CURLcode get_args(struct OperationConfig *config, const size_t i)
{
CURLcode result = CURLE_OK;
bool last = (config->next ? FALSE : TRUE);
/* Check we have a password for the given host user */
if(config->userpwd && !config->oauth_bearer) {
result = checkpasswd("host", i, last, &config->userpwd);
if(result)
return result;
}
/* Check we have a password for the given proxy user */
if(config->proxyuserpwd) {
result = checkpasswd("proxy", i, last, &config->proxyuserpwd);
if(result)
return result;
}
/* Check we have a user agent */
if(!config->useragent) {
config->useragent = my_useragent();
if(!config->useragent) {
helpf(config->global->errors, "out of memory\n");
result = CURLE_OUT_OF_MEMORY;
}
}
return result;
}
static void test_check_passwd(CuTest *tc) {
faction *f;
f = test_create_faction(0);
faction_setpassword(f, password_encode("password", PASSWORD_DEFAULT));
CuAssertTrue(tc, checkpasswd(f, "password"));
CuAssertTrue(tc, !checkpasswd(f, "assword"));
CuAssertTrue(tc, !checkpasswd(f, "PASSWORD"));
}
static void test_addfaction(CuTest *tc) {
faction *f = 0;
const struct race *rc;
const struct locale *lang;
test_cleanup();
rc = rc_get_or_create("human");
lang = test_create_locale();
f = addfaction("*****@*****.**", "hurrdurr", rc, lang, 1234);
CuAssertPtrNotNull(tc, f);
CuAssertPtrNotNull(tc, f->name);
CuAssertPtrEquals(tc, NULL, (void *)f->units);
CuAssertPtrEquals(tc, NULL, (void *)f->next);
CuAssertPtrEquals(tc, NULL, (void *)f->banner);
CuAssertPtrEquals(tc, NULL, (void *)f->spellbook);
CuAssertPtrEquals(tc, NULL, (void *)f->ursprung);
CuAssertPtrEquals(tc, (void *)factions, (void *)f);
CuAssertStrEquals(tc, "*****@*****.**", f->email);
CuAssertTrue(tc, checkpasswd(f, "hurrdurr"));
CuAssertPtrEquals(tc, (void *)lang, (void *)f->locale);
CuAssertIntEquals(tc, 1234, f->subscription);
CuAssertIntEquals(tc, FFL_ISNEW, f->flags);
CuAssertIntEquals(tc, 0, f->age);
CuAssertTrue(tc, faction_alive(f));
CuAssertIntEquals(tc, M_GRAY, f->magiegebiet);
CuAssertIntEquals(tc, turn, f->lastorders);
CuAssertPtrEquals(tc, f, findfaction(f->no));
test_cleanup();
}
int main()
{
int type;
char pw1[20], pw2[20], pw3[20];
init_all();
if(!loginok)
http_fatal("����δ��¼, ���ȵ�¼");
modify_mode(u_info,USERDEF+20000); //bluetent
type=atoi(getparm("type"));
if(type==0) {
printf("%s -- ������ [�û�: %s]<hr color=green>\n",
BBSNAME, currentuser.userid);
printf("<form action=bbspwd?type=1 method=post>\n");
printf("��ľ�����: <input maxlength=12 size=12 type=password name=pw1><br>\n");
printf("���������: <input maxlength=12 size=12 type=password name=pw2><br>\n");
printf("������һ��: <input maxlength=12 size=12 type=password name=pw3><br><br>\n");
printf("<input type=submit value=ȷ����>\n");
http_quit();
}
strsncpy(pw1, getparm("pw1"), 13);
strsncpy(pw2, getparm("pw2"), 13);
strsncpy(pw3, getparm("pw3"), 13);
if(strcmp(pw2, pw3))
