/[LeafOK_CVS]/lbbs/src/login.c
ViewVC logotype

Contents of /lbbs/src/login.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.67 - (show annotations)
Wed Nov 5 02:06:50 2025 UTC (4 months, 1 week ago) by sysadm
Branch: MAIN
Changes since 1.66: +6 -0 lines
Content type: text/x-csrc 
Use enum / const int instead of macro define constant integers
1 /* SPDX-License-Identifier: GPL-3.0-or-later */
2 /*
3 * login
4 * - user authentication and online status manager
5 *
6 * Copyright (C) 2004-2025 Leaflet <leaflet@leafok.com>
7 */
8
9 #include "bbs.h"
10 #include "common.h"
11 #include "database.h"
12 #include "io.h"
13 #include "ip_mask.h"
14 #include "log.h"
15 #include "login.h"
16 #include "screen.h"
17 #include "user_priv.h"
18 #include <ctype.h>
19 #include <errno.h>
20 #include <stdlib.h>
21 #include <string.h>
22 #include <regex.h>
23 #include <unistd.h>
24 #include <mysql/mysql.h>
25 #include <sys/param.h>
26
27 static const int BBS_username_min_len = 3; // common len = 5, special len = 3
28 static const int BBS_password_min_len = 5; // legacy len = 5, current len = 6
29
30 static const int BBS_allowed_login_failures_within_interval = 10;
31 static const int BBS_login_failures_count_interval = 10; // minutes
32 static const int BBS_allowed_login_failures_per_account = 3;
33
34 const int BBS_login_retry_times = 3;
35
36 int bbs_login(void)
37 {
38 char username[BBS_username_max_len + 1];
39 char password[BBS_password_max_len + 1];
40 int i = 0;
41 int ok = 0;
42
43 for (; !SYS_server_exit && !ok && i < BBS_login_retry_times; i++)
44 {
45 prints("\033[1;33m请输入帐号\033[m(试用请输入`\033[1;36mguest\033[m', "
46 "注册请输入`\033[1;31mnew\033[m'): ");
47 iflush();
48
49 if (str_input(username, sizeof(username), DOECHO) < 0)
50 {
51 continue;
52 }
53
54 if (strcmp(username, "guest") == 0)
55 {
56 load_guest_info();
57
58 return 0;
59 }
60
61 if (strcmp(username, "new") == 0)
62 {
63 display_file(DATA_REGISTER, 1);
64
65 return -1;
66 }
67
68 if (username[0] != '\0')
69 {
70 prints("\033[1;37m请输入密码\033[m: ");
71 iflush();
72
73 if (str_input(password, sizeof(password), NOECHO) < 0)
74 {
75 continue;
76 }
77
78 ok = (check_user(username, password) == 0);
79 iflush();
80 }
81 }
82
83 if (!ok)
84 {
85 display_file(DATA_LOGIN_ERROR, 1);
86 return -1;
87 }
88
89 log_common("User \"%s\"(%ld) login from %s:%d\n",
90 BBS_username, BBS_priv.uid, hostaddr_client, port_client);
91
92 return 0;
93 }
94
95 int check_user(const char *username, const char *password)
96 {
97 MYSQL *db = NULL;
98 MYSQL_RES *rs = NULL;
99 MYSQL_ROW row;
100 char sql[SQL_BUFFER_LEN];
101 int ret = 0;
102 int BBS_uid = 0;
103 char client_addr[IP_ADDR_LEN];
104 int i;
105 int ok = 1;
106 char user_tz_env[BBS_user_tz_max_len + 2];
107
108 db = db_open();
109 if (db == NULL)
110 {
111 ret = -1;
112 goto cleanup;
113 }
114
115 // Verify format
116 for (i = 0; ok && username[i] != '\0'; i++)
117 {
