/[LeafOK_CVS]/lbbs/src/login.c
ViewVC logotype

Annotation of /lbbs/src/login.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.49 - (hide annotations)
Wed Jul 2 04:17:33 2025 UTC (8 months, 2 weeks ago) by sysadm
Branch: MAIN
Changes since 1.48: +11 -11 lines
Content type: text/x-csrc 
Support UTF8 instead of GBK
1 sysadm 1.1 /***************************************************************************
2 sysadm 1.11 login.c - description
3     -------------------
4 sysadm 1.20 Copyright : (C) 2004-2025 by Leaflet
5     Email : leaflet@leafok.com
6 sysadm 1.1 ***************************************************************************/
7    
8     /***************************************************************************
9     * *
10     * This program is free software; you can redistribute it and/or modify *
11     * it under the terms of the GNU General Public License as published by *
12 sysadm 1.20 * the Free Software Foundation; either version 3 of the License, or *
13 sysadm 1.1 * (at your option) any later version. *
14     * *
15     ***************************************************************************/
16    
17     #include "bbs.h"
18     #include "common.h"
19 sysadm 1.48 #include "database.h"
20     #include "io.h"
21 sysadm 1.14 #include "log.h"
22 sysadm 1.48 #include "login.h"
23 sysadm 1.14 #include "screen.h"
24 sysadm 1.48 #include "user_priv.h"
25     #include <ctype.h>
26 sysadm 1.34 #include <errno.h>
27 sysadm 1.48 #include <stdlib.h>
28 sysadm 1.14 #include <string.h>
29 sysadm 1.3 #include <regex.h>
30 sysadm 1.14 #include <unistd.h>
31 sysadm 1.36 #include <mysql/mysql.h>
32 sysadm 1.1
33 sysadm 1.41 int bbs_login(void)
34 sysadm 1.1 {
35 sysadm 1.15 char username[BBS_username_max_len + 1];
36     char password[BBS_password_max_len + 1];
37 sysadm 1.37 int i = 0;
38 sysadm 1.16 int ok = 0;
39 sysadm 1.2
40 sysadm 1.37 for (; !SYS_server_exit && !ok && i < BBS_login_retry_times; i++)
41 sysadm 1.11 {
42 sysadm 1.49 prints("\033[1;33m请输入帐号\033[m(试用请输入`\033[1;36mguest\033[m', "
43     "注册请输入`\033[1;31mnew\033[m'): ");
44 sysadm 1.11 iflush();
45    
46 sysadm 1.24 if (str_input(username, sizeof(username), DOECHO) < 0)
47     {
48     continue;
49     }
50 sysadm 1.11
51     if (strcmp(username, "guest") == 0)
52     {
53 sysadm 1.41 load_guest_info();
54 sysadm 1.14
55 sysadm 1.11 return 0;
56     }
57    
58     if (strcmp(username, "new") == 0)
59     {
60 sysadm 1.42 display_file(DATA_REGISTER, 1);
61 sysadm 1.30
62     return 0;
63 sysadm 1.11 }
64    
65 sysadm 1.17 if (username[0] != '\0')
66 sysadm 1.11 {
67 sysadm 1.49 prints("\033[1;37m请输入密码\033[m: ");
68 sysadm 1.11 iflush();
69    
70 sysadm 1.24 if (str_input(password, sizeof(password), NOECHO) < 0)
71     {
72     continue;
73     }
74 sysadm 1.11
75 sysadm 1.41 ok = (check_user(username, password) == 0);
76 sysadm 1.31 iflush();
77 sysadm 1.11 }