http_fatal("�������벻��ͬ");
if(strlen(pw2)<2)
http_fatal("������̫��");
if(!checkpasswd(currentuser.passwd, pw1))
http_fatal("���벻��ȷ");
strcpy(currentuser.passwd, crypt1(pw2, pw2));
save_user_data(¤tuser);
printf("[%s] �����ijɹ�.", currentuser.userid);
}
static int set_password(const char *orig, const char *new1, const char *new2)
{
if (!checkpasswd(currentuser.passwd, orig))
return BBS_EWPSWD;
if (strcmp(new1, new2))
return BBS_EINVAL;
if (strlen(new1) < 2)
return BBS_EINVAL;
strlcpy(currentuser.passwd, crypt(new1, new1), sizeof(currentuser.passwd));
save_user_data(¤tuser);
return 0;
}
int main(void){
int pid, wpid, fd;
int loggedIn = 1;
mkdir("/home/");
while(loggedIn){
printf(1,"Username: "******"username", MAXLEN);
printf(1,"Password: "******"password", MAXLEN);
//printf(1,"%s, %s\n",username, password);
dup(0); // stdout
dup(0); // stderr
//printf(1, "init: starting sh\n");
if((fd = open("/shadow", O_RDONLY)) < 0){
printf(1, "login: cannot open %s\n", argv[1]);
exit();
}
if(checkpasswd(fd,username,password)){
loggedIn = 0;
printf(1,"Welcome back %s\n", username);
pid = fork();
if(pid < 0){
printf(1, "login: fork failed\n");
exit();
}
if(pid == 0){
char * uname[] = {username};
exec("sh", uname);
printf(1, "login: exec sh failed\n");
exit();
}
}
else{
printf(1,"wrong username or password\n");
}
close(fd);
while((wpid=wait()) >= 0 && wpid != pid)
printf(1, "zombie!\n");
}
wait();
exit();
//Unreachable line but I like to place it there
return 0;
}
/*******************************************************************
* check userlogin status
*
* return: ps_correct
*******************************************************************/
int
CheckUserPassword(char *username, char *password)
{
if (strlen(username) == 0)
return nLogin;
else if (!strcmp(username, "guest"))
return gLogin;
else
{
bzero(&curuser, sizeof(USEREC));
if (!get_passwd(&curuser, username)
|| !checkpasswd(curuser.passwd, password))
{
return Error;
}
}
return Correct;
}
int main(int argc, char *argv[]){
int fd;
if(argc <= 2){
printf(1,"Usage: testuser file use passwd");
exit();
}
if((fd = open(argv[1], 0)) < 0){
printf(1, "testuser: cannot open %s\n", argv[1]);
exit();
}
if( checkpasswd(fd,argv[2],argv[3])){
printf(1,"password correct\n");
}else{
printf(1,"wrong user or password\n");
}
close(fd);
exit();
}
// 核对系统密码
int check_systempasswd()
{
FILE* pass;
char passbuf[20], prepass[STRLEN];
clear();
if ((pass = fopen("etc/.syspasswd", "r")) != NULL) {
fgets(prepass, STRLEN, pass);
fclose(pass);
prepass[strlen(prepass) - 1] = '\0';
getdata(1, 0, "请输入系统密码: ", passbuf, 19, NOECHO, YEA);
if (passbuf[0] == '\0' || passbuf[0] == '\n')
return NA;
if (!checkpasswd(prepass, passbuf)) {
move(2, 0);
prints("错误的系统密码...");
securityreport("系统密码输入错误...", 0, 0);
pressanykey();
return NA;
}
}
return YEA;
}
int main(int argc, char** argv)
{
int i;
struct userec aman;