118 if (!(isalpha(username[i]) || (i > 0 && (isdigit(username[i]) || username[i] == '_'))))
119 {
120 ok = 0;
121 }
122 }
123 if (ok && (i < BBS_username_min_len || i > BBS_username_max_len))
124 {
125 ok = 0;
126 }
127 for (i = 0; ok && password[i] != '\0'; i++)
128 {
129 if (!isalnum(password[i]))
130 {
131 ok = 0;
132 }
133 }
134 if (ok && (i < BBS_password_min_len || i > BBS_password_max_len))
135 {
136 ok = 0;
137 }
138
139 if (!ok)
140 {
141 prints("\033[1;31m用户名或密码格式错误...\033[m\r\n");
142 ret = 1;
143 goto cleanup;
144 }
145
146 // Begin transaction
147 if (mysql_query(db, "SET autocommit=0") != 0)
148 {
149 log_error("SET autocommit=0 error: %s\n", mysql_error(db));
150 ret = -1;
151 goto cleanup;
152 }
153
154 if (mysql_query(db, "BEGIN") != 0)
155 {
156 log_error("Begin transaction error: %s\n", mysql_error(db));
157 ret = -1;
158 goto cleanup;
159 }
160
161 // Failed login attempts from the same source (subnet /24) during certain time period
162 strncpy(client_addr, hostaddr_client, sizeof(client_addr) - 1);
163 client_addr[sizeof(client_addr) - 1] = '\0';
164
165 snprintf(sql, sizeof(sql),
166 "SELECT COUNT(*) AS err_count FROM user_err_login_log "
167 "WHERE login_dt >= SUBDATE(NOW(), INTERVAL %d MINUTE) "
168 "AND login_ip LIKE '%s'",
169 BBS_login_failures_count_interval,
170 ip_mask(client_addr, 1, '%'));
171 if (mysql_query(db, sql) != 0)
172 {
173 log_error("Query user_list error: %s\n", mysql_error(db));
174 ret = -1;
175 goto cleanup;
176 }
177 if ((rs = mysql_store_result(db)) == NULL)
178 {
179 log_error("Get user_list data failed\n");
180 ret = -1;
181 goto cleanup;
182 }
183 if ((row = mysql_fetch_row(rs)))
184 {
185 if (atoi(row[0]) >= BBS_allowed_login_failures_within_interval)
186 {
187 prints("\033[1;31m来源存在多次失败登陆尝试,请稍后再试,或使用Web方式访问\033[m\r\n");
188 ret = 1;
189 goto cleanup;
190 }
191 }
192 mysql_free_result(rs);
193 rs = NULL;
194
195 // Failed login attempts against the current username since last successful login
196 snprintf(sql, sizeof(sql),
197 "SELECT COUNT(*) AS err_count FROM user_err_login_log "
198 "LEFT JOIN user_list ON user_err_login_log.username = user_list.username "
199 "LEFT JOIN user_pubinfo ON user_list.UID = user_pubinfo.UID "
200 "WHERE user_err_login_log.username = '%s' "
201 "AND (user_err_login_log.login_dt >= user_pubinfo.last_login_dt "
202 "OR user_pubinfo.last_login_dt IS NULL)",
203 username);
204 if (mysql_query(db, sql) != 0)
205 {
206 log_error("Query user_list error: %s\n", mysql_error(db));
207 ret = -1;
208 goto cleanup;
209 }
210 if ((rs = mysql_store_result(db)) == NULL)
211 {
212 log_error("Get user_list data failed\n");
213 ret = -1;
214 goto cleanup;
215 }
216 if ((row = mysql_fetch_row(rs)))
217 {
218 if (atoi(row[0]) >= BBS_allowed_login_failures_per_account)
219 {
220 prints("\033[1;31m账户存在多次失败登陆尝试,请使用Web方式登录解锁\033[m\r\n");
221 ret = 1;
222 goto cleanup;
223 }
224 }
