/[LeafOK_CVS]/lbbs/src/login.c
ViewVC logotype

Contents of /lbbs/src/login.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.65 - (show annotations)
Tue Nov 4 13:49:51 2025 UTC (4 months, 1 week ago) by sysadm
Branch: MAIN
Changes since 1.64: +7 -15 lines
Content type: text/x-csrc 
Update file header information comments
1 /* SPDX-License-Identifier: GPL-3.0-or-later */
2 /*
3 * login
4 * - user authentication and online status manager
5 *
6 * Copyright (C) 2004-2025 by Leaflet <leaflet@leafok.com>
7 */
8
9 #include "bbs.h"
10 #include "common.h"
11 #include "database.h"
12 #include "io.h"
13 #include "ip_mask.h"
14 #include "log.h"
15 #include "login.h"
16 #include "screen.h"
17 #include "user_priv.h"
18 #include <ctype.h>
19 #include <errno.h>
20 #include <stdlib.h>
21 #include <string.h>
22 #include <regex.h>
23 #include <unistd.h>
24 #include <mysql/mysql.h>
25 #include <sys/param.h>
26
27 static const int BBS_username_min_len = 3; // common len = 5, special len = 3
28 static const int BBS_password_min_len = 5; // legacy len = 5, current len = 6
29
30 int bbs_login(void)
31 {
32 char username[BBS_username_max_len + 1];
33 char password[BBS_password_max_len + 1];
34 int i = 0;
35 int ok = 0;
36
37 for (; !SYS_server_exit && !ok && i < BBS_login_retry_times; i++)
38 {
39 prints("\033[1;33m请输入帐号\033[m(试用请输入`\033[1;36mguest\033[m', "
40 "注册请输入`\033[1;31mnew\033[m'): ");
41 iflush();
42
43 if (str_input(username, sizeof(username), DOECHO) < 0)
44 {
45 continue;
46 }
47
48 if (strcmp(username, "guest") == 0)
49 {
50 load_guest_info();
51
52 return 0;
53 }
54
55 if (strcmp(username, "new") == 0)
56 {
57 display_file(DATA_REGISTER, 1);
58
59 return -1;
60 }
61
62 if (username[0] != '\0')
63 {
64 prints("\033[1;37m请输入密码\033[m: ");
65 iflush();
66
67 if (str_input(password, sizeof(password), NOECHO) < 0)
68 {
69 continue;
70 }
71
72 ok = (check_user(username, password) == 0);
73 iflush();
74 }
75 }
76
77 if (!ok)
78 {
79 display_file(DATA_LOGIN_ERROR, 1);
80 return -1;
81 }
82
83 log_common("User \"%s\"(%ld) login from %s:%d\n",
84 BBS_username, BBS_priv.uid, hostaddr_client, port_client);
85
86 return 0;
87 }
88
89 int check_user(const char *username, const char *password)
90 {
91 MYSQL *db = NULL;
92 MYSQL_RES *rs = NULL;
93 MYSQL_ROW row;
94 char sql[SQL_BUFFER_LEN];
95 int ret = 0;
96 int BBS_uid = 0;
97 char client_addr[IP_ADDR_LEN];
98 int i;
99 int ok = 1;
100 char user_tz_env[BBS_user_tz_max_len + 2];
101
102 db = db_open();
103 if (db == NULL)
104 {
105 ret = -1;
106 goto cleanup;
107 }
108
109 // Verify format
110 for (i = 0; ok && username[i] != '\0'; i++)
111 {
112 if (!(isalpha(username[i]) || (i > 0 && (isdigit(username[i]) || username[i] == '_'))))
113 {
114 ok = 0;
115 }
116 }
117 if (ok && (i < BBS_username_min_len || i > BBS_username_max_len))
118 {
119 ok = 0;
120 }
