/[LeafOK_CVS]/lbbs/src/login.c
ViewVC logotype

Annotation of /lbbs/src/login.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.54 - (hide annotations)
Wed Oct 1 02:21:15 2025 UTC (5 months, 2 weeks ago) by sysadm
Branch: MAIN
Changes since 1.53: +3 -1 lines
Content type: text/x-csrc 
Refine user_online_update()
1 sysadm 1.1 /***************************************************************************
2 sysadm 1.11 login.c - description
3     -------------------
4 sysadm 1.20 Copyright : (C) 2004-2025 by Leaflet
5     Email : leaflet@leafok.com
6 sysadm 1.1 ***************************************************************************/
7    
8     /***************************************************************************
9     * *
10     * This program is free software; you can redistribute it and/or modify *
11     * it under the terms of the GNU General Public License as published by *
12 sysadm 1.20 * the Free Software Foundation; either version 3 of the License, or *
13 sysadm 1.1 * (at your option) any later version. *
14     * *
15     ***************************************************************************/
16    
17     #include "bbs.h"
18     #include "common.h"
19 sysadm 1.48 #include "database.h"
20     #include "io.h"
21 sysadm 1.50 #include "ip_mask.h"
22 sysadm 1.14 #include "log.h"
23 sysadm 1.48 #include "login.h"
24 sysadm 1.14 #include "screen.h"
25 sysadm 1.48 #include "user_priv.h"
26     #include <ctype.h>
27 sysadm 1.34 #include <errno.h>
28 sysadm 1.48 #include <stdlib.h>
29 sysadm 1.14 #include <string.h>
30 sysadm 1.3 #include <regex.h>
31 sysadm 1.14 #include <unistd.h>
32 sysadm 1.36 #include <mysql/mysql.h>
33 sysadm 1.1
34 sysadm 1.41 int bbs_login(void)
35 sysadm 1.1 {
36 sysadm 1.15 char username[BBS_username_max_len + 1];
37     char password[BBS_password_max_len + 1];
38 sysadm 1.37 int i = 0;
39 sysadm 1.16 int ok = 0;
40 sysadm 1.2
41 sysadm 1.37 for (; !SYS_server_exit && !ok && i < BBS_login_retry_times; i++)
42 sysadm 1.11 {
43 sysadm 1.49 prints("\033[1;33m请输入帐号\033[m(试用请输入`\033[1;36mguest\033[m', "
44     "注册请输入`\033[1;31mnew\033[m'): ");
45 sysadm 1.11 iflush();
46    
47 sysadm 1.24 if (str_input(username, sizeof(username), DOECHO) < 0)
48     {
49     continue;
50     }
51 sysadm 1.11
52     if (strcmp(username, "guest") == 0)
53     {
54 sysadm 1.41 load_guest_info();
55 sysadm 1.14
56 sysadm 1.11 return 0;
57     }
58    
59     if (strcmp(username, "new") == 0)
60     {
61 sysadm 1.42 display_file(DATA_REGISTER, 1);
62 sysadm 1.30
63 sysadm 1.51 return -1;
64 sysadm 1.11 }
65    
66 sysadm 1.17 if (username[0] != '\0')
67 sysadm 1.11 {
68 sysadm 1.49 prints("\033[1;37m请输入密码\033[m: ");
69 sysadm 1.11 iflush();
70    
71 sysadm 1.24 if (str_input(password, sizeof(password), NOECHO) < 0)
72     {
73     continue;
74     }
75 sysadm 1.11
76 sysadm 1.41 ok = (check_user(username, password) == 0);
77 sysadm 1.31 iflush();
78 sysadm 1.11 }
79 sysadm 1.24 }
80    
81     if (!ok)
82     {