78 sysadm 1.24 }
79    
80     if (!ok)
81     {
82 sysadm 1.42 display_file(DATA_LOGIN_ERROR, 1);
83 sysadm 1.24 return -1;
84 sysadm 1.11 }
85 sysadm 1.2
86 sysadm 1.38 log_common("User \"%s\"(%ld) login from %s:%d\n",
87 sysadm 1.39 BBS_username, BBS_priv.uid, hostaddr_client, port_client);
88 sysadm 1.28
89 sysadm 1.11 return 0;
90     }
91 sysadm 1.2
92 sysadm 1.41 int check_user(const char *username, const char *password)
93 sysadm 1.11 {
94 sysadm 1.44 MYSQL *db = NULL;
95     MYSQL_RES *rs = NULL;
96 sysadm 1.11 MYSQL_ROW row;
97 sysadm 1.15 char sql[SQL_BUFFER_LEN];
98 sysadm 1.44 int ret = 0;
99 sysadm 1.40 int BBS_uid = 0;
100 sysadm 1.22 char client_addr[IP_ADDR_LEN];
101 sysadm 1.27 int i;
102     int ok = 1;
103 sysadm 1.34 char user_tz_env[BBS_user_tz_max_len + 2];
104 sysadm 1.11
105 sysadm 1.41 db = db_open();
106     if (db == NULL)
107     {
108 sysadm 1.44 ret = -1;
109     goto cleanup;
110 sysadm 1.41 }
111    
112 sysadm 1.11 // Verify format
113 sysadm 1.27 for (i = 0; ok && username[i] != '\0'; i++)
114     {
115     if (!(isalpha(username[i]) || (i > 0 && isdigit(username[i]))))
116     {
117     ok = 0;
118     }
119     }
120     if (ok && (i < 3 || i > 12))
121     {
122     ok = 0;
123     }
124     for (i = 0; ok && password[i] != '\0'; i++)
125     {
126     if (!isalnum(password[i]))
127     {
128     ok = 0;
129     }
130     }
131     if (ok && (i < 5 || i > 12))
132     {
133     ok = 0;
134     }
135    
136     if (!ok)
137 sysadm 1.5 {
138 sysadm 1.49 prints("\033[1;31m用户名或密码格式错误...\033[m\r\n");
139 sysadm 1.44 ret = 1;
140     goto cleanup;
141 sysadm 1.5 }
142    
143 sysadm 1.13 // Begin transaction
144     if (mysql_query(db, "SET autocommit=0") != 0)
145     {
146 sysadm 1.33 log_error("SET autocommit=0 error: %s\n", mysql_error(db));
147 sysadm 1.44 ret = -1;
148     goto cleanup;
149 sysadm 1.13 }
150    
151     if (mysql_query(db, "BEGIN") != 0)
152     {
153 sysadm 1.33 log_error("Begin transaction error: %s\n", mysql_error(db));
154 sysadm 1.44 ret = -1;
155     goto cleanup;
156 sysadm 1.13 }
157    
158 sysadm 1.22 // Failed login attempts from the same source (subnet /24) during certain time period
159     strncpy(client_addr, hostaddr_client, sizeof(client_addr) - 1);
160     client_addr[sizeof(client_addr) - 1] = '\0';
161    
162     snprintf(sql, sizeof(sql),
163     "SELECT COUNT(*) AS err_count FROM user_err_login_log "
164 sysadm 1.44 "WHERE login_dt >= SUBDATE(NOW(), INTERVAL %d MINUTE) "
165 sysadm 1.22 "AND login_ip LIKE '%s'",
166 sysadm 1.44 BBS_login_failures_count_interval,
167 sysadm 1.22 ip_mask(client_addr, 1, '%'));
168     if (mysql_query(db, sql) != 0)
169     {
170 sysadm 1.33 log_error("Query user_list error: %s\n", mysql_error(db));
171 sysadm 1.44 ret = -1;
172     goto cleanup;
173 sysadm 1.22 }
174     if ((rs = mysql_store_result(db)) == NULL)
175     {
