/[LeafOK_CVS]/lbbs/src/login.c
ViewVC logotype

Contents of /lbbs/src/login.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.70 - (show annotations)
Mon Nov 17 12:47:41 2025 UTC (3 months, 4 weeks ago) by sysadm
Branch: MAIN
Changes since 1.69: +2 -2 lines
Content type: text/x-csrc 
Fix error reported by gcc under MSYS2
1 /* SPDX-License-Identifier: GPL-3.0-or-later */
2 /*
3 * login
4 * - user authentication and online status manager
5 *
6 * Copyright (C) 2004-2025 Leaflet <leaflet@leafok.com>
7 */
8
9 #ifdef HAVE_CONFIG_H
10 #include "config.h"
11 #endif
12
13 #include "bbs.h"
14 #include "common.h"
15 #include "database.h"
16 #include "io.h"
17 #include "ip_mask.h"
18 #include "log.h"
19 #include "login.h"
20 #include "screen.h"
21 #include "user_priv.h"
22 #include <ctype.h>
23 #include <errno.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <regex.h>
27 #include <unistd.h>
28 #include <mysql.h>
29 #include <sys/param.h>
30
31 static const int BBS_username_min_len = 3; // common len = 5, special len = 3
32 static const int BBS_password_min_len = 5; // legacy len = 5, current len = 6
33
34 static const int BBS_allowed_login_failures_within_interval = 10;
35 static const int BBS_login_failures_count_interval = 10; // minutes
36 static const int BBS_allowed_login_failures_per_account = 3;
37
38 const int BBS_login_retry_times = 3;
39
40 int bbs_login(void)
41 {
42 char username[BBS_username_max_len + 1];
43 char password[BBS_password_max_len + 1];
44 int i = 0;
45 int ok = 0;
46
47 for (; !SYS_server_exit && !ok && i < BBS_login_retry_times; i++)
48 {
49 prints("\033[1;33m请输入帐号\033[m(试用请输入`\033[1;36mguest\033[m', "
50 "注册请输入`\033[1;31mnew\033[m'): ");
51 iflush();
52
53 if (str_input(username, sizeof(username), DOECHO) < 0)
54 {
55 continue;
56 }
57
58 if (strcmp(username, "guest") == 0)
59 {
60 load_guest_info();
61
62 return 0;
63 }
64
65 if (strcmp(username, "new") == 0)
66 {
67 display_file(DATA_REGISTER, 1);
68
69 return -1;
70 }
71
72 if (username[0] != '\0')
73 {
74 prints("\033[1;37m请输入密码\033[m: ");
75 iflush();
76
77 if (str_input(password, sizeof(password), NOECHO) < 0)
78 {
79 continue;
80 }
81
82 ok = (check_user(username, password) == 0);
83 iflush();
84 }
85 }
86
87 if (!ok)
88 {
89 display_file(DATA_LOGIN_ERROR, 1);
90 return -1;
91 }
92
93 log_common("User \"%s\"(%ld) login from %s:%d\n",
94 BBS_username, BBS_priv.uid, hostaddr_client, port_client);
95
96 return 0;
97 }
98
99 int check_user(const char *username, const char *password)
100 {
101 MYSQL *db = NULL;
102 MYSQL_RES *rs = NULL;
103 MYSQL_ROW row;
104 char sql[SQL_BUFFER_LEN];
105 int ret = 0;
106 int BBS_uid = 0;
107 char client_addr[IP_ADDR_LEN];
108 int i;
109 int ok = 1;
110 char user_tz_env[BBS_user_tz_max_len + 2];
111
112 db = db_open();
113 if (db == NULL)
114 {
115 ret = -1;
116 goto cleanup;
117 }
118
119 // Verify format
120 for (i = 0; ok && username[i] != '\0'; i++)