121 for (i = 0; ok && password[i] != '\0'; i++)
122 {
123 if (!isalnum(password[i]))
124 {
125 ok = 0;
126 }
127 }
128 if (ok && (i < BBS_password_min_len || i > BBS_password_max_len))
129 {
130 ok = 0;
131 }
132
133 if (!ok)
134 {
135 prints("\033[1;31m用户名或密码格式错误...\033[m\r\n");
136 ret = 1;
137 goto cleanup;
138 }
139
140 // Begin transaction
141 if (mysql_query(db, "SET autocommit=0") != 0)
142 {
143 log_error("SET autocommit=0 error: %s\n", mysql_error(db));
144 ret = -1;
145 goto cleanup;
146 }
147
148 if (mysql_query(db, "BEGIN") != 0)
149 {
150 log_error("Begin transaction error: %s\n", mysql_error(db));
151 ret = -1;
152 goto cleanup;
153 }
154
155 // Failed login attempts from the same source (subnet /24) during certain time period
156 strncpy(client_addr, hostaddr_client, sizeof(client_addr) - 1);
157 client_addr[sizeof(client_addr) - 1] = '\0';
158
159 snprintf(sql, sizeof(sql),
160 "SELECT COUNT(*) AS err_count FROM user_err_login_log "
161 "WHERE login_dt >= SUBDATE(NOW(), INTERVAL %d MINUTE) "
162 "AND login_ip LIKE '%s'",
163 BBS_login_failures_count_interval,
164 ip_mask(client_addr, 1, '%'));
165 if (mysql_query(db, sql) != 0)
166 {
167 log_error("Query user_list error: %s\n", mysql_error(db));
168 ret = -1;
169 goto cleanup;
170 }
171 if ((rs = mysql_store_result(db)) == NULL)
172 {
173 log_error("Get user_list data failed\n");
174 ret = -1;
175 goto cleanup;
176 }
177 if ((row = mysql_fetch_row(rs)))
178 {
179 if (atoi(row[0]) >= BBS_allowed_login_failures_within_interval)
180 {
181 prints("\033[1;31m来源存在多次失败登陆尝试,请稍后再试,或使用Web方式访问\033[m\r\n");
182 ret = 1;
183 goto cleanup;
184 }
185 }
186 mysql_free_result(rs);
187 rs = NULL;
188
189 // Failed login attempts against the current username since last successful login
190 snprintf(sql, sizeof(sql),
191 "SELECT COUNT(*) AS err_count FROM user_err_login_log "
192 "LEFT JOIN user_list ON user_err_login_log.username = user_list.username "
193 "LEFT JOIN user_pubinfo ON user_list.UID = user_pubinfo.UID "
194 "WHERE user_err_login_log.username = '%s' "
195 "AND (user_err_login_log.login_dt >= user_pubinfo.last_login_dt "
196 "OR user_pubinfo.last_login_dt IS NULL)",
197 username);
198 if (mysql_query(db, sql) != 0)
199 {
200 log_error("Query user_list error: %s\n", mysql_error(db));
201 ret = -1;
202 goto cleanup;
203 }
204 if ((rs = mysql_store_result(db)) == NULL)
205 {
206 log_error("Get user_list data failed\n");
207 ret = -1;
208 goto cleanup;
209 }
210 if ((row = mysql_fetch_row(rs)))
211 {
212 if (atoi(row[0]) >= BBS_allowed_login_failures_per_account)
213 {
214 prints("\033[1;31m账户存在多次失败登陆尝试,请使用Web方式登录解锁\033[m\r\n");
215 ret = 1;
216 goto cleanup;
217 }
218 }
219 mysql_free_result(rs);
220 rs = NULL;
221
222 snprintf(sql, sizeof(sql),
223 "SELECT UID, username, p_login FROM user_list "
224 "WHERE username = '%s' AND password = SHA2('%s', 256) AND enable",
