fenglin/bbs/user_service_login.php

<?php
        require_once "../lib/db_open.inc.php";
        require_once "../lib/lml.inc.php";
        require_once "../lib/passwd.inc.php";
        require_once "../lib/vn_gif.inc.php";
        require_once "../lib/client_addr.inc.php";
        require_once "../lib/ip_mask.inc.php";
        require_once "./session_init.inc.php";
        require_once "./user_login.inc.php";

        $data = json_decode(file_get_contents("php://input"), true);

        $username = (isset($data["username"]) ? trim($data["username"]) : "");
        $password = (isset($data["password"]) ? trim($data["password"]) : "");
        $ch_passwd = (isset($data["ch_passwd"]) && $data["ch_passwd"] == "1" ? 1 : 0);
        $password_new = (isset($data["password_new"]) ? trim($data["password_new"]) : "");
        $agreement = (isset($data["agreement"]) && $data["agreement"] == "1");
        $mfa = (isset($data["mfa"]) && $data["mfa"] == "1" ? 1 : 0);
        $vn_str = (isset($data["vn_str"]) ? trim($data["vn_str"]) : "");

        $result_set = array(
                "return" => array(
                        "code" => 0,
                        "message" => "",
                        "errorFields" => array(),
                )
        );

        header("Content-Type:application/json; charset=utf-8");

        // Validate input data
        if (!preg_match("/^[A-Za-z][A-Za-z0-9_]{2,11}$/", $username))
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "username",
                        "errMsg" => "不符合格式要求",
                ));
        }

        if (!preg_match("/^[A-Za-z0-9]{5,12}$/", $password))
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "password",
                        "errMsg" => "不符合格式要求",
                ));
        }

        if ($ch_passwd)
        {
                if (!preg_match("/^[A-Za-z0-9]{6,12}$/", $password_new))
                {
                        $result_set["return"]["code"] = -1;
                        array_push($result_set["return"]["errorFields"], array(
                                "id" => "password_new",
                                "errMsg" => "不符合格式要求",
                        ));
                }

                if (!verify_pass_complexity($password_new, $username, 6))
                {
                        $result_set["return"]["code"] = -1;
                        array_push($result_set["return"]["errorFields"], array(
                                "id" => "password_new",
                                "errMsg" => "不符合复杂性要求",
                        ));
                }
        }

        if ($mfa)
        {
                if ((!isset($_SESSION["BBS_vn_str"])) || $_SESSION["BBS_vn_str"] == "" || strcasecmp($_SESSION["BBS_vn_str"], $vn_str) != 0)
                {
                        $result_set["return"]["code"] = -1;
                        array_push($result_set["return"]["errorFields"], array(
                                "id" => "vn_str",
                                "errMsg" => "验证码错误",
                        ));
                }
        }

        if ($result_set["return"]["code"] != 0)
        {
                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Begin transaction
        $rs = mysqli_query($db_conn, "SET autocommit=0");
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $rs = mysqli_query($db_conn, "BEGIN");
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if (!$mfa)
        {
                // Failed login attempts from the same source (subnet /24) during certain time period
                $sql = "SELECT COUNT(*) AS err_count FROM user_err_login_log
                                WHERE login_dt >= SUBDATE(NOW(), INTERVAL 10 MINUTE)
                                AND login_ip LIKE '" . client_addr(1) . "'";
                $rs = mysqli_query($db_conn, $sql);
                if ($rs == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Query login log error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                if ($row = mysqli_fetch_array($rs))
                {
                        if ($row["err_count"] >= 10)
                        {
                                $result_set["return"]["code"] = 1;
                                $result_set["return"]["message"] = "来源存在多次失败登陆尝试，请输入验证码";

                                mysqli_close($db_conn);
                                exit(json_encode($result_set));
                        }
                }
                mysqli_free_result($rs);