83 sysadm 1.42 display_file(DATA_LOGIN_ERROR, 1);
84 sysadm 1.24 return -1;
85 sysadm 1.11 }
86 sysadm 1.2
87 sysadm 1.38 log_common("User \"%s\"(%ld) login from %s:%d\n",
88 sysadm 1.39 BBS_username, BBS_priv.uid, hostaddr_client, port_client);
89 sysadm 1.28
90 sysadm 1.11 return 0;
91     }
92 sysadm 1.2
93 sysadm 1.41 int check_user(const char *username, const char *password)
94 sysadm 1.11 {
95 sysadm 1.44 MYSQL *db = NULL;
96     MYSQL_RES *rs = NULL;
97 sysadm 1.11 MYSQL_ROW row;
98 sysadm 1.15 char sql[SQL_BUFFER_LEN];
99 sysadm 1.44 int ret = 0;
100 sysadm 1.40 int BBS_uid = 0;
101 sysadm 1.22 char client_addr[IP_ADDR_LEN];
102 sysadm 1.27 int i;
103     int ok = 1;
104 sysadm 1.34 char user_tz_env[BBS_user_tz_max_len + 2];
105 sysadm 1.11
106 sysadm 1.41 db = db_open();
107     if (db == NULL)
108     {
109 sysadm 1.44 ret = -1;
110     goto cleanup;
111 sysadm 1.41 }
112    
113 sysadm 1.11 // Verify format
114 sysadm 1.27 for (i = 0; ok && username[i] != '\0'; i++)
115     {
116     if (!(isalpha(username[i]) || (i > 0 && isdigit(username[i]))))
117     {
118     ok = 0;
119     }
120     }
121     if (ok && (i < 3 || i > 12))
122     {
123     ok = 0;
124     }
125     for (i = 0; ok && password[i] != '\0'; i++)
126     {
127     if (!isalnum(password[i]))
128     {
129     ok = 0;
130     }
131     }
132     if (ok && (i < 5 || i > 12))
133     {
134     ok = 0;
135     }
136    
137     if (!ok)
138 sysadm 1.5 {
139 sysadm 1.49 prints("\033[1;31m用户名或密码格式错误...\033[m\r\n");
140 sysadm 1.44 ret = 1;
141     goto cleanup;
142 sysadm 1.5 }
143    
144 sysadm 1.13 // Begin transaction
145     if (mysql_query(db, "SET autocommit=0") != 0)
146     {
147 sysadm 1.33 log_error("SET autocommit=0 error: %s\n", mysql_error(db));
148 sysadm 1.44 ret = -1;
149     goto cleanup;
150 sysadm 1.13 }
151    
152     if (mysql_query(db, "BEGIN") != 0)
153     {
154 sysadm 1.33 log_error("Begin transaction error: %s\n", mysql_error(db));
155 sysadm 1.44 ret = -1;
156     goto cleanup;
157 sysadm 1.13 }
158    
159 sysadm 1.22 // Failed login attempts from the same source (subnet /24) during certain time period
160     strncpy(client_addr, hostaddr_client, sizeof(client_addr) - 1);
161     client_addr[sizeof(client_addr) - 1] = '\0';
162    
163     snprintf(sql, sizeof(sql),
164     "SELECT COUNT(*) AS err_count FROM user_err_login_log "
165 sysadm 1.44 "WHERE login_dt >= SUBDATE(NOW(), INTERVAL %d MINUTE) "
166 sysadm 1.22 "AND login_ip LIKE '%s'",
167 sysadm 1.44 BBS_login_failures_count_interval,
168 sysadm 1.22 ip_mask(client_addr, 1, '%'));
169     if (mysql_query(db, sql) != 0)
170     {
171 sysadm 1.33 log_error("Query user_list error: %s\n", mysql_error(db));
172 sysadm 1.44 ret = -1;
173     goto cleanup;
174 sysadm 1.22 }
175     if ((rs = mysql_store_result(db)) == NULL)
176     {
177     log_error("Get user_list data failed\n");
178 sysadm 1.44 ret = -1;
179     goto cleanup;
180 sysadm 1.22 }
181     if ((row = mysql_fetch_row(rs)))