225 username, password);
226 if (mysql_query(db, sql) != 0)
227 {
228 log_error("Query user_list error: %s\n", mysql_error(db));
229 ret = -1;
230 goto cleanup;
231 }
232 if ((rs = mysql_store_result(db)) == NULL)
233 {
234 log_error("Get user_list data failed\n");
235 ret = -1;
236 goto cleanup;
237 }
238 if ((row = mysql_fetch_row(rs)))
239 {
240 BBS_uid = atoi(row[0]);
241 strncpy(BBS_username, row[1], sizeof(BBS_username) - 1);
242 BBS_username[sizeof(BBS_username) - 1] = '\0';
243 int p_login = atoi(row[2]);
244
245 mysql_free_result(rs);
246 rs = NULL;
247
248 // Add user login log
249 snprintf(sql, sizeof(sql),
250 "INSERT INTO user_login_log(UID, login_dt, login_ip) "
251 "VALUES(%d, NOW(), '%s')",
252 BBS_uid, hostaddr_client);
253 if (mysql_query(db, sql) != 0)
254 {
255 log_error("Insert into user_login_log error: %s\n", mysql_error(db));
256 ret = -1;
257 goto cleanup;
258 }
259
260 // Commit transaction
261 if (mysql_query(db, "COMMIT") != 0)
262 {
263 log_error("Commit transaction error: %s\n", mysql_error(db));
264 ret = -1;
265 goto cleanup;
266 }
267
268 if (p_login == 0)
269 {
270 prints("\033[1;31m您目前无权登陆...\033[m\r\n");
271 ret = 1;
272 goto cleanup;
273 }
274 }
275 else
276 {
277 mysql_free_result(rs);
278 rs = NULL;
279
280 snprintf(sql, sizeof(sql),
281 "INSERT INTO user_err_login_log(username, password, login_dt, login_ip) "
282 "VALUES('%s', '%s', NOW(), '%s')",
283 username, password, hostaddr_client);
284 if (mysql_query(db, sql) != 0)
285 {
286 log_error("Insert into user_err_login_log error: %s\n", mysql_error(db));
287 ret = -1;
288 goto cleanup;
289 }
290
291 // Commit transaction
292 if (mysql_query(db, "COMMIT") != 0)
293 {
294 log_error("Commit transaction error: %s\n", mysql_error(db));
295 ret = -1;
296 goto cleanup;
297 }
298
299 prints("\033[1;31m错误的用户名或密码...\033[m\r\n");
300 ret = 1;
301 goto cleanup;
302 }
303
304 // Set AUTOCOMMIT = 1
305 if (mysql_query(db, "SET autocommit=1") != 0)
306 {
307 log_error("SET autocommit=1 error: %s\n", mysql_error(db));
308 ret = -1;
309 goto cleanup;
310 }
311
312 ret = load_user_info(db, BBS_uid);
313
314 switch (ret)
315 {
316 case 0: // Login successfully
317 break;
318 case -1: // Load data error
319 prints("\033[1;31m读取用户数据错误...\033[m\r\n");
320 ret = -1;
321 goto cleanup;
322 case -2: // Unused
323 prints("\033[1;31m请通过Web登录更新用户许可协议...\033[m\r\n");
324 ret = 1;
325 goto cleanup;
326 case -3: // Dead
327 prints("\033[1;31m很遗憾,您已经永远离开了我们的世界!\033[m\r\n");
328 ret = 1;
329 goto cleanup;
330 default:
331 ret = -2;
332 goto cleanup;
333 }
334
335 snprintf(sql, sizeof(sql),
336 "UPDATE user_pubinfo SET visit_count = visit_count + 1, "
337 "last_login_dt = NOW() WHERE UID = %d",
338 BBS_uid);
339 if (mysql_query(db, sql) != 0)
340 {
341 log_error("Update user_pubinfo error: %s\n", mysql_error(db));
