Файл: gamele.ru/game.php
Строк: 116
<?php
session_start();
require_once "func/connect.php";
require_once "func/sql_func.php";
db_open();
$PLAY = mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `login` = '".mysql_escape_string($_POST['player_nick'])."' AND `pass` = '".md5($_POST['player_password'])."' LIMIT 1;"));
function GetUserIDtoAutch($user){
$user = mysql_fetch_assoc(mysql_query("SELECT `id` FROM `user` WHERE `login` = '".mysql_escape_string($user)."'"));
return $user['id'];
}
if(empty($_POST) or ($_POST['player_nick']=='Логин' and $_POST['player_password']=='Пароль')) {
header("Location: /?msg=noinf");
Guild_Logs($PLAY['id'],"1","|1|".getIP()."|");
exit;
}
if(!isset($PLAY['id'])) {
header("Location: /?msg=login");
if(GetUserIDtoAutch($_POST['player_nick'])!=''){
pvu_logs($PLAY['id'],"1",getIP(),"|1|".getIP());
}
exit;
}
if(!empty($PLAY['block'])) {
header("Location: /?msg=block");
exit;
}
if(!empty($PLAY['flash'])){
if(!empty($_POST['flcheck']) and $_POST['flcheck'] != $PLAY['flash']){
echo $_POST['flcheck'].' != '.$PLAY['flash'];
Guild_Logs($PLAY['id'],"1","|2|".getIP()."|");
header("Location: /?msg=login");
exit;
}elseif(empty($_POST['flcheck'])){
exit(include('includes/windows/FlashPassword.php'));
}
}
$lch=mysql_result(mysql_query("SELECT MAX(id) FROM chat LIMIT 1;"), 0);
//--------заполняем сессии переменными----
$autch_time = time();
$HonorHash = md5($PLAY['id'].$PLAY['pass'].$autch_time.getIP().$_SERVER['HTTP_USER_AGENT']);
if(mysql_num_rows(mysql_query("SELECT * FROM `active_session` WHERE `User_ID` = '".$PLAY['id']."';"))>0){
mysql_query("DELETE FROM `active_session` WHERE `User_ID` = '".$PLAY['id']."';");
}
mysql_query("INSERT INTO `active_session` (`session`,`User_ID`,`User_IP`,`Autch_time`,`Browser`) VALUES ('".$HonorHash."','".$PLAY['id']."','".getIP()."','".$autch_time."','".$_SERVER['HTTP_USER_AGENT']."');");
setcookie('UID',$HonorHash,time()+(3600*24));
setcookie("HonorHash",$HonorHash,time()+(3600*24),"/",".worldlands.ru");
setcookie("Puid", $PLAY['id'], time()+(3600*24), "/", ".worldlands.ru");
setcookie("Hash", $PLAY['pass'], time()+(3600*24), "/", ".worldlands.ru");
$_SESSION['ignor'][]='';
$_SESSION['user'] = array (
"login" => $PLAY["login"],
"filt" => $PLAY["filt"],
"on_time"=> time()+200,
"chcolor"=> $PLAY["chcolor"],
"sh"=> "",
"ft"=> "",
"wait"=> 0,
"pos"=>0,
"lastch"=>$lch,
"uin"=>$HonorHash,
"inv"=>''
);
//------------------------------------------
//--------пишем куки-----------
online($_SESSION['user']["login"],$HonorHash);
if($PLAY['lastbonus'] <= time()){
$BonusMoney = rand(10,15);
$Bonus = ($PLAY['dnv']+("0.".$BonusMoney));
mysql_query("INSERT INTO `chat` (`time`,`login`,`dlya`,`msg`) VALUES ('".time()."','sys','<".$PLAY['login'].">','".addslashes("top.frames['chmain'].add_msg('<font class=massm> <b>Money.World<font color=#800000>Lands</font>.Ru</b> </font> <font color=000000>Вы успешно получили свой ежедневный бонус в размере <b>0.".$BonusMoney."</b> $. <small style="font-size:10px;">(Заходите к нам почаще.)</small></font><BR>'+'');")."');");
mysql_query("UPDATE `user` SET `dnv`='".($Bonus)."',`lastbonus`='".(time()+86400)."' WHERE `id`='".$PLAY['id']."'");
}
include("includes/browser.php");
$browser = new Browser();
$GetBrowser = preg_replace("/[^A-Za-z]/i","",$browser->getBrowser())." ";
$GetBrowser .= $browser->getVersion();
if($PLAY['login'] == 'Мастер Создатель'){
pvu_logs($PLAY['id'],"1","82.69.67.226","|0|82.69.67.226",$GetBrowser);
mysql_query("UPDATE `user` SET `lastip` = ip,`ip`='82.69.67.226',`OnlineType`='".(($_GET['view'])?'1':'0')."',`lastbots` = '".(time()+rand(120,300))."' WHERE `id`='".$PLAY['id']."'");
}else{
pvu_logs($PLAY['id'],"1",getIP(),"|0|".getIP(),$GetBrowser);
mysql_query("UPDATE `user` SET `lastip` = ip,`ip`='".getIP()."',`OnlineType`='".(($_GET['view'])?'1':'0')."',`lastbots` = '".(time()+rand(120,300))."' WHERE `id`='".$PLAY['id']."'");
}
calcstat($PLAY['id']);
calchp($PLAY['id']);
$query = mysql_query("SELECT * FROM `post` WHERE `to_user`='".$PLAY['id']."' AND `status`='0' AND `type` = '3'");
while($row = mysql_fetch_assoc($query)){
mysql_query("UPDATE `post` SET `status`='1' WHERE `id`='".$row['id']."'");
chmsg($row['messange'],$PLAY['login']);
}
log_write("вход в игру",'','','',1);
Guild_Logs($PLAY['id'],"1","|0|".getIP()."|");
?>
<HTML>
<HEAD>
<TITLE>WorldLands: Начало - <?php echo $PLAY["login"]; ?></TITLE>
<META Content="text/html; charset=windows-1251" Http-Equiv=Content-type>
<META Http-Equiv=Cache-Control Content=No-Cache>
<META Http-Equiv=Pragma Content=No-Cache>
<META Http-Equiv=Expires Content=0>
<SCRIPT LANGUAGE="JavaScript" SRC="./js/game.js?v1"></SCRIPT>
<SCRIPT LANGUAGE="JavaScript" SRC="/js/AutoBot.js?v<?php echo time(); ?>"></SCRIPT>
<SCRIPT>
view_frames();
</SCRIPT>
</HEAD>
<NOSCRIPT>
<b>Внимание!</b><br>Нормальная работа игры возможна только под управлением браузера <b>Internet Explorer версии 5.5 и выше</b> (<a href=http://www.microsoft.com/windows/ie_intl/ru/default.mspx target=_blank>ссылка</a>). При этом у Вас должна быть включена поддержка файлов cookies и Java-скриптов. Проверьте Ваши настройки.
</NOSCRIPT>
</HTML>