                // Failed login attempts against the current username since last successful login
                $sql = "SELECT COUNT(*) AS err_count FROM user_err_login_log
                                LEFT JOIN user_list ON user_err_login_log.username = user_list.username
                                LEFT JOIN user_pubinfo ON user_list.UID = user_pubinfo.UID
                                WHERE user_err_login_log.username = '$username'
                                AND (user_err_login_log.login_dt >= user_pubinfo.last_login_dt
                                OR user_pubinfo.last_login_dt IS NULL)";
                $rs = mysqli_query($db_conn, $sql);
                if ($rs == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Query login log error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                if ($row = mysqli_fetch_array($rs))
                {
                        if ($row["err_count"] >= 3)
                        {
                                $result_set["return"]["code"] = 1;
                                $result_set["return"]["message"] = "账户存在多次失败登陆尝试，请输入验证码";

                                mysqli_close($db_conn);
                                exit(json_encode($result_set));
                        }
                }
                mysqli_free_result($rs);
        }

        $sql = "SELECT UID, username, p_login, verified, temp_password,
                        password = MD5('$password') AS old_pass,
                        (temp_password = SHA2('$password', 256) OR temp_password = '$password') AS temp_pass
                        FROM user_list WHERE username = '$username' AND
                        (password = MD5('$password') OR password = SHA2('$password', 256) OR
                        temp_password = SHA2('$password', 256) OR temp_password = '$password')
                        AND enable FOR UPDATE";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Query user list error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $uid = 0;

        if ($row = mysqli_fetch_array($rs))
        {
                $uid = intval($row["UID"]);
                $username = $row["username"];

                if ($row["temp_pass"] && !$ch_passwd)
                {
                        $result_set["return"]["code"] = 2;
                        $result_set["return"]["message"] = "使用临时密码登录需设置新密码";

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                if ($ch_passwd)
                {
                        if ($row["temp_pass"]) // Login with temp password
                        {
                                $verified = 1;

                                // Set life = 150 for verified user
                                $sql = "UPDATE user_pubinfo SET life = 150 WHERE UID = $uid";
                                $rs_life = mysqli_query($db_conn, $sql);
                                if ($rs_life == false)
                                {
                                        $result_set["return"]["code"] = -2;
                                        $result_set["return"]["message"] = "Update user life error: " . mysqli_error($db_conn);

                                        mysqli_close($db_conn);
                                        exit(json_encode($result_set));
                                }
                        }
                        else
                        {
                                $verified = $row["verified"];
                        }

                        $sql = "UPDATE user_list SET password = SHA2('$password_new', 256),
                                        temp_password = '', verified = $verified WHERE UID = $uid";
                        $rs_p = mysqli_query($db_conn, $sql);
                        if ($rs_p == false)
                        {
                                $result_set["return"]["code"] = -2;
                                $result_set["return"]["message"] = "Update password error: " . mysqli_error($db_conn);

                                mysqli_close($db_conn);
                                exit(json_encode($result_set));
                        }
                }
                else if ($row["old_pass"])
                {
                        $sql = "UPDATE user_list SET password = SHA2('$password', 256) WHERE UID = $uid";
                        $rs_p = mysqli_query($db_conn, $sql);
                        if ($rs_p == false)
                        {
                                $result_set["return"]["code"] = -2;
                                $result_set["return"]["message"] = "Upgrade password error: " . mysqli_error($db_conn);

                                mysqli_close($db_conn);
                                exit(json_encode($result_set));
                        }
                }

                mysqli_free_result($rs);

                // Add user login log
                $sql = "INSERT INTO user_login_log(uid, login_dt, login_ip) VALUES($uid, NOW(), '" .
                                client_addr() . "')";
                $rs = mysqli_query($db_conn, $sql);
                if ($rs == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Write log error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                // Commit transaction
                $rs = mysqli_query($db_conn, "COMMIT");
                if ($rs == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                // Forbidden user
                if (!$row["p_login"])
                {
                        $result_set["return"]["code"] = 3;
                        $result_set["return"]["message"] = "您已被封禁全站登陆权限！";

