/[LeafOK_CVS]/lbbs/src/login.c
ViewVC logotype

Annotation of /lbbs/src/login.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.50 - (hide annotations)
Wed Jul 23 01:18:00 2025 UTC (7 months, 3 weeks ago) by sysadm
Branch: MAIN
Changes since 1.49: +1 -0 lines
Content type: text/x-csrc 
Move ip_mask() to dedicated ip_mask.c(.h) files
1 sysadm 1.1 /***************************************************************************
2 sysadm 1.11 login.c - description
3     -------------------
4 sysadm 1.20 Copyright : (C) 2004-2025 by Leaflet
5     Email : leaflet@leafok.com
6 sysadm 1.1 ***************************************************************************/
7    
8     /***************************************************************************
9     * *
10     * This program is free software; you can redistribute it and/or modify *
11     * it under the terms of the GNU General Public License as published by *
12 sysadm 1.20 * the Free Software Foundation; either version 3 of the License, or *
13 sysadm 1.1 * (at your option) any later version. *
14     * *
15     ***************************************************************************/
16    
17     #include "bbs.h"
18     #include "common.h"
19 sysadm 1.48 #include "database.h"
20     #include "io.h"
21 sysadm 1.50 #include "ip_mask.h"
22 sysadm 1.14 #include "log.h"
23 sysadm 1.48 #include "login.h"
24 sysadm 1.14 #include "screen.h"
25 sysadm 1.48 #include "user_priv.h"
26     #include <ctype.h>
27 sysadm 1.34 #include <errno.h>
28 sysadm 1.48 #include <stdlib.h>
29 sysadm 1.14 #include <string.h>
30 sysadm 1.3 #include <regex.h>
31 sysadm 1.14 #include <unistd.h>
32 sysadm 1.36 #include <mysql/mysql.h>
33 sysadm 1.1
34 sysadm 1.41 int bbs_login(void)
35 sysadm 1.1 {
36 sysadm 1.15 char username[BBS_username_max_len + 1];
37     char password[BBS_password_max_len + 1];
38 sysadm 1.37 int i = 0;
39 sysadm 1.16 int ok = 0;
40 sysadm 1.2
41 sysadm 1.37 for (; !SYS_server_exit && !ok && i < BBS_login_retry_times; i++)
42 sysadm 1.11 {
43 sysadm 1.49 prints("\033[1;33m请输入帐号\033[m(试用请输入`\033[1;36mguest\033[m', "
44     "注册请输入`\033[1;31mnew\033[m'): ");
45 sysadm 1.11 iflush();
46    
47 sysadm 1.24 if (str_input(username, sizeof(username), DOECHO) < 0)
48     {
49     continue;
50     }
51 sysadm 1.11
52     if (strcmp(username, "guest") == 0)
53     {
54 sysadm 1.41 load_guest_info();
55 sysadm 1.14
56 sysadm 1.11 return 0;
57     }
58    
59     if (strcmp(username, "new") == 0)
60     {
61 sysadm 1.42 display_file(DATA_REGISTER, 1);
62 sysadm 1.30
63     return 0;
64 sysadm 1.11 }
65    
66 sysadm 1.17 if (username[0] != '\0')
67 sysadm 1.11 {
68 sysadm 1.49 prints("\033[1;37m请输入密码\033[m: ");
69 sysadm 1.11 iflush();
70    
71 sysadm 1.24 if (str_input(password, sizeof(password), NOECHO) < 0)
72     {
73     continue;
74     }
75 sysadm 1.11
76 sysadm 1.41 ok = (check_user(username, password) == 0);
