--- lbbs/src/login.c 2004/10/21 17:28:46 1.2 +++ lbbs/src/login.c 2004/10/22 19:51:01 1.4 @@ -1,7 +1,7 @@ /*************************************************************************** - main.c - description + login.c - description ------------------- - begin : Mon Oct 11 2004 + begin : Mon Oct 20 2004 copyright : (C) 2004 by Leaflet email : leaflet@leafok.com ***************************************************************************/ @@ -17,6 +17,9 @@ #include "bbs.h" #include "common.h" +#include "io.h" +#include +#include void login_fail () @@ -24,8 +27,10 @@ login_fail () char temp[256]; strcpy (temp, app_home_dir); - strcat (temp, "data/login_error.dat"); + strcat (temp, "data/login_error.txt"); display_file (temp); + + sleep (1); } int @@ -39,10 +44,10 @@ bbs_login () ok = 0; while (!ok) { - printf + prints ("\033[1;33m请输入帐号\033[m(试用请输入 `\033[1;36mguest\033[m', " "注册请输入`\033[1;31mnew\033[m'): "); - fflush (stdout); + iflush (); str_input (username, 19, 0); count++; @@ -53,23 +58,14 @@ bbs_login () if (strlen (username) > 0) { //Input password - printf ("\033[1;37m请输入密码\033[m: "); - fflush (stdout); + prints ("\033[1;37m请输入密码\033[m: "); + iflush (); - str_input (password, 19, 0); + str_input (password, 19, 1); - if (strlen (password) > 0) - { - ok = check_user (username, password); - } - - if (!ok) - { - printf ("\033[1;31m错误的用户名或密码...\r\n"); - fflush (stdout); - } + ok = (check_user (username, password) == 0); } - if (count >= 3) + if (count >= 3 && !ok) { login_fail (); return -1; @@ -80,7 +76,195 @@ bbs_login () } int -check_user(char *username, char *password) +check_user (char *username, char *password) +{ + MYSQL *db; + MYSQL_RES *rs; + MYSQL_ROW row; + char sql[1024]; + long int BBS_uid; + int ret; + + //Verify format + if (ireg ("^[A-Za-z0-9_]{3,14}$", username, 0, NULL) != 0 || + ireg ("^[A-Za-z0-9]{5,12}$", password, 0, NULL) != 0) + { + prints ("\033[1;31m用户名或密码格式错误...\033[m\r\n"); + iflush (); + return 1; + } + + db = (MYSQL *) db_open (); + if (db == NULL) + { + return -1; + } + + sprintf (sql, + "select UID,p_login from user_list where username='%s' " + "and (password=MD5('%s') or password=PASSWORD('%s')) and " + "enable", username, password, password); + if (mysql_query (db, sql) != 0) + { + log_error ("Query user_list failed\n"); + return -1; + } + if ((rs = mysql_store_result (db)) == NULL) + { + log_error ("Get user_list data failed\n"); + return -1; + } + if (row = mysql_fetch_row (rs)) + { + BBS_uid = atol (row[0]); + if (atoi (row[1]) == 0) + { + mysql_free_result (rs); + mysql_close (db); + + prints ("\033[1;31m您目前无权登陆...\033[m\r\n"); + iflush (); + return 1; + } + } + else + { + mysql_free_result (rs); + + sprintf (sql, + "insert delayed into user_err_login_log" + "(username,password,login_dt,login_ip) values" + "('%s','%s',now(),'%s')", + username, password, hostaddr_client); + if (mysql_query (db, sql) != 0) + { + log_error ("Insert into user_err_login_log failed\n"); + return -1; + } + + mysql_close (db); + + prints ("\033[1;31m错误的用户名或密码...\033[m\r\n"); + iflush (); + return 1; + } + mysql_free_result (rs); + + BBS_passwd_complex = verify_pass_complexity(password, username, 6); + + ret = load_user_info (db, BBS_uid); + + mysql_close (db); + + switch (ret) + { + case 0: //Login successfully + return 0; + break; + case -1: //Load data error + prints ("\033[1;31m读取用户数据错误...\033[m\r\n"); + iflush (); + return -1; + break; + case -2: //Unused + return 0; + break; + case -3: + prints ("\033[1;31m很遗憾,您已经永远离开了我们的世界!\033[m\r\n"); + iflush (); + return 1; + default: + return -2; + } + + return 0; +} + +int +load_user_info (MYSQL * db, long int BBS_uid) { - return 1; + MYSQL_RES *rs; + MYSQL_ROW row; + char sql[1024]; + long int BBS_auth_uid = 0; + int life; + time_t last_login_dt; + + sprintf (sql, + "select life,UNIX_TIMESTAMP(last_login_dt) " + "from user_pubinfo where UID=%ld limit 1", BBS_uid); + if (mysql_query (db, sql) != 0) + { + log_error ("Query user_pubinfo failed\n"); + return -1; + } + if ((rs = mysql_store_result (db)) == NULL) + { + log_error ("Get user_pubinfo data failed\n"); + return -1; + } + if (row = mysql_fetch_row (rs)) + { + life = atoi (row[0]); + last_login_dt = (time_t) atol (row[1]); + } + else + { + mysql_free_result (rs); + return (-1); //Data not found + } + mysql_free_result (rs); + + if (time (0) - last_login_dt >= 60 * 60 * 24 * life) + { + return (-3); //Dead + } + + sprintf (sql, + "select AUID from user_auth where UID=%ld" + " and enable and expire_dt>now()", BBS_uid); + if (mysql_query (db, sql) != 0) + { + log_error ("Query user_auth failed\n"); + return -1; + } + if ((rs = mysql_store_result (db)) == NULL) + { + log_error ("Get user_auth data failed\n"); + return -1; + } + if (row = mysql_fetch_row (rs)) + { + BBS_auth_uid = atol (row[0]); + } + mysql_free_result (rs); + + sprintf (sql, + "insert delayed into user_login_log" + "(uid,login_dt,login_ip) values(%ld" + ",now(),'%s')", + BBS_uid, hostaddr_client); + if (mysql_query (db, sql) != 0) + { + log_error ("Insert into user_login_log failed\n"); + return -1; + } + + load_priv (db, &BBS_priv, BBS_uid, BBS_auth_uid, + (!BBS_passwd_complex ? S_MAN_M : S_NONE) | + (BBS_auth_uid ? S_NONE : S_MAIL)); + + BBS_last_access_tm = BBS_login_tm = time (0); + BBS_last_sub_tm = time (0) - 60; + + sprintf (sql, + "update user_pubinfo set visit_count=visit_count+1," + "last_login_dt=now() where uid=%ld", BBS_uid); + if (mysql_query (db, sql) != 0) + { + log_error ("Update user_pubinfo failed\n"); + return -1; + } + + return 0; }