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }
        }
        else
        {
                // Log login failure
                $sql = "INSERT INTO user_err_login_log(username, password, login_dt, login_ip)
                                VALUES('$username', '$password', NOW(), '" . client_addr() . "')";

                $rs = mysqli_query($db_conn, $sql);
                if ($rs == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Write log error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                // Commit transaction
                $rs = mysqli_query($db_conn, "COMMIT");
                if ($rs == false)
                {
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                }

                $_SESSION["BBS_vn_str"] = ""; // Force change vn_str

                $result_set["return"]["code"] = 3;
                $result_set["return"]["message"] = "用户名或密码不正确";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // SET AUTOCOMMIT = 1
        $rs = mysqli_query($db_conn, "SET autocommit=1");
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        //Load User Information
        $ret = load_user_info($uid, $db_conn);
        switch($ret)
        {
                case -1:
                        $result_set["return"]["code"] = -2;
                        $result_set["return"]["message"] = "User data not found: " . mysqli_error($db_conn);

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
                case -2:
                        if (!$agreement)
                        {
                                $buffer = file_get_contents("../bbs/doc/eula.txt");

                                $result_set["return"]["code"] = 4;
                                $result_set["return"]["message"] = LML($buffer, 1024, false);

                                mysqli_close($db_conn);
                                exit(json_encode($result_set));
                        }
                        break;
                case -3:
                        $result_set["return"]["code"] = 3;
                        $result_set["return"]["message"] = "很遗憾，您已经永远离开了我们的世界……";

                        mysqli_close($db_conn);
                        exit(json_encode($result_set));
        }

        $sql = "UPDATE user_pubinfo SET visit_count = visit_count + 1,
                        last_login_dt = NOW() WHERE UID = $uid";
        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Update login info error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $_SESSION["BBS_uid"] = $uid;
        $_SESSION["BBS_username"] = $username;
        $_SESSION["BBS_login_tm"] = time();
        $_SESSION["BBS_vn_str"] = "";