176     log_error("Get user_list data failed\n");
177 sysadm 1.44 ret = -1;
178     goto cleanup;
179 sysadm 1.22 }
180     if ((row = mysql_fetch_row(rs)))
181     {
182 sysadm 1.44 if (atoi(row[0]) > BBS_allowed_login_failures_within_interval)
183 sysadm 1.22 {
184 sysadm 1.49 prints("\033[1;31m来源存在多次失败登陆尝试,请稍后再试\033[m\r\n");
185 sysadm 1.44 ret = 1;
186     goto cleanup;
187 sysadm 1.22 }
188     }
189     mysql_free_result(rs);
190 sysadm 1.44 rs = NULL;
191 sysadm 1.22
192     // Failed login attempts against the current username during certain time period
193     snprintf(sql, sizeof(sql),
194     "SELECT COUNT(*) AS err_count FROM user_err_login_log "
195     "WHERE username = '%s' AND login_dt >= SUBDATE(NOW(), INTERVAL 1 DAY)",
196     username);
197     if (mysql_query(db, sql) != 0)
198     {
199 sysadm 1.33 log_error("Query user_list error: %s\n", mysql_error(db));
200 sysadm 1.44 ret = -1;
201     goto cleanup;
202 sysadm 1.22 }
203     if ((rs = mysql_store_result(db)) == NULL)
204     {
205     log_error("Get user_list data failed\n");
206 sysadm 1.44 ret = -1;
207     goto cleanup;
208 sysadm 1.22 }
209     if ((row = mysql_fetch_row(rs)))
210     {
211     if (atoi(row[0]) >= 5)
212     {
213 sysadm 1.49 prints("\033[1;31m账户存在多次失败登陆尝试,请使用Web方式登录\033[m\r\n");
214 sysadm 1.44 ret = 1;
215     goto cleanup;
216 sysadm 1.22 }
217     }
218     mysql_free_result(rs);
219 sysadm 1.44 rs = NULL;
220 sysadm 1.22
221 sysadm 1.18 snprintf(sql, sizeof(sql),
222 sysadm 1.22 "SELECT UID, username, p_login FROM user_list "
223     "WHERE username = '%s' AND password = SHA2('%s', 256) AND enable",
224     username, password);
225 sysadm 1.11 if (mysql_query(db, sql) != 0)
226     {
227 sysadm 1.33 log_error("Query user_list error: %s\n", mysql_error(db));
228 sysadm 1.44 ret = -1;
229     goto cleanup;
230 sysadm 1.11 }
231     if ((rs = mysql_store_result(db)) == NULL)
232 sysadm 1.2 {
233 sysadm 1.11 log_error("Get user_list data failed\n");
234 sysadm 1.44 ret = -1;
235     goto cleanup;
236 sysadm 1.11 }
237 sysadm 1.15 if ((row = mysql_fetch_row(rs)))
238 sysadm 1.11 {
239 sysadm 1.40 BBS_uid = atoi(row[0]);
240 sysadm 1.17 strncpy(BBS_username, row[1], sizeof(BBS_username) - 1);
241     BBS_username[sizeof(BBS_username) - 1] = '\0';
242 sysadm 1.13 int p_login = atoi(row[2]);
243    
244     mysql_free_result(rs);
245 sysadm 1.44 rs = NULL;
246 sysadm 1.13
247     // Add user login log
248 sysadm 1.18 snprintf(sql, sizeof(sql),
249 sysadm 1.22 "INSERT INTO user_login_log(UID, login_dt, login_ip) "
250 sysadm 1.40 "VALUES(%d, NOW(), '%s')",
251 sysadm 1.22 BBS_uid, hostaddr_client);
252 sysadm 1.13 if (mysql_query(db, sql) != 0)
253     {
254 sysadm 1.33 log_error("Insert into user_login_log error: %s\n", mysql_error(db));
255 sysadm 1.44 ret = -1;
256     goto cleanup;
257 sysadm 1.13 }
258    
259     // Commit transaction
260     if (mysql_query(db, "COMMIT") != 0)