77 sysadm 1.31 iflush();
78 sysadm 1.11 }
79 sysadm 1.24 }
80    
81     if (!ok)
82     {
83 sysadm 1.42 display_file(DATA_LOGIN_ERROR, 1);
84 sysadm 1.24 return -1;
85 sysadm 1.11 }
86 sysadm 1.2
87 sysadm 1.38 log_common("User \"%s\"(%ld) login from %s:%d\n",
88 sysadm 1.39 BBS_username, BBS_priv.uid, hostaddr_client, port_client);
89 sysadm 1.28
90 sysadm 1.11 return 0;
91     }
92 sysadm 1.2
93 sysadm 1.41 int check_user(const char *username, const char *password)
94 sysadm 1.11 {
95 sysadm 1.44 MYSQL *db = NULL;
96     MYSQL_RES *rs = NULL;
97 sysadm 1.11 MYSQL_ROW row;
98 sysadm 1.15 char sql[SQL_BUFFER_LEN];
99 sysadm 1.44 int ret = 0;
100 sysadm 1.40 int BBS_uid = 0;
101 sysadm 1.22 char client_addr[IP_ADDR_LEN];
102 sysadm 1.27 int i;
103     int ok = 1;
104 sysadm 1.34 char user_tz_env[BBS_user_tz_max_len + 2];
105 sysadm 1.11
106 sysadm 1.41 db = db_open();
107     if (db == NULL)
108     {
109 sysadm 1.44 ret = -1;
110     goto cleanup;
111 sysadm 1.41 }
112    
113 sysadm 1.11 // Verify format
114 sysadm 1.27 for (i = 0; ok && username[i] != '\0'; i++)
115     {
116     if (!(isalpha(username[i]) || (i > 0 && isdigit(username[i]))))
117     {
118     ok = 0;
119     }
120     }
121     if (ok && (i < 3 || i > 12))
122     {
123     ok = 0;
124     }
125     for (i = 0; ok && password[i] != '\0'; i++)
126     {
127     if (!isalnum(password[i]))
128     {
129     ok = 0;
130     }
131     }
132     if (ok && (i < 5 || i > 12))
133     {
134     ok = 0;
135     }
136    
137     if (!ok)
138 sysadm 1.5 {
139 sysadm 1.49 prints("\033[1;31m用户名或密码格式错误...\033[m\r\n");
140 sysadm 1.44 ret = 1;
141     goto cleanup;
142 sysadm 1.5 }
143    
144 sysadm 1.13 // Begin transaction
145     if (mysql_query(db, "SET autocommit=0") != 0)
146     {
147 sysadm 1.33 log_error("SET autocommit=0 error: %s\n", mysql_error(db));
148 sysadm 1.44 ret = -1;
149     goto cleanup;
150 sysadm 1.13 }
151    
152     if (mysql_query(db, "BEGIN") != 0)
153     {
154 sysadm 1.33 log_error("Begin transaction error: %s\n", mysql_error(db));
155 sysadm 1.44 ret = -1;
156     goto cleanup;
157 sysadm 1.13 }
158    
159 sysadm 1.22 // Failed login attempts from the same source (subnet /24) during certain time period
160     strncpy(client_addr, hostaddr_client, sizeof(client_addr) - 1);
161     client_addr[sizeof(client_addr) - 1] = '\0';
162    
163     snprintf(sql, sizeof(sql),
164     "SELECT COUNT(*) AS err_count FROM user_err_login_log "
165 sysadm 1.44 "WHERE login_dt >= SUBDATE(NOW(), INTERVAL %d MINUTE) "
166 sysadm 1.22 "AND login_ip LIKE '%s'",
167 sysadm 1.44 BBS_login_failures_count_interval,
168 sysadm 1.22 ip_mask(client_addr, 1, '%'));
169     if (mysql_query(db, sql) != 0)
170     {
171 sysadm 1.33 log_error("Query user_list error: %s\n", mysql_error(db));
172 sysadm 1.44 ret = -1;
173     goto cleanup;
174 sysadm 1.22 }
175     if ((rs = mysql_store_result(db)) == NULL)