FILE* inf;
if(argc != 3){
printf("usage:%s userid password!\n", argv[0]);
return -1;
}
inf = fopen( MYPASSFILE, "rb" );
if (inf == NULL) {
printf("3\n");
return 3;
}
if (argv[1] != NULL)
{
for (i=0; ; i++) {
if(fread(&aman, sizeof(aman), 1, inf ) <= 0)
break;
if (!strcasecmp(aman.userid, argv[1]))
break;
}
}
if (strcasecmp(aman.userid, argv[1])){
printf("2\n");
return 2;
}
if(checkpasswd(aman.passwd,argv[2])){
printf("0\n");
return 0;
}
else{
printf("1\n");
return 1;
}
return 0;
}
int auth_pwd_server(int s)
{
u_char buf[512];
int r, len;
char user[256];
char pass[256];
struct sockaddr_storage client;
char client_ip[NI_MAXHOST];
int error = 0;
int code = 0;
r = timerd_read(s, buf, sizeof(buf), TIMEOUTSEC, MSG_PEEK);
if ( r < 2 ) {
return(-1);
}
if (buf[0] != 0x01) { /* current username/password auth version */
/* error in version */
return(-1);
}
len = buf[1];
if (len < 1 || len > 255) {
/* invalid username len */
return(-1);
}
/* read username */
r = timerd_read(s, buf, 2+len, TIMEOUTSEC, 0);
if (r < 2+len) {
/* read error */
return(-1);
}
strncpy(user, (char *)&buf[2], len);
user[len] = '\0';
/* get passwd */
r = timerd_read(s, buf, sizeof(buf), TIMEOUTSEC, MSG_PEEK);
if ( r < 1 ) {
return(-1);
}
len = buf[0];
if (len < 1 || len > 255) {
/* invalid password len */
return(-1);
}
/* read passwd */
r = timerd_read(s, buf, 1+len, TIMEOUTSEC, 0);
if (r < 1+len) {
/* read error */
return(-1);
}
strncpy(pass, (char *)&buf[1], len);
pass[len] = '\0';
/* do authentication */
r = checkpasswd(user, pass);
/* logging */
len = sizeof(struct sockaddr_storage);
if (getpeername(s, (struct sockaddr *)&client, (socklen_t *)&len) != 0) {
client_ip[0] = '\0';
} else {
error = getnameinfo((struct sockaddr *)&client, len,
client_ip, sizeof(client_ip),
NULL, 0, NI_NUMERICHOST);
if (error) {
client_ip[0] = '\0';
}
}
msg_out(norm, "%s 5-U/P_AUTH %s %s.", client_ip,
user, r == 0 ? "accepted" : "denied");
/* erace uname and passwd storage */
memset(user, 0, sizeof(user));
memset(pass, 0, sizeof(pass));
code = ( r == 0 ? 0 : -1 );
/* reply to client */
buf[0] = 0x01; /* sub negotiation version */
buf[1] = code & 0xff; /* grant or not */
r = timerd_write(s, buf, 2, TIMEOUTSEC);
if (r < 2) {
/* write error */
return(-1);
}
return(code); /* access granted or not */
}
int
bbslogin_main()
{
int n, t;
time_t dtime;
char filename[128], buf[256], id[20], pw[20], url[10], *ub = FIRST_PAGE; // main_page[STRLEN];
struct userec *x;
int ipmask;
html_header(3);
strsncpy(id, getparm("id"), 13);
strsncpy(pw, getparm("pw"), 13);
strsncpy(url, getparm("url"), 3);
ipmask = atoi(getparm("ipmask"));
if (loginok && strcasecmp(id, currentuser.userid) && !isguest) {
http_fatal
("系统检测到目前你的计算机上已经登录有一个帐号 %s,请先退出.(选择正常logout)",
currentuser.userid);
}
if (!strcmp(id, "")) {
strcpy(id, "guest");
}
x = getuser(id);
if (x == 0) {
printf("%s<br>", id);