261     {
262 sysadm 1.33 log_error("Commit transaction error: %s\n", mysql_error(db));
263 sysadm 1.44 ret = -1;
264     goto cleanup;
265 sysadm 1.13 }
266    
267     if (p_login == 0)
268 sysadm 1.11 {
269 sysadm 1.49 prints("\033[1;31m您目前无权登陆...\033[m\r\n");
270 sysadm 1.44 ret = 1;
271     goto cleanup;
272 sysadm 1.11 }
273     }
274     else
275     {
276     mysql_free_result(rs);
277 sysadm 1.44 rs = NULL;
278 sysadm 1.2
279 sysadm 1.18 snprintf(sql, sizeof(sql),
280 sysadm 1.22 "INSERT INTO user_err_login_log(username, password, login_dt, login_ip) "
281     "VALUES('%s', '%s', NOW(), '%s')",
282     username, password, hostaddr_client);
283 sysadm 1.11 if (mysql_query(db, sql) != 0)
284     {
285 sysadm 1.33 log_error("Insert into user_err_login_log error: %s\n", mysql_error(db));
286 sysadm 1.44 ret = -1;
287     goto cleanup;
288 sysadm 1.11 }
289    
290 sysadm 1.13 // Commit transaction
291     if (mysql_query(db, "COMMIT") != 0)
292     {
293 sysadm 1.33 log_error("Commit transaction error: %s\n", mysql_error(db));
294 sysadm 1.44 ret = -1;
295     goto cleanup;
296 sysadm 1.13 }
297    
298 sysadm 1.49 prints("\033[1;31m错误的用户名或密码...\033[m\r\n");
299 sysadm 1.44 ret = 1;
300     goto cleanup;
301 sysadm 1.11 }
302 sysadm 1.13
303     // Set AUTOCOMMIT = 1
304     if (mysql_query(db, "SET autocommit=1") != 0)
305     {
306 sysadm 1.33 log_error("SET autocommit=1 error: %s\n", mysql_error(db));
307 sysadm 1.44 ret = -1;
308     goto cleanup;
309 sysadm 1.13 }
310 sysadm 1.2
311 sysadm 1.11 ret = load_user_info(db, BBS_uid);
312    
313     switch (ret)
314 sysadm 1.2 {
315 sysadm 1.11 case 0: // Login successfully
316     break;
317     case -1: // Load data error
318 sysadm 1.49 prints("\033[1;31m读取用户数据错误...\033[m\r\n");
319 sysadm 1.44 ret = -1;
320     goto cleanup;
321 sysadm 1.11 case -2: // Unused
322 sysadm 1.49 prints("\033[1;31m请通过Web登录更新用户许可协议...\033[m\r\n");
323 sysadm 1.44 ret = 1;
324     goto cleanup;
325 sysadm 1.11 case -3: // Dead
326 sysadm 1.49 prints("\033[1;31m很遗憾,您已经永远离开了我们的世界!\033[m\r\n");
327 sysadm 1.44 ret = 1;
328     goto cleanup;
329 sysadm 1.11 default:
330 sysadm 1.44 ret = -2;
331     goto cleanup;
332 sysadm 1.2 }
333    
334 sysadm 1.18 snprintf(sql, sizeof(sql),
335 sysadm 1.22 "UPDATE user_pubinfo SET visit_count = visit_count + 1, "
336 sysadm 1.40 "last_login_dt = NOW() WHERE UID = %d",
337 sysadm 1.22 BBS_uid);
338 sysadm 1.13 if (mysql_query(db, sql) != 0)
339     {
340 sysadm 1.33 log_error("Update user_pubinfo error: %s\n", mysql_error(db));
341 sysadm 1.44 ret = -1;
342     goto cleanup;
343 sysadm 1.13 }
344    
345 sysadm 1.15 if (user_online_add(db) != 0)
346     {
347 sysadm 1.44 ret = -1;
348     goto cleanup;
349 sysadm 1.15 }
350    
351 sysadm 1.45 BBS_last_access_tm = BBS_login_tm = time(NULL);
352 sysadm 1.13
353 sysadm 1.34 // Set user tz to process env
