2007-11-04 11:00:00 +00:00
< ? php
session_start ();
$loginOK = false ;
require ( 'connectBDD.php' );
require ( 'securitebanni.php' );
if ( ! isset ( $_SERVER [ 'HTTP_REFERER' ])) $_SERVER [ 'HTTP_REFERER' ] = '' ;
if ( isset ( $_POST [ 'login' ]) && ! ereg ( time () . 'http://battle.halo.fr/' , time () . $_SERVER [ 'HTTP_REFERER' ]) && ! ereg ( time () . 'http://www.battle.halo.fr/' , time () . $_SERVER [ 'HTTP_REFERER' ]) && ! ereg ( time () . 'http://www.halo2.fr/' , time () . $_SERVER [ 'HTTP_REFERER' ]) && ! ereg ( time () . 'http://halo-game.com/' , time () . $_SERVER [ 'HTTP_REFERER' ])) { header ( " Location: index.php?erreur=3 " ); setHistorique ( 'Formulaire d\'\'identification non officiel' , 'Par mesure de s<> curit<69> , l\'\'identification de ' . $_POST [ 'login' ] . ' a <20> t<EFBFBD> annul<75> e car l\'\'adresse de provenance ne correspond pas <20> celle du site : ' . $_SERVER [ 'HTTP_REFERER' ]); exit ; }
if ( isset ( $_POST ) && ( ! empty ( $_POST [ 'login' ])) && ( ! empty ( $_POST [ 'password' ]))) {
if ( $_SESSION [ 'essaimdp' ] > 15 ) {
$ip = $_SERVER [ " REMOTE_ADDR " ];
$timefin = time () + 10800 ;
mysql_query ( " INSERT INTO `banni` (ip,time,par,raisons) VALUES (' $ip ',' $timefin ','auto','Plus de 15 essais de connexion') " );
header ( " Location: index.php?erreur=b " );
exit ;
}
// V<> rification du Captcha si plus de 3 erreurs
if ( isset ( $_SESSION [ 'essaimdp' ]) && $_SESSION [ 'essaimdp' ] >= 3 ) {
if ( ! isset ( $_POST [ 'captcha' ]) || empty ( $_POST [ 'captcha' ]) || $_POST [ 'captcha' ] != $_SESSION [ 'aleat_nbr' ]) { $_SESSION [ 'essaimdp' ] ++ ; header ( " Location: index.php?erreur=2 " ); exit ; }
}
$login = addslashes ( $_POST [ 'login' ]);
$req = mysql_query ( " SELECT * FROM user WHERE pseudo = ' $login ' " ) or die ( 'Erreur SQL : <br />' . $sql );
if ( mysql_num_rows ( $req ) > 0 ) {
$data = mysql_fetch_assoc ( $req );
// if ($_POST['password'] == $data['mdp']) {
if ( sha1 ( strtoupper ( $_POST [ 'login' ]) . ':' . $_POST [ 'password' ]) == $data [ 'mdp' ]) {
$time = time ();
$ip = $_SERVER [ " REMOTE_ADDR " ];
mysql_query ( " UPDATE `user` SET `last_ip`=' $ip ', `last_visite`=' $time ' WHERE `id` = ' { $data [ 'id' ] } '; " );
$loginOK = true ;
$_SESSION [ 'id' ] = $data [ 'id' ];
2007-11-05 11:00:00 +00:00
$_SESSION [ 'auth_level' ] = $data [ 'auth_level' ];
$_SESSION [ 'timestamp' ] = time ();
$_SESSION [ 'ip' ] = $_SERVER [ " REMOTE_ADDR " ];
$_SESSION [ 'realip' ] = realip ();
2007-11-04 11:00:00 +00:00
}
}
}
if ( $loginOK ) {
$_SESSION [ 'id' ] = $data [ 'id' ];
$z = mysql_query ( " SELECT galaxie, ss, position FROM planete WHERE id_user=' " . $data [ 'id' ] . " ' " );
$donnees = mysql_fetch_array ( $z );
$_SESSION [ 'galaxy' ] = $donnees [ 'galaxie' ];
$_SESSION [ 'ss' ] = $donnees [ 'ss' ];
$_SESSION [ 'pos' ] = $donnees [ 'position' ];
$w = mysql_query ( " SELECT race FROM user WHERE id=' " . $data [ 'id' ] . " ' AND pseudo = ' " . $login . " ' " );
$donnees = mysql_fetch_array ( $w );
$_SESSION [ 'race' ] = $donnees [ 'race' ];
$_SESSION [ 'charg' ] = 1 ;
header ( " Location: b_index.php " );
}
else {
if ( isset ( $_SESSION [ 'essaimdp' ]) && $_SESSION [ 'essaimdp' ] >= 0 ) $_SESSION [ 'essaimdp' ] ++ ;
else $_SESSION [ 'essaimdp' ] = 1 ;
// Bannissement automatique au bout de 15 essais
if ( $_SESSION [ 'essaimdp' ] >= 15 ) {
$ip = $_SERVER [ " REMOTE_ADDR " ];
$timefin = time () + 10800 ;
mysql_query ( " INSERT INTO `banni` (ip,time,par,raisons) VALUES (' $ip ',' $timefin ','auto','Plus de 15 essais de connexion') " );
header ( " Location: index.php?erreur=b2 " );
exit ;
}
header ( " Location: index.php?erreur=0 " );
}
?>