fenglin/bbs/user_service_login.php

<?php
        require_once "../lib/db_open.inc.php";
        require_once "../lib/lml.inc.php";
        require_once "../lib/passwd.inc.php";
        require_once "../lib/vn_gif.inc.php";
        require_once "../lib/client_addr.inc.php";
        require_once "../lib/ip_mask.inc.php";
        require_once "./session_init.inc.php";
        require_once "./user_login.inc.php";

        $data = json_decode(file_get_contents("php://input"), true);

        $username = (isset($data["username"]) ? trim($data["username"]) : "");
        $password = (isset($data["password"]) ? trim($data["password"]) : "");
        $ch_passwd = (isset($data["ch_passwd"]) && $data["ch_passwd"] == "1" ? 1 : 0);
        $password_new = (isset($data["password_new"]) ? trim($data["password_new"]) : "");
        $agreement = (isset($data["agreement"]) && $data["agreement"] == "1");
        $mfa = (isset($data["mfa"]) && $data["mfa"] == "1" ? 1 : 0);
        $vn_str = (isset($data["vn_str"]) ? trim($data["vn_str"]) : "");

        $result_set = array(
                "return" => array(
                        "code" => 0,
                        "message" => "",
                        "errorFields" => array(),
                )
        );

        header("Content-Type:application/json; charset=utf-8");

        // Validate input data
        if (!preg_match("/^[A-Za-z][A-Za-z0-9]{2,11}$/", $username))
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "username",
                        "errMsg" => "不符合格式要求",
                ));
        }

        if (!preg_match("/^[A-Za-z0-9]{5,12}$/", $password))
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "password",
                        "errMsg" => "不符合格式要求",
                ));
        }

        if ($ch_passwd)
        {
                if (!preg_match("/^[A-Za-z0-9]{6,12}$/", $password_new))
                {
                        $result_set["return"]["code"] = -1;
                        array_push($result_set["return"]["errorFields"], array(
                                "id" => "password_new",
                                "errMsg" => "不符合格式要求",
                        ));
                }

                if (!verify_pass_complexity($password_new, $username, 6))
                {
                        $result_set["return"]["code"] = -1;
                        array_push($result_set["return"]["errorFields"], array(
                                "id" => "password_new",
                                "errMsg" => "不符合复杂性要求",
                        ));
                }
        }

        if ($mfa)
        {
                if ((!isset($_SESSION["BBS_vn_str"])) || $_SESSION["BBS_vn_str"] == "" || strcasecmp($_SESSION["BBS_vn_str"], $vn_str) != 0)
                {
                        $result_set["return"]["code"] = -1;
                        array_push($result_set["return"]["errorFields"], array(
                                "id" => "vn_str",
                                "errMsg" => "验证码错误",
                        ));
                }
        }

        if ($result_set["return"]["code"] != 0)
        {
                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Begin transaction
        $rs = mysqli_query($db_conn, "SET autocommit=0");
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $rs = mysqli_query($db_conn, "BEGIN");
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if (!$mfa)
        {
                // Failed login attempts from the same source (subnet /24) during certain time period
                $sql = "SELECT COUNT(*) AS err_count FROM user_err_login_log
                                WHERE login_dt >= SUBDATE(NOW(), INTERVAL 10 MINUTE)
                                AND login_ip LIKE '" . client_addr(1) . "'";
                $rs = mysqli_query($db_conn, $sql);
                if ($rs == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Query login log error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                if ($row = mysqli_fetch_array($rs))
                {
                        if ($row["err_count"] >= 10)
                        {
                                $result_set["return"]["code"] = 1;
                                $result_set["return"]["message"] = "来源存在多次失败登陆尝试，请输入验证码";

                                mysqli_close($db_conn);
                                exit(json_encode($result_set));
                        }
                }
                mysqli_free_result($rs);