121 {
122 if (!(isalpha((int)username[i]) || (i > 0 && (isdigit((int)username[i]) || username[i] == '_'))))
123 {
124 ok = 0;
125 }
126 }
127 if (ok && (i < BBS_username_min_len || i > BBS_username_max_len))
128 {
129 ok = 0;
130 }
131 for (i = 0; ok && password[i] != '\0'; i++)
132 {
133 if (!isalnum((int)password[i]))
134 {
135 ok = 0;
136 }
137 }
138 if (ok && (i < BBS_password_min_len || i > BBS_password_max_len))
139 {
140 ok = 0;
141 }
142
143 if (!ok)
144 {
145 prints("\033[1;31m用户名或密码格式错误...\033[m\r\n");
146 ret = 1;
147 goto cleanup;
148 }
149
150 // Begin transaction
151 if (mysql_query(db, "SET autocommit=0") != 0)
152 {
153 log_error("SET autocommit=0 error: %s\n", mysql_error(db));
154 ret = -1;
155 goto cleanup;
156 }
157
158 if (mysql_query(db, "BEGIN") != 0)
159 {
160 log_error("Begin transaction error: %s\n", mysql_error(db));
161 ret = -1;
162 goto cleanup;
163 }
164
165 // Failed login attempts from the same source (subnet /24) during certain time period
166 strncpy(client_addr, hostaddr_client, sizeof(client_addr) - 1);
167 client_addr[sizeof(client_addr) - 1] = '\0';
168
169 snprintf(sql, sizeof(sql),
170 "SELECT COUNT(*) AS err_count FROM user_err_login_log "
171 "WHERE login_dt >= SUBDATE(NOW(), INTERVAL %d MINUTE) "
172 "AND login_ip LIKE '%s'",
173 BBS_login_failures_count_interval,
174 ip_mask(client_addr, 1, '%'));
175 if (mysql_query(db, sql) != 0)
176 {
177 log_error("Query user_list error: %s\n", mysql_error(db));
178 ret = -1;
179 goto cleanup;
180 }
181 if ((rs = mysql_store_result(db)) == NULL)
182 {
183 log_error("Get user_list data failed\n");
184 ret = -1;
185 goto cleanup;
186 }
187 if ((row = mysql_fetch_row(rs)))
188 {
189 if (atoi(row[0]) >= BBS_allowed_login_failures_within_interval)
190 {
191 prints("\033[1;31m来源存在多次失败登陆尝试,请稍后再试,或使用Web方式访问\033[m\r\n");
192 ret = 1;
193 goto cleanup;
194 }
195 }
196 mysql_free_result(rs);
197 rs = NULL;
198
199 // Failed login attempts against the current username since last successful login
200 snprintf(sql, sizeof(sql),
201 "SELECT COUNT(*) AS err_count FROM user_err_login_log "
202 "LEFT JOIN user_list ON user_err_login_log.username = user_list.username "
203 "LEFT JOIN user_pubinfo ON user_list.UID = user_pubinfo.UID "
204 "WHERE user_err_login_log.username = '%s' "
205 "AND (user_err_login_log.login_dt >= user_pubinfo.last_login_dt "
206 "OR user_pubinfo.last_login_dt IS NULL)",
207 username);
208 if (mysql_query(db, sql) != 0)
209 {
210 log_error("Query user_list error: %s\n", mysql_error(db));
211 ret = -1;
212 goto cleanup;
213 }
214 if ((rs = mysql_store_result(db)) == NULL)
215 {
216 log_error("Get user_list data failed\n");
217 ret = -1;
218 goto cleanup;
219 }
220 if ((row = mysql_fetch_row(rs)))
221 {
222 if (atoi(row[0]) >= BBS_allowed_login_failures_per_account)
223 {
224 prints("\033[1;31m账户存在多次失败登陆尝试,请使用Web方式登录解锁\033[m\r\n");
225 ret = 1;
226 goto cleanup;
