_POST['login'] . '" не найден в базе.');
} elseif ($u['banned'] > 0) {
$blockstr = "Персонаж <b>{$u['login']}</b> заблокирован.";
$blockstr .= $u['block_reason'] ? "Причина блокировки: {$u['block_reason']}<br><br>" : '<br><br>';
error($blockstr);
} elseif (!Password::isGood($_POST['pass'], $u['pass'], $u['login'])) {
error("Неверный пароль к персонажу {$u['login']}.");
Db::sql(
'insert into logs_auth (uid, ip, browser, type, time) values (?,?,?,3,unix_timestamp())',
[$u['id'], IP, $_SERVER['HTTP_USER_AGENT']]
);
} else {
//Второй пароль
if (!empty($u['pass2'])) {
$_SESSION['login'] = $_POST['login'];
$_SESSION['pass'] = $_POST['pass'];
$good2 = false;
$koko = '';
if (password_verify($_POST['code'], $u['pass2'])) {
$good2 = true;
unset($_SESSION['login'], $_SESSION['pass']);
} else {
if (isset($_POST['code'])) {
$koko = 'Неверный второй пароль<br>';
}
setcookie('login', '', time() - 60 * 60 * 24, '', Config::get('host'));
}
if ($koko) {
$koko = '<b style="color: red">' . $koko . '</b>';
}
if (!$good2) {
?>
<!Doctype html>
<HTML lang="ru">
<HEAD>
<link rel=stylesheet type="text/css">
<meta name="msapplication-config" content="browserconfig.xml"/>
<TITLE>Второй пароль</TITLE>
</HEAD>
<body style="background-color: #dfdfde;">
<H3>Запрос второго пароля к персонажу.</H3>
<?= $koko ?>
<div style="text-align: center">
<br>
<br>
<img id="pass" onClick="" width="295" src="i/pin/e0.png" alt="pass">
<br>
<br>
<img id="p1" onClick="" src="" alt="p1">
<img id="p2" onClick="" src="" alt="p2">
<img id="p3" onClick="" src="" alt="p3">
<br>
<img id="p4" onClick="" src="" alt="p4">
<img id="p5" onClick="" src="" alt="p5">
<img id="p6" onClick="" src="" alt="p6">
<br>
<img id="p7" onClick="" src="" alt="p7">
<img id="p8" onClick="" src="" alt="p8">
<img id="p9" onClick="" src="" alt="p9">
<br>
<img onClick="keypush(12);" src="i/pin/12.png" alt="back">
<img id="p0" name="image" onClick="" src="" alt="nan">
<img onClick="keypush(11);" src="i/pin/11.png" alt="ok">
<br>
</div>
</BODY>
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
<script>
var dopass = '';
var tdopass = '';
var lenth = 0;
randomp();
function randomp() {
var ss = [];
var n = 0;
while (n < 10) {
ss[n] = n;
n++;
}
var i = 0;
var k = 0;
var m = 0;
var tmpp = 0;
while (i < 10) {
k = getRandomInt(10);
m = getRandomInt(10);
if (k != m) {
tmpp = ss[k];
ss[k] = ss[m];
ss[m] = tmpp;
i++;
}
}
n = 10;
while (n > -1) {
n = n - 1;
document.getElementById('p' + n).setAttribute("src", "i/pin/" + ss[n] + ".png");
document.getElementById('p' + n).setAttribute("onClick", "keypush(" + ss[n] + ");");
}
}
function getRandomInt(max) {
return Math.floor(Math.random() * Math.floor(max));
}
function keypush(n) {
if (n == 12) {
if (lenth > 0) {
dopass = '';
lenth = 0;
document.getElementById('pass').setAttribute("src", "i/pin/e" + lenth + ".png");
}
} else if (n == 11) {
var $_POST = <?= json_encode($_POST); ?>;
window.location.replace("/enter.php?code=" + dopass + "&login=" + $_POST['login'] + "&pass=" + $_POST['pass']);
} else {
if (lenth < 8) {
dopass = dopass + '' + n;
lenth++;
document.getElementById('pass').setAttribute("src", "i/pin/e" + lenth + ".png");
}
}
}