        if (!keep_alive($db_conn))
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Keep alive error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        mysqli_close($db_conn);
        exit(json_encode($result_set));
1	<?php
2	require_once "../lib/db_open.inc.php";
3	require_once "../lib/lml.inc.php";
4	require_once "../lib/passwd.inc.php";
5	require_once "../lib/vn_gif.inc.php";
6	require_once "../lib/client_addr.inc.php";
7	require_once "../lib/ip_mask.inc.php";
8	require_once "./session_init.inc.php";
9	require_once "./user_login.inc.php";
10
11	$data = json_decode(file_get_contents("php://input"), true);
12
13	$username = (isset($data["username"]) ? trim($data["username"]) : "");
14	$password = (isset($data["password"]) ? trim($data["password"]) : "");
15	$ch_passwd = (isset($data["ch_passwd"]) && $data["ch_passwd"] == "1" ? 1 : 0);
16	$password_new = (isset($data["password_new"]) ? trim($data["password_new"]) : "");
17	$agreement = (isset($data["agreement"]) && $data["agreement"] == "1");
18	$mfa = (isset($data["mfa"]) && $data["mfa"] == "1" ? 1 : 0);
19	$vn_str = (isset($data["vn_str"]) ? trim($data["vn_str"]) : "");
20
21	$result_set = array(
22	"return" => array(
23	"code" => 0,
24	"message" => "",
25	"errorFields" => array(),
26	)
27	);
28
29	header("Content-Type:application/json; charset=utf-8");
30
31	// Validate input data
32	if (!preg_match("/^[A-Za-z][A-Za-z0-9_]{2,11}$/", $username))
33	{
34	$result_set["return"]["code"] = -1;
35	array_push($result_set["return"]["errorFields"], array(
36	"id" => "username",
37	"errMsg" => "不符合格式要求",
38	));
39	}
40
41	if (!preg_match("/^[A-Za-z0-9]{5,12}$/", $password))
42	{
43	$result_set["return"]["code"] = -1;
44	array_push($result_set["return"]["errorFields"], array(
45	"id" => "password",
46	"errMsg" => "不符合格式要求",
47	));
48	}
49
50	if ($ch_passwd)
51	{
52	if (!preg_match("/^[A-Za-z0-9]{6,12}$/", $password_new))
53	{
54	$result_set["return"]["code"] = -1;
55	array_push($result_set["return"]["errorFields"], array(
56	"id" => "password_new",
57	"errMsg" => "不符合格式要求",
58	));
59	}
60
61	if (!verify_pass_complexity($password_new, $username, 6))
62	{
63	$result_set["return"]["code"] = -1;
64	array_push($result_set["return"]["errorFields"], array(
65	"id" => "password_new",
66	"errMsg" => "不符合复杂性要求",
67	));
68	}
69	}
70
71	if ($mfa)
72	{
73	if ((!isset($_SESSION["BBS_vn_str"])) \|\| $_SESSION["BBS_vn_str"] == "" \|\| strcasecmp($_SESSION["BBS_vn_str"], $vn_str) != 0)
74	{
75	$result_set["return"]["code"] = -1;
76	array_push($result_set["return"]["errorFields"], array(
77	"id" => "vn_str",
78	"errMsg" => "验证码错误",
79	));
80	}
81	}
82
83	if ($result_set["return"]["code"] != 0)
84	{
85	mysqli_close($db_conn);
86	exit(json_encode($result_set));
87	}
88
89	// Begin transaction
90	$rs = mysqli_query($db_conn, "SET autocommit=0");
91	if ($rs == false)
92	{
93	$result_set["return"]["code"] = -2;
94	$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
95
96	mysqli_close($db_conn);
97	exit(json_encode($result_set));
98	}
99
100	$rs = mysqli_query($db_conn, "BEGIN");
101	if ($rs == false)
102	{
103	$result_set["return"]["code"] = -2;
104	$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
105
106	mysqli_close($db_conn);
107	exit(json_encode($result_set));
108	}
109
110	if (!$mfa)
111	{
112	// Failed login attempts from the same source (subnet /24) during certain time period
113	$sql = "SELECT COUNT(*) AS err_count FROM user_err_login_log
114	WHERE login_dt >= SUBDATE(NOW(), INTERVAL 10 MINUTE)
115	AND login_ip LIKE '" . client_addr(1) . "'";
116	$rs = mysqli_query($db_conn, $sql);
117	if ($rs == false)
118	{
119	$result_set["return"]["code"] = -2;
120	$result_set["return"]["message"] = "Query login log error: " . mysqli_error($db_conn);
121
122	mysqli_close($db_conn);
123	exit(json_encode($result_set));
124	}
125