227 }
228 }
229 mysql_free_result(rs);
230 rs = NULL;
231
232 snprintf(sql, sizeof(sql),
233 "SELECT UID, username, p_login FROM user_list "
234 "WHERE username = '%s' AND password = SHA2('%s', 256) AND enable",
235 username, password);
236 if (mysql_query(db, sql) != 0)
237 {
238 log_error("Query user_list error: %s\n", mysql_error(db));
239 ret = -1;
240 goto cleanup;
241 }
242 if ((rs = mysql_store_result(db)) == NULL)
243 {
244 log_error("Get user_list data failed\n");
245 ret = -1;
246 goto cleanup;
247 }
248 if ((row = mysql_fetch_row(rs)))
249 {
250 BBS_uid = atoi(row[0]);
251 strncpy(BBS_username, row[1], sizeof(BBS_username) - 1);
252 BBS_username[sizeof(BBS_username) - 1] = '\0';
253 int p_login = atoi(row[2]);
254
255 mysql_free_result(rs);
256 rs = NULL;
257
258 // Add user login log
259 snprintf(sql, sizeof(sql),
260 "INSERT INTO user_login_log(UID, login_dt, login_ip) "
261 "VALUES(%d, NOW(), '%s')",
262 BBS_uid, hostaddr_client);
263 if (mysql_query(db, sql) != 0)
264 {
265 log_error("Insert into user_login_log error: %s\n", mysql_error(db));
266 ret = -1;
267 goto cleanup;
268 }
269
270 // Commit transaction
271 if (mysql_query(db, "COMMIT") != 0)
272 {
273 log_error("Commit transaction error: %s\n", mysql_error(db));
274 ret = -1;
275 goto cleanup;
276 }
277
278 if (p_login == 0)
279 {
280 prints("\033[1;31m您目前无权登陆...\033[m\r\n");
281 ret = 1;
282 goto cleanup;
283 }
284 }
285 else
286 {
287 mysql_free_result(rs);
288 rs = NULL;
289
290 snprintf(sql, sizeof(sql),
291 "INSERT INTO user_err_login_log(username, password, login_dt, login_ip) "
292 "VALUES('%s', '%s', NOW(), '%s')",
293 username, password, hostaddr_client);
294 if (mysql_query(db, sql) != 0)
295 {
296 log_error("Insert into user_err_login_log error: %s\n", mysql_error(db));
297 ret = -1;
298 goto cleanup;
299 }
300
301 // Commit transaction
302 if (mysql_query(db, "COMMIT") != 0)
303 {
304 log_error("Commit transaction error: %s\n", mysql_error(db));
305 ret = -1;
306 goto cleanup;
307 }
308
309 prints("\033[1;31m错误的用户名或密码...\033[m\r\n");
310 ret = 1;
311 goto cleanup;
312 }
313
314 // Set AUTOCOMMIT = 1
315 if (mysql_query(db, "SET autocommit=1") != 0)
316 {
317 log_error("SET autocommit=1 error: %s\n", mysql_error(db));
318 ret = -1;
319 goto cleanup;
320 }
321
322 ret = load_user_info(db, BBS_uid);
323
324 switch (ret)
325 {
326 case 0: // Login successfully
327 break;
328 case -1: // Load data error
329 prints("\033[1;31m读取用户数据错误...\033[m\r\n");
330 ret = -1;
331 goto cleanup;
332 case -2: // Unused
333 prints("\033[1;31m请通过Web登录更新用户许可协议...\033[m\r\n");
334 ret = 1;
335 goto cleanup;
336 case -3: // Dead
337 prints("\033[1;31m很遗憾,您已经永远离开了我们的世界!\033[m\r\n");
338 ret = 1;
339 goto cleanup;
340 default:
341 ret = -2;
342 goto cleanup;
343 }
344
345 snprintf(sql, sizeof(sql),
346 "UPDATE user_pubinfo SET visit_count = visit_count + 1, "
347 "last_login_dt = NOW() WHERE UID = %d",
