Untitled


<?php
////GET IP
function getUserIP()
{
    if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) {
              $_SERVER['REMOTE_ADDR'] = $_SERVER["HTTP_CF_CONNECTING_IP"];
              $_SERVER['HTTP_CLIENT_IP'] = $_SERVER["HTTP_CF_CONNECTING_IP"];
    }
    $client  = @$_SERVER['HTTP_CLIENT_IP'];
    $forward = @$_SERVER['HTTP_X_FORWARDED_FOR'];
    $remote  = $_SERVER['REMOTE_ADDR'];

    if(filter_var($client, FILTER_VALIDATE_IP))
    {
        $ip = $client;
    }
    elseif(filter_var($forward, FILTER_VALIDATE_IP))
    {
        $ip = $forward;
    }
    else
    {
        $ip = $remote;
    }

    return $ip;
}

$user_ip = getUserIP();

$ip = $_SERVER['REMOTE_ADDR'];
$details = json_decode(file_get_contents("http://ipinfo.io/{$ip}"));
$usercountry = $details->country; //
////ab hier schreiben
      date_default_timezone_set('Europe/Berlin');
      $date = date('d.m.y');
      $time = date('H:i:s');
      $servername = "localhost";
      $user = "root";
      $pw =
      $db = "unrealengine";

      $con = new mysqli($servername, $user, $pw, $db);

      if($con->connect_error) {
        die("keine connection lmao".$con->connect_error);
      }

      $clientauthkey = mysqli_real_escape_string($con, $_GET["authkey"]);
      $clientusername = mysqli_real_escape_string($con, $_GET["username"]);
      $isregisterevent = mysqli_real_escape_string($con, $_GET["reg"]);
      $clientpassword = mysqli_real_escape_string($con, $_GET["password"]);
      $email = mysqli_real_escape_string($con, $_GET["email"]);
      //für richtig krasse noobs
      if ($_GET["key"] === "lmao"){
      }
      else {
        die("connection refused.");
      }

        //prüft ob die Anfrage für ein Reg konzepiert ist
      if($isregisterevent === "yes"){
        $sql = "SELECT * FROM `users` WHERE `username` LIKE '$clientusername'";
        $result = $con->query($sql);
        //prüft ob spieler schon regestriert ist
        if($result->num_rows === 0){
          $sql = $con->prepare("INSERT INTO `users` (`id`, `username`, `password`, `authkey`, `role`, `email`, `lastallowedip`) VALUES (NULL, ?, ?, ?, 'player', ?, '$user_ip am $date um $time in $usercountry')");
          $sql->bind_param("ssss", $clientusername, $clientpassword, $clientauthkey, $email);
          $sql->execute();
          //wird noch gemacht wird aber genau so aufgebaut werden (wird geshashed und salted mit sha512/bcrypt und veri. mit password verify :9)
          echo "You have been registered! Check your Emails to enter your password";
          $sql->close();
        }
        else{
          echo "already registered";
        }
      }
      else {
        $sql = "SELECT * FROM `users` WHERE `username` LIKE '$clientusername'";
        $result = $con->query($sql);
        if ($result->num_rows > 0) {
          while($row = $result->fetch_assoc()){
            $serverpassword = $row["password"];
            $serverauthkey = $row["authkey"];
          }
        }
        else {
          echo "account not found";
        }
        echo $sql->error;
        if ($serverpassword === $clientpassword){
          echo "authkey: " . $serverauthkey;
          $sql = "UPDATE `users` SET `lastallowedip` = '$user_ip am $date um $time in $usercountry' WHERE `username` = '$clientusername'";
          $con->query($sql);
        }
        else{
          echo "wrong password $usercountry";
          $sql = "UPDATE `users` SET `lastrefusedip` = '$user_ip am $date um $time in $usercountry' WHERE `username` = '$clientusername'";
          $con->query($sql);
        }
      }
$con->close();
?>