126	if ($row = mysqli_fetch_array($rs))
127	{
128	if ($row["err_count"] >= 10)
129	{
130	$result_set["return"]["code"] = 1;
131	$result_set["return"]["message"] = "来源存在多次失败登陆尝试，请输入验证码";
132
133	mysqli_close($db_conn);
134	exit(json_encode($result_set));
135	}
136	}
137	mysqli_free_result($rs);
138
139	// Failed login attempts against the current username since last successful login
140	$sql = "SELECT COUNT(*) AS err_count FROM user_err_login_log
141	LEFT JOIN user_list ON user_err_login_log.username = user_list.username
142	LEFT JOIN user_pubinfo ON user_list.UID = user_pubinfo.UID
143	WHERE user_err_login_log.username = '$username'
144	AND (user_err_login_log.login_dt >= user_pubinfo.last_login_dt
145	OR user_pubinfo.last_login_dt IS NULL)";
146	$rs = mysqli_query($db_conn, $sql);
147	if ($rs == false)
148	{
149	$result_set["return"]["code"] = -2;
150	$result_set["return"]["message"] = "Query login log error: " . mysqli_error($db_conn);
151
152	mysqli_close($db_conn);
153	exit(json_encode($result_set));
154	}
155
156	if ($row = mysqli_fetch_array($rs))
157	{
158	if ($row["err_count"] >= 3)
159	{
160	$result_set["return"]["code"] = 1;
161	$result_set["return"]["message"] = "账户存在多次失败登陆尝试，请输入验证码";
162
163	mysqli_close($db_conn);
164	exit(json_encode($result_set));
165	}
166	}
167	mysqli_free_result($rs);
168	}
169
170	$sql = "SELECT UID, username, p_login, verified, temp_password,
171	password = MD5('$password') AS old_pass,
172	(temp_password = SHA2('$password', 256) OR temp_password = '$password') AS temp_pass
173	FROM user_list WHERE username = '$username' AND
174	(password = MD5('$password') OR password = SHA2('$password', 256) OR
175	temp_password = SHA2('$password', 256) OR temp_password = '$password')
176	AND enable FOR UPDATE";
177
178	$rs = mysqli_query($db_conn, $sql);
179	if ($rs == false)
180	{
181	$result_set["return"]["code"] = -2;
182	$result_set["return"]["message"] = "Query user list error: " . mysqli_error($db_conn);
183
184	mysqli_close($db_conn);
185	exit(json_encode($result_set));
186	}
187
188	$uid = 0;
189
190	if ($row = mysqli_fetch_array($rs))
191	{
192	$uid = intval($row["UID"]);
193	$username = $row["username"];
194
195	if ($row["temp_pass"] && !$ch_passwd)
196	{
197	$result_set["return"]["code"] = 2;
198	$result_set["return"]["message"] = "使用临时密码登录需设置新密码";
199
200	mysqli_close($db_conn);
201	exit(json_encode($result_set));
202	}
203
204	if ($ch_passwd)
205	{
206	if ($row["temp_pass"]) // Login with temp password
207	{
208	$verified = 1;
209
210	// Set life = 150 for verified user
211	$sql = "UPDATE user_pubinfo SET life = 150 WHERE UID = $uid";
212	$rs_life = mysqli_query($db_conn, $sql);
213	if ($rs_life == false)
214	{
215	$result_set["return"]["code"] = -2;
216	$result_set["return"]["message"] = "Update user life error: " . mysqli_error($db_conn);
217
218	mysqli_close($db_conn);
219	exit(json_encode($result_set));
220	}
221	}
222	else
223	{
224	$verified = $row["verified"];
225	}
226
227	$sql = "UPDATE user_list SET password = SHA2('$password_new', 256),
228	temp_password = '', verified = $verified WHERE UID = $uid";
229	$rs_p = mysqli_query($db_conn, $sql);
230	if ($rs_p == false)
231	{
232	$result_set["return"]["code"] = -2;
233	$result_set["return"]["message"] = "Update password error: " . mysqli_error($db_conn);
234
235	mysqli_close($db_conn);
236	exit(json_encode($result_set));
237	}
238	}
239	else if ($row["old_pass"])
240	{
241	$sql = "UPDATE user_list SET password = SHA2('$password', 256) WHERE UID = $uid";
242	$rs_p = mysqli_query($db_conn, $sql);
243	if ($rs_p == false)
244	{
245	$result_set["return"]["code"] = -2;
246	$result_set["return"]["message"] = "Upgrade password error: " . mysqli_error($db_conn);
247
248	mysqli_close($db_conn);
249	exit(json_encode($result_set));
250	}
251	}
252
253	mysqli_free_result($rs);
254
255	// Add user login log