182     {
183 sysadm 1.52 if (atoi(row[0]) >= BBS_allowed_login_failures_within_interval)
184 sysadm 1.22 {
185 sysadm 1.52 prints("\033[1;31m来源存在多次失败登陆尝试,请稍后再试,或使用Web方式访问\033[m\r\n");
186 sysadm 1.44 ret = 1;
187     goto cleanup;
188 sysadm 1.22 }
189     }
190     mysql_free_result(rs);
191 sysadm 1.44 rs = NULL;
192 sysadm 1.22
193 sysadm 1.52 // Failed login attempts against the current username since last successful login
194 sysadm 1.22 snprintf(sql, sizeof(sql),
195     "SELECT COUNT(*) AS err_count FROM user_err_login_log "
196 sysadm 1.52 "LEFT JOIN user_list ON user_err_login_log.username = user_list.username "
197     "LEFT JOIN user_pubinfo ON user_list.UID = user_pubinfo.UID "
198     "WHERE user_err_login_log.username = '%s' "
199     "AND (user_err_login_log.login_dt >= user_pubinfo.last_login_dt "
200     "OR user_pubinfo.last_login_dt IS NULL)",
201 sysadm 1.22 username);
202     if (mysql_query(db, sql) != 0)
203     {
204 sysadm 1.33 log_error("Query user_list error: %s\n", mysql_error(db));
205 sysadm 1.44 ret = -1;
206     goto cleanup;
207 sysadm 1.22 }
208     if ((rs = mysql_store_result(db)) == NULL)
209     {
210     log_error("Get user_list data failed\n");
211 sysadm 1.44 ret = -1;
212     goto cleanup;
213 sysadm 1.22 }
214     if ((row = mysql_fetch_row(rs)))
215     {
216 sysadm 1.53 if (atoi(row[0]) >= BBS_allowed_login_failures_per_account)
217 sysadm 1.22 {
218 sysadm 1.52 prints("\033[1;31m账户存在多次失败登陆尝试,请使用Web方式登录解锁\033[m\r\n");
219 sysadm 1.44 ret = 1;
220     goto cleanup;
221 sysadm 1.22 }
222     }
223     mysql_free_result(rs);
224 sysadm 1.44 rs = NULL;
225 sysadm 1.22
226 sysadm 1.18 snprintf(sql, sizeof(sql),
227 sysadm 1.22 "SELECT UID, username, p_login FROM user_list "
228     "WHERE username = '%s' AND password = SHA2('%s', 256) AND enable",
229     username, password);
230 sysadm 1.11 if (mysql_query(db, sql) != 0)
231     {
232 sysadm 1.33 log_error("Query user_list error: %s\n", mysql_error(db));
233 sysadm 1.44 ret = -1;
234     goto cleanup;
235 sysadm 1.11 }
236     if ((rs = mysql_store_result(db)) == NULL)
237 sysadm 1.2 {
238 sysadm 1.11 log_error("Get user_list data failed\n");
239 sysadm 1.44 ret = -1;
240     goto cleanup;
241 sysadm 1.11 }
242 sysadm 1.15 if ((row = mysql_fetch_row(rs)))
243 sysadm 1.11 {
244 sysadm 1.40 BBS_uid = atoi(row[0]);
245 sysadm 1.17 strncpy(BBS_username, row[1], sizeof(BBS_username) - 1);
246     BBS_username[sizeof(BBS_username) - 1] = '\0';
247 sysadm 1.13 int p_login = atoi(row[2]);
248    
249     mysql_free_result(rs);
250 sysadm 1.44 rs = NULL;
251 sysadm 1.13
252     // Add user login log
253 sysadm 1.18 snprintf(sql, sizeof(sql),
254 sysadm 1.22 "INSERT INTO user_login_log(UID, login_dt, login_ip) "
255 sysadm 1.40 "VALUES(%d, NOW(), '%s')",
256 sysadm 1.22 BBS_uid, hostaddr_client);
257 sysadm 1.13 if (mysql_query(db, sql) != 0)
258     {
259 sysadm 1.33 log_error("Insert into user_login_log error: %s\n", mysql_error(db));
260 sysadm 1.44 ret = -1;