http_fatal("错误的使用者帐号");
}
strcpy(id, x->userid);
if (strcasecmp(id, "guest")) {
if (checkbansite(fromhost)) {
http_fatal
("对不起, 本站不欢迎来自 [%s] 的登录. <br>若有疑问, 请与SYSOP联系.",
fromhost);
}
if (userbansite(x->userid, fromhost))
http_fatal("本ID已设置禁止从%s登录", fromhost);
if (!checkpasswd(x->passwd, pw)) {
logattempt(x->userid, fromhost, "WWW", now_t);
http_fatal("密码错误");
}
if (!user_perm(x, PERM_BASIC))
http_fatal
("此帐号已被停机, 若有疑问, 请用其他帐号在sysop版询问.");
if (file_has_word(MY_BBS_HOME "/etc/prisonor", x->userid))
http_fatal("安心改造,不要胡闹");
if (x->dietime)
http_fatal("死了?还要做什么? :)");
t = x->lastlogin;
x->lastlogin = now_t;
if (abs(t - now_t) < 20) {
http_fatal("两次登录间隔过密!");
}
dtime = t - 4 * 3600;
t = localtime(&dtime)->tm_mday;
dtime = now_t - 4 * 3600;
if (t < localtime(&dtime)->tm_mday && x->numdays < 800)
x->numdays++;
x->numlogins++;
strsncpy(x->lasthost, fromhost, 16);
save_user_data(x);
currentuser = *x;
}
sprintf(buf, "%s enter %s www", x->userid, fromhost);
newtrace(buf);
n = 0;
if (loginok && isguest) {
bzero(u_info, sizeof (struct user_info));
}
if (strcasecmp(id, "guest")) {
sethomepath(filename, x->userid);
mkdir(filename, 0755);
strsncpy(buf, getparm("style"), 3);
wwwstylenum = -1;
if (isdigit(buf[0]))
wwwstylenum = atoi(buf);
if ((wwwstylenum > NWWWSTYLE || wwwstylenum < 0))
if (!readuservalue
(x->userid, "wwwstyle", buf, sizeof (buf)))
wwwstylenum = atoi(buf);
if (wwwstylenum < 0 || wwwstylenum >= NWWWSTYLE)
wwwstylenum = 1;
currstyle = &wwwstyle[wwwstylenum];
} else {
wwwstylenum = 1;
currstyle = &wwwstyle[wwwstylenum];
}
ub = wwwlogin(x, ipmask);
if (!strcmp(url, "1"))
/*printf("<link href=\"images/@byron.css\" rel=stylesheet type=\"text/css\">\n
<frameset cols=135,* frameSpacing=0 frameborder=no id=fs0>\n
<frame src=\"%sbbsleft?t=%ld\" name=f2 frameborder=no scrolling=no>\n
<frameset id=fs1 rows=0,*,18 frameSpacing=0 frameborder=no border=0>\n
<frame scrolling=no name=fmsg src=\"%sbbsmsg\">\n
<frame name=f3 src=\"%sbbsfoot\">\n
<frame scrolling=no name=f4 src=\"%sbbsfoot.htm\">\n
</frameset>\n
</frameset>\n", ub, now_t, ub, ub, ub);*/ //add by mintbaggio 040411 for new www
// html_header(3);
printf
("<script>opener.parent.f2.location.href=\"%sbbsleft?t=%ld\";\n"
"opener.parent.fmsg.location.href=\"%sbbsgetmsg\";\n"
//"opener.parent.f4.location.href=\"%sbbsfoot\";\n"
"a=window.opener.location.href;\n" "l=a.length;\n"
"t=a.indexOf('/" SMAGIC "',1);\n" "t=a.indexOf('/',t+1);\n"
"nu=\"%s\"+a.substring(t+1,l);\n"
"window.opener.location.href=nu;window.close();</script>",
ub, now_t, ub, ub, ub);
//}
else
redirect(ub);
//else {
// print_session_string(ub);
// html_header(3);
//
// sprintf(main_page, "/%s/", SMAGIC);
// redirect(main_page);
//}
http_quit();
return 0;
}
int
bbslpassport_main()
{
int uid, infochanged = 0;
char id[IDLEN + 1], pw[PASSLEN], site[256], md5pass[MD5LEN], buf[384];
struct userec *x, tmpu;