176     {
177     log_error("Get user_list data failed\n");
178 sysadm 1.44 ret = -1;
179     goto cleanup;
180 sysadm 1.22 }
181     if ((row = mysql_fetch_row(rs)))
182     {
183 sysadm 1.44 if (atoi(row[0]) > BBS_allowed_login_failures_within_interval)
184 sysadm 1.22 {
185 sysadm 1.49 prints("\033[1;31m来源存在多次失败登陆尝试,请稍后再试\033[m\r\n");
186 sysadm 1.44 ret = 1;
187     goto cleanup;
188 sysadm 1.22 }
189     }
190     mysql_free_result(rs);
191 sysadm 1.44 rs = NULL;
192 sysadm 1.22
193     // Failed login attempts against the current username during certain time period
194     snprintf(sql, sizeof(sql),
195     "SELECT COUNT(*) AS err_count FROM user_err_login_log "
196     "WHERE username = '%s' AND login_dt >= SUBDATE(NOW(), INTERVAL 1 DAY)",
197     username);
198     if (mysql_query(db, sql) != 0)
199     {
200 sysadm 1.33 log_error("Query user_list error: %s\n", mysql_error(db));
201 sysadm 1.44 ret = -1;
202     goto cleanup;
203 sysadm 1.22 }
204     if ((rs = mysql_store_result(db)) == NULL)
205     {
206     log_error("Get user_list data failed\n");
207 sysadm 1.44 ret = -1;
208     goto cleanup;
209 sysadm 1.22 }
210     if ((row = mysql_fetch_row(rs)))
211     {
212     if (atoi(row[0]) >= 5)
213     {
214 sysadm 1.49 prints("\033[1;31m账户存在多次失败登陆尝试,请使用Web方式登录\033[m\r\n");
215 sysadm 1.44 ret = 1;
216     goto cleanup;
217 sysadm 1.22 }
218     }
219     mysql_free_result(rs);
220 sysadm 1.44 rs = NULL;
221 sysadm 1.22
222 sysadm 1.18 snprintf(sql, sizeof(sql),
223 sysadm 1.22 "SELECT UID, username, p_login FROM user_list "
224     "WHERE username = '%s' AND password = SHA2('%s', 256) AND enable",
225     username, password);
226 sysadm 1.11 if (mysql_query(db, sql) != 0)
227     {
228 sysadm 1.33 log_error("Query user_list error: %s\n", mysql_error(db));
229 sysadm 1.44 ret = -1;
230     goto cleanup;
231 sysadm 1.11 }
232     if ((rs = mysql_store_result(db)) == NULL)
233 sysadm 1.2 {
234 sysadm 1.11 log_error("Get user_list data failed\n");
235 sysadm 1.44 ret = -1;
236     goto cleanup;
237 sysadm 1.11 }
238 sysadm 1.15 if ((row = mysql_fetch_row(rs)))
239 sysadm 1.11 {
240 sysadm 1.40 BBS_uid = atoi(row[0]);
241 sysadm 1.17 strncpy(BBS_username, row[1], sizeof(BBS_username) - 1);
242     BBS_username[sizeof(BBS_username) - 1] = '\0';
243 sysadm 1.13 int p_login = atoi(row[2]);
244    
245     mysql_free_result(rs);
246 sysadm 1.44 rs = NULL;
247 sysadm 1.13
248     // Add user login log
249 sysadm 1.18 snprintf(sql, sizeof(sql),
250 sysadm 1.22 "INSERT INTO user_login_log(UID, login_dt, login_ip) "
251 sysadm 1.40 "VALUES(%d, NOW(), '%s')",
252 sysadm 1.22 BBS_uid, hostaddr_client);
253 sysadm 1.13 if (mysql_query(db, sql) != 0)
254     {
255 sysadm 1.33 log_error("Insert into user_login_log error: %s\n", mysql_error(db));
256 sysadm 1.44 ret = -1;
257     goto cleanup;
258 sysadm 1.13 }
259    
260     // Commit transaction