225 mysql_free_result(rs);
226 rs = NULL;
227
228 snprintf(sql, sizeof(sql),
229 "SELECT UID, username, p_login FROM user_list "
230 "WHERE username = '%s' AND password = SHA2('%s', 256) AND enable",
231 username, password);
232 if (mysql_query(db, sql) != 0)
233 {
234 log_error("Query user_list error: %s\n", mysql_error(db));
235 ret = -1;
236 goto cleanup;
237 }
238 if ((rs = mysql_store_result(db)) == NULL)
239 {
240 log_error("Get user_list data failed\n");
241 ret = -1;
242 goto cleanup;
243 }
244 if ((row = mysql_fetch_row(rs)))
245 {
246 BBS_uid = atoi(row[0]);
247 strncpy(BBS_username, row[1], sizeof(BBS_username) - 1);
248 BBS_username[sizeof(BBS_username) - 1] = '\0';
249 int p_login = atoi(row[2]);
250
251 mysql_free_result(rs);
252 rs = NULL;
253
254 // Add user login log
255 snprintf(sql, sizeof(sql),
256 "INSERT INTO user_login_log(UID, login_dt, login_ip) "
257 "VALUES(%d, NOW(), '%s')",
258 BBS_uid, hostaddr_client);
259 if (mysql_query(db, sql) != 0)
260 {
261 log_error("Insert into user_login_log error: %s\n", mysql_error(db));
262 ret = -1;
263 goto cleanup;
264 }
265
266 // Commit transaction
267 if (mysql_query(db, "COMMIT") != 0)
268 {
269 log_error("Commit transaction error: %s\n", mysql_error(db));
270 ret = -1;
271 goto cleanup;
272 }
273
274 if (p_login == 0)
275 {
276 prints("\033[1;31m您目前无权登陆...\033[m\r\n");
277 ret = 1;
278 goto cleanup;
279 }
280 }
281 else
282 {
283 mysql_free_result(rs);
284 rs = NULL;
285
286 snprintf(sql, sizeof(sql),
287 "INSERT INTO user_err_login_log(username, password, login_dt, login_ip) "
288 "VALUES('%s', '%s', NOW(), '%s')",
289 username, password, hostaddr_client);
290 if (mysql_query(db, sql) != 0)
291 {
292 log_error("Insert into user_err_login_log error: %s\n", mysql_error(db));
293 ret = -1;
294 goto cleanup;
295 }
296
297 // Commit transaction
298 if (mysql_query(db, "COMMIT") != 0)
299 {
300 log_error("Commit transaction error: %s\n", mysql_error(db));
301 ret = -1;
302 goto cleanup;
303 }
304
305 prints("\033[1;31m错误的用户名或密码...\033[m\r\n");
306 ret = 1;
307 goto cleanup;
308 }
309
310 // Set AUTOCOMMIT = 1
311 if (mysql_query(db, "SET autocommit=1") != 0)
312 {
313 log_error("SET autocommit=1 error: %s\n", mysql_error(db));
314 ret = -1;
315 goto cleanup;
316 }
317
318 ret = load_user_info(db, BBS_uid);
319
320 switch (ret)
321 {
322 case 0: // Login successfully
323 break;
324 case -1: // Load data error
325 prints("\033[1;31m读取用户数据错误...\033[m\r\n");
326 ret = -1;
327 goto cleanup;
328 case -2: // Unused
329 prints("\033[1;31m请通过Web登录更新用户许可协议...\033[m\r\n");
330 ret = 1;
331 goto cleanup;
332 case -3: // Dead
333 prints("\033[1;31m很遗憾,您已经永远离开了我们的世界!\033[m\r\n");
334 ret = 1;
335 goto cleanup;
336 default:
337 ret = -2;
338 goto cleanup;
339 }
340
341 snprintf(sql, sizeof(sql),
342 "UPDATE user_pubinfo SET visit_count = visit_count + 1, "
343 "last_login_dt = NOW() WHERE UID = %d",
344 BBS_uid);
