halo-battle/game
1
0
Fork 1
Code Issues Pull Requests Projects Releases Activity
73645ccc1f
game/verifLogin.php

92 lines
4.5 KiB
PHP
Raw Blame History

<?php
session_start();
$loginOK = false;
require('connectBDD.php');
require('fonctions.php');
require('securitebanni.php');
if (!isset($_SERVER['HTTP_REFERER'])) $_SERVER['HTTP_REFERER'] = '';
if (isset($_POST[$_SESSION['champLogin']]) && !ereg(time().'http://127.0.0.1/', time().$_SERVER['HTTP_REFERER']) && !ereg(time().'http://confrerienoire.no-ip.org/', time().$_SERVER['HTTP_REFERER'])) { header("Location: index.php?erreur=3"); setHistorique('Formulaire d\'\'identification non officiel', 'Par mesure de sécurité, l\'\'identification de '.$_POST[$_SESSION['champLogin']].' a été annulée car l\'\'adresse de provenance ne correspond pas à celle du site : '.$_SERVER['HTTP_REFERER']); exit; }
//if (isset($_POST[$_SESSION['champLogin']]) && !ereg(time().'http://battle.halo.fr/', time().$_SERVER['HTTP_REFERER']) && !ereg(time().'http://ligue.halo.fr/', time().$_SERVER['HTTP_REFERER']) && !ereg(time().'http://www.battle.halo.fr/', time().$_SERVER['HTTP_REFERER']) && !ereg(time().'http://www.halo2.fr/', time().$_SERVER['HTTP_REFERER']) && !ereg(time().'http://halo-game.com/', time().$_SERVER['HTTP_REFERER'])) { header("Location: index.php?erreur=3"); setHistorique('Formulaire d\'\'identification non officiel', 'Par mesure de sécurité, l\'\'identification de '.$_POST[$_SESSION['champLogin']].' a été annulée car l\'\'adresse de provenance ne correspond pas à celle du site : '.$_SERVER['HTTP_REFERER']); exit; }
if (isset($_POST) && (!empty($_POST[$_SESSION['champLogin']])) && (!empty($_POST[$_SESSION['champMdp']]))) {
if ($_SESSION['essaimdp'] > 15) {
$ip = $_SERVER["REMOTE_ADDR"];
$timefin = time()+10800;
mysql_query("INSERT INTO `banni` (ip,time,par,raisons) VALUES ('$ip','$timefin','auto','Plus de 15 essais de connexion')");
header("Location: index.php?erreur=b");
exit;
}
// Vérification du Captcha si plus de 3 erreurs
if (isset($_SESSION['essaimdp']) && $_SESSION['essaimdp'] >= 3) {
if (!isset($_POST['captcha']) || empty($_POST['captcha']) || strtolower($_POST['captcha']) != strtolower($_SESSION['aleat_nbr'])) { $_SESSION['essaimdp']++; $ip = $_SERVER["REMOTE_ADDR"]; $essai = $_SESSION['essaimdp']; mysql_query("UPDATE `securite_identification` SET `essai`='$essai' WHERE `ip` = '$ip';"); header("Location: index.php?erreur=2"); exit; }
}
$login = addslashes($_POST[$_SESSION['champLogin']]);
$req = mysql_query("SELECT * FROM user WHERE pseudo = '$login'") or die('Erreur SQL : <br />'.$sql);
if (mysql_num_rows($req) > 0) {
$data = mysql_fetch_assoc($req);
// if ($_POST[$_SESSION['champMdp']]] == $data['mdp']) {
if (sha1(strtoupper($_POST[$_SESSION['champLogin']]).':'.$_POST[$_SESSION['champMdp']]) == $data['mdp']) {
$time = time();
$ip = $_SERVER["REMOTE_ADDR"];
mysql_query("UPDATE `user` SET `last_ip`='$ip', `last_visite`='$time' WHERE `id` = '{$data['id']}';");
$loginOK = true;
$_SESSION['id'] = $data['id'];
$_SESSION['auth_level'] = $data['auth_level'];
$_SESSION['timestamp'] = time();
$_SESSION['ip'] = $_SERVER["REMOTE_ADDR"];
$_SESSION['realip'] = realip();
}
}
}
if ($loginOK) {
$_SESSION['id'] = $data['id'];
$z = mysql_query("SELECT galaxie, ss, position FROM planete WHERE id_user='".$data['id']."'");
$donnees = mysql_fetch_array($z);
$_SESSION['galaxy'] = $donnees['galaxie'];
$_SESSION['ss'] = $donnees['ss'];
$_SESSION['pos'] = $donnees['position'];
$w = mysql_query("SELECT race FROM user WHERE id='".$data['id']."' AND pseudo = '".$login."'");
$donnees = mysql_fetch_array($w);
$_SESSION['race'] = $donnees['race'];
$_SESSION['dernPage'] = '';
$_SESSION['charg'] = 1;
if (isset($_POST[$_SESSION['champMemo']]) && $_POST[$_SESSION['champMemo']] == "mem") {
setcookie('HB_log_name', $_POST[$_SESSION['champLogin']], time()+2592000, '/');
setcookie('HB_log_mdp', $_POST[$_SESSION['champMdp']], time()+592200, '/');
}
else {
setcookie('HB_log_name', '', 1, '/');
setcookie('HB_log_mdp', '', 1,'/');
}
mysql_query("INSERT INTO `registre_identification` (`id_util`,`ip`) VALUES ('".$_SESSION['id']."','".$_SESSION['ip']."')");
header("Location: b_index.php");
}
else {
$ip = $_SERVER["REMOTE_ADDR"];
$essai = $_SESSION['essaimdp'];
mysql_query("INSERT INTO `securite_identification` (ip) VALUES ('$ip')");
// Bannissement automatique au bout de 15 essais
if ($_SESSION['essaimdp'] >= 15) {
$ip = $_SERVER["REMOTE_ADDR"];
$timefin = time()+10800;
mysql_query("INSERT INTO `banni` (ip,time,par,raisons) VALUES ('$ip','$timefin','auto','Plus de 15 essais de connexion')");
header("Location: index.php?erreur=b2");
exit;
}
header("Location: index.php?erreur=0");
}
?>
Reference in New Issue View Git Blame Copy Permalink