342 ret = -1;
343 goto cleanup;
344 }
345
346 if (user_online_add(db) != 0)
347 {
348 ret = -1;
349 goto cleanup;
350 }
351
352 BBS_last_access_tm = BBS_login_tm = time(NULL);
353
354 // Set user tz to process env
355 if (BBS_user_tz[0] != '\0')
356 {
357 user_tz_env[0] = ':';
358 strncpy(user_tz_env + 1, BBS_user_tz, sizeof(user_tz_env) - 2);
359 user_tz_env[sizeof(user_tz_env) - 1] = '\0';
360
361 if (setenv("TZ", user_tz_env, 1) == -1)
362 {
363 log_error("setenv(TZ = %s) error %d\n", user_tz_env, errno);
364 return -3;
365 }
366
367 tzset();
368 }
369
370 cleanup:
371 mysql_free_result(rs);
372 mysql_close(db);
373
374 return ret;
375 }
376
377 int load_user_info(MYSQL *db, int BBS_uid)
378 {
379 MYSQL_RES *rs = NULL;
380 MYSQL_ROW row;
381 char sql[SQL_BUFFER_LEN];
382 int life;
383 time_t last_login_dt;
384 int ret = 0;
385
386 snprintf(sql, sizeof(sql),
387 "SELECT life, UNIX_TIMESTAMP(last_login_dt), user_timezone, exp, nickname "
388 "FROM user_pubinfo WHERE UID = %d",
389 BBS_uid);
390 if (mysql_query(db, sql) != 0)
391 {
392 log_error("Query user_pubinfo error: %s\n", mysql_error(db));
393 ret = -1;
394 goto cleanup;
395 }
396 if ((rs = mysql_store_result(db)) == NULL)
397 {
398 log_error("Get user_pubinfo data failed\n");
399 ret = -1;
400 goto cleanup;
401 }
402 if ((row = mysql_fetch_row(rs)))
403 {
404 life = atoi(row[0]);
405 last_login_dt = (time_t)atol(row[1]);
406
407 strncpy(BBS_user_tz, row[2], sizeof(BBS_user_tz) - 1);
408 BBS_user_tz[sizeof(BBS_user_tz) - 1] = '\0';
409
410 BBS_user_exp = atoi(row[3]);
411
412 strncpy(BBS_nickname, row[4], sizeof(BBS_nickname));
413 BBS_nickname[sizeof(BBS_nickname) - 1] = '\0';
414 }
415 else
416 {
417 ret = -1; // Data not found
418 goto cleanup;
419 }
420 mysql_free_result(rs);
421 rs = NULL;
422
423 if (life != 333 && life != 365 && life != 666 && life != 999 && // Not immortal
424 time(NULL) - last_login_dt > 60 * 60 * 24 * life)
425 {
426 ret = -3; // Dead
427 goto cleanup;
428 }
429
430 if (load_priv(db, &BBS_priv, BBS_uid) != 0)
431 {
432 ret = -1;
433 goto cleanup;
434 }
435
436 cleanup:
437 mysql_free_result(rs);
438
439 return ret;
440 }
441
442 int load_guest_info(void)
443 {
444 MYSQL *db = NULL;
445 int ret = 0;
446
447 db = db_open();
448 if (db == NULL)
449 {
450 ret = -1;
451 goto cleanup;
452 }
453
454 strncpy(BBS_username, "guest", sizeof(BBS_username) - 1);
455 BBS_username[sizeof(BBS_username) - 1] = '\0';
456
457 BBS_user_exp = 0;
458
459 strncpy(BBS_nickname, "Guest", sizeof(BBS_nickname));
460 BBS_nickname[sizeof(BBS_nickname) - 1] = '\0';
461
462 if (load_priv(db, &BBS_priv, 0) != 0)
463 {
464 ret = -1;
465 goto cleanup;
466 }
467
468 if (user_online_add(db) != 0)
469 {
470 ret = -1;
471 goto cleanup;
472 }
473
474 BBS_last_access_tm = BBS_login_tm = time(NULL);
475
476 cleanup:
477 mysql_close(db);
478
