game/enter.php

<?php

use Core\Config;
use Core\Database;
use Core\Db;

if (session_status() == PHP_SESSION_NONE) {
    session_start();
}

require_once __DIR__ . DIRECTORY_SEPARATOR . '_incl_data/autoload.php';

Database::init();

define('IP', UserIp::get());
$chat = new Chat();

if (isset($_GET['login'])) {
    $_POST['login'] = $_GET['login'];
    $_POST['pass'] = $_GET['pass'];
    $_POST['code'] = $_GET['code'];
}

if (isset($_POST['psw'])) {
    $_POST['pass'] = $_POST['psw'];
}

if (isset($_SESSION['login'])) {
    $_POST['login'] = $_SESSION['login'];
    $_POST['pass'] = $_SESSION['pass'];
}

function error($e)
{
    die(
        '
<link rel="stylesheet" href="error.css">
<div class="text-wrapper">
    <div class="title" data-content="Ошибка">
        Ошибка!!
    </div>

    <div class="subtitle">
        ' . $e . '
    </div>

    <div class="buttons">
        <a class="button" href="' . Config::get('https') . '">Вернуться назад</a>
    </div>
</div>
'
    );
}

function checkPassword(string $password, string $passwordHash, string $login): bool
{
    if (password_verify($password, $passwordHash)) { // check password
        return true;
    } else {
        if (
                md5($password) === $passwordHash || // convert old md5() password
                password_needs_rehash($passwordHash, PASSWORD_DEFAULT) //rehash if PASSWORD_DEFAULT changed
        ) {
            $hash = password_hash($password, PASSWORD_DEFAULT);
            Db::sql('update users set pass = ? where login = ?', [$hash, $login]);
            return true;
        }
        return false;
    }
}

$u = Db::getRow(
    'select
    users.id,
    users.login,
    auth,
    pass,
    pass2,
    users.city,
    users.ip,
    ipreg,
    admin,
    online,
    banned,
    host_reg,
    timereg,
    securetime,
    users_delo.text as block_reason
            from users
                left join users_delo on users.id = users_delo.uid
            where users.login = ?',
    [$_POST['login']]
);
$auth = Db::getValue('select id from logs_auth where uid = ? and ip = ?', [$u['id'], IP]);

if (!isset($u['id'])) {
    error('Логин "' . $_POST['login'] . '" не найден в базе.');
} elseif ($u['banned'] > 0) {
    $blockstr = "Персонаж <b>{$u['login']}</b> заблокирован.";
    $blockstr .= $u['block_reason'] ? "Причина блокировки: {$u['block_reason']}<br><br>" : '<br><br>';
    error($blockstr);
} elseif (!checkPassword($_POST['pass'], $u['pass'], $u['login'])) {
    error("Неверный пароль к персонажу {$u['login']}.");
    Db::sql(
        'insert into logs_auth (uid, ip, browser, type, time) values (?,?,?,3,unix_timestamp())',
        [$u['id'], IP, $_SERVER['HTTP_USER_AGENT']]
    );
} else {

    //Второй пароль
    if (!empty($u['pass2'])) {
        $_SESSION['login'] = $_POST['login'];
        $_SESSION['pass'] = $_POST['pass'];
        $good2 = false;
        $koko = '';
        if (password_verify($_POST['code'], $u['pass2'])) {
            $good2 = true;
            unset($_SESSION['login'], $_SESSION['pass']);
        } else {
            if (isset($_POST['code'])) {
                $koko = 'Неверный второй пароль<br>';
            }
            setcookie('login', '', time() - 60 * 60 * 24, '', Config::get('host'));
        }

        if ($koko) {
            $koko = '<b style="color: red">' . $koko . '</b>';
        }
        if (!$good2) {
            ?>
            <!Doctype html>
            <HTML lang="ru">
            <HEAD>
                <link rel=stylesheet type="text/css">
                
                <meta name="msapplication-config" content="browserconfig.xml"/>
                <TITLE>Второй пароль</TITLE>
            </HEAD>
            <body style="background-color: #dfdfde;">
            <H3>Запрос второго пароля к персонажу.</H3>
            <?= $koko ?>
            <div style="text-align: center">
                <br>
                <br>

                <img id="pass" onClick="" width="295" src="i/pin/e0.png" alt="pass">
                <br>
                <br>
                <img id="p1" onClick="" src="" alt="p1">
                <img id="p2" onClick="" src="" alt="p2">
                <img id="p3" onClick="" src="" alt="p3">
                <br>
                <img id="p4" onClick="" src="" alt="p4">
                <img id="p5" onClick="" src="" alt="p5">
                <img id="p6" onClick="" src="" alt="p6">
                <br>
                <img id="p7" onClick="" src="" alt="p7">
                <img id="p8" onClick="" src="" alt="p8">
                <img id="p9" onClick="" src="" alt="p9">
                <br>
                <img onClick="keypush(12);" src="i/pin/12.png" alt="back">
                <img id="p0" name="image" onClick="" src="" alt="nan">
                <img onClick="keypush(11);" src="i/pin/11.png" alt="ok">
                <br>
            </div>
            </BODY>
            <script src="//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
            <script>

                var dopass = '';
                var tdopass = '';
                var lenth = 0;
                randomp();

                function randomp() {
                    var ss = [];
                    var n = 0;
                    while (n < 10) {
                        ss[n] = n;
                        n++;
                    }

                    var i = 0;
                    var k = 0;
                    var m = 0;
                    var tmpp = 0;
                    while (i < 10) {
                        k = getRandomInt(10);
                        m = getRandomInt(10);
                        if (k != m) {
                            tmpp = ss[k];
                            ss[k] = ss[m];
                            ss[m] = tmpp;
                            i++;
                        }
                    }

                    n = 10;
                    while (n > -1) {
                        n = n - 1;
                        document.getElementById('p' + n).setAttribute("src", "i/pin/" + ss[n] + ".png");
                        document.getElementById('p' + n).setAttribute("onClick", "keypush(" + ss[n] + ");");

