/[LeafOK_CVS]/lbbs/src/login.c
ViewVC logotype

Contents of /lbbs/src/login.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.54 - (show annotations)
Wed Oct 1 02:21:15 2025 UTC (5 months, 2 weeks ago) by sysadm
Branch: MAIN
Changes since 1.53: +3 -1 lines
Content type: text/x-csrc 
Refine user_online_update()
1 /***************************************************************************
2 login.c - description
3 -------------------
4 Copyright : (C) 2004-2025 by Leaflet
5 Email : leaflet@leafok.com
6 ***************************************************************************/
7
8 /***************************************************************************
9 * *
10 * This program is free software; you can redistribute it and/or modify *
11 * it under the terms of the GNU General Public License as published by *
12 * the Free Software Foundation; either version 3 of the License, or *
13 * (at your option) any later version. *
14 * *
15 ***************************************************************************/
16
17 #include "bbs.h"
18 #include "common.h"
19 #include "database.h"
20 #include "io.h"
21 #include "ip_mask.h"
22 #include "log.h"
23 #include "login.h"
24 #include "screen.h"
25 #include "user_priv.h"
26 #include <ctype.h>
27 #include <errno.h>
28 #include <stdlib.h>
29 #include <string.h>
30 #include <regex.h>
31 #include <unistd.h>
32 #include <mysql/mysql.h>
33
34 int bbs_login(void)
35 {
36 char username[BBS_username_max_len + 1];
37 char password[BBS_password_max_len + 1];
38 int i = 0;
39 int ok = 0;
40
41 for (; !SYS_server_exit && !ok && i < BBS_login_retry_times; i++)
42 {
43 prints("\033[1;33m请输入帐号\033[m(试用请输入`\033[1;36mguest\033[m', "
44 "注册请输入`\033[1;31mnew\033[m'): ");
45 iflush();
46
47 if (str_input(username, sizeof(username), DOECHO) < 0)
48 {
49 continue;
50 }
51
52 if (strcmp(username, "guest") == 0)
53 {
54 load_guest_info();
55
56 return 0;
57 }
58
59 if (strcmp(username, "new") == 0)
60 {
61 display_file(DATA_REGISTER, 1);
62
63 return -1;
64 }
65
66 if (username[0] != '\0')
67 {
68 prints("\033[1;37m请输入密码\033[m: ");
69 iflush();
70
71 if (str_input(password, sizeof(password), NOECHO) < 0)
72 {
73 continue;
74 }
75
76 ok = (check_user(username, password) == 0);
77 iflush();
78 }
79 }
80
81 if (!ok)
82 {
83 display_file(DATA_LOGIN_ERROR, 1);
84 return -1;
85 }
86
87 log_common("User \"%s\"(%ld) login from %s:%d\n",
88 BBS_username, BBS_priv.uid, hostaddr_client, port_client);
89
90 return 0;
91 }
92
93 int check_user(const char *username, const char *password)
94 {
95 MYSQL *db = NULL;
96 MYSQL_RES *rs = NULL;
97 MYSQL_ROW row;
98 char sql[SQL_BUFFER_LEN];
99 int ret = 0;
100 int BBS_uid = 0;
101 char client_addr[IP_ADDR_LEN];
102 int i;
103 int ok = 1;
104 char user_tz_env[BBS_user_tz_max_len + 2];
105
106 db = db_open();
107 if (db == NULL)
108 {
109 ret = -1;
110 goto cleanup;
111 }
112
113 // Verify format
114 for (i = 0; ok && username[i] != '\0'; i++)
115 {
116 if (!(isalpha(username[i]) || (i > 0 && isdigit(username[i]))))
117 {
118 ok = 0;
119 }
120 }
121 if (ok && (i < 3 || i > 12))
122 {
123 ok = 0;
124 }
125 for (i = 0; ok && password[i] != '\0'; i++)
126 {
127 if (!isalnum(password[i]))
128 {
129 ok = 0;
130 }
131 }
132 if (ok && (i < 5 || i > 12))
133 {
134 ok = 0;
135 }
136
137 if (!ok)
138 {
139 prints("\033[1;31m用户名或密码格式错误...\033[m\r\n");
140 ret = 1;