261     if (mysql_query(db, "COMMIT") != 0)
262     {
263 sysadm 1.33 log_error("Commit transaction error: %s\n", mysql_error(db));
264 sysadm 1.44 ret = -1;
265     goto cleanup;
266 sysadm 1.13 }
267    
268     if (p_login == 0)
269 sysadm 1.11 {
270 sysadm 1.49 prints("\033[1;31m您目前无权登陆...\033[m\r\n");
271 sysadm 1.44 ret = 1;
272     goto cleanup;
273 sysadm 1.11 }
274     }
275     else
276     {
277     mysql_free_result(rs);
278 sysadm 1.44 rs = NULL;
279 sysadm 1.2
280 sysadm 1.18 snprintf(sql, sizeof(sql),
281 sysadm 1.22 "INSERT INTO user_err_login_log(username, password, login_dt, login_ip) "
282     "VALUES('%s', '%s', NOW(), '%s')",
283     username, password, hostaddr_client);
284 sysadm 1.11 if (mysql_query(db, sql) != 0)
285     {
286 sysadm 1.33 log_error("Insert into user_err_login_log error: %s\n", mysql_error(db));
287 sysadm 1.44 ret = -1;
288     goto cleanup;
289 sysadm 1.11 }
290    
291 sysadm 1.13 // Commit transaction
292     if (mysql_query(db, "COMMIT") != 0)
293     {
294 sysadm 1.33 log_error("Commit transaction error: %s\n", mysql_error(db));
295 sysadm 1.44 ret = -1;
296     goto cleanup;
297 sysadm 1.13 }
298    
299 sysadm 1.49 prints("\033[1;31m错误的用户名或密码...\033[m\r\n");
300 sysadm 1.44 ret = 1;
301     goto cleanup;
302 sysadm 1.11 }
303 sysadm 1.13
304     // Set AUTOCOMMIT = 1
305     if (mysql_query(db, "SET autocommit=1") != 0)
306     {
307 sysadm 1.33 log_error("SET autocommit=1 error: %s\n", mysql_error(db));
308 sysadm 1.44 ret = -1;
309     goto cleanup;
310 sysadm 1.13 }
311 sysadm 1.2
312 sysadm 1.11 ret = load_user_info(db, BBS_uid);
313    
314     switch (ret)
315 sysadm 1.2 {
316 sysadm 1.11 case 0: // Login successfully
317     break;
318     case -1: // Load data error
319 sysadm 1.49 prints("\033[1;31m读取用户数据错误...\033[m\r\n");
320 sysadm 1.44 ret = -1;
321     goto cleanup;
322 sysadm 1.11 case -2: // Unused
323 sysadm 1.49 prints("\033[1;31m请通过Web登录更新用户许可协议...\033[m\r\n");
324 sysadm 1.44 ret = 1;
325     goto cleanup;
326 sysadm 1.11 case -3: // Dead
327 sysadm 1.49 prints("\033[1;31m很遗憾,您已经永远离开了我们的世界!\033[m\r\n");
328 sysadm 1.44 ret = 1;
329     goto cleanup;
330 sysadm 1.11 default:
331 sysadm 1.44 ret = -2;
332     goto cleanup;
333 sysadm 1.2 }
334    
335 sysadm 1.18 snprintf(sql, sizeof(sql),
336 sysadm 1.22 "UPDATE user_pubinfo SET visit_count = visit_count + 1, "
337 sysadm 1.40 "last_login_dt = NOW() WHERE UID = %d",
338 sysadm 1.22 BBS_uid);
339 sysadm 1.13 if (mysql_query(db, sql) != 0)
340     {
341 sysadm 1.33 log_error("Update user_pubinfo error: %s\n", mysql_error(db));
342 sysadm 1.44 ret = -1;
343     goto cleanup;
344 sysadm 1.13 }
345    
346 sysadm 1.15 if (user_online_add(db) != 0)
347     {
348 sysadm 1.44 ret = -1;
349     goto cleanup;
350 sysadm 1.15 }
351    
352 sysadm 1.45 BBS_last_access_tm = BBS_login_tm = time(NULL);
353 sysadm 1.13
354 sysadm 1.34 // Set user tz to process env