256	$sql = "INSERT INTO user_login_log(uid, login_dt, login_ip) VALUES($uid, NOW(), '" .
257	client_addr() . "')";
258	$rs = mysqli_query($db_conn, $sql);
259	if ($rs == false)
260	{
261	$result_set["return"]["code"] = -2;
262	$result_set["return"]["message"] = "Write log error: " . mysqli_error($db_conn);
263
264	mysqli_close($db_conn);
265	exit(json_encode($result_set));
266	}
267
268	// Commit transaction
269	$rs = mysqli_query($db_conn, "COMMIT");
270	if ($rs == false)
271	{
272	$result_set["return"]["code"] = -2;
273	$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
274
275	mysqli_close($db_conn);
276	exit(json_encode($result_set));
277	}
278
279	// Forbidden user
280	if (!$row["p_login"])
281	{
282	$result_set["return"]["code"] = 3;
283	$result_set["return"]["message"] = "您已被封禁全站登陆权限！";
284
285	mysqli_close($db_conn);
286	exit(json_encode($result_set));
287	}
288	}
289	else
290	{
291	// Log login failure
292	$sql = "INSERT INTO user_err_login_log(username, password, login_dt, login_ip)
293	VALUES('$username', '$password', NOW(), '" . client_addr() . "')";
294
295	$rs = mysqli_query($db_conn, $sql);
296	if ($rs == false)
297	{
298	$result_set["return"]["code"] = -2;
299	$result_set["return"]["message"] = "Write log error: " . mysqli_error($db_conn);
300
301	mysqli_close($db_conn);
302	exit(json_encode($result_set));
303	}
304
305	// Commit transaction
306	$rs = mysqli_query($db_conn, "COMMIT");
307	if ($rs == false)
308	{
309	$result_set["return"]["code"] = -2;
310	$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
311
312	mysqli_close($db_conn);
313	exit(json_encode($result_set));
314	}
315
316	$_SESSION["BBS_vn_str"] = ""; // Force change vn_str
317
318	$result_set["return"]["code"] = 3;
319	$result_set["return"]["message"] = "用户名或密码不正确";
320
321	mysqli_close($db_conn);
322	exit(json_encode($result_set));
323	}
324
325	// SET AUTOCOMMIT = 1
326	$rs = mysqli_query($db_conn, "SET autocommit=1");
327	if ($rs == false)
328	{
329	$result_set["return"]["code"] = -2;
330	$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
331
332	mysqli_close($db_conn);
333	exit(json_encode($result_set));
334	}
335
336	//Load User Information
337	$ret = load_user_info($uid, $db_conn);
338	switch($ret)
339	{
340	case -1:
341	$result_set["return"]["code"] = -2;
342	$result_set["return"]["message"] = "User data not found: " . mysqli_error($db_conn);
343
344	mysqli_close($db_conn);
345	exit(json_encode($result_set));
346	case -2:
347	if (!$agreement)
348	{
349	$buffer = file_get_contents("../bbs/doc/eula.txt");
350
351	$result_set["return"]["code"] = 4;
352	$result_set["return"]["message"] = LML($buffer, 1024, false);
353
354	mysqli_close($db_conn);
355	exit(json_encode($result_set));
356	}
357	break;
358	case -3:
359	$result_set["return"]["code"] = 3;
360	$result_set["return"]["message"] = "很遗憾，您已经永远离开了我们的世界……";
361
362	mysqli_close($db_conn);
363	exit(json_encode($result_set));
364	}
365
366	$sql = "UPDATE user_pubinfo SET visit_count = visit_count + 1,
367	last_login_dt = NOW() WHERE UID = $uid";
368	$rs = mysqli_query($db_conn, $sql);
369	if ($rs == false)
370	{
371	$result_set["return"]["code"] = -2;
372	$result_set["return"]["message"] = "Update login info error: " . mysqli_error($db_conn);
373
374	mysqli_close($db_conn);
375	exit(json_encode($result_set));
376	}
377
378	$_SESSION["BBS_uid"] = $uid;
379	$_SESSION["BBS_username"] = $username;
380	$_SESSION["BBS_login_tm"] = time();
381	$_SESSION["BBS_vn_str"] = "";
382
383	if (!keep_alive($db_conn))
384	{
385	$result_set["return"]["code"] = -2;
386	$result_set["return"]["message"] = "Keep alive error: " . mysqli_error($db_conn);
387
388	mysqli_close($db_conn);
389	exit(json_encode($result_set));
390	}
391
392	mysqli_close($db_conn);
393	exit(json_encode($result_set));
webmaster@leafok.com	ViewVC Help
Powered by ViewVC 1.3.0-beta1