                // Failed login attempts against the current username since last successful login
                $sql = "SELECT COUNT(*) AS err_count FROM user_err_login_log
                                LEFT JOIN user_list ON user_err_login_log.username = user_list.username
                                LEFT JOIN user_pubinfo ON user_list.UID = user_pubinfo.UID
                                WHERE user_err_login_log.username = '$username'
                                AND (user_err_login_log.login_dt >= user_pubinfo.last_login_dt
                                OR user_pubinfo.last_login_dt IS NULL)";
                $rs = mysqli_query($db_conn, $sql);
                if ($rs == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Query login log error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                if ($row = mysqli_fetch_array($rs))
                {
                        if ($row["err_count"] >= 3)
                        {
                                $result_set["return"]["code"] = 1;
                                $result_set["return"]["message"] = "账户存在多次失败登陆尝试，请输入验证码";

                                mysqli_close($db_conn);
                                exit(json_encode($result_set));
                        }
                }
                mysqli_free_result($rs);
        }

        $sql = "SELECT UID, username, p_login, verified, temp_password,
                        password = MD5('$password') AS old_pass
                        FROM user_list WHERE username = '$username' AND
                        (password = MD5('$password') OR password = SHA2('$password', 256) OR
                        temp_password = '$password')
                        AND enable FOR UPDATE";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Query user list error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $uid = 0;

        if ($row = mysqli_fetch_array($rs))
        {
                $uid = intval($row["UID"]);
                $username = $row["username"];

                if ($password == $row["temp_password"] && !$ch_passwd)
                {
                        $result_set["return"]["code"] = 2;
                        $result_set["return"]["message"] = "使用临时密码登录需设置新密码";

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                if ($ch_passwd)
                {
                        if ($password == $row["temp_password"]) // New user first time login with temp password
                        {
                                $verified = 1;

                                // Set life = 150 for verified user
                                $sql = "UPDATE user_pubinfo SET life = 150 WHERE UID = $uid";
                                $rs_life = mysqli_query($db_conn, $sql);
                                if ($rs_life == false)
                                {
                                        $result_set["return"]["code"] = -2;
                                        $result_set["return"]["message"] = "Update user life error: " . mysqli_error($db_conn);

                                        mysqli_close($db_conn);
                                        exit(json_encode($result_set));
                                }
                        }
                        else
                        {
                                $verified = $row["verified"];
                        }

                        $sql = "UPDATE user_list SET password = SHA2('$password_new', 256),
                                        temp_password = '', verified = $verified WHERE UID = $uid";
                        $rs_p = mysqli_query($db_conn, $sql);
                        if ($rs_p == false)
                        {
                                $result_set["return"]["code"] = -2;
                                $result_set["return"]["message"] = "Update password error: " . mysqli_error($db_conn);

                                mysqli_close($db_conn);
                                exit(json_encode($result_set));
                        }
                }
                else if ($row["old_pass"])
                {
                        $sql = "UPDATE user_list SET password = SHA2('$password', 256) WHERE UID = $uid";
                        $rs_p = mysqli_query($db_conn, $sql);
                        if ($rs_p == false)
                        {
                                $result_set["return"]["code"] = -2;
                                $result_set["return"]["message"] = "Upgrade password error: " . mysqli_error($db_conn);

                                mysqli_close($db_conn);
                                exit(json_encode($result_set));
                        }
                }

                mysqli_free_result($rs);

                // Add user login log
                $sql = "INSERT INTO user_login_log(uid, login_dt, login_ip) VALUES($uid, NOW(), '" .
                                client_addr() . "')";
                $rs = mysqli_query($db_conn, $sql);
                if ($rs == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Write log error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                // Commit transaction
                $rs = mysqli_query($db_conn, "COMMIT");
                if ($rs == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                // Forbidden user
                if (!$row["p_login"])
                {
                        $result_set["return"]["code"] = 3;
                        $result_set["return"]["message"] = "您已被封禁全站登陆权限！";

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }
        }
        else
        {
                // Log login failure
                $sql = "INSERT INTO user_err_login_log(username, password, login_dt, login_ip)
                                VALUES('$username', '$password', NOW(), '" . client_addr() . "')";

                $rs = mysqli_query($db_conn, $sql);
                if ($rs == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Write log error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                // Commit transaction
                $rs = mysqli_query($db_conn, "COMMIT");
                if ($rs == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                $_SESSION["BBS_vn_str"] = ""; // Force change vn_str