time_t t, dtime;
html_header(3);
strsncpy(id, strtrim(getparm("id")), IDLEN + 1);
strsncpy(pw, getparm("pw"), PASSLEN);
strsncpy(site, getparm("site"), 256);
if (!id[0])
http_fatal("请输入帐号");
if (!site[0])
http_fatal("no...");
if (key_fail)
http_fatal("内部错误, 联系维护!\n");
if ((uid = getuser(id, &x)) <= 0) {
printf("%s<br>", id);
http_fatal("错误的使用者帐号");
}
strcpy(id, x->userid);
if (!strcasecmp(id, "guest"))
http_fatal("错误的使用者帐号");
if (checkbansite(fromhost)) {
http_fatal
("对不起, 本站不欢迎来自 [%s] 的登录. <br>若有疑问, 请与SYSOP联系.",
fromhost);
}
if (userbansite(x->userid, fromhost))
http_fatal("本ID已设置禁止从%s登录", fromhost);
if (!checkpasswd(x->passwd, x->salt, pw)) {
logattempt(x->userid, fromhost, "PASSPORT", now_t);
http_fatal
("密码错误,如有疑问请联系站务组,提供注册资料找回密码");
}
#if 0
if (!user_perm(x, PERM_BASIC))
http_fatal
("由于本帐号名称不符合帐号管理办法,已经被管理员禁止继续上站。<br>请用其他帐号登录在 <font color=red>"
DEFAULTBOARD "</font> 版询问.");
if (file_has_word(MY_BBS_HOME "/etc/prisonor", x->userid)) {
if (x->inprison == 0) {
memcpy(&tmpu, x, sizeof (tmpu));
tmpu.inprison = 1;
tmpu.dieday = 2;
updateuserec(&tmpu, 0);
}
http_fatal("安心改造,不要胡闹");
}
if (x->dieday)
http_fatal("死了?还要做什么? :)");
#endif
t = x->lastlogin;
memcpy(&tmpu, x, sizeof (tmpu));
if (tmpu.salt == 0) {
tmpu.salt = getsalt_md5();
genpasswd(md5pass, tmpu.salt, pw);
memcpy(tmpu.passwd, md5pass, MD5LEN);
infochanged = 1;
}
#if 1
if (count_uindex(uid) == 0) {
if (now_t - t > 1800)
tmpu.numlogins++;
infochanged = 1;
tmpu.lastlogin = now_t;
dtime = t - 4 * 3600;
t = localtime(&dtime)->tm_mday;
dtime = now_t - 4 * 3600;
if (t < localtime(&dtime)->tm_mday && x->numdays < 60000) {
tmpu.numdays++;
}
}
#endif
if (abs(t - now_t) < 20) {
http_fatal("两次登录间隔过密!");
}
if (x->lasthost != from_addr.s_addr) {
tmpu.lasthost = from_addr.s_addr;
infochanged = 1;
}
if (infochanged)
updateuserec(&tmpu, 0);
tracelog("%s enter %s passport %d %s", x->userid, fromhost, infochanged,
getsenv("HTTP_X_FORWARDED_FOR"));
printf
("<script>exDate = new Date; exDate.setMonth(exDate.getMonth()+9);"
"document.cookie='pp=%s;path=/;expires=' + exDate.toGMTString();</script>",
des3_encode(id, 0));
snprintf(buf, sizeof (buf), "http://%s?q=%s", site, des3_encode(id, 1));
redirect(buf);
http_quit();
return 0;
}
//**************************************************************
// Main <smile> All sub-programs/functions should be called
// from here. Note: they should also be listed in lciheader.h
//**************************************************************
int main(int argc, char *argv[])
{
int retval=0; // a return value indicator
int verbose=0; // for verbosity
// note: switches:
//lci -a = advanced help
//lci -d = perform a diff of the md5output and old md5output
//lci -v = verbose, verbose = 1
//lci = slightly verbose, verbose = 0,
// the module name is printed as it performes each module
//lci -s = silent, verbose = -1, nothing printed at all.
