forked from halo-battle/game
92 lines
4.5 KiB
PHP
92 lines
4.5 KiB
PHP
<?php
|
|
session_start();
|
|
$loginOK = false;
|
|
|
|
require('connectBDD.php');
|
|
require('fonctions.php');
|
|
require('securitebanni.php');
|
|
|
|
if (!isset($_SERVER['HTTP_REFERER'])) $_SERVER['HTTP_REFERER'] = '';
|
|
if (isset($_POST[$_SESSION['champLogin']]) && !ereg(time().'http://127.0.0.1/', time().$_SERVER['HTTP_REFERER']) && !ereg(time().'http://confrerienoire.no-ip.org/', time().$_SERVER['HTTP_REFERER'])) { header("Location: index.php?erreur=3"); setHistorique('Formulaire d\'\'identification non officiel', 'Par mesure de sécurité, l\'\'identification de '.$_POST[$_SESSION['champLogin']].' a été annulée car l\'\'adresse de provenance ne correspond pas à celle du site : '.$_SERVER['HTTP_REFERER']); exit; }
|
|
//if (isset($_POST[$_SESSION['champLogin']]) && !ereg(time().'http://battle.halo.fr/', time().$_SERVER['HTTP_REFERER']) && !ereg(time().'http://ligue.halo.fr/', time().$_SERVER['HTTP_REFERER']) && !ereg(time().'http://www.battle.halo.fr/', time().$_SERVER['HTTP_REFERER']) && !ereg(time().'http://www.halo2.fr/', time().$_SERVER['HTTP_REFERER']) && !ereg(time().'http://halo-game.com/', time().$_SERVER['HTTP_REFERER'])) { header("Location: index.php?erreur=3"); setHistorique('Formulaire d\'\'identification non officiel', 'Par mesure de sécurité, l\'\'identification de '.$_POST[$_SESSION['champLogin']].' a été annulée car l\'\'adresse de provenance ne correspond pas à celle du site : '.$_SERVER['HTTP_REFERER']); exit; }
|
|
|
|
if (isset($_POST) && (!empty($_POST[$_SESSION['champLogin']])) && (!empty($_POST[$_SESSION['champMdp']]))) {
|
|
if ($_SESSION['essaimdp'] > 15) {
|
|
$ip = $_SERVER["REMOTE_ADDR"];
|
|
$timefin = time()+10800;
|
|
mysql_query("INSERT INTO `banni` (ip,time,par,raisons) VALUES ('$ip','$timefin','auto','Plus de 15 essais de connexion')");
|
|
header("Location: index.php?erreur=b");
|
|
exit;
|
|
}
|
|
// Vérification du Captcha si plus de 3 erreurs
|
|
if (isset($_SESSION['essaimdp']) && $_SESSION['essaimdp'] >= 3) {
|
|
if (!isset($_POST['captcha']) || empty($_POST['captcha']) || strtolower($_POST['captcha']) != strtolower($_SESSION['aleat_nbr'])) { $_SESSION['essaimdp']++; $ip = $_SERVER["REMOTE_ADDR"]; $essai = $_SESSION['essaimdp']; mysql_query("UPDATE `securite_identification` SET `essai`='$essai' WHERE `ip` = '$ip';"); header("Location: index.php?erreur=2"); exit; }
|
|
}
|
|
|
|
$login = addslashes($_POST[$_SESSION['champLogin']]);
|
|
$req = mysql_query("SELECT * FROM user WHERE pseudo = '$login'") or die('Erreur SQL : <br />'.$sql);
|
|
|
|
if (mysql_num_rows($req) > 0) {
|
|
$data = mysql_fetch_assoc($req);
|
|
|
|
// if ($_POST[$_SESSION['champMdp']]] == $data['mdp']) {
|
|
if (sha1(strtoupper($_POST[$_SESSION['champLogin']]).':'.$_POST[$_SESSION['champMdp']]) == $data['mdp']) {
|
|
$time = time();
|
|
$ip = $_SERVER["REMOTE_ADDR"];
|
|
mysql_query("UPDATE `user` SET `last_ip`='$ip', `last_visite`='$time' WHERE `id` = '{$data['id']}';");
|
|
$loginOK = true;
|
|
$_SESSION['id'] = $data['id'];
|
|
$_SESSION['auth_level'] = $data['auth_level'];
|
|
$_SESSION['timestamp'] = time();
|
|
$_SESSION['ip'] = $_SERVER["REMOTE_ADDR"];
|
|
$_SESSION['realip'] = realip();
|
|
}
|
|
}
|
|
}
|
|
|
|
if ($loginOK) {
|
|
$_SESSION['id'] = $data['id'];
|
|
|
|
$z = mysql_query("SELECT galaxie, ss, position FROM planete WHERE id_user='".$data['id']."'");
|
|
$donnees = mysql_fetch_array($z);
|
|
|
|
$_SESSION['galaxy'] = $donnees['galaxie'];
|
|
$_SESSION['ss'] = $donnees['ss'];
|
|
$_SESSION['pos'] = $donnees['position'];
|
|
|
|
$w = mysql_query("SELECT race FROM user WHERE id='".$data['id']."' AND pseudo = '".$login."'");
|
|
$donnees = mysql_fetch_array($w);
|
|
|
|
$_SESSION['race'] = $donnees['race'];
|
|
|
|
$_SESSION['dernPage'] = '';
|
|
|
|
$_SESSION['charg'] = 1;
|
|
|
|
if (isset($_POST[$_SESSION['champMemo']]) && $_POST[$_SESSION['champMemo']] == "mem") {
|
|
setcookie('HB_log_name', $_POST[$_SESSION['champLogin']], time()+2592000, '/');
|
|
setcookie('HB_log_mdp', $_POST[$_SESSION['champMdp']], time()+592200, '/');
|
|
}
|
|
else {
|
|
setcookie('HB_log_name', '', 1, '/');
|
|
setcookie('HB_log_mdp', '', 1,'/');
|
|
}
|
|
|
|
mysql_query("INSERT INTO `registre_identification` (`id_util`,`ip`) VALUES ('".$_SESSION['id']."','".$_SESSION['ip']."')");
|
|
header("Location: b_index.php");
|
|
}
|
|
else {
|
|
$ip = $_SERVER["REMOTE_ADDR"];
|
|
$essai = $_SESSION['essaimdp'];
|
|
mysql_query("INSERT INTO `securite_identification` (ip) VALUES ('$ip')");
|
|
// Bannissement automatique au bout de 15 essais
|
|
if ($_SESSION['essaimdp'] >= 15) {
|
|
$ip = $_SERVER["REMOTE_ADDR"];
|
|
$timefin = time()+10800;
|
|
mysql_query("INSERT INTO `banni` (ip,time,par,raisons) VALUES ('$ip','$timefin','auto','Plus de 15 essais de connexion')");
|
|
header("Location: index.php?erreur=b2");
|
|
exit;
|
|
}
|
|
header("Location: index.php?erreur=0");
|
|
}
|
|
?>
|