                $result_set["return"]["code"] = 3;
                $result_set["return"]["message"] = "用户名或密码不正确";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // SET AUTOCOMMIT = 1
        $rs = mysqli_query($db_conn, "SET autocommit=1");
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        //Load User Information
        $ret = load_user_info($uid, $db_conn);
        switch($ret)
        {
                case -1:
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "User data not found: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                case -2:
                        if (!$agreement)
                        {
                                $buffer = file_get_contents("./doc/license/" . (new DateTime($BBS_license_dt))->format("Ymd") . ".txt");

                                $result_set["return"]["code"] = 4;
                                $result_set["return"]["message"] = LML($buffer, 1024, false);

                                mysqli_close($db_conn);
                                exit(json_encode($result_set));
                        }
                        break;
                case -3:
                        $result_set["return"]["code"] = 3;
                        $result_set["return"]["message"] = "很遗憾，您已经永远离开了我们的世界……";

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
        }

        $sql = "UPDATE user_pubinfo SET visit_count = visit_count + 1,
                        last_login_dt = NOW() WHERE UID = $uid";
        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Update login info error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $_SESSION["BBS_uid"] = $uid;
        $_SESSION["BBS_username"] = $username;
        $_SESSION["BBS_login_tm"] = time();
        $_SESSION["BBS_vn_str"] = "";