//lci -r = run checkrpm module.
//lci -m = force a distribution mode, e.g. lci -m redhat
//lci -h = give help output
//lci -o outfile = put output in outfile instead of lci.out
//lci -w = print output in html format
//lci -x module = exclude module from checks
int diff=0; // do we run the md5 diff?
int rpmmodule=0; // do we run the rpm module?
int inetexists=0; // if inetd.conf exists, this is 1
int distribution=1; // what distro are we on?
// -1=user specified a distro, its in man_distro
// 1=redhat
// 2=debian
// 3=solaris
// 4=gentoo
// 5=macosx
// 6=slackware
// default = redhat
int html=0; // html output?
// html = 0: normal output
//html = 1: user wants html output
char release[50]; // array for release level
char kernel[50]; // what kernel user is running
static char *man_distro; // if the user specifies a distribution
const char * header =NULL; // to print out the header
static char *out_file = "lci.out"; // output filename var
char xlist[100]; // modules to exclude
int xarray[33] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
int somethinginxlist = 0;
// note if no filename given, default = lci.out
FILE *tempptr; // a temp file pointer
uid_t uidme;
uidme = getuid();
// we used to set the umask of the user here...
// note that does not work all of the time.
// instead use open with options below. Also,
// warn user at bottom about setting umask to
// sensible value before modifying files.
// we will again try to set umask here...
mode_t old_umask;
old_umask=(umask(0177));
// Now do options processing
int i;
for (i=1; i < argc; i++)
{
if(argv[i][0] == '-')
{
switch (argv[i][1])
{
case 'a':
usage();
break;
case 'h':
usage();
break;
case 'd':
diff = 1;
break;
case 'm':
strcpy(man_distro, argv[i]+3);
break;
case 'o':
strcpy(out_file, argv[i]+3);
break;
case 'r':
rpmmodule = 1;
break;
case 's':
verbose = -1;
break;
case 'v':
verbose = 1;
break;
case 'w':
html = 1;
out_file="lci.html";
break;
case 'x': strcpy(xlist,argv[i]+3);
somethinginxlist = 1;
break;
default :
usage();
break;
}
}
}
if (!out_file) // if no filename after -o
{
usage(); // note usage() will exit lci
}
// if an exclude list was given, parse the file and
// fill the array of excludes..
if (somethinginxlist == 1)
{
if (findexclude(xlist, xarray) != 0)
{
// something went wrong
perror("Error reading exclude list...\n");
return(-1);
}
}
// check if output exists, if it does, make a
// backup and rm the orig. named one.
tempptr = fopen(out_file, "r");
if (tempptr != 0)
{
// output file exists
// make a backup copy
char *newname = NULL;
if ((newname = (char *) calloc(2, sizeof(out_file))) == NULL)
{
perror("Can not allocate temp memory in lcimain.\n");
perror("Strange. Bailing...\n");
exit(-1);
}
fclose(tempptr);
// add .old onto the old outfile name
sprintf(newname, "%s.old", out_file);
// gnu, but should be ok...
// whoops, we are now failure checking this...
retval = 0;
retval = rename(out_file, newname);
if (retval < 0)
{
// damn, rename bombed
perror("GNU rename bombed in lcimain.\n");
perror("Very odd, you should have seen errors, report them :) \n");
exit(-1);
}
// free up calloc'd mem
free(newname);
}
// now that we have a backup, remove the outfile
// don't care about failure here...
remove(out_file);
// not seem to work 100% of the time on my system
// for making files w/chmod 0600...