141 goto cleanup;
142 }
143
144 // Begin transaction
145 if (mysql_query(db, "SET autocommit=0") != 0)
146 {
147 log_error("SET autocommit=0 error: %s\n", mysql_error(db));
148 ret = -1;
149 goto cleanup;
150 }
151
152 if (mysql_query(db, "BEGIN") != 0)
153 {
154 log_error("Begin transaction error: %s\n", mysql_error(db));
155 ret = -1;
156 goto cleanup;
157 }
158
159 // Failed login attempts from the same source (subnet /24) during certain time period
160 strncpy(client_addr, hostaddr_client, sizeof(client_addr) - 1);
161 client_addr[sizeof(client_addr) - 1] = '\0';
162
163 snprintf(sql, sizeof(sql),
164 "SELECT COUNT(*) AS err_count FROM user_err_login_log "
165 "WHERE login_dt >= SUBDATE(NOW(), INTERVAL %d MINUTE) "
166 "AND login_ip LIKE '%s'",
167 BBS_login_failures_count_interval,
168 ip_mask(client_addr, 1, '%'));
169 if (mysql_query(db, sql) != 0)
170 {
171 log_error("Query user_list error: %s\n", mysql_error(db));
172 ret = -1;
173 goto cleanup;
174 }
175 if ((rs = mysql_store_result(db)) == NULL)
176 {
177 log_error("Get user_list data failed\n");
178 ret = -1;
179 goto cleanup;
180 }
181 if ((row = mysql_fetch_row(rs)))
182 {
183 if (atoi(row[0]) >= BBS_allowed_login_failures_within_interval)
184 {
185 prints("\033[1;31m来源存在多次失败登陆尝试,请稍后再试,或使用Web方式访问\033[m\r\n");
186 ret = 1;
187 goto cleanup;
188 }
189 }
190 mysql_free_result(rs);
191 rs = NULL;
192
193 // Failed login attempts against the current username since last successful login
194 snprintf(sql, sizeof(sql),
195 "SELECT COUNT(*) AS err_count FROM user_err_login_log "
196 "LEFT JOIN user_list ON user_err_login_log.username = user_list.username "
197 "LEFT JOIN user_pubinfo ON user_list.UID = user_pubinfo.UID "
198 "WHERE user_err_login_log.username = '%s' "
199 "AND (user_err_login_log.login_dt >= user_pubinfo.last_login_dt "
200 "OR user_pubinfo.last_login_dt IS NULL)",
201 username);
202 if (mysql_query(db, sql) != 0)
203 {
204 log_error("Query user_list error: %s\n", mysql_error(db));
205 ret = -1;
206 goto cleanup;
207 }
208 if ((rs = mysql_store_result(db)) == NULL)
209 {
210 log_error("Get user_list data failed\n");
211 ret = -1;
212 goto cleanup;
213 }
214 if ((row = mysql_fetch_row(rs)))
215 {
216 if (atoi(row[0]) >= BBS_allowed_login_failures_per_account)
217 {
218 prints("\033[1;31m账户存在多次失败登陆尝试,请使用Web方式登录解锁\033[m\r\n");
219 ret = 1;
220 goto cleanup;
221 }
222 }
223 mysql_free_result(rs);
224 rs = NULL;
225
226 snprintf(sql, sizeof(sql),
227 "SELECT UID, username, p_login FROM user_list "
228 "WHERE username = '%s' AND password = SHA2('%s', 256) AND enable",
229 username, password);
230 if (mysql_query(db, sql) != 0)
231 {
232 log_error("Query user_list error: %s\n", mysql_error(db));
233 ret = -1;
234 goto cleanup;
235 }
236 if ((rs = mysql_store_result(db)) == NULL)
237 {
238 log_error("Get user_list data failed\n");
239 ret = -1;
240 goto cleanup;
241 }
242 if ((row = mysql_fetch_row(rs)))
243 {
244 BBS_uid = atoi(row[0]);
245 strncpy(BBS_username, row[1], sizeof(BBS_username) - 1);
246 BBS_username[sizeof(BBS_username) - 1] = '\0';
247 int p_login = atoi(row[2]);
248
249 mysql_free_result(rs);
250 rs = NULL;
251
252 // Add user login log
253 snprintf(sql, sizeof(sql),
254 "INSERT INTO user_login_log(UID, login_dt, login_ip) "
255 "VALUES(%d, NOW(), '%s')",
256 BBS_uid, hostaddr_client);
257 if (mysql_query(db, sql) != 0)
258 {