        if (!keep_alive($db_conn))
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Keep alive error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        mysqli_close($db_conn);
        exit(json_encode($result_set));
1	sysadm	1.1	<?php
2			require_once "../lib/db_open.inc.php";
3	sysadm	1.8	require_once "../lib/lml.inc.php";
4	sysadm	1.1	require_once "../lib/passwd.inc.php";
5			require_once "../lib/vn_gif.inc.php";
6			require_once "../lib/client_addr.inc.php";
7			require_once "../lib/ip_mask.inc.php";
8			require_once "./session_init.inc.php";
9			require_once "./user_login.inc.php";
10
11			$data = json_decode(file_get_contents("php://input"), true);
12
13			$username = (isset($data["username"]) ? trim($data["username"]) : "");
14			$password = (isset($data["password"]) ? trim($data["password"]) : "");
15			$ch_passwd = (isset($data["ch_passwd"]) && $data["ch_passwd"] == "1" ? 1 : 0);
16			$password_new = (isset($data["password_new"]) ? trim($data["password_new"]) : "");
17			$agreement = (isset($data["agreement"]) && $data["agreement"] == "1");
18			$mfa = (isset($data["mfa"]) && $data["mfa"] == "1" ? 1 : 0);
19			$vn_str = (isset($data["vn_str"]) ? trim($data["vn_str"]) : "");
20
21			$result_set = array(
22			"return" => array(
23			"code" => 0,
24			"message" => "",
25			"errorFields" => array(),
26			)
27			);
28
29			header("Content-Type:application/json; charset=utf-8");
30
31			// Validate input data
32			if (!preg_match("/^[A-Za-z][A-Za-z0-9]{2,11}$/", $username))
33			{
34			$result_set["return"]["code"] = -1;
35			array_push($result_set["return"]["errorFields"], array(
36			"id" => "username",
37			"errMsg" => "不符合格式要求",
38			));
39			}
40
41			if (!preg_match("/^[A-Za-z0-9]{5,12}$/", $password))
42			{
43			$result_set["return"]["code"] = -1;
44			array_push($result_set["return"]["errorFields"], array(
45			"id" => "password",
46			"errMsg" => "不符合格式要求",
47			));
48			}
49
50			if ($ch_passwd)
51			{
52			if (!preg_match("/^[A-Za-z0-9]{6,12}$/", $password_new))
53			{
54			$result_set["return"]["code"] = -1;
55			array_push($result_set["return"]["errorFields"], array(
56			"id" => "password_new",
57			"errMsg" => "不符合格式要求",
58			));
59			}
60
61			if (!verify_pass_complexity($password_new, $username, 6))
62			{
63			$result_set["return"]["code"] = -1;
64			array_push($result_set["return"]["errorFields"], array(
65			"id" => "password_new",
66			"errMsg" => "不符合复杂性要求",
67			));
68			}
69			}
70
71			if ($mfa)
72			{
73			if ((!isset($_SESSION["BBS_vn_str"])) \|\| $_SESSION["BBS_vn_str"] == "" \|\| strcasecmp($_SESSION["BBS_vn_str"], $vn_str) != 0)
74			{
75			$result_set["return"]["code"] = -1;
76			array_push($result_set["return"]["errorFields"], array(
77			"id" => "vn_str",
78			"errMsg" => "验证码错误",
79			));
80			}
81			}
82
83			if ($result_set["return"]["code"] != 0)
84			{
85			mysqli_close($db_conn);
86			exit(json_encode($result_set));
87			}
88
89			// Begin transaction
90			$rs = mysqli_query($db_conn, "SET autocommit=0");
91			if ($rs == false)
92			{
93			$result_set["return"]["code"] = -2;
94			$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
95
96			mysqli_close($db_conn);
97			exit(json_encode($result_set));
98			}
99	sysadm	1.2
100	sysadm	1.1	$rs = mysqli_query($db_conn, "BEGIN");
101			if ($rs == false)
102			{
103			$result_set["return"]["code"] = -2;
104			$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
105
106			mysqli_close($db_conn);
107			exit(json_encode($result_set));
108			}
109
110			if (!$mfa)
111			{
112			// Failed login attempts from the same source (subnet /24) during certain time period
113			$sql = "SELECT COUNT(*) AS err_count FROM user_err_login_log
114			WHERE login_dt >= SUBDATE(NOW(), INTERVAL 10 MINUTE)
115			AND login_ip LIKE '" . client_addr(1) . "'";
116			$rs = mysqli_query($db_conn, $sql);
117			if ($rs == false)
118			{
119			$result_set["return"]["code"] = -2;
120			$result_set["return"]["message"] = "Query login log error: " . mysqli_error($db_conn);
121	sysadm	1.2
122	sysadm	1.1	mysqli_close($db_conn);
123			exit(json_encode($result_set));
124			}
125
126			if ($row = mysqli_fetch_array($rs))
127			{
128	sysadm	1.4	if ($row["err_count"] >= 10)