479 return ret;
480 }
481
482 int user_online_add(MYSQL *db)
483 {
484 char sql[SQL_BUFFER_LEN];
485
486 snprintf(sql, sizeof(sql),
487 "INSERT INTO visit_log(dt, IP) VALUES(NOW(), '%s')",
488 hostaddr_client);
489 if (mysql_query(db, sql) != 0)
490 {
491 log_error("Add visit log error: %s\n", mysql_error(db));
492 return -1;
493 }
494
495 if (user_online_del(db) != 0)
496 {
497 return -2;
498 }
499
500 snprintf(sql, sizeof(sql),
501 "INSERT INTO user_online(SID, UID, ip, current_action, login_tm, last_tm) "
502 "VALUES('Telnet_Process_%d', %d, '%s', 'LOGIN', NOW(), NOW())",
503 getpid(), BBS_priv.uid, hostaddr_client);
504 if (mysql_query(db, sql) != 0)
505 {
506 log_error("Add user_online error: %s\n", mysql_error(db));
507 return -3;
508 }
509
510 return 0;
511 }
512
513 int user_online_del(MYSQL *db)
514 {
515 char sql[SQL_BUFFER_LEN];
516
517 snprintf(sql, sizeof(sql),
518 "DELETE FROM user_online WHERE SID = 'Telnet_Process_%d'",
519 getpid());
520 if (mysql_query(db, sql) != 0)
521 {
522 log_error("Delete user_online error: %s\n", mysql_error(db));
523 return -1;
524 }
525
526 return 0;
527 }
528
529 int user_online_exp(MYSQL *db)
530 {
531 char sql[SQL_BUFFER_LEN];
532
533 // +1 exp for every 5 minutes online since last logout
534 // but at most 24 hours worth of exp can be gained in Telnet session
535 snprintf(sql, sizeof(sql),
536 "UPDATE user_pubinfo SET exp = exp + FLOOR(LEAST(TIMESTAMPDIFF("
537 "SECOND, GREATEST(last_login_dt, IF(last_logout_dt IS NULL, last_login_dt, last_logout_dt)), NOW()"
538 ") / 60 / 5, 12 * 24)), last_logout_dt = NOW() "
539 "WHERE UID = %d",
540 BBS_priv.uid);
541 if (mysql_query(db, sql) != 0)
542 {
543 log_error("Update user_pubinfo error: %s\n", mysql_error(db));
544 return -1;
545 }
546
547 return 0;
548 }
549
550 int user_online_update(const char *action)
551 {
552 MYSQL *db = NULL;
553 char sql[SQL_BUFFER_LEN];
554
555 if ((action == NULL || strcmp(BBS_current_action, action) == 0) &&
556 time(NULL) - BBS_current_action_tm < BBS_current_action_refresh_interval) // No change
557 {
558 return 0;
559 }
560
561 if (action != NULL)
562 {
563 strncpy(BBS_current_action, action, sizeof(BBS_current_action) - 1);
564 BBS_current_action[sizeof(BBS_current_action) - 1] = '\0';
565 }
566
567 BBS_current_action_tm = time(NULL);
568
569 db = db_open();
570 if (db == NULL)
571 {
572 log_error("db_open() error: %s\n", mysql_error(db));
573 return -1;
574 }
575
576 snprintf(sql, sizeof(sql),
577 "UPDATE user_online SET current_action = '%s', last_tm = NOW() "
578 "WHERE SID = 'Telnet_Process_%d'",
579 BBS_current_action, getpid());
580 if (mysql_query(db, sql) != 0)
581 {
582 log_error("Update user_online error: %s\n", mysql_error(db));
583 return -2;
584 }
585
586 mysql_close(db);
587
588 return 1;
589 }
webmaster@leafok.com
 ViewVC Help
Powered by ViewVC 1.3.0-beta1