348 BBS_uid);
349 if (mysql_query(db, sql) != 0)
350 {
351 log_error("Update user_pubinfo error: %s\n", mysql_error(db));
352 ret = -1;
353 goto cleanup;
354 }
355
356 if (user_online_add(db) != 0)
357 {
358 ret = -1;
359 goto cleanup;
360 }
361
362 BBS_last_access_tm = BBS_login_tm = time(NULL);
363
364 // Set user tz to process env
365 if (BBS_user_tz[0] != '\0')
366 {
367 user_tz_env[0] = ':';
368 strncpy(user_tz_env + 1, BBS_user_tz, sizeof(user_tz_env) - 2);
369 user_tz_env[sizeof(user_tz_env) - 1] = '\0';
370
371 if (setenv("TZ", user_tz_env, 1) == -1)
372 {
373 log_error("setenv(TZ = %s) error %d\n", user_tz_env, errno);
374 return -3;
375 }
376
377 tzset();
378 }
379
380 cleanup:
381 mysql_free_result(rs);
382 mysql_close(db);
383
384 return ret;
385 }
386
387 int load_user_info(MYSQL *db, int BBS_uid)
388 {
389 MYSQL_RES *rs = NULL;
390 MYSQL_ROW row;
391 char sql[SQL_BUFFER_LEN];
392 int life;
393 time_t last_login_dt;
394 int ret = 0;
395
396 snprintf(sql, sizeof(sql),
397 "SELECT life, UNIX_TIMESTAMP(last_login_dt), user_timezone, exp, nickname "
398 "FROM user_pubinfo WHERE UID = %d",
399 BBS_uid);
400 if (mysql_query(db, sql) != 0)
401 {
402 log_error("Query user_pubinfo error: %s\n", mysql_error(db));
403 ret = -1;
404 goto cleanup;
405 }
406 if ((rs = mysql_store_result(db)) == NULL)
407 {
408 log_error("Get user_pubinfo data failed\n");
409 ret = -1;
410 goto cleanup;
411 }
412 if ((row = mysql_fetch_row(rs)))
413 {
414 life = atoi(row[0]);
415 last_login_dt = (time_t)atol(row[1]);
416
417 strncpy(BBS_user_tz, row[2], sizeof(BBS_user_tz) - 1);
418 BBS_user_tz[sizeof(BBS_user_tz) - 1] = '\0';
419
420 BBS_user_exp = atoi(row[3]);
421
422 strncpy(BBS_nickname, row[4], sizeof(BBS_nickname));
423 BBS_nickname[sizeof(BBS_nickname) - 1] = '\0';
424 }
425 else
426 {
427 ret = -1; // Data not found
428 goto cleanup;
429 }
430 mysql_free_result(rs);
431 rs = NULL;
432
433 if (life != 333 && life != 365 && life != 666 && life != 999 && // Not immortal
434 time(NULL) - last_login_dt > 60 * 60 * 24 * life)
435 {
436 ret = -3; // Dead
437 goto cleanup;
438 }
439
440 if (load_priv(db, &BBS_priv, BBS_uid) != 0)
441 {
442 ret = -1;
443 goto cleanup;
444 }
445
446 cleanup:
447 mysql_free_result(rs);
448
449 return ret;
450 }
451
452 int load_guest_info(void)
453 {
454 MYSQL *db = NULL;
455 int ret = 0;
456
457 db = db_open();
458 if (db == NULL)
459 {
460 ret = -1;
461 goto cleanup;
462 }
463
464 strncpy(BBS_username, "guest", sizeof(BBS_username) - 1);
465 BBS_username[sizeof(BBS_username) - 1] = '\0';
466
467 BBS_user_exp = 0;
468
469 strncpy(BBS_nickname, "Guest", sizeof(BBS_nickname));
470 BBS_nickname[sizeof(BBS_nickname) - 1] = '\0';
471
472 if (load_priv(db, &BBS_priv, 0) != 0)
473 {
474 ret = -1;
475 goto cleanup;
476 }
477
478 if (user_online_add(db) != 0)
479 {
480 ret = -1;
481 goto cleanup;
482 }
483
484 BBS_last_access_tm = BBS_login_tm = time(NULL);