345 if (mysql_query(db, sql) != 0)
346 {
347 log_error("Update user_pubinfo error: %s\n", mysql_error(db));
348 ret = -1;
349 goto cleanup;
350 }
351
352 if (user_online_add(db) != 0)
353 {
354 ret = -1;
355 goto cleanup;
356 }
357
358 BBS_last_access_tm = BBS_login_tm = time(NULL);
359
360 // Set user tz to process env
361 if (BBS_user_tz[0] != '\0')
362 {
363 user_tz_env[0] = ':';
364 strncpy(user_tz_env + 1, BBS_user_tz, sizeof(user_tz_env) - 2);
365 user_tz_env[sizeof(user_tz_env) - 1] = '\0';
366
367 if (setenv("TZ", user_tz_env, 1) == -1)
368 {
369 log_error("setenv(TZ = %s) error %d\n", user_tz_env, errno);
370 return -3;
371 }
372
373 tzset();
374 }
375
376 cleanup:
377 mysql_free_result(rs);
378 mysql_close(db);
379
380 return ret;
381 }
382
383 int load_user_info(MYSQL *db, int BBS_uid)
384 {
385 MYSQL_RES *rs = NULL;
386 MYSQL_ROW row;
387 char sql[SQL_BUFFER_LEN];
388 int life;
389 time_t last_login_dt;
390 int ret = 0;
391
392 snprintf(sql, sizeof(sql),
393 "SELECT life, UNIX_TIMESTAMP(last_login_dt), user_timezone, exp, nickname "
394 "FROM user_pubinfo WHERE UID = %d",
395 BBS_uid);
396 if (mysql_query(db, sql) != 0)
397 {
398 log_error("Query user_pubinfo error: %s\n", mysql_error(db));
399 ret = -1;
400 goto cleanup;
401 }
402 if ((rs = mysql_store_result(db)) == NULL)
403 {
404 log_error("Get user_pubinfo data failed\n");
405 ret = -1;
406 goto cleanup;
407 }
408 if ((row = mysql_fetch_row(rs)))
409 {
410 life = atoi(row[0]);
411 last_login_dt = (time_t)atol(row[1]);
412
413 strncpy(BBS_user_tz, row[2], sizeof(BBS_user_tz) - 1);
414 BBS_user_tz[sizeof(BBS_user_tz) - 1] = '\0';
415
416 BBS_user_exp = atoi(row[3]);
417
418 strncpy(BBS_nickname, row[4], sizeof(BBS_nickname));
419 BBS_nickname[sizeof(BBS_nickname) - 1] = '\0';
420 }
421 else
422 {
423 ret = -1; // Data not found
424 goto cleanup;
425 }
426 mysql_free_result(rs);
427 rs = NULL;
428
429 if (life != 333 && life != 365 && life != 666 && life != 999 && // Not immortal
430 time(NULL) - last_login_dt > 60 * 60 * 24 * life)
431 {
432 ret = -3; // Dead
433 goto cleanup;
434 }
435
436 if (load_priv(db, &BBS_priv, BBS_uid) != 0)
437 {
438 ret = -1;
439 goto cleanup;
440 }
441
442 cleanup:
443 mysql_free_result(rs);
444
445 return ret;
446 }
447
448 int load_guest_info(void)
449 {
450 MYSQL *db = NULL;
451 int ret = 0;
452
453 db = db_open();
454 if (db == NULL)
455 {
456 ret = -1;
457 goto cleanup;
458 }
459
460 strncpy(BBS_username, "guest", sizeof(BBS_username) - 1);
461 BBS_username[sizeof(BBS_username) - 1] = '\0';
462
463 BBS_user_exp = 0;
464
465 strncpy(BBS_nickname, "Guest", sizeof(BBS_nickname));
466 BBS_nickname[sizeof(BBS_nickname) - 1] = '\0';
467
468 if (load_priv(db, &BBS_priv, 0) != 0)
469 {
470 ret = -1;
471 goto cleanup;
472 }
473
474 if (user_online_add(db) != 0)
475 {
476 ret = -1;
477 goto cleanup;
478 }
479
480 BBS_last_access_tm = BBS_login_tm = time(NULL);
