| 29 |
header("Content-Type:application/json; charset=utf-8"); |
header("Content-Type:application/json; charset=utf-8"); |
| 30 |
|
|
| 31 |
// Validate input data |
// Validate input data |
| 32 |
if (!preg_match("/^[A-Za-z][A-Za-z0-9]{2,11}$/", $username)) |
if (!preg_match("/^[A-Za-z][A-Za-z0-9_]{4,11}$/", $username)) |
| 33 |
{ |
{ |
| 34 |
$result_set["return"]["code"] = -1; |
$result_set["return"]["code"] = -1; |
| 35 |
array_push($result_set["return"]["errorFields"], array( |
array_push($result_set["return"]["errorFields"], array( |
| 125 |
|
|
| 126 |
if ($row = mysqli_fetch_array($rs)) |
if ($row = mysqli_fetch_array($rs)) |
| 127 |
{ |
{ |
| 128 |
if ($row["err_count"] >= 2) |
if ($row["err_count"] >= 10) |
| 129 |
{ |
{ |
| 130 |
$result_set["return"]["code"] = 1; |
$result_set["return"]["code"] = 1; |
| 131 |
$result_set["return"]["message"] = "来源存在多次失败登陆尝试,请输入验证码"; |
$result_set["return"]["message"] = "来源存在多次失败登陆尝试,请输入验证码"; |
| 136 |
} |
} |
| 137 |
mysqli_free_result($rs); |
mysqli_free_result($rs); |
| 138 |
|
|
| 139 |
// Failed login attempts against the current username during certain time period |
// Failed login attempts against the current username since last successful login |
| 140 |
$sql = "SELECT COUNT(*) AS err_count FROM user_err_login_log |
$sql = "SELECT COUNT(*) AS err_count FROM user_err_login_log |
| 141 |
WHERE username = '$username' AND login_dt >= SUBDATE(NOW(), INTERVAL 1 DAY)"; |
LEFT JOIN user_list ON user_err_login_log.username = user_list.username |
| 142 |
|
LEFT JOIN user_pubinfo ON user_list.UID = user_pubinfo.UID |
| 143 |
|
WHERE user_err_login_log.username = '$username' |
| 144 |
|
AND (user_err_login_log.login_dt >= user_pubinfo.last_login_dt |
| 145 |
|
OR user_pubinfo.last_login_dt IS NULL)"; |
| 146 |
$rs = mysqli_query($db_conn, $sql); |
$rs = mysqli_query($db_conn, $sql); |
| 147 |
if ($rs == false) |
if ($rs == false) |
| 148 |
{ |
{ |
| 155 |
|
|
| 156 |
if ($row = mysqli_fetch_array($rs)) |
if ($row = mysqli_fetch_array($rs)) |
| 157 |
{ |
{ |
| 158 |
if ($row["err_count"] >= 5) |
if ($row["err_count"] >= 3) |
| 159 |
{ |
{ |
| 160 |
$result_set["return"]["code"] = 1; |
$result_set["return"]["code"] = 1; |
| 161 |
$result_set["return"]["message"] = "账户存在多次失败登陆尝试,请输入验证码"; |
$result_set["return"]["message"] = "账户存在多次失败登陆尝试,请输入验证码"; |
| 167 |
mysqli_free_result($rs); |
mysqli_free_result($rs); |
| 168 |
} |
} |
| 169 |
|
|
| 170 |
$sql = "SELECT UID, p_login, verified, temp_password, |
$sql = "SELECT UID, username, p_login, verified, temp_password, |
| 171 |
password = MD5('$password') AS old_pass |
password = MD5('$password') AS old_pass |
| 172 |
FROM user_list WHERE username = '$username' AND |
FROM user_list WHERE username = '$username' AND |
| 173 |
(password = MD5('$password') OR password = SHA2('$password', 256) OR |
(password = MD5('$password') OR password = SHA2('$password', 256) OR |
| 189 |
if ($row = mysqli_fetch_array($rs)) |
if ($row = mysqli_fetch_array($rs)) |
| 190 |
{ |
{ |
| 191 |
$uid = intval($row["UID"]); |
$uid = intval($row["UID"]); |
| 192 |
|
$username = $row["username"]; |
| 193 |
|
|
| 194 |
if ($password == $row["temp_password"] && !$ch_passwd) |
if ($password == $row["temp_password"] && !$ch_passwd) |
| 195 |
{ |
{ |
| 348 |
$buffer = file_get_contents("./doc/license/" . (new DateTime($BBS_license_dt))->format("Ymd") . ".txt"); |
$buffer = file_get_contents("./doc/license/" . (new DateTime($BBS_license_dt))->format("Ymd") . ".txt"); |
| 349 |
|
|
| 350 |
$result_set["return"]["code"] = 4; |
$result_set["return"]["code"] = 4; |
| 351 |
$result_set["return"]["message"] = LML(htmlspecialchars($buffer, ENT_HTML401, 'UTF-8'), false, false, 1024); |
$result_set["return"]["message"] = LML($buffer, 1024, false); |
| 352 |
|
|
| 353 |
mysqli_close($db_conn); |
mysqli_close($db_conn); |
| 354 |
exit(json_encode($result_set)); |
exit(json_encode($result_set)); |
| 390 |
|
|
| 391 |
mysqli_close($db_conn); |
mysqli_close($db_conn); |
| 392 |
exit(json_encode($result_set)); |
exit(json_encode($result_set)); |
|
?> |
|
Parent Directory
| 
Revision Log
| 
Patch