485
486 cleanup:
487 mysql_close(db);
488
489 return ret;
490 }
491
492 int user_online_add(MYSQL *db)
493 {
494 char sql[SQL_BUFFER_LEN];
495
496 snprintf(sql, sizeof(sql),
497 "INSERT INTO visit_log(dt, IP) VALUES(NOW(), '%s')",
498 hostaddr_client);
499 if (mysql_query(db, sql) != 0)
500 {
501 log_error("Add visit log error: %s\n", mysql_error(db));
502 return -1;
503 }
504
505 if (user_online_del(db) != 0)
506 {
507 return -2;
508 }
509
510 snprintf(sql, sizeof(sql),
511 "INSERT INTO user_online(SID, UID, ip, current_action, login_tm, last_tm) "
512 "VALUES('Telnet_Process_%d', %d, '%s', 'LOGIN', NOW(), NOW())",
513 getpid(), BBS_priv.uid, hostaddr_client);
514 if (mysql_query(db, sql) != 0)
515 {
516 log_error("Add user_online error: %s\n", mysql_error(db));
517 return -3;
518 }
519
520 return 0;
521 }
522
523 int user_online_del(MYSQL *db)
524 {
525 char sql[SQL_BUFFER_LEN];
526
527 snprintf(sql, sizeof(sql),
528 "DELETE FROM user_online WHERE SID = 'Telnet_Process_%d'",
529 getpid());
530 if (mysql_query(db, sql) != 0)
531 {
532 log_error("Delete user_online error: %s\n", mysql_error(db));
533 return -1;
534 }
535
536 return 0;
537 }
538
539 int user_online_exp(MYSQL *db)
540 {
541 char sql[SQL_BUFFER_LEN];
542
543 // +1 exp for every 5 minutes online since last logout
544 // but at most 24 hours worth of exp can be gained in Telnet session
545 snprintf(sql, sizeof(sql),
546 "UPDATE user_pubinfo SET exp = exp + FLOOR(LEAST(TIMESTAMPDIFF("
547 "SECOND, GREATEST(last_login_dt, IF(last_logout_dt IS NULL, last_login_dt, last_logout_dt)), NOW()"
548 ") / 60 / 5, 12 * 24)), last_logout_dt = NOW() "
549 "WHERE UID = %d",
550 BBS_priv.uid);
551 if (mysql_query(db, sql) != 0)
552 {
553 log_error("Update user_pubinfo error: %s\n", mysql_error(db));
554 return -1;
555 }
556
557 return 0;
558 }
559
560 int user_online_update(const char *action)
561 {
562 MYSQL *db = NULL;
563 char sql[SQL_BUFFER_LEN];
564
565 if ((action == NULL || strcmp(BBS_current_action, action) == 0) &&
566 time(NULL) - BBS_current_action_tm < BBS_current_action_refresh_interval) // No change
567 {
568 return 0;
569 }
570
571 if (action != NULL)
572 {
573 strncpy(BBS_current_action, action, sizeof(BBS_current_action) - 1);
574 BBS_current_action[sizeof(BBS_current_action) - 1] = '\0';
575 }
576
577 BBS_current_action_tm = time(NULL);
578
579 db = db_open();
580 if (db == NULL)
581 {
582 log_error("db_open() error: %s\n", mysql_error(db));
583 return -1;
584 }
585
586 snprintf(sql, sizeof(sql),
587 "UPDATE user_online SET current_action = '%s', last_tm = NOW() "
588 "WHERE SID = 'Telnet_Process_%d'",
589 BBS_current_action, getpid());
590 if (mysql_query(db, sql) != 0)
591 {
592 log_error("Update user_online error: %s\n", mysql_error(db));
593 return -2;
594 }
595
596 mysql_close(db);
597
598 return 1;
599 }
webmaster@leafok.com
 ViewVC Help
Powered by ViewVC 1.3.0-beta1