261     goto cleanup;
262 sysadm 1.13 }
263    
264     // Commit transaction
265     if (mysql_query(db, "COMMIT") != 0)
266     {
267 sysadm 1.33 log_error("Commit transaction error: %s\n", mysql_error(db));
268 sysadm 1.44 ret = -1;
269     goto cleanup;
270 sysadm 1.13 }
271    
272     if (p_login == 0)
273 sysadm 1.11 {
274 sysadm 1.49 prints("\033[1;31m您目前无权登陆...\033[m\r\n");
275 sysadm 1.44 ret = 1;
276     goto cleanup;
277 sysadm 1.11 }
278     }
279     else
280     {
281     mysql_free_result(rs);
282 sysadm 1.44 rs = NULL;
283 sysadm 1.2
284 sysadm 1.18 snprintf(sql, sizeof(sql),
285 sysadm 1.22 "INSERT INTO user_err_login_log(username, password, login_dt, login_ip) "
286     "VALUES('%s', '%s', NOW(), '%s')",
287     username, password, hostaddr_client);
288 sysadm 1.11 if (mysql_query(db, sql) != 0)
289     {
290 sysadm 1.33 log_error("Insert into user_err_login_log error: %s\n", mysql_error(db));
291 sysadm 1.44 ret = -1;
292     goto cleanup;
293 sysadm 1.11 }
294    
295 sysadm 1.13 // Commit transaction
296     if (mysql_query(db, "COMMIT") != 0)
297     {
298 sysadm 1.33 log_error("Commit transaction error: %s\n", mysql_error(db));
299 sysadm 1.44 ret = -1;
300     goto cleanup;
301 sysadm 1.13 }
302    
303 sysadm 1.49 prints("\033[1;31m错误的用户名或密码...\033[m\r\n");
304 sysadm 1.44 ret = 1;
305     goto cleanup;
306 sysadm 1.11 }
307 sysadm 1.13
308     // Set AUTOCOMMIT = 1
309     if (mysql_query(db, "SET autocommit=1") != 0)
310     {
311 sysadm 1.33 log_error("SET autocommit=1 error: %s\n", mysql_error(db));
312 sysadm 1.44 ret = -1;
313     goto cleanup;
314 sysadm 1.13 }
315 sysadm 1.2
316 sysadm 1.11 ret = load_user_info(db, BBS_uid);
317    
318     switch (ret)
319 sysadm 1.2 {
320 sysadm 1.11 case 0: // Login successfully
321     break;
322     case -1: // Load data error
323 sysadm 1.49 prints("\033[1;31m读取用户数据错误...\033[m\r\n");
324 sysadm 1.44 ret = -1;
325     goto cleanup;
326 sysadm 1.11 case -2: // Unused
327 sysadm 1.49 prints("\033[1;31m请通过Web登录更新用户许可协议...\033[m\r\n");
328 sysadm 1.44 ret = 1;
329     goto cleanup;
330 sysadm 1.11 case -3: // Dead
331 sysadm 1.49 prints("\033[1;31m很遗憾,您已经永远离开了我们的世界!\033[m\r\n");
332 sysadm 1.44 ret = 1;
333     goto cleanup;
334 sysadm 1.11 default:
335 sysadm 1.44 ret = -2;
336     goto cleanup;
337 sysadm 1.2 }
338    
339 sysadm 1.18 snprintf(sql, sizeof(sql),
340 sysadm 1.22 "UPDATE user_pubinfo SET visit_count = visit_count + 1, "
341 sysadm 1.40 "last_login_dt = NOW() WHERE UID = %d",
342 sysadm 1.22 BBS_uid);
343 sysadm 1.13 if (mysql_query(db, sql) != 0)
344     {
345 sysadm 1.33 log_error("Update user_pubinfo error: %s\n", mysql_error(db));
346 sysadm 1.44 ret = -1;
347     goto cleanup;
348 sysadm 1.13 }
349    
350 sysadm 1.15 if (user_online_add(db) != 0)
351     {
352 sysadm 1.44 ret = -1;
353     goto cleanup;
354 sysadm 1.15 }
355    
356 sysadm 1.45 BBS_last_access_tm = BBS_login_tm = time(NULL);
357 sysadm 1.13
358 sysadm 1.34 // Set user tz to process env