354     if (BBS_user_tz[0] != '\0')
355     {
356     user_tz_env[0] = ':';
357     strncpy(user_tz_env + 1, BBS_user_tz, sizeof(user_tz_env) - 2);
358     user_tz_env[sizeof(user_tz_env) - 1] = '\0';
359    
360     if (setenv("TZ", user_tz_env, 1) == -1)
361     {
362     log_error("setenv(TZ = %s) error %d\n", user_tz_env, errno);
363     return -3;
364     }
365    
366     tzset();
367     }
368    
369 sysadm 1.44 cleanup:
370     mysql_free_result(rs);
371 sysadm 1.41 mysql_close(db);
372    
373 sysadm 1.44 return ret;
374 sysadm 1.1 }
375 sysadm 1.2
376 sysadm 1.40 int load_user_info(MYSQL *db, int BBS_uid)
377 sysadm 1.3 {
378 sysadm 1.44 MYSQL_RES *rs = NULL;
379 sysadm 1.11 MYSQL_ROW row;
380 sysadm 1.15 char sql[SQL_BUFFER_LEN];
381 sysadm 1.11 int life;
382     time_t last_login_dt;
383 sysadm 1.44 int ret = 0;
384 sysadm 1.11
385 sysadm 1.18 snprintf(sql, sizeof(sql),
386 sysadm 1.43 "SELECT life, UNIX_TIMESTAMP(last_login_dt), user_timezone, exp, nickname "
387 sysadm 1.40 "FROM user_pubinfo WHERE UID = %d",
388 sysadm 1.22 BBS_uid);
389 sysadm 1.11 if (mysql_query(db, sql) != 0)
390     {
391 sysadm 1.33 log_error("Query user_pubinfo error: %s\n", mysql_error(db));
392 sysadm 1.44 ret = -1;
393     goto cleanup;
394 sysadm 1.11 }
395     if ((rs = mysql_store_result(db)) == NULL)
396     {
397     log_error("Get user_pubinfo data failed\n");
398 sysadm 1.44 ret = -1;
399     goto cleanup;
400 sysadm 1.11 }
401 sysadm 1.15 if ((row = mysql_fetch_row(rs)))
402 sysadm 1.11 {
403     life = atoi(row[0]);
404     last_login_dt = (time_t)atol(row[1]);
405 sysadm 1.34
406     strncpy(BBS_user_tz, row[2], sizeof(BBS_user_tz) - 1);
407     BBS_user_tz[sizeof(BBS_user_tz) - 1] = '\0';
408 sysadm 1.43
409     BBS_user_exp = atoi(row[3]);
410    
411     strncpy(BBS_nickname, row[4], sizeof(BBS_nickname));
412     BBS_nickname[sizeof(BBS_nickname) - 1] = '\0';
413 sysadm 1.11 }
414     else
415     {
416 sysadm 1.44 ret = -1; // Data not found
417     goto cleanup;
418 sysadm 1.11 }
419     mysql_free_result(rs);
420 sysadm 1.44 rs = NULL;
421 sysadm 1.3
422 sysadm 1.13 if (life != 333 && life != 365 && life != 666 && life != 999 && // Not immortal
423 sysadm 1.45 time(NULL) - last_login_dt > 60 * 60 * 24 * life)
424 sysadm 1.11 {
425 sysadm 1.44 ret = -3; // Dead
426     goto cleanup;
427 sysadm 1.11 }
428 sysadm 1.5
429 sysadm 1.15 if (load_priv(db, &BBS_priv, BBS_uid) != 0)
430     {
431 sysadm 1.44 ret = -1;
432     goto cleanup;
433 sysadm 1.15 }
434 sysadm 1.11
435 sysadm 1.44 cleanup:
436     mysql_free_result(rs);
437    
438     return ret;
439 sysadm 1.2 }
440 sysadm 1.5
441 sysadm 1.41 int load_guest_info(void)
442 sysadm 1.5 {
443 sysadm 1.44 MYSQL *db = NULL;
444     int ret = 0;
445 sysadm 1.41
446     db = db_open();
447     if (db == NULL)
448     {
449 sysadm 1.44 ret = -1;
450     goto cleanup;
451 sysadm 1.41 }
452    