355     if (BBS_user_tz[0] != '\0')
356     {
357     user_tz_env[0] = ':';
358     strncpy(user_tz_env + 1, BBS_user_tz, sizeof(user_tz_env) - 2);
359     user_tz_env[sizeof(user_tz_env) - 1] = '\0';
360    
361     if (setenv("TZ", user_tz_env, 1) == -1)
362     {
363     log_error("setenv(TZ = %s) error %d\n", user_tz_env, errno);
364     return -3;
365     }
366    
367     tzset();
368     }
369    
370 sysadm 1.44 cleanup:
371     mysql_free_result(rs);
372 sysadm 1.41 mysql_close(db);
373    
374 sysadm 1.44 return ret;
375 sysadm 1.1 }
376 sysadm 1.2
377 sysadm 1.40 int load_user_info(MYSQL *db, int BBS_uid)
378 sysadm 1.3 {
379 sysadm 1.44 MYSQL_RES *rs = NULL;
380 sysadm 1.11 MYSQL_ROW row;
381 sysadm 1.15 char sql[SQL_BUFFER_LEN];
382 sysadm 1.11 int life;
383     time_t last_login_dt;
384 sysadm 1.44 int ret = 0;
385 sysadm 1.11
386 sysadm 1.18 snprintf(sql, sizeof(sql),
387 sysadm 1.43 "SELECT life, UNIX_TIMESTAMP(last_login_dt), user_timezone, exp, nickname "
388 sysadm 1.40 "FROM user_pubinfo WHERE UID = %d",
389 sysadm 1.22 BBS_uid);
390 sysadm 1.11 if (mysql_query(db, sql) != 0)
391     {
392 sysadm 1.33 log_error("Query user_pubinfo error: %s\n", mysql_error(db));
393 sysadm 1.44 ret = -1;
394     goto cleanup;
395 sysadm 1.11 }
396     if ((rs = mysql_store_result(db)) == NULL)
397     {
398     log_error("Get user_pubinfo data failed\n");
399 sysadm 1.44 ret = -1;
400     goto cleanup;
401 sysadm 1.11 }
402 sysadm 1.15 if ((row = mysql_fetch_row(rs)))
403 sysadm 1.11 {
404     life = atoi(row[0]);
405     last_login_dt = (time_t)atol(row[1]);
406 sysadm 1.34
407     strncpy(BBS_user_tz, row[2], sizeof(BBS_user_tz) - 1);
408     BBS_user_tz[sizeof(BBS_user_tz) - 1] = '\0';
409 sysadm 1.43
410     BBS_user_exp = atoi(row[3]);
411    
412     strncpy(BBS_nickname, row[4], sizeof(BBS_nickname));
413     BBS_nickname[sizeof(BBS_nickname) - 1] = '\0';
414 sysadm 1.11 }
415     else
416     {
417 sysadm 1.44 ret = -1; // Data not found
418     goto cleanup;
419 sysadm 1.11 }
420     mysql_free_result(rs);
421 sysadm 1.44 rs = NULL;
422 sysadm 1.3
423 sysadm 1.13 if (life != 333 && life != 365 && life != 666 && life != 999 && // Not immortal
424 sysadm 1.45 time(NULL) - last_login_dt > 60 * 60 * 24 * life)
425 sysadm 1.11 {
426 sysadm 1.44 ret = -3; // Dead
427     goto cleanup;
428 sysadm 1.11 }
429 sysadm 1.5
430 sysadm 1.15 if (load_priv(db, &BBS_priv, BBS_uid) != 0)
431     {
432 sysadm 1.44 ret = -1;
433     goto cleanup;
434 sysadm 1.15 }
435 sysadm 1.11
436 sysadm 1.44 cleanup:
437     mysql_free_result(rs);
438    
439     return ret;
440 sysadm 1.2 }
441 sysadm 1.5
442 sysadm 1.41 int load_guest_info(void)
443 sysadm 1.5 {
444 sysadm 1.44 MYSQL *db = NULL;
445     int ret = 0;
446 sysadm 1.41
447     db = db_open();
448     if (db == NULL)
449     {
450 sysadm 1.44 ret = -1;
451     goto cleanup;
452 sysadm 1.41 }
453    