359     if (BBS_user_tz[0] != '\0')
360     {
361     user_tz_env[0] = ':';
362     strncpy(user_tz_env + 1, BBS_user_tz, sizeof(user_tz_env) - 2);
363     user_tz_env[sizeof(user_tz_env) - 1] = '\0';
364    
365     if (setenv("TZ", user_tz_env, 1) == -1)
366     {
367     log_error("setenv(TZ = %s) error %d\n", user_tz_env, errno);
368     return -3;
369     }
370    
371     tzset();
372     }
373    
374 sysadm 1.44 cleanup:
375     mysql_free_result(rs);
376 sysadm 1.41 mysql_close(db);
377    
378 sysadm 1.44 return ret;
379 sysadm 1.1 }
380 sysadm 1.2
381 sysadm 1.40 int load_user_info(MYSQL *db, int BBS_uid)
382 sysadm 1.3 {
383 sysadm 1.44 MYSQL_RES *rs = NULL;
384 sysadm 1.11 MYSQL_ROW row;
385 sysadm 1.15 char sql[SQL_BUFFER_LEN];
386 sysadm 1.11 int life;
387     time_t last_login_dt;
388 sysadm 1.44 int ret = 0;
389 sysadm 1.11
390 sysadm 1.18 snprintf(sql, sizeof(sql),
391 sysadm 1.43 "SELECT life, UNIX_TIMESTAMP(last_login_dt), user_timezone, exp, nickname "
392 sysadm 1.40 "FROM user_pubinfo WHERE UID = %d",
393 sysadm 1.22 BBS_uid);
394 sysadm 1.11 if (mysql_query(db, sql) != 0)
395     {
396 sysadm 1.33 log_error("Query user_pubinfo error: %s\n", mysql_error(db));
397 sysadm 1.44 ret = -1;
398     goto cleanup;
399 sysadm 1.11 }
400     if ((rs = mysql_store_result(db)) == NULL)
401     {
402     log_error("Get user_pubinfo data failed\n");
403 sysadm 1.44 ret = -1;
404     goto cleanup;
405 sysadm 1.11 }
406 sysadm 1.15 if ((row = mysql_fetch_row(rs)))
407 sysadm 1.11 {
408     life = atoi(row[0]);
409     last_login_dt = (time_t)atol(row[1]);
410 sysadm 1.34
411     strncpy(BBS_user_tz, row[2], sizeof(BBS_user_tz) - 1);
412     BBS_user_tz[sizeof(BBS_user_tz) - 1] = '\0';
413 sysadm 1.43
414     BBS_user_exp = atoi(row[3]);
415    
416     strncpy(BBS_nickname, row[4], sizeof(BBS_nickname));
417     BBS_nickname[sizeof(BBS_nickname) - 1] = '\0';
418 sysadm 1.11 }
419     else
420     {
421 sysadm 1.44 ret = -1; // Data not found
422     goto cleanup;
423 sysadm 1.11 }
424     mysql_free_result(rs);
425 sysadm 1.44 rs = NULL;
426 sysadm 1.3
427 sysadm 1.13 if (life != 333 && life != 365 && life != 666 && life != 999 && // Not immortal
428 sysadm 1.45 time(NULL) - last_login_dt > 60 * 60 * 24 * life)
429 sysadm 1.11 {
430 sysadm 1.44 ret = -3; // Dead
431     goto cleanup;
432 sysadm 1.11 }
433 sysadm 1.5
434 sysadm 1.15 if (load_priv(db, &BBS_priv, BBS_uid) != 0)
435     {
436 sysadm 1.44 ret = -1;
437     goto cleanup;
438 sysadm 1.15 }
439 sysadm 1.11
440 sysadm 1.44 cleanup:
441     mysql_free_result(rs);
442    
443     return ret;
444 sysadm 1.2 }
445 sysadm 1.5
446 sysadm 1.41 int load_guest_info(void)
447 sysadm 1.5 {
448 sysadm 1.44 MYSQL *db = NULL;
449     int ret = 0;
450 sysadm 1.41
451     db = db_open();
452     if (db == NULL)
453     {
454 sysadm 1.44 ret = -1;
455     goto cleanup;
456 sysadm 1.41 }
457    
458 sysadm 1.17 strncpy(BBS_username, "guest", sizeof(BBS_username) - 1);
