forked from halo-battle/game
231 lines
11 KiB
PHP
231 lines
11 KiB
PHP
<?php
|
|
//On traite la demande de loggin de l'utilisateur
|
|
if ((isset($_GET['l']) && isset($_GET['p'])) || (isset($_POST['HB_login']) && isset($_POST['HB_password'])))
|
|
{
|
|
//Récupération des données POST ou GET
|
|
if (isset($_POST['HB_login']) && isset($_POST['HB_password']) && gpc('p') == 'connexion')
|
|
{
|
|
$HB_login = gpc('HB_login', 'post');
|
|
$HB_password = gpc('HB_password', 'post');
|
|
$HB_auth = hash("sha512", $HB_login.'Ņ♂↨'.$HB_password.'☻♫☼'.date('W!Y¨D@j').$_SERVER["HTTP_USER_AGENT"].$_SERVER["REMOTE_ADDR"]);
|
|
}
|
|
else
|
|
{
|
|
$HB_login = gpc('l');
|
|
if (is_numeric('0x'.gpc('p')))
|
|
$HB_password = cxor(hexstr(gpc('p')), date('WYDj'));
|
|
$HB_auth = gpc('a');
|
|
}
|
|
|
|
if (empty($HB_login) || empty($HB_password))
|
|
{
|
|
$template->assign('message', $LANG['badNomMdp']);
|
|
$template->assign('couleur', 'red');
|
|
$template->display('cms/erreur.tpl');
|
|
exit;
|
|
}
|
|
elseif (hash("sha512", $HB_login.'Ņ♂↨'.$HB_password.'☻♫☼'.date('W!Y¨D@j').$_SERVER["HTTP_USER_AGENT"].$_SERVER["REMOTE_ADDR"]) != $HB_auth && hash("sha512", $HB_login.'Ņ♂↨'.$HB_password.'☻♫☼'.date('W!Y¨D@j', time()-300)) != $HB_auth)
|
|
{
|
|
$template->assign('message', $LANG['badAuthConnect'].'<br /><br />'.$LANG['contactAdmin']);
|
|
$template->assign('couleur', 'red');
|
|
$template->display('cms/erreur.tpl');
|
|
exit;
|
|
}
|
|
else
|
|
{
|
|
$ip = $_SERVER["REMOTE_ADDR"];
|
|
|
|
//Connexion à la base de données
|
|
if (!isset($bdd)) $bdd = new BDD();
|
|
else $bdd->reconnexion();
|
|
|
|
//Sauvegarde du nombre d'essai pour éviter les brute-force
|
|
$bruteforce = $bdd->unique_query("SELECT nombre FROM securite_identification WHERE ip = '$ip';");
|
|
if ($bruteforce['nombre'] >= 10)
|
|
{
|
|
$fichier = fopen(ONYX."ban.xlist",'a+');
|
|
fwrite($fichier, $ip."\n\r");
|
|
fclose($fichier);
|
|
}
|
|
$bdd->escape($HB_login);
|
|
if (!$var = $bdd->unique_query("SELECT mdp_var, mdp FROM $table_user WHERE pseudo = '$HB_login';"))
|
|
{
|
|
if (isset($bruteforce['nombre']))
|
|
$bdd->query("UPDATE securite_identification SET nombre = nombre + 1 WHERE ip = '$ip';");
|
|
else
|
|
$bdd->query("INSERT INTO securite_identification VALUES ('$ip', '1', '".time()."');");
|
|
|
|
$bdd->deconnexion();
|
|
$template->assign('message', $LANG['badNomMdp']);
|
|
$template->assign('couleur','red');
|
|
$template->assign('script','<script type="text/javascript">setTimeout(\'document.location.href="'.$VAR['link']['accueil'].'";\', 2500);</script>');
|
|
$template->display('cms/erreur.tpl');
|
|
exit;
|
|
}
|
|
$bdd->deconnexion();
|
|
|
|
$HB_password = mdp($HB_login, $HB_password, $var['mdp_var']);
|
|
|
|
//Limiter le nombre de personnes en ligne simutanément
|
|
if ($header['count'][2] > 1500)
|
|
{
|
|
$template->assign('message', $LANG['servSature']);
|
|
$template->assign('couleur', 'red');
|
|
$template->display('cms/erreur.tpl');
|
|
exit;
|
|
}
|
|
|
|
unset($bruteforce, $fichier);
|
|
$time = time();
|
|
|
|
$bdd->reconnexion();
|
|
$bdd->escape($HB_password);
|
|
|
|
$resultat = $bdd->unique_query("SELECT id, race, mv, last_visite, auth_level, raisonmv FROM $table_user WHERE pseudo = '$HB_login' AND mdp = '$HB_password';");
|
|
|
|
if ($resultat)
|
|
{
|
|
$id = $resultat['id'];
|
|
$reqPlan = $bdd->query("SELECT id, file_bat, file_tech, file_cas, file_vais, file_ter, timestamp FROM $table_planete WHERE id_user = '$id' ORDER BY id ASC;");
|
|
$resultatP = $reqPlan[0];
|
|
$race = $resultat['race'];
|
|
|
|
if (!$reqPlan)
|
|
{
|
|
$template->assign('message', $LANG['badPlanete']);
|
|
$template->assign('couleur', 'red');
|
|
$template->display('cms/erreur.tpl');
|
|
exit;
|
|
}
|
|
|
|
if ($resultat['mv'] > 0)
|
|
{
|
|
if (($resultat['last_visite'] + 259200 > time() || $resultat['mv'] == 3) && $resultat['auth_level'] < 2)
|
|
{
|
|
if ($resultat['mv'] == 3)
|
|
$template->assign('message', sprintf($LANG['banInf'], $resultat['raisonmv']));
|
|
elseif ($resultat['mv'] == 2)
|
|
$template->assign('message', sprintf($LANG['banVac'], $resultat['raisonmv'], strftime("%A %d %B à %H:%M", $resultat['last_visite']+259200)));