259 log_error("Insert into user_login_log error: %s\n", mysql_error(db));
260 ret = -1;
261 goto cleanup;
262 }
263
264 // Commit transaction
265 if (mysql_query(db, "COMMIT") != 0)
266 {
267 log_error("Commit transaction error: %s\n", mysql_error(db));
268 ret = -1;
269 goto cleanup;
270 }
271
272 if (p_login == 0)
273 {
274 prints("\033[1;31m您目前无权登陆...\033[m\r\n");
275 ret = 1;
276 goto cleanup;
277 }
278 }
279 else
280 {
281 mysql_free_result(rs);
282 rs = NULL;
283
284 snprintf(sql, sizeof(sql),
285 "INSERT INTO user_err_login_log(username, password, login_dt, login_ip) "
286 "VALUES('%s', '%s', NOW(), '%s')",
287 username, password, hostaddr_client);
288 if (mysql_query(db, sql) != 0)
289 {
290 log_error("Insert into user_err_login_log error: %s\n", mysql_error(db));
291 ret = -1;
292 goto cleanup;
293 }
294
295 // Commit transaction
296 if (mysql_query(db, "COMMIT") != 0)
297 {
298 log_error("Commit transaction error: %s\n", mysql_error(db));
299 ret = -1;
300 goto cleanup;
301 }
302
303 prints("\033[1;31m错误的用户名或密码...\033[m\r\n");
304 ret = 1;
305 goto cleanup;
306 }
307
308 // Set AUTOCOMMIT = 1
309 if (mysql_query(db, "SET autocommit=1") != 0)
310 {
311 log_error("SET autocommit=1 error: %s\n", mysql_error(db));
312 ret = -1;
313 goto cleanup;
314 }
315
316 ret = load_user_info(db, BBS_uid);
317
318 switch (ret)
319 {
320 case 0: // Login successfully
321 break;
322 case -1: // Load data error
323 prints("\033[1;31m读取用户数据错误...\033[m\r\n");
324 ret = -1;
325 goto cleanup;
326 case -2: // Unused
327 prints("\033[1;31m请通过Web登录更新用户许可协议...\033[m\r\n");
328 ret = 1;
329 goto cleanup;
330 case -3: // Dead
331 prints("\033[1;31m很遗憾,您已经永远离开了我们的世界!\033[m\r\n");
332 ret = 1;
333 goto cleanup;
334 default:
335 ret = -2;
336 goto cleanup;
337 }
338
339 snprintf(sql, sizeof(sql),
340 "UPDATE user_pubinfo SET visit_count = visit_count + 1, "
341 "last_login_dt = NOW() WHERE UID = %d",
342 BBS_uid);
343 if (mysql_query(db, sql) != 0)
344 {
345 log_error("Update user_pubinfo error: %s\n", mysql_error(db));
346 ret = -1;
347 goto cleanup;
348 }
349
350 if (user_online_add(db) != 0)
351 {
352 ret = -1;
353 goto cleanup;
354 }
355
356 BBS_last_access_tm = BBS_login_tm = time(NULL);
357
358 // Set user tz to process env
359 if (BBS_user_tz[0] != '\0')
360 {
361 user_tz_env[0] = ':';
362 strncpy(user_tz_env + 1, BBS_user_tz, sizeof(user_tz_env) - 2);
363 user_tz_env[sizeof(user_tz_env) - 1] = '\0';
364
365 if (setenv("TZ", user_tz_env, 1) == -1)
366 {
367 log_error("setenv(TZ = %s) error %d\n", user_tz_env, errno);
368 return -3;
369 }
370
371 tzset();
372 }
373
374 cleanup:
375 mysql_free_result(rs);
376 mysql_close(db);
377
378 return ret;
379 }
380
381 int load_user_info(MYSQL *db, int BBS_uid)
382 {
383 MYSQL_RES *rs = NULL;
384 MYSQL_ROW row;
385 char sql[SQL_BUFFER_LEN];
386 int life;
387 time_t last_login_dt;
388 int ret = 0;
389
390 snprintf(sql, sizeof(sql),
391 "SELECT life, UNIX_TIMESTAMP(last_login_dt), user_timezone, exp, nickname "
392 "FROM user_pubinfo WHERE UID = %d",
393 BBS_uid);
394 if (mysql_query(db, sql) != 0)
395 {
396 log_error("Query user_pubinfo error: %s\n", mysql_error(db));
397 ret = -1;
398 goto cleanup;
399 }
400 if ((rs = mysql_store_result(db)) == NULL)
401 {
402 log_error("Get user_pubinfo data failed\n");
403 ret = -1;
404 goto cleanup;
405 }
406 if ((row = mysql_fetch_row(rs)))
