15) { $ip = $_SERVER["REMOTE_ADDR"]; $timefin = time()+10800; mysql_query("INSERT INTO `banni` (ip,time,par,raisons) VALUES ('$ip','$timefin','auto','Plus de 15 essais de connexion')"); header("Location: index.php?erreur=b"); exit; } // Vérification du Captcha si plus de 3 erreurs if (isset($_SESSION['essaimdp']) && $_SESSION['essaimdp'] >= 3) { if (!isset($_POST['captcha']) || empty($_POST['captcha']) || strtolower($_POST['captcha']) != strtolower($_SESSION['aleat_nbr'])) { $_SESSION['essaimdp']++; $ip = $_SERVER["REMOTE_ADDR"]; $essai = $_SESSION['essaimdp']; mysql_query("UPDATE `securite_identification` SET `essai`='$essai' WHERE `ip` = '$ip';"); header("Location: index.php?erreur=2"); exit; } } $login = addslashes($_POST[$_SESSION['champLogin']]); $req = mysql_query("SELECT * FROM user WHERE pseudo = '$login'") or die('Erreur SQL :
'.$sql); if (mysql_num_rows($req) > 0) { $data = mysql_fetch_assoc($req); // if ($_POST[$_SESSION['champMdp']]] == $data['mdp']) { if (sha1(strtoupper($_POST[$_SESSION['champLogin']]).':'.$_POST[$_SESSION['champMdp']]) == $data['mdp']) { $time = time(); $ip = $_SERVER["REMOTE_ADDR"]; mysql_query("UPDATE `user` SET `last_ip`='$ip', `last_visite`='$time' WHERE `id` = '{$data['id']}';"); $loginOK = true; $_SESSION['id'] = $data['id']; $_SESSION['auth_level'] = $data['auth_level']; $_SESSION['timestamp'] = time(); $_SESSION['ip'] = $_SERVER["REMOTE_ADDR"]; $_SESSION['realip'] = realip(); } } } if ($loginOK) { $_SESSION['id'] = $data['id']; $z = mysql_query("SELECT galaxie, ss, position FROM planete WHERE id_user='".$data['id']."'"); $donnees = mysql_fetch_array($z); $_SESSION['galaxy'] = $donnees['galaxie']; $_SESSION['ss'] = $donnees['ss']; $_SESSION['pos'] = $donnees['position']; $w = mysql_query("SELECT race FROM user WHERE id='".$data['id']."' AND pseudo = '".$login."'"); $donnees = mysql_fetch_array($w); $_SESSION['race'] = $donnees['race']; $_SESSION['dernPage'] = ''; $_SESSION['charg'] = 1; if (isset($_POST[$_SESSION['champMemo']]) && $_POST[$_SESSION['champMemo']] == "mem") { setcookie('HB_log_name', $_POST[$_SESSION['champLogin']], time()+2592000, '/'); setcookie('HB_log_mdp', $_POST[$_SESSION['champMdp']], time()+592200, '/'); } else { setcookie('HB_log_name', '', 1, '/'); setcookie('HB_log_mdp', '', 1,'/'); } mysql_query("INSERT INTO `registre_identification` (`id_util`,`ip`) VALUES ('".$_SESSION['id']."','".$_SESSION['ip']."')"); header("Location: b_index.php"); } else { $ip = $_SERVER["REMOTE_ADDR"]; $essai = $_SESSION['essaimdp']; mysql_query("INSERT INTO `securite_identification` (ip) VALUES ('$ip')"); // Bannissement automatique au bout de 15 essais if ($_SESSION['essaimdp'] >= 15) { $ip = $_SERVER["REMOTE_ADDR"]; $timefin = time()+10800; mysql_query("INSERT INTO `banni` (ip,time,par,raisons) VALUES ('$ip','$timefin','auto','Plus de 15 essais de connexion')"); header("Location: index.php?erreur=b2"); exit; } header("Location: index.php?erreur=0"); } ?>