129	sysadm	1.1	{
130			$result_set["return"]["code"] = 1;
131			$result_set["return"]["message"] = "来源存在多次失败登陆尝试，请输入验证码";
132
133			mysqli_close($db_conn);
134			exit(json_encode($result_set));
135			}
136			}
137			mysqli_free_result($rs);
138
139	sysadm	1.4	// Failed login attempts against the current username since last successful login
140	sysadm	1.1	$sql = "SELECT COUNT(*) AS err_count FROM user_err_login_log
141	sysadm	1.4	LEFT JOIN user_list ON user_err_login_log.username = user_list.username
142			LEFT JOIN user_pubinfo ON user_list.UID = user_pubinfo.UID
143			WHERE user_err_login_log.username = '$username'
144			AND (user_err_login_log.login_dt >= user_pubinfo.last_login_dt
145			OR user_pubinfo.last_login_dt IS NULL)";
146	sysadm	1.1	$rs = mysqli_query($db_conn, $sql);
147			if ($rs == false)
148			{
149			$result_set["return"]["code"] = -2;
150			$result_set["return"]["message"] = "Query login log error: " . mysqli_error($db_conn);
151	sysadm	1.2
152	sysadm	1.1	mysqli_close($db_conn);
153			exit(json_encode($result_set));
154			}
155
156			if ($row = mysqli_fetch_array($rs))
157			{
158	sysadm	1.4	if ($row["err_count"] >= 3)
159	sysadm	1.1	{
160			$result_set["return"]["code"] = 1;
161			$result_set["return"]["message"] = "账户存在多次失败登陆尝试，请输入验证码";
162
163			mysqli_close($db_conn);
164			exit(json_encode($result_set));
165			}
166			}
167			mysqli_free_result($rs);
168			}
169
170	sysadm	1.5	$sql = "SELECT UID, username, p_login, verified, temp_password,
171	sysadm	1.1	password = MD5('$password') AS old_pass
172			FROM user_list WHERE username = '$username' AND
173			(password = MD5('$password') OR password = SHA2('$password', 256) OR
174			temp_password = '$password')
175			AND enable FOR UPDATE";
176
177			$rs = mysqli_query($db_conn, $sql);
178			if ($rs == false)
179			{
180			$result_set["return"]["code"] = -2;
181			$result_set["return"]["message"] = "Query user list error: " . mysqli_error($db_conn);
182
183			mysqli_close($db_conn);
184			exit(json_encode($result_set));
185			}
186
187			$uid = 0;
188
189			if ($row = mysqli_fetch_array($rs))
190			{
191			$uid = intval($row["UID"]);
192	sysadm	1.5	$username = $row["username"];
193	sysadm	1.1
194			if ($password == $row["temp_password"] && !$ch_passwd)
195			{
196			$result_set["return"]["code"] = 2;
197			$result_set["return"]["message"] = "使用临时密码登录需设置新密码";
198
199			mysqli_close($db_conn);
200			exit(json_encode($result_set));
201			}
202
203			if ($ch_passwd)
204			{
205			if ($password == $row["temp_password"]) // New user first time login with temp password
206			{
207			$verified = 1;
208
209			// Set life = 150 for verified user
210			$sql = "UPDATE user_pubinfo SET life = 150 WHERE UID = $uid";
211			$rs_life = mysqli_query($db_conn, $sql);
212			if ($rs_life == false)
213			{
214			$result_set["return"]["code"] = -2;
215			$result_set["return"]["message"] = "Update user life error: " . mysqli_error($db_conn);
216	sysadm	1.2
217	sysadm	1.1	mysqli_close($db_conn);
218			exit(json_encode($result_set));
219			}
220			}
221			else
222			{
223			$verified = $row["verified"];
224			}
225
226			$sql = "UPDATE user_list SET password = SHA2('$password_new', 256),
227			temp_password = '', verified = $verified WHERE UID = $uid";
228			$rs_p = mysqli_query($db_conn, $sql);
229			if ($rs_p == false)
230			{
231			$result_set["return"]["code"] = -2;
232			$result_set["return"]["message"] = "Update password error: " . mysqli_error($db_conn);
233	sysadm	1.2
234	sysadm	1.1	mysqli_close($db_conn);
235			exit(json_encode($result_set));
236			}
237			}
238			else if ($row["old_pass"])
239			{
240			$sql = "UPDATE user_list SET password = SHA2('$password', 256) WHERE UID = $uid";
241			$rs_p = mysqli_query($db_conn, $sql);
242			if ($rs_p == false)
243			{
244			$result_set["return"]["code"] = -2;
245			$result_set["return"]["message"] = "Upgrade password error: " . mysqli_error($db_conn);
246	sysadm	1.2
247	sysadm	1.1	mysqli_close($db_conn);
248			exit(json_encode($result_set));
249			}
250			}
251
252			mysqli_free_result($rs);
253
254			// Add user login log
255			$sql = "INSERT INTO user_login_log(uid, login_dt, login_ip) VALUES($uid, NOW(), '" .
