<?php
/* Mixanza production
* Дата последнего редактирования 16.11.2017
* Модифицировал Mixanza
*/
foreach (array('start', 'compress', 'sess', 'settings', 'db_connect', 'ipua', 'fnc', 'shif') as $inc) {
require_once "sys/inc/$inc.php";
}
$show_all = true; // показ для всех
$input_page = true;
require_once H . 'sys/inc/user.php';
only_unreg();
if (isset($_GET['id']) && isset($_GET['pass']) && $set['avto_login_set'] == 1) {
if ($pdo->query("SELECT COUNT(*) FROM user WHERE id = '" . intval($_GET['id']) . "' AND pass = '" . shif($_GET['pass']) . "' LIMIT 1")->fetchColumn() == 1) {
$user = get_user($_GET['id']);
$_SESSION['id_user'] = $user['id'];
$res = $pdo->prepare("UPDATE `user` SET `date_aut` = ?, `date_last` = ? WHERE `id` = ? LIMIT 1");
$res->execute(Array(TIME, TIME, $user['id']));
$res = $pdo->prepare("INSERT INTO user_log (id_user, time, ua, ip, method) VALUES (?, ?, ?, ?, ?)");
$res->execute(Array($user['id'], TIME, $user['ua'], $user['ip'], 0));
} else {
$_SESSION['err'] = __('Неправильный логин или пароль');
}}
elseif (isset($_POST['nick']) && isset($_POST['pass'])) {
if ($pdo->query("SELECT COUNT(*) FROM user WHERE nick = '" . mysql_real_escape_string($_POST['nick']) . "' AND pass = '" . shif($_POST['pass']) . "' LIMIT 1")->fetchColumn()) {
$user = $pdo->query("SELECT id FROM user WHERE nick = '" . mysql_real_escape_string($_POST['nick']) . "' AND pass = '" . shif($_POST['pass']) . "' LIMIT 1")->fetch(PDO::FETCH_ASSOC);
$_SESSION['id_user'] = $user['id'];
$user = get_user($user['id']);
$res = $pdo->prepare("INSERT INTO user_log (id_user, time, ua, ip, method) VALUES (?, ?, ?, ?, ?)");
$res->execute(Array($user['id'], TIME, $user['ua'], $user['ip'], 1));
$pdo->query("DELETE FROM guests WHERE ip = '$user[ip]' AND ua = '$user[ua]'");
// сохранение данных в COOKIE
setcookie('id_user', $user['id'], time()+60*60*24*365);
setcookie('pass', cookie_encrypt($_POST['pass'],$user['id']), time()+60*60*24*365);
setcookie('antilevak', '1', time()+60*60*24*365);
if ($set['antihah_hash'] == 1 and $user['hash_set'] == 1) {
$hash = " hash = '" . md5(md5($ip . md5($ua) . $user['id'])) . "',";
} else {
$hash = null;
}
$pdo->query("UPDATE user SET browser = '" . (IS_WEB == 'web' ? 'web' : 'wap') . "' WHERE id = '" . $user['id'] . "'")->fetchColumn();
$pdo->query("UPDATE user SET $hash date_aut = '$time', date_last = '$time' WHERE id = '$user[id]' LIMIT 1")->fetchColumn();
} else {
$_SESSION['err'] = __('Неправильный логин или пароль');
}
} elseif (isset($_COOKIE['id_user'], $_COOKIE['pass']) && $_COOKIE['id_user'] && $_COOKIE['pass']) {
cache_delete::user($_COOKIE['id_user']);
if ($set['antihah_hash'] == 1 AND $pdo->query("SELECT COUNT(*) FROM user WHERE id = '" . intval($_COOKIE['id_user']) . "' AND hash_set = '1' LIMIT 1")->fetchColumn() == 1) {
$hash = " hash = '" . md5(md5($ip . md5($ua) . $_COOKIE['id_user'])) . "' AND ";
} else {
$hash = null;
}
if ($pdo->query("SELECT COUNT(*) FROM `user` WHERE $hash id = '" . intval($_COOKIE['id_user']) . "' AND pass = '" . shif(cookie_decrypt($_COOKIE['pass'], intval($_COOKIE['id_user']))) . "' LIMIT 1")->fetchColumn() == 1) {
$user = get_user($_COOKIE['id_user']);
$_SESSION['id_user'] = $user['id'];
$pdo->query("UPDATE user SET date_aut = '$time', date_last = '$time' WHERE id = '$user[id]' LIMIT 1")->fetchColumn();
$pdo->query("INSERT INTO user_log (id_user, time, ua, ip, method) values('$user[id]', '$time', '$user[ua]' , '$user[ip]', '2')")->fetchColumn();
$pdo->query("UPDATE user SET browser = '" . (IS_WEB ? 'web' : 'wap') . "' WHERE id = '" . $user['id'] . "'")->fetchColumn();
$user['type_input'] = 'cookie';
} else {
$_SESSION['err'] = __('Ошибка авторизации по COOKIE');
setcookie('id_user');
setcookie('pass');
header("Location: /aut.php");
exit();
}
} else {
$_SESSION['err'] = __('Ошибка авторизации');
}
if (!isset($user)) {
$set['title'] = __('Авторизация');
require_once H . 'sys/inc/thead.php';
aut();
err();
$doc->Link('list-group-item', '/aut.php', 'arrow-left', 'Повторить попытку входа');
require_once H . 'sys/inc/tfoot.php';
}
mysql_query("UPDATE `user` SET `browser` = '" . (IS_WEB == 'web' ? 'web' : 'wap') . "' WHERE `id` = " . $user['id']."");
// Проверяем на схожие ники
$collision_q = $pdo->query("SELECT * FROM `user` WHERE `ip` = '$iplong' AND `ua` = '" . htmlspecialchars($ua) . "' AND `date_last` > '" . (time() - 1500) . "' AND `id` <> '$user[id]'")->fetchColumn();
while ($collision = mysql_fetch_assoc($collision_q)) {
if ($pdo->query(("SELECT COUNT(*) FROM `user_collision` WHERE `id_user` = '$user[id]' AND `id_user2` = '$collision[id]' OR `id_user2` = '$user[id]' AND `id_user` = '$collision[id]'"), 0)->fetchColumn() == 0) {
$pdo->query("INSERT INTO `user_collision` (`id_user`, `id_user2`, `type`) values('$user[id]', '$collision[id]', 'ip_ua_time')")->fetchColumn();
}
}
if (isset($_GET['return'])) {
header('Location: ' . urldecode($_GET['return']));
} else {
if ($set['aut_ref'] == 1 && isset($_SESSION['ref_loc'])) {
exit(header("Location: " . $_SESSION['ref_loc'] . "?&aut_ref"));
} else {
exit(header("Location: /user/menu_user.php?avtorization"));
}
}
exit;