                    }
                }

                function getRandomInt(max) {
                    return Math.floor(Math.random() * Math.floor(max));
                }

                function keypush(n) {
                    if (n == 12) {

                        if (lenth > 0) {

                            dopass = '';

                            lenth = 0;
                            document.getElementById('pass').setAttribute("src", "i/pin/e" + lenth + ".png");
                        }
                    } else if (n == 11) {

                        var $_POST = <?= json_encode($_POST); ?>;
                        window.location.replace("/enter.php?code=" + dopass + "&login=" + $_POST['login'] + "&pass=" + $_POST['pass']);

                    } else {

                        if (lenth < 8) {
                            dopass = dopass + '' + n;
                            lenth++;
                            document.getElementById('pass').setAttribute("src", "i/pin/e" + lenth + ".png");
                        }

                    }

                }
            </script>
            </HTML>
            <?php
            die();
        }
    }

    if (!Db::getValue('select count(*) from stats where id = ?', [$u['id']])) {
        Db::sql('insert into stats (id, stats) values (?,?)', [$u['id'], 's1=3|s2=3|s3=3|s4=3|rinv=40|m9=5|m6=10']);
    }
    if (!Db::getValue('select count(*) from online where uid = ?', [$u['id']])) {
        Db::sql('insert into online (uid, timeStart) values (?,unix_timestamp())', [$u['id']]);
    }

    if (isset($_COOKIE['login'])) {
        setcookie('login', '', time() - 60 * 60 * 24, '', Config::get('host'));
    }

    //мульты
    if ($u['admin'] === 0) {
        $ipm1 = Db::getValue(
            'select ip from logs_auth where uid = ? and ip != ? order by id limit 1',
            [$u['id'], $u['ip']]
        );
        $ppl = Db::getRows(
            'select * from logs_auth where ip != ? and (ip = ? or ip = ? or ip = ? or ip = ? or ip = ?)',
            ['', $u['ip'], $ipm1, $u['ipreg'], IP, $_COOKIE['ip']]
        );
        foreach ($ppl as $item) {
            $ml = Db::getValue(
                'select id from mults where (uid = ? and uid2 = ?) or (uid = ? and uid2 = ?) limit 1',
                [$item['uid'], $u['id'], $u['id'], $item['uid']]
            );
            if (!$ml && $item['ip'] !== '' && $item['ip'] !== '127.0.0.1') {
                Db::sql('insert into mults (uid, uid2, ip) VALUES (?,?,?)', [$u['id'], $item['uid'], $item['ip']]);
            }
        }
    }

    if (isset($_COOKIE['ip']) && $_COOKIE['ip'] != IP) {
        Db::sql(
            'insert into logs_auth (uid, ip, browser, type, time) VALUES (?,?,?,1,unix_timestamp())',
            [$u['id'], $_COOKIE['ip'], $_SERVER['HTTP_USER_AGENT']]
        );
    }

    setcookie('login', $_POST['login'], time() + 60 * 60 * 24 * 7, '', Config::get('host'));
    setcookie('ip', IP, time() + 60 * 60 * 24 * 150, '');

    if ($u['online'] < time() - 520) {
        $sp = Db::getRows('select room, city, login from users where online > unix_timestamp() - 600 and id in (select user from friends where friend = ?)', [$u['id']]);
        foreach ($sp as $usr) {
            $chatDto = new ChatMessage();
            $chatDto->setRoom($usr['room']);
            $chatDto->setCity($usr['city']);
            $chatDto->setTo($usr['login']);
            $chatDto->setText('Вас приветствует: <b>' . $u['login'] . '</b>.');
            $chatDto->setType(6);
            $chat->sendMsg($chatDto);
        }
    }

    $apu = '';
    Db::sql('update dump set ver = 1, upd = 2 where uid = ?', [$u['id']]);

    if (
        $u['auth'] != md5($u['login'] . 'AUTH' . IP) ||
        $_COOKIE['auth'] != md5($u['login'] . 'AUTH' . IP) ||
        $u['auth'] == '' || $u['auth'] == '0'
    ) {
        if (
            $u['auth'] != '' &&
            $u['auth'] != '0' &&
            $u['ip'] != IP
        ) {
            $cmsg = new ChatMessage();
            $cmsg->setTo($u['login']);
            $cmsg->setText('В предыдущий раз этим персонажем заходили с другого компьютера ' . date('d.m.Y H:i', $u['online']) . "(Предыдущий ip: %{$u['ip']})");
            $cmsg->setType(6);
            $chat->sendMsg($cmsg);
        }
        $apu = "`auth` = '" . md5($u['login'] . 'AUTH' . IP) . "',";
        setcookie('auth', md5($u['login'] . 'AUTH' . IP), time() + 60 * 60 * 24 * 365, '', Config::get('host'));
    }

    if ($u['repass'] == 0) {
        $ipnew = IP;
    } else {
        $ipnew = $u['ip'];
    }


    Db::sql('insert into logs_auth (uid, ip, browser, time) values (?,?,?,unix_timestamp())', [
            $u['id'], IP, $_SERVER['HTTP_USER_AGENT']
    ]);

    mysql_query(
        "UPDATE `users` SET " . $apu . "`ip`='" . $ipnew . "',`dateEnter`='" . $_SERVER['HTTP_USER_AGENT'] .
        "',`online`='" . time() . "' WHERE `id` = " . $u['id']
    );

    $_SESSION['uid'] = $u['id'];
    header('location: /bk');

}