256			client_addr() . "')";
257			$rs = mysqli_query($db_conn, $sql);
258			if ($rs == false)
259			{
260			$result_set["return"]["code"] = -2;
261			$result_set["return"]["message"] = "Write log error: " . mysqli_error($db_conn);
262
263			mysqli_close($db_conn);
264			exit(json_encode($result_set));
265			}
266
267			// Commit transaction
268			$rs = mysqli_query($db_conn, "COMMIT");
269			if ($rs == false)
270			{
271			$result_set["return"]["code"] = -2;
272			$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
273
274			mysqli_close($db_conn);
275			exit(json_encode($result_set));
276			}
277	sysadm	1.2
278	sysadm	1.1	// Forbidden user
279			if (!$row["p_login"])
280			{
281			$result_set["return"]["code"] = 3;
282			$result_set["return"]["message"] = "您已被封禁全站登陆权限！";
283	sysadm	1.2
284	sysadm	1.1	mysqli_close($db_conn);
285			exit(json_encode($result_set));
286			}
287			}
288			else
289			{
290			// Log login failure
291			$sql = "INSERT INTO user_err_login_log(username, password, login_dt, login_ip)
292			VALUES('$username', '$password', NOW(), '" . client_addr() . "')";
293
294			$rs = mysqli_query($db_conn, $sql);
295			if ($rs == false)
296			{
297			$result_set["return"]["code"] = -2;
298			$result_set["return"]["message"] = "Write log error: " . mysqli_error($db_conn);
299	sysadm	1.2
300	sysadm	1.1	mysqli_close($db_conn);
301			exit(json_encode($result_set));
302			}
303
304			// Commit transaction
305			$rs = mysqli_query($db_conn, "COMMIT");
306			if ($rs == false)
307			{
308			$result_set["return"]["code"] = -2;
309			$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
310
311			mysqli_close($db_conn);
312			exit(json_encode($result_set));
313			}
314
315			$_SESSION["BBS_vn_str"] = ""; // Force change vn_str
316
317			$result_set["return"]["code"] = 3;
318			$result_set["return"]["message"] = "用户名或密码不正确";
319
320			mysqli_close($db_conn);
321			exit(json_encode($result_set));
322			}
323
324			// SET AUTOCOMMIT = 1
325			$rs = mysqli_query($db_conn, "SET autocommit=1");
326			if ($rs == false)
327			{
328			$result_set["return"]["code"] = -2;
329			$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
330
331			mysqli_close($db_conn);
332			exit(json_encode($result_set));
333			}
334	sysadm	1.2
335	sysadm	1.1	//Load User Information
336			$ret = load_user_info($uid, $db_conn);
337			switch($ret)
338			{
339			case -1:
340			$result_set["return"]["code"] = -2;
341			$result_set["return"]["message"] = "User data not found: " . mysqli_error($db_conn);
342	sysadm	1.2
343	sysadm	1.1	mysqli_close($db_conn);
344			exit(json_encode($result_set));
345			case -2:
346			if (!$agreement)
347			{
348			$buffer = file_get_contents("./doc/license/" . (new DateTime($BBS_license_dt))->format("Ymd") . ".txt");
349	sysadm	1.2
350	sysadm	1.1	$result_set["return"]["code"] = 4;
351	sysadm	1.8	$result_set["return"]["message"] = LML($buffer, 1024, false);
352	sysadm	1.2
353	sysadm	1.1	mysqli_close($db_conn);
354			exit(json_encode($result_set));
355			}
356			break;
357			case -3:
358			$result_set["return"]["code"] = 3;
359			$result_set["return"]["message"] = "很遗憾，您已经永远离开了我们的世界……";
360	sysadm	1.2
361	sysadm	1.1	mysqli_close($db_conn);
362			exit(json_encode($result_set));
363			}
364
365			$sql = "UPDATE user_pubinfo SET visit_count = visit_count + 1,
366			last_login_dt = NOW() WHERE UID = $uid";
367			$rs = mysqli_query($db_conn, $sql);
368			if ($rs == false)
369			{
370			$result_set["return"]["code"] = -2;
371			$result_set["return"]["message"] = "Update login info error: " . mysqli_error($db_conn);
372
373			mysqli_close($db_conn);
374			exit(json_encode($result_set));
375			}
376
377			$_SESSION["BBS_uid"] = $uid;
378			$_SESSION["BBS_username"] = $username;
379			$_SESSION["BBS_login_tm"] = time();
380			$_SESSION["BBS_vn_str"] = "";
381
382			if (!keep_alive($db_conn))
383			{
384			$result_set["return"]["code"] = -2;
385			$result_set["return"]["message"] = "Keep alive error: " . mysqli_error($db_conn);
386
387			mysqli_close($db_conn);
388			exit(json_encode($result_set));
389			}
390
391			mysqli_close($db_conn);
392			exit(json_encode($result_set));
webmaster@leafok.com	ViewVC Help
Powered by ViewVC 1.3.0-beta1