// reverting to open with options...
retval = 0;
if ((retval = open(out_file, O_RDWR | O_CREAT | O_EXCL, 0600)) < 0)
{
perror("Could not make file w/perms 0600...\n");
perror("Possible link attack while creating/opening file!\n");
perror("Bailing in lcimain...\n");
exit(-1);
}
// we print this out no matter what verbose is
printf("Starting LCI...\n");
// remove old tempfiles (if lci got killed)
// if this fails, we should stop _now_!
if (rm() < 0)
{
perror("Could not remove tempfiles during startup.\n");
perror("You may need root permissions to do this.\n");
return(-1);
}
// read that in, check kernel version and "release"
if (verbose >= 0)
{
printf("Getting system information...\n");
}
retval = versions(release, kernel, verbose);
if (retval < 0)
{
// something went wrong...
perror("Problem in versions function.\n");
return(0);
}
// note about Mandrake: until I can find vast differences
// between RedHat/Mandrake in terms of configs, we assume
// that it is redhat and don't check /etc/mandrake_rel...
// simple check to see if we are on RedHat or Debian
// first, did the user specify a distro?
if (distribution != -1)
{
if ((system("cat /etc/redhat-release 1>/dev/null 2>/dev/null >/dev/null")) == 0)
{
// we are on redhat
distribution = 1;
}
if ((system("cat /etc/debian_version 1>/dev/null 2>/dev/null >/dev/null")) == 0)
{
// we are on debian
distribution = 2;
}
if ((system("uname |grep SunOS 1>/dev/null 2>/dev/null >/dev/null")) == 0)
{
// we are on Solaris/SunOS
distribution = 3;
}
if ((system("uname -a |grep gentoo 1>/dev/null 2>/dev/null >/dev/null")) == 0)
{
// we are on gentoo
distribution = 4;
}
if ((system("uname |grep Darwin 1>/dev/null 2>/dev/null >/dev/null")) == 0)
{
// we are on Mac OSX
distribution = 5;
}
if ((system("cat /etc/slackware-version 1>/dev/null 2>/dev/null >/dev/null")) == 0) // JTO
{
// we are on slack
distribution = 6;
}
}
if (distribution == -1)
{
// user specified a distribution
if ((strcmp(man_distro, "redhat")) == 0)
{
// redhat
distribution = 1;
}
if ((strcmp(man_distro, "centos")) == 0)
{
// CentOS, RHEL-alike
distribution = 1;
}
if ((strcmp(man_distro, "caos")) == 0)
{
// CaOS, RHL-alike
distribution = 1;
}
if ((strcmp(man_distro, "fedora")) == 0)
{
// Post-RHL
distribution = 1;
}
if ((strcmp(man_distro, "debian")) == 0)
{
// debian
distribution = 2;
}
if ((strcmp(man_distro, "solaris")) == 0)
{
// solaris
distribution = 3;
}
if ((strcmp(man_distro, "mandrake")) == 0)
{
// mandrake, same as redhat, sortof
distribution = 1;
}
if ((strcmp(man_distro, "gentoo")) == 0)
{
// gentoo
distribution = 4;
}
if ((strcmp(man_distro, "macosx")) == 0)
{
// Mac OSX
distribution = 5;
}
if ((strcmp(man_distro, "slackware")) == 0) // JTO
{
// slackware- JTO
distribution = 6;
}
// default is redhat
else
{
distribution = 1;
}
} // end if (distribution == -1)
// ********* checks are below *****************//
// ok, we should have enough info, run the checks
if (verbose >= 0)
{
printf("Running modules...\n");
}
// we need to make a header if html = 1, as this
// could confuse the issue by putting it in the
// first module... call dostuff here...
if (html == 1)
{
html = 2; // this tells dostuff to write out header html
header = "\n"; // can't be NULL
if ((dostuff(0, out_file, 0, header, html)) < 0)
{
// something went wrong
perror(" Creation of list failed.");
return (-1);
}
html = 1; // change html int back to one
}
// run checkpkgs
// did user put it in exclude list?
