Файл: wenr.online/app/index.php
Строк: 52
<?php
if ($user->isAuth()) {
redirect('/game');
exit;
}
if(isset($_GET['inv'])){
if(!empty($user->get($_GET['inv'])->user_id)) $_SESSION['inv'] = $_GET['inv'];
}
$form = [
'value' => [
'nick' => isset($_POST['nick']) ? trim($_POST['nick']) : null,
'password' => isset($_POST['password']) ? trim($_POST['password']) : null,
],
'error' => [],
];
if (isset($_POST['nick'])) {
$stmt = $db->prepare("SELECT user_id, nick, password FROM users WHERE nick = :nick");
$stmt->bindParam(':nick', $form['value']['nick'], PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_OBJ);
if (empty($form['value']['nick'])) {
$form['error']['nick'] = 'Необходимо ввести логин';
} elseif (@$result->nick !== $form['value']['nick']) {
$form['error']['nick'] = 'Пользователь с таким логином не найден';
}
if (empty($form['value']['password'])) {
$form['error']['password'] = 'Необходимо ввести пароль';
} elseif (@count($form['error']['login']) == 0) {
if (!password_verify($form['value']['password'], $result->password)) {
$form['error']['password'] = 'Пароль неверный';
}
}
if (count($form['error']) == 0) {
$user_id = $result->user_id;
$token = md5(random_string());
$created_at = date('Y-m-d H:i:s', time());
$stmt = $db->prepare("INSERT INTO users_sessions SET user_id = :user_id, token = :token, created_at = :created_at");
$stmt->bindParam(':user_id', $user_id, PDO::PARAM_INT);
$stmt->bindParam(':token', $token, PDO::PARAM_STR);
$stmt->bindParam(':created_at', $created_at, PDO::PARAM_STR);
$stmt->execute();
$session = json_encode([
'user_id' => base64_encode($user_id),
'token' => base64_encode($token),
]);
$session = base64_encode($session);
setcookie('__session', $session, 86400 * 365 + time(), '/');
$_SESSION['__session'] = $session;
redirect('/game');
exit;
}
}
echo $template->render('index',
['form' => $form]);