|
|
else
|
|
$template->assign('message', sprintf($LANG['modVac'], strftime("%A %d %B à %H:%M", $resultat['last_visite']+259200)));
|
|
|
|
$template->assign('couleur', 'red');
|
|
$template->display('cms/erreur.tpl');
|
|
exit;
|
|
}
|
|
|
|
$bdd->query("UPDATE $table_user SET mv = '0' WHERE id = $id;");
|
|
$bdd->query("UPDATE $table_planete SET timestamp = '".time()."' WHERE id_user = $id;");
|
|
$bdd->deconnexion();
|
|
|
|
//On fait repartir à 0 les files d'attente
|
|
include_once("game/vars.php");
|
|
include_once("Class/class.file.php");
|
|
include_once("Class/class.user.php");
|
|
include_once("Class/class.planete.php");
|
|
|
|
foreach ($reqPlan as $plan)
|
|
{
|
|
if (!empty($plan['file_bat']))
|
|
{
|
|
$file = new File($plan['file_bat']);
|
|
$fileBat = $file->reajusteVacances($plan['timestamp']);
|
|
}
|
|
else
|
|
$fileBat = '';
|
|
if (!empty($plan['file_tech']))
|
|
{
|
|
$file = new File($plan['file_tech']);
|
|
$fileTech = $file->reajusteVacances($plan['timestamp']);
|
|
}
|
|
else
|
|
$fileTech = '';
|
|
if (!empty($plan['file_cas']))
|
|
{
|
|
$file = new File($plan['file_cas']);
|
|
$fileCas = $file->reajusteVacances($plan['timestamp']);
|
|
}
|
|
else
|
|
$fileCas = '';
|
|
if (!empty($plan['file_vais']))
|
|
{
|
|
$file = new File($plan['file_vais']);
|
|
$fileVais = $file->reajusteVacances($plan['timestamp']);
|
|
}
|
|
else
|
|
$fileVais = '';
|
|
if (!empty($plan['file_ter']))
|
|
{
|
|
$file = new File($plan['file_ter']);
|
|
$fileTer = $file->reajusteVacances($plan['timestamp']);
|
|
}
|
|
else
|
|
$fileTer = '';
|
|
|
|
$idPlan = $plan['id'];
|
|
$bdd->reconnexion();
|
|
$bdd->escape($fileBat);
|
|
$bdd->escape($fileTech);
|
|
$bdd->escape($fileCas);
|
|
$bdd->escape($fileVais);
|
|
$bdd->escape($fileTer);
|
|
$bdd->query("UPDATE $table_planete SET file_bat = '$fileBat', file_tech = '$fileTech', file_cas = '$fileCas', file_vais = '$fileVais', file_ter = '$fileTer' WHERE id = $idPlan;");
|
|
$bdd->deconnexion();
|
|
|
|
//On met à jour la planète pour tout le reste
|
|
$plan = new Planete($idPlan, true);
|
|
}
|
|
}
|
|
//On met à jour toutes les planètes si le nombre de joueurs n'est pas trop important
|
|
elseif ($header['count'][2] > 400)
|
|
{
|
|
include_once("game/vars.php");
|
|
include_once("Class/class.file.php");
|
|
include_once("Class/class.user.php");
|
|
include_once("Class/class.planete.php");
|
|
|
|
foreach ($reqPlan as $plan)
|
|
{
|
|
$plan = new Planete($plan['id'], true);
|
|
}
|
|
}
|
|
|
|
unset($plan);
|
|
|
|
$bdd->reconnexion();
|
|
$bdd->query("UPDATE $table_user SET last_visite = '$time', last_ip = '$ip' WHERE id = $id;");
|
|
$bdd->query("INSERT INTO $table_registre_identification (id_util, ip) VALUES (".$id.",'".$ip."');");
|
|
$multi = $bdd->unique_query("SELECT COUNT(*) FROM $table_registre_identification WHERE ip = '$ip' GROUP BY ip, id_util;");
|
|
$message = $bdd->unique_query("SELECT time FROM $table_messages_demarrage ORDER BY time DESC LIMIT 1;");
|
|
$bdd->deconnexion();
|
|
|
|
$SESS->values['connected'] = TRUE;
|
|
$SESS->values['id'] = $resultat['id'];
|
|
$SESS->values['race'] = $resultat['race'];
|
|
$SESS->values['idPlan'] = $resultatP['id'];
|
|
$SESS->values['idAsteroide'] = 0;
|
|
|
|
//Si on détecte le multi-compte, on interdit l'accès au panneau d'admin
|
|
if (empty($multi)) $SESS->level = 1;
|
|
else $SESS->level = $resultat['auth_level'] + 1;
|
|
$SESS->put($resultat['id']);
|
|
|
|
if ($message['time'] > $resultat['last_visite']) redirection('./'.$VAR['first_page'].'?p=demarrage');
|
|
elseif (empty($multi)) redirection('./'.$VAR['first_page'].'?p=avertmulti');
|
|
else redirection('./'.$VAR['first_page'].'?p=accueil');
|
|
exit;
|
|
}
|
|
else
|
|
{
|
|
$bdd->deconnexion();
|
|
|
|
$template->assign('message', $LANG['badNomMdp']);
|
|
$template->assign('couleur', 'red');
|
|
$template->assign('script', '<script type="text/javascript">setTimeout(\'document.location.href="'.$VAR['link']['accueil'].'";\', 2500);</script>');
|
|
$template->display('cms/erreur.tpl');
|
|
exit;
|
|
}
|
|
}
|
|
}
|
|
?>
|