459     BBS_username[sizeof(BBS_username) - 1] = '\0';
460 sysadm 1.5
461 sysadm 1.43 BBS_user_exp = 0;
462    
463     strncpy(BBS_nickname, "Guest", sizeof(BBS_nickname));
464     BBS_nickname[sizeof(BBS_nickname) - 1] = '\0';
465    
466 sysadm 1.15 if (load_priv(db, &BBS_priv, 0) != 0)
467     {
468 sysadm 1.44 ret = -1;
469     goto cleanup;
470 sysadm 1.15 }
471 sysadm 1.6
472 sysadm 1.15 if (user_online_add(db) != 0)
473     {
474 sysadm 1.44 ret = -1;
475     goto cleanup;
476 sysadm 1.15 }
477 sysadm 1.5
478 sysadm 1.45 BBS_last_access_tm = BBS_login_tm = time(NULL);
479 sysadm 1.5
480 sysadm 1.44 cleanup:
481 sysadm 1.41 mysql_close(db);
482 sysadm 1.44
483     return ret;
484 sysadm 1.5 }
485 sysadm 1.15
486     int user_online_add(MYSQL *db)
487     {
488     char sql[SQL_BUFFER_LEN];
489    
490     if (user_online_del(db) != 0)
491     {
492     return -1;
493     }
494    
495 sysadm 1.18 snprintf(sql, sizeof(sql),
496 sysadm 1.22 "INSERT INTO user_online(SID, UID, ip, login_tm, last_tm) "
497 sysadm 1.40 "VALUES('Telnet_Process_%d', %d, '%s', NOW(), NOW())",
498 sysadm 1.22 getpid(), BBS_priv.uid, hostaddr_client);
499 sysadm 1.15 if (mysql_query(db, sql) != 0)
500     {
501 sysadm 1.33 log_error("Add user_online error: %s\n", mysql_error(db));
502 sysadm 1.15 return -1;
503     }
504    
505     return 0;
506     }
507    
508     int user_online_del(MYSQL *db)
509     {
510     char sql[SQL_BUFFER_LEN];
511    
512 sysadm 1.18 snprintf(sql, sizeof(sql),
513 sysadm 1.22 "DELETE FROM user_online WHERE SID = 'Telnet_Process_%d'",
514     getpid());
515 sysadm 1.15 if (mysql_query(db, sql) != 0)
516     {
517 sysadm 1.33 log_error("Delete user_online error: %s\n", mysql_error(db));
518 sysadm 1.15 return -1;
519     }
520    
521     return 0;
522     }
523 sysadm 1.47
524     int user_online_update(const char *action)
525     {
526     MYSQL *db = NULL;
527     char sql[SQL_BUFFER_LEN];
528    
529 sysadm 1.54 if (strcmp(BBS_current_action, action) == 0 &&
530     time(NULL) - BBS_current_action_tm < BBS_current_action_refresh_interval) // No change
531 sysadm 1.47 {
532     return 0;
533     }
534    
535     strncpy(BBS_current_action, action, sizeof(BBS_current_action) - 1);
536     BBS_current_action[sizeof(BBS_current_action) - 1] = '\0';
537 sysadm 1.54 BBS_current_action_tm = time(NULL);
538 sysadm 1.47
539     db = db_open();
540     if (db == NULL)
541     {
542     log_error("db_open() error: %s\n", mysql_error(db));
543     return -1;
544     }
545    
546     snprintf(sql, sizeof(sql),
547     "UPDATE user_online SET current_action = '%s', last_tm=NOW() "
548     "WHERE SID = 'Telnet_Process_%d'",
549     BBS_current_action, getpid());
550     if (mysql_query(db, sql) != 0)
551     {
552     log_error("Update user_online error: %s\n", mysql_error(db));
553     return -2;
554     }
555    
556     mysql_close(db);
557    
558     return 1;
559     }
webmaster@leafok.com
 ViewVC Help
Powered by ViewVC 1.3.0-beta1