$clientIp, "login" => $login, "siteKey" => $siteKey, "status" => "invalid_payload", ]); auth_json_response(400, ["ok" => false, "message" => "Неверные данные."]); } $rate = auth_check_rate_limit($clientIp); if ($rate["limited"]) { auth_log_event([ "ip" => $clientIp, "login" => $login, "siteKey" => $siteKey, "status" => "rate_limited", ]); header("Retry-After: " . (string) $rate["retry_after"]); auth_json_response(429, ["ok" => false, "message" => "Слишком много попыток. Попробуйте позже."]); } $db = auth_get_db(); $stmt = $db->prepare("SELECT id, password_hash FROM users WHERE login = ? LIMIT 1"); $stmt->bind_param("s", $login); $stmt->execute(); $result = $stmt->get_result(); $row = $result ? $result->fetch_assoc() : null; $stmt->close(); $hash = $row["password_hash"] ?? password_hash("invalid_password", PASSWORD_BCRYPT); $passwordOk = password_verify($password, $hash); if (!$row || !$passwordOk) { auth_log_event([ "ip" => $clientIp, "login" => $login, "siteKey" => $siteKey, "status" => "invalid_credentials", ]); auth_json_response(401, ["ok" => false, "message" => "Неверный логин или пароль."]); } $stmt = $db->prepare("SELECT 1 FROM user_access WHERE user_id = ? AND site_key = ? LIMIT 1"); $stmt->bind_param("is", $row["id"], $siteKey); $stmt->execute(); $accessResult = $stmt->get_result(); $hasAccess = $accessResult && $accessResult->num_rows > 0; $stmt->close(); if (!$hasAccess) { auth_log_event([ "ip" => $clientIp, "login" => $login, "siteKey" => $siteKey, "status" => "access_denied", ]); auth_json_response(403, ["ok" => false, "message" => "Нет доступа к этому сайту."]); } $_SESSION["auth_user_id"] = (int) $row["id"]; $_SESSION["auth_login"] = $login; $_SESSION["auth_time"] = time(); auth_log_event([ "ip" => $clientIp, "login" => $login, "siteKey" => $siteKey, "status" => "success", ]); auth_json_response(200, ["ok" => true]);