454 sysadm 1.17 strncpy(BBS_username, "guest", sizeof(BBS_username) - 1);
455     BBS_username[sizeof(BBS_username) - 1] = '\0';
456 sysadm 1.5
457 sysadm 1.43 BBS_user_exp = 0;
458    
459     strncpy(BBS_nickname, "Guest", sizeof(BBS_nickname));
460     BBS_nickname[sizeof(BBS_nickname) - 1] = '\0';
461    
462 sysadm 1.15 if (load_priv(db, &BBS_priv, 0) != 0)
463     {
464 sysadm 1.44 ret = -1;
465     goto cleanup;
466 sysadm 1.15 }
467 sysadm 1.6
468 sysadm 1.15 if (user_online_add(db) != 0)
469     {
470 sysadm 1.44 ret = -1;
471     goto cleanup;
472 sysadm 1.15 }
473 sysadm 1.5
474 sysadm 1.45 BBS_last_access_tm = BBS_login_tm = time(NULL);
475 sysadm 1.5
476 sysadm 1.44 cleanup:
477 sysadm 1.41 mysql_close(db);
478 sysadm 1.44
479     return ret;
480 sysadm 1.5 }
481 sysadm 1.15
482     int user_online_add(MYSQL *db)
483     {
484     char sql[SQL_BUFFER_LEN];
485    
486     if (user_online_del(db) != 0)
487     {
488     return -1;
489     }
490    
491 sysadm 1.18 snprintf(sql, sizeof(sql),
492 sysadm 1.22 "INSERT INTO user_online(SID, UID, ip, login_tm, last_tm) "
493 sysadm 1.40 "VALUES('Telnet_Process_%d', %d, '%s', NOW(), NOW())",
494 sysadm 1.22 getpid(), BBS_priv.uid, hostaddr_client);
495 sysadm 1.15 if (mysql_query(db, sql) != 0)
496     {
497 sysadm 1.33 log_error("Add user_online error: %s\n", mysql_error(db));
498 sysadm 1.15 return -1;
499     }
500    
501     return 0;
502     }
503    
504     int user_online_del(MYSQL *db)
505     {
506     char sql[SQL_BUFFER_LEN];
507    
508 sysadm 1.18 snprintf(sql, sizeof(sql),
509 sysadm 1.22 "DELETE FROM user_online WHERE SID = 'Telnet_Process_%d'",
510     getpid());
511 sysadm 1.15 if (mysql_query(db, sql) != 0)
512     {
513 sysadm 1.33 log_error("Delete user_online error: %s\n", mysql_error(db));
514 sysadm 1.15 return -1;
515     }
516    
517     return 0;
518     }
519 sysadm 1.47
520     int user_online_update(const char *action)
521     {
522     MYSQL *db = NULL;
523     char sql[SQL_BUFFER_LEN];
524    
525     if (strcmp(BBS_current_action, action) == 0) // No change
526     {
527     return 0;
528     }
529    
530     strncpy(BBS_current_action, action, sizeof(BBS_current_action) - 1);
531     BBS_current_action[sizeof(BBS_current_action) - 1] = '\0';
532    
533     db = db_open();
534     if (db == NULL)
535     {
536     log_error("db_open() error: %s\n", mysql_error(db));
537     return -1;
538     }
539    
540     snprintf(sql, sizeof(sql),
541     "UPDATE user_online SET current_action = '%s', last_tm=NOW() "
542     "WHERE SID = 'Telnet_Process_%d'",
543     BBS_current_action, getpid());
544     if (mysql_query(db, sql) != 0)
545     {
546     log_error("Update user_online error: %s\n", mysql_error(db));
547     return -2;
548     }
549    
550     mysql_close(db);
551    
552     return 1;
553     }
webmaster@leafok.com
 ViewVC Help
Powered by ViewVC 1.3.0-beta1