407 {
408 life = atoi(row[0]);
409 last_login_dt = (time_t)atol(row[1]);
410
411 strncpy(BBS_user_tz, row[2], sizeof(BBS_user_tz) - 1);
412 BBS_user_tz[sizeof(BBS_user_tz) - 1] = '\0';
413
414 BBS_user_exp = atoi(row[3]);
415
416 strncpy(BBS_nickname, row[4], sizeof(BBS_nickname));
417 BBS_nickname[sizeof(BBS_nickname) - 1] = '\0';
418 }
419 else
420 {
421 ret = -1; // Data not found
422 goto cleanup;
423 }
424 mysql_free_result(rs);
425 rs = NULL;
426
427 if (life != 333 && life != 365 && life != 666 && life != 999 && // Not immortal
428 time(NULL) - last_login_dt > 60 * 60 * 24 * life)
429 {
430 ret = -3; // Dead
431 goto cleanup;
432 }
433
434 if (load_priv(db, &BBS_priv, BBS_uid) != 0)
435 {
436 ret = -1;
437 goto cleanup;
438 }
439
440 cleanup:
441 mysql_free_result(rs);
442
443 return ret;
444 }
445
446 int load_guest_info(void)
447 {
448 MYSQL *db = NULL;
449 int ret = 0;
450
451 db = db_open();
452 if (db == NULL)
453 {
454 ret = -1;
455 goto cleanup;
456 }
457
458 strncpy(BBS_username, "guest", sizeof(BBS_username) - 1);
459 BBS_username[sizeof(BBS_username) - 1] = '\0';
460
461 BBS_user_exp = 0;
462
463 strncpy(BBS_nickname, "Guest", sizeof(BBS_nickname));
464 BBS_nickname[sizeof(BBS_nickname) - 1] = '\0';
465
466 if (load_priv(db, &BBS_priv, 0) != 0)
467 {
468 ret = -1;
469 goto cleanup;
470 }
471
472 if (user_online_add(db) != 0)
473 {
474 ret = -1;
475 goto cleanup;
476 }
477
478 BBS_last_access_tm = BBS_login_tm = time(NULL);
479
480 cleanup:
481 mysql_close(db);
482
483 return ret;
484 }
485
486 int user_online_add(MYSQL *db)
487 {
488 char sql[SQL_BUFFER_LEN];
489
490 if (user_online_del(db) != 0)
491 {
492 return -1;
493 }
494
495 snprintf(sql, sizeof(sql),
496 "INSERT INTO user_online(SID, UID, ip, login_tm, last_tm) "
497 "VALUES('Telnet_Process_%d', %d, '%s', NOW(), NOW())",
498 getpid(), BBS_priv.uid, hostaddr_client);
499 if (mysql_query(db, sql) != 0)
500 {
501 log_error("Add user_online error: %s\n", mysql_error(db));
502 return -1;
503 }
504
505 return 0;
506 }
507
508 int user_online_del(MYSQL *db)
509 {
510 char sql[SQL_BUFFER_LEN];
511
512 snprintf(sql, sizeof(sql),
513 "DELETE FROM user_online WHERE SID = 'Telnet_Process_%d'",
514 getpid());
515 if (mysql_query(db, sql) != 0)
516 {
517 log_error("Delete user_online error: %s\n", mysql_error(db));
518 return -1;
519 }
520
521 return 0;
522 }
523
524 int user_online_update(const char *action)
525 {
526 MYSQL *db = NULL;
527 char sql[SQL_BUFFER_LEN];
528
529 if (strcmp(BBS_current_action, action) == 0 &&
530 time(NULL) - BBS_current_action_tm < BBS_current_action_refresh_interval) // No change
531 {
532 return 0;
533 }
534
535 strncpy(BBS_current_action, action, sizeof(BBS_current_action) - 1);
536 BBS_current_action[sizeof(BBS_current_action) - 1] = '\0';
537 BBS_current_action_tm = time(NULL);
538
539 db = db_open();
540 if (db == NULL)
541 {
542 log_error("db_open() error: %s\n", mysql_error(db));
543 return -1;
544 }
545
546 snprintf(sql, sizeof(sql),
547 "UPDATE user_online SET current_action = '%s', last_tm=NOW() "
548 "WHERE SID = 'Telnet_Process_%d'",
549 BBS_current_action, getpid());
550 if (mysql_query(db, sql) != 0)
551 {
552 log_error("Update user_online error: %s\n", mysql_error(db));
553 return -2;
554 }
555
556 mysql_close(db);
557
558 return 1;
559 }
webmaster@leafok.com
 ViewVC Help
Powered by ViewVC 1.3.0-beta1