76 lines
3.1 KiB
PHP
76 lines
3.1 KiB
PHP
<?php
|
|
session_start();
|
|
$loginOK = false;
|
|
|
|
require('connectBDD.php');
|
|
require('securitebanni.php');
|
|
|
|
if (!isset($_SERVER['HTTP_REFERER'])) $_SERVER['HTTP_REFERER'] = '';
|
|
if (isset($_POST['login']) && !ereg(time().'http://battle.halo.fr/', time().$_SERVER['HTTP_REFERER']) && !ereg(time().'http://www.battle.halo.fr/', time().$_SERVER['HTTP_REFERER']) && !ereg(time().'http://www.halo2.fr/', time().$_SERVER['HTTP_REFERER']) && !ereg(time().'http://halo-game.com/', time().$_SERVER['HTTP_REFERER'])) { header("Location: index.php?erreur=3"); setHistorique('Formulaire d\'\'identification non officiel', 'Par mesure de sécurité, l\'\'identification de '.$_POST['login'].' a été annulée car l\'\'adresse de provenance ne correspond pas à celle du site : '.$_SERVER['HTTP_REFERER']); exit; }
|
|
|
|
if (isset($_POST) && (!empty($_POST['login'])) && (!empty($_POST['password']))) {
|
|
if ($_SESSION['essaimdp'] > 15) {
|
|
$ip = $_SERVER["REMOTE_ADDR"];
|
|
$timefin = time()+10800;
|
|
mysql_query("INSERT INTO `banni` (ip,time,par,raisons) VALUES ('$ip','$timefin','auto','Plus de 15 essais de connexion')");
|
|
header("Location: index.php?erreur=b");
|
|
exit;
|
|
}
|
|
// Vérification du Captcha si plus de 3 erreurs
|
|
if (isset($_SESSION['essaimdp']) && $_SESSION['essaimdp'] >= 3) {
|
|
if (!isset($_POST['captcha']) || empty($_POST['captcha']) || $_POST['captcha'] != $_SESSION['aleat_nbr']) { $_SESSION['essaimdp']++; header("Location: index.php?erreur=2"); exit; }
|
|
}
|
|
|
|
$login = addslashes($_POST['login']);
|
|
$req = mysql_query("SELECT * FROM user WHERE pseudo = '$login'") or die('Erreur SQL : <br />'.$sql);
|
|
|
|
if (mysql_num_rows($req) > 0) {
|
|
$data = mysql_fetch_assoc($req);
|
|
|
|
// if ($_POST['password'] == $data['mdp']) {
|
|
if (sha1(strtoupper($_POST['login']).':'.$_POST['password']) == $data['mdp']) {
|
|
$time = time();
|
|
$ip = $_SERVER["REMOTE_ADDR"];
|
|
mysql_query("UPDATE `user` SET `last_ip`='$ip', `last_visite`='$time' WHERE `id` = '{$data['id']}';");
|
|
$loginOK = true;
|
|
$_SESSION['id'] = $data['id'];
|
|
$_SESSION['auth_level'] = $data['auth_level'];
|
|
$_SESSION['timestamp'] = time();
|
|
$_SESSION['ip'] = $_SERVER["REMOTE_ADDR"];
|
|
$_SESSION['realip'] = realip();
|
|
}
|
|
}
|
|
}
|
|
|
|
if ($loginOK) {
|
|
$_SESSION['id'] = $data['id'];
|
|
|
|
$z = mysql_query("SELECT galaxie, ss, position FROM planete WHERE id_user='".$data['id']."'");
|
|
$donnees = mysql_fetch_array($z);
|
|
|
|
$_SESSION['galaxy'] = $donnees['galaxie'];
|
|
$_SESSION['ss'] = $donnees['ss'];
|
|
$_SESSION['pos'] = $donnees['position'];
|
|
|
|
$w = mysql_query("SELECT race FROM user WHERE id='".$data['id']."' AND pseudo = '".$login."'");
|
|
$donnees = mysql_fetch_array($w);
|
|
|
|
$_SESSION['race'] = $donnees['race'];
|
|
|
|
$_SESSION['charg'] = 1;
|
|
header("Location: b_index.php");
|
|
}
|
|
else {
|
|
if (isset($_SESSION['essaimdp']) && $_SESSION['essaimdp'] >= 0) $_SESSION['essaimdp']++;
|
|
else $_SESSION['essaimdp'] = 1;
|
|
// Bannissement automatique au bout de 15 essais
|
|
if ($_SESSION['essaimdp'] >= 15) {
|
|
$ip = $_SERVER["REMOTE_ADDR"];
|
|
$timefin = time()+10800;
|
|
mysql_query("INSERT INTO `banni` (ip,time,par,raisons) VALUES ('$ip','$timefin','auto','Plus de 15 essais de connexion')");
|
|
header("Location: index.php?erreur=b2");
|
|
exit;
|
|
}
|
|
header("Location: index.php?erreur=0");
|
|
}
|
|
?>
|