481
482 cleanup:
483 mysql_close(db);
484
485 return ret;
486 }
487
488 int user_online_add(MYSQL *db)
489 {
490 char sql[SQL_BUFFER_LEN];
491
492 snprintf(sql, sizeof(sql),
493 "INSERT INTO visit_log(dt, IP) VALUES(NOW(), '%s')",
494 hostaddr_client);
495 if (mysql_query(db, sql) != 0)
496 {
497 log_error("Add visit log error: %s\n", mysql_error(db));
498 return -1;
499 }
500
501 if (user_online_del(db) != 0)
502 {
503 return -2;
504 }
505
506 snprintf(sql, sizeof(sql),
507 "INSERT INTO user_online(SID, UID, ip, current_action, login_tm, last_tm) "
508 "VALUES('Telnet_Process_%d', %d, '%s', 'LOGIN', NOW(), NOW())",
509 getpid(), BBS_priv.uid, hostaddr_client);
510 if (mysql_query(db, sql) != 0)
511 {
512 log_error("Add user_online error: %s\n", mysql_error(db));
513 return -3;
514 }
515
516 return 0;
517 }
518
519 int user_online_del(MYSQL *db)
520 {
521 char sql[SQL_BUFFER_LEN];
522
523 snprintf(sql, sizeof(sql),
524 "DELETE FROM user_online WHERE SID = 'Telnet_Process_%d'",
525 getpid());
526 if (mysql_query(db, sql) != 0)
527 {
528 log_error("Delete user_online error: %s\n", mysql_error(db));
529 return -1;
530 }
531
532 return 0;
533 }
534
535 int user_online_exp(MYSQL *db)
536 {
537 char sql[SQL_BUFFER_LEN];
538
539 // +1 exp for every 5 minutes online since last logout
540 // but at most 24 hours worth of exp can be gained in Telnet session
541 snprintf(sql, sizeof(sql),
542 "UPDATE user_pubinfo SET exp = exp + FLOOR(LEAST(TIMESTAMPDIFF("
543 "SECOND, GREATEST(last_login_dt, IF(last_logout_dt IS NULL, last_login_dt, last_logout_dt)), NOW()"
544 ") / 60 / 5, 12 * 24)), last_logout_dt = NOW() "
545 "WHERE UID = %d",
546 BBS_priv.uid);
547 if (mysql_query(db, sql) != 0)
548 {
549 log_error("Update user_pubinfo error: %s\n", mysql_error(db));
550 return -1;
551 }
552
553 return 0;
554 }
555
556 int user_online_update(const char *action)
557 {
558 MYSQL *db = NULL;
559 char sql[SQL_BUFFER_LEN];
560
561 if ((action == NULL || strcmp(BBS_current_action, action) == 0) &&
562 time(NULL) - BBS_current_action_tm < BBS_current_action_refresh_interval) // No change
563 {
564 return 0;
565 }
566
567 if (action != NULL)
568 {
569 strncpy(BBS_current_action, action, sizeof(BBS_current_action) - 1);
570 BBS_current_action[sizeof(BBS_current_action) - 1] = '\0';
571 }
572
573 BBS_current_action_tm = time(NULL);
574
575 db = db_open();
576 if (db == NULL)
577 {
578 log_error("db_open() error: %s\n", mysql_error(db));
579 return -1;
580 }
581
582 snprintf(sql, sizeof(sql),
583 "UPDATE user_online SET current_action = '%s', last_tm = NOW() "
584 "WHERE SID = 'Telnet_Process_%d'",
585 BBS_current_action, getpid());
586 if (mysql_query(db, sql) != 0)
587 {
588 log_error("Update user_online error: %s\n", mysql_error(db));
589 return -2;
590 }
591
592 mysql_close(db);
593
594 return 1;
595 }
webmaster@leafok.com
 ViewVC Help
Powered by ViewVC 1.3.0-beta1