453 sysadm 1.17 strncpy(BBS_username, "guest", sizeof(BBS_username) - 1);
454     BBS_username[sizeof(BBS_username) - 1] = '\0';
455 sysadm 1.5
456 sysadm 1.43 BBS_user_exp = 0;
457    
458     strncpy(BBS_nickname, "Guest", sizeof(BBS_nickname));
459     BBS_nickname[sizeof(BBS_nickname) - 1] = '\0';
460    
461 sysadm 1.15 if (load_priv(db, &BBS_priv, 0) != 0)
462     {
463 sysadm 1.44 ret = -1;
464     goto cleanup;
465 sysadm 1.15 }
466 sysadm 1.6
467 sysadm 1.15 if (user_online_add(db) != 0)
468     {
469 sysadm 1.44 ret = -1;
470     goto cleanup;
471 sysadm 1.15 }
472 sysadm 1.5
473 sysadm 1.45 BBS_last_access_tm = BBS_login_tm = time(NULL);
474 sysadm 1.5
475 sysadm 1.44 cleanup:
476 sysadm 1.41 mysql_close(db);
477 sysadm 1.44
478     return ret;
479 sysadm 1.5 }
480 sysadm 1.15
481     int user_online_add(MYSQL *db)
482     {
483     char sql[SQL_BUFFER_LEN];
484    
485     if (user_online_del(db) != 0)
486     {
487     return -1;
488     }
489    
490 sysadm 1.18 snprintf(sql, sizeof(sql),
491 sysadm 1.22 "INSERT INTO user_online(SID, UID, ip, login_tm, last_tm) "
492 sysadm 1.40 "VALUES('Telnet_Process_%d', %d, '%s', NOW(), NOW())",
493 sysadm 1.22 getpid(), BBS_priv.uid, hostaddr_client);
494 sysadm 1.15 if (mysql_query(db, sql) != 0)
495     {
496 sysadm 1.33 log_error("Add user_online error: %s\n", mysql_error(db));
497 sysadm 1.15 return -1;
498     }
499    
500     return 0;
501     }
502    
503     int user_online_del(MYSQL *db)
504     {
505     char sql[SQL_BUFFER_LEN];
506    
507 sysadm 1.18 snprintf(sql, sizeof(sql),
508 sysadm 1.22 "DELETE FROM user_online WHERE SID = 'Telnet_Process_%d'",
509     getpid());
510 sysadm 1.15 if (mysql_query(db, sql) != 0)
511     {
512 sysadm 1.33 log_error("Delete user_online error: %s\n", mysql_error(db));
513 sysadm 1.15 return -1;
514     }
515    
516     return 0;
517     }
518 sysadm 1.47
519     int user_online_update(const char *action)
520     {
521     MYSQL *db = NULL;
522     char sql[SQL_BUFFER_LEN];
523    
524     if (strcmp(BBS_current_action, action) == 0) // No change
525     {
526     return 0;
527     }
528    
529     strncpy(BBS_current_action, action, sizeof(BBS_current_action) - 1);
530     BBS_current_action[sizeof(BBS_current_action) - 1] = '\0';
531    
532     db = db_open();
533     if (db == NULL)
534     {
535     log_error("db_open() error: %s\n", mysql_error(db));
536     return -1;
537     }
538    
539     snprintf(sql, sizeof(sql),
540     "UPDATE user_online SET current_action = '%s', last_tm=NOW() "
541     "WHERE SID = 'Telnet_Process_%d'",
542     BBS_current_action, getpid());
543     if (mysql_query(db, sql) != 0)
544     {
545     log_error("Update user_online error: %s\n", mysql_error(db));
546     return -2;
547     }
548    
549     mysql_close(db);
550    
551     return 1;
552     }
webmaster@leafok.com
 ViewVC Help
Powered by ViewVC 1.3.0-beta1