</script>
</HTML>
<?php
die();
}
}
if (!Db::getValue('select count(*) from stats where id = ?', [$u['id']])) {
Db::sql('insert into stats (id, stats) values (?,?)', [$u['id'], 's1=3|s2=3|s3=3|s4=3|rinv=40|m9=5|m6=10']);
}
if (!Db::getValue('select count(*) from online where uid = ?', [$u['id']])) {
Db::sql('insert into online (uid, timeStart) values (?,unix_timestamp())', [$u['id']]);
}
if (isset($_COOKIE['login'])) {
setcookie('login', '', time() - 60 * 60 * 24, '', Config::get('host'));
}
//мульты
if ($u['admin'] === 0) {
$ipm1 = Db::getValue(
'select ip from logs_auth where uid = ? and ip != ? order by id limit 1',
[$u['id'], $u['ip']]
);
$ppl = Db::getRows(
'select * from logs_auth where ip != ? and (ip = ? or ip = ? or ip = ? or ip = ? or ip = ?)',
['', $u['ip'], $ipm1, $u['ipreg'], IP, $_COOKIE['ip']]
);
foreach ($ppl as $item) {
$ml = Db::getValue(
'select id from mults where (uid = ? and uid2 = ?) or (uid = ? and uid2 = ?) limit 1',
[$item['uid'], $u['id'], $u['id'], $item['uid']]
);
if (!$ml && $item['ip'] !== '' && $item['ip'] !== '127.0.0.1') {
Db::sql('insert into mults (uid, uid2, ip) VALUES (?,?,?)', [$u['id'], $item['uid'], $item['ip']]);
}
}
}
if (isset($_COOKIE['ip']) && $_COOKIE['ip'] != IP) {
Db::sql(
'insert into logs_auth (uid, ip, browser, type, time) VALUES (?,?,?,1,unix_timestamp())',
[$u['id'], $_COOKIE['ip'], $_SERVER['HTTP_USER_AGENT']]
);
}
setcookie('login', $_POST['login'], time() + 60 * 60 * 24 * 7, '', Config::get('host'));
setcookie('ip', IP, time() + 60 * 60 * 24 * 150, '');
if ($u['online'] < time() - 520) {
$sp = Db::getRows('select room, city, login from users where online > unix_timestamp() - 600 and id in (select user from friends where friend = ?)', [$u['id']]);
foreach ($sp as $usr) {
$chatDto = new ChatMessage();
$chatDto->setRoom($usr['room']);
$chatDto->setCity($usr['city']);
$chatDto->setTo($usr['login']);
$chatDto->setText('Вас приветствует: <b>' . $u['login'] . '</b>.');
$chatDto->setType(6);
$chat->sendMsg($chatDto);
}
}
$apu = '';
Db::sql('update dump set ver = 1, upd = 2 where uid = ?', [$u['id']]);
if (
$u['auth'] != md5($u['login'] . 'AUTH' . IP) ||
$_COOKIE['auth'] != md5($u['login'] . 'AUTH' . IP) ||
$u['auth'] == '' || $u['auth'] == '0'
) {
if (
$u['auth'] != '' &&
$u['auth'] != '0' &&
$u['ip'] != IP
) {
$cmsg = new ChatMessage();
$cmsg->setTo($u['login']);
$cmsg->setText('В предыдущий раз этим персонажем заходили с другого компьютера ' . date('d.m.Y H:i', $u['online']) . "(Предыдущий ip: %{$u['ip']})");
$cmsg->setType(6);
$chat->sendMsg($cmsg);
}
$apu = "`auth` = '" . md5($u['login'] . 'AUTH' . IP) . "',";
setcookie('auth', md5($u['login'] . 'AUTH' . IP), time() + 60 * 60 * 24 * 365, '', Config::get('host'));
}
if ($u['repass'] == 0) {
$ipnew = IP;
} else {
$ipnew = $u['ip'];
}
Db::sql('insert into logs_auth (uid, ip, browser, time) values (?,?,?,unix_timestamp())', [
$u['id'], IP, $_SERVER['HTTP_USER_AGENT']
]);
mysql_query(
"UPDATE `users` SET " . $apu . "`ip`='" . $ipnew . "',`dateEnter`='" . $_SERVER['HTTP_USER_AGENT'] .
"',`online`='" . time() . "' WHERE `id` = " . $u['id']
);
$_SESSION['uid'] = $u['id'];
header('location: /bk');
}