/[LeafOK_CVS]/lbbs/src/login.c

Diff of /lbbs/src/login.c

Parent Directory | Revision Log | View Patch Patch

- Revision 1.52 by sysadm,
 Sun Sep 28 12:25:14 2025 UTC
+ Revision 1.67 by sysadm,
 Wed Nov  5 02:06:50 2025 UTC
  Line 1
- /***************************************************************************
+ /* SPDX-License-Identifier: GPL-3.0-or-later */
-                                                   login.c  -  description
+ /*
-                                                          -------------------
+  * login
-         Copyright            : (C) 2004-2025 by Leaflet
+  *   - user authentication and online status manager
-         Email                : leaflet@leafok.com
+  *
-  ***************************************************************************/
+  * Copyright (C) 2004-2025  Leaflet <leaflet@leafok.com>
+  */
- /***************************************************************************
-  *                                                                         *
-  *   This program is free software; you can redistribute it and/or modify  *
-  *   it under the terms of the GNU General Public License as published by  *
-  *   the Free Software Foundation; either version 3 of the License, or     *
-  *   (at your option) any later version.                                   *
-  *                                                                         *
-  ***************************************************************************/
  #include "bbs.h"
  #include "common.h"
- Line 30
+ Line 22
  #include <regex.h>
  #include <unistd.h>
  #include <mysql/mysql.h>
+ #include <sys/param.h>
+ static const int BBS_username_min_len = 3; // common len = 5, special len = 3
+ static const int BBS_password_min_len = 5; // legacy len = 5, current len = 6
+ static const int BBS_allowed_login_failures_within_interval = 10;
+ static const int BBS_login_failures_count_interval = 10; // minutes
+ static const int BBS_allowed_login_failures_per_account = 3;
+ const int BBS_login_retry_times = 3;
  int bbs_login(void)
  {
- Line 113 
  int check_user(const char *username, con
+ Line 115 
  int check_user(const char *username, con
          // Verify format
          for (i = 0; ok && username[i] != '\0'; i++)
          {
-                 if (!(isalpha(username[i]) || (i > 0 && isdigit(username[i]))))
+                 if (!(isalpha(username[i]) || (i > 0 && (isdigit(username[i]) || username[i] == '_'))))
                  {
                          ok = 0;
                  }
          }
-         if (ok && (i < 3 || i > 12))
+         if (ok && (i < BBS_username_min_len || i > BBS_username_max_len))
          {
                  ok = 0;
          }
- Line 129 
  int check_user(const char *username, con
+ Line 131 
  int check_user(const char *username, con
                          ok = 0;
                  }
          }
-         if (ok && (i < 5 || i > 12))
+         if (ok && (i < BBS_password_min_len || i > BBS_password_max_len))
          {
                  ok = 0;
          }
- Line 213 
  int check_user(const char *username, con
+ Line 215 
  int check_user(const char *username, con
          }
          if ((row = mysql_fetch_row(rs)))
          {
-                 if (atoi(row[0]) >= 3)
+                 if (atoi(row[0]) >= BBS_allowed_login_failures_per_account)
                  {
                          prints("\033[1;31m账户存在多次失败登陆尝试，请使用Web方式登录解锁\033[m\r\n");
                          ret = 1;
- Line 487 
  int user_online_add(MYSQL *db)
+ Line 489 
  int user_online_add(MYSQL *db)
  {
          char sql[SQL_BUFFER_LEN];
-         if (user_online_del(db) != 0)
+         snprintf(sql, sizeof(sql),
+                          "INSERT INTO visit_log(dt, IP) VALUES(NOW(), '%s')",
+                          hostaddr_client);
+         if (mysql_query(db, sql) != 0)
          {
+                 log_error("Add visit log error: %s\n", mysql_error(db));
                  return -1;
          }
+         if (user_online_del(db) != 0)
+         {
+                 return -2;
+         }
          snprintf(sql, sizeof(sql),
-                          "INSERT INTO user_online(SID, UID, ip, login_tm, last_tm) "
+                          "INSERT INTO user_online(SID, UID, ip, current_action, login_tm, last_tm) "
-                          "VALUES('Telnet_Process_%d', %d, '%s', NOW(), NOW())",
+                          "VALUES('Telnet_Process_%d', %d, '%s', 'LOGIN', NOW(), NOW())",
                           getpid(), BBS_priv.uid, hostaddr_client);
          if (mysql_query(db, sql) != 0)
          {
                  log_error("Add user_online error: %s\n", mysql_error(db));
-                 return -1;
+                 return -3;
          }
          return 0;
- Line 521 
  int user_online_del(MYSQL *db)
+ Line 532 
  int user_online_del(MYSQL *db)
          return 0;
  }
+ int user_online_exp(MYSQL *db)
+ {
+         char sql[SQL_BUFFER_LEN];
+         // +1 exp for every 5 minutes online since last logout
+         // but at most 24 hours worth of exp can be gained in Telnet session
+         snprintf(sql, sizeof(sql),
+                          "UPDATE user_pubinfo SET exp = exp + FLOOR(LEAST(TIMESTAMPDIFF("
+                          "SECOND, GREATEST(last_login_dt, IF(last_logout_dt IS NULL, last_login_dt, last_logout_dt)), NOW()"
+                          ") / 60 / 5, 12 * 24)), last_logout_dt = NOW() "
+                          "WHERE UID = %d",
+                          BBS_priv.uid);
+         if (mysql_query(db, sql) != 0)
+         {
+                 log_error("Update user_pubinfo error: %s\n", mysql_error(db));
+                 return -1;
+         }
+         return 0;
+ }
  int user_online_update(const char *action)
  {
          MYSQL *db = NULL;
          char sql[SQL_BUFFER_LEN];
-         if (strcmp(BBS_current_action, action) == 0) // No change
+         if ((action == NULL || strcmp(BBS_current_action, action) == 0) &&
+                 time(NULL) - BBS_current_action_tm < BBS_current_action_refresh_interval) // No change
          {
                  return 0;
          }
-         strncpy(BBS_current_action, action, sizeof(BBS_current_action) - 1);
+         if (action != NULL)
-         BBS_current_action[sizeof(BBS_current_action) - 1] = '\0';
+         {
+                 strncpy(BBS_current_action, action, sizeof(BBS_current_action) - 1);
+                 BBS_current_action[sizeof(BBS_current_action) - 1] = '\0';
+         }
+         BBS_current_action_tm = time(NULL);
          db = db_open();
          if (db == NULL)
- Line 542 
  int user_online_update(const char *actio
+ Line 580 
  int user_online_update(const char *actio
          }
          snprintf(sql, sizeof(sql),
-                          "UPDATE user_online SET current_action = '%s', last_tm=NOW() "
+                          "UPDATE user_online SET current_action = '%s', last_tm = NOW() "
                           "WHERE SID = 'Telnet_Process_%d'",
                           BBS_current_action, getpid());
          if (mysql_query(db, sql) != 0)

  Legend:

 
 
 Removed lines/characters
  
 
 
 Changed lines/characters
 
 
  
 Added lines/characters
 Legend:

 
 
 Removed lines/characters
  
 
 
 Changed lines/characters
 
 
  
 Added lines/characters
-Removed lines/characters
+Added lines/characters

webmaster@leafok.com	ViewVC Help
Powered by ViewVC 1.3.0-beta1