if (xarray[0] == 0 )
{
retval = 0;
retval = checkpkgs(distribution, out_file, verbose, html);
if (retval < 0)
{
// something went wrong...
perror("Problem in checkpkgs module.\n");
perror("You should have seen errors...\n");
// module bombed, clean up
rm();
return(0);
}
}
// run checkrpm if rpmmodule = 1 and distribution =1
// did user put it in exclude list?
if (xarray[1] == 0)
{
retval = 0;
if ((rpmmodule == 1) && (distribution == 1))
{
retval = checkrpm(out_file, verbose, html);
if (retval < 0)
{
// something went wrong...
perror("Problem in checkrpm module.\n");
perror("You should have seen errors...\n");
// module bombed, clean up
rm();
return(0);
}
}
}
// run checkinetd
// did user put it in exclude list?
if (xarray[2] == 0)
{
// if hosts file exists run checkhostsfiles
inetexists = checkinetd(out_file,distribution, verbose, html);
// if inetexists == 1, it does!
// if inetexists == 0, it does not...
// if inetexists == -1, we had some problems.
if (inetexists == 1)
{
checkhostsfiles(out_file, verbose, html);
}
if (inetexists == 0)
{
// do nothing...
;
}
if (inetexists == -1)
{
// there was a problem. User should have seen
// messages from checkinetd program.
// do nothing here and continue...
// module bombed, clean up
rm();
}
}
// check inittab
// did user put it in exclude list?
if (xarray[3] == 0)
{
retval = 0;
retval = checkinittab(out_file, distribution, verbose, html);
if (retval < 0)
{
// something went wrong...
perror("Problem in checkinittab module.\n");
perror("You should have seen errors...\n");
// module bombed, clean up
rm();
return(0);
}
}
// check logging
// did user put it in exclude list?
if (xarray[4] == 0)
{
retval = 0;
retval = checklogging(out_file, distribution, verbose, html);
if (retval < 0)
{
// something went wrong...
perror("Problem in checklogging module.\n");
perror("You should have seen errors...\n");
// module bombed, clean up
rm();
return(0);
}
}
// check for setuid/setgid files
// did user put it in exclude list?
if (xarray[5] == 0)
{
retval = 0;
retval = checkset(out_file, verbose, html);
if (retval < 0)
{
// something went wrong...
perror("Problem in checkset module.\n");
perror("You should have seen errors...\n");
// module bombed, clean up
rm();
return(0);
}
}
// check for world writable files/directories
// did user put it in exclude list?
if (xarray[6] == 0)
{
retval = 0;
retval = checkwrite(out_file, distribution, verbose, html);
if (retval < 0)
{
// something went wrong...
perror("Problem in checkwrite module.\n");
perror("You should have seen errors...\n");
// module bombed, clean up
rm();
return(0);
}
}
// check for .exrc and .forward files
// did user put it in exclude list?
if (xarray[7] == 0)
{
retval = 0;
retval = checkdotfiles(out_file, verbose, html);
if (retval < 0)
{
// something went wrong...
perror("Problem in checkdotfiles module.\n");
perror("You should have seen errors...\n");
// module bombed, clean up
rm();
return(0);
}
}
// check /etc/passwd for uid 0 other than
// root and users not needed on the sys.
// did user put it in exclude list?
if (xarray[8] == 0)
{
retval = 0;
retval = checkpasswd(out_file, distribution, verbose, html);
if (retval < 0)
{
// something went wrong...
perror("Problem in checkpasswd module.\n");
perror("You should have seen errors...\n");
// module bombed, clean up
rm();
return(0);
}
}
// check to see if sticky bits are set
// on /tmp & /var/tmp. I will add more
// to this later on...
// did user put it in exclude list?
if (xarray[9] == 0)
{
retval = 0;
retval = checkfiles(out_file, verbose, html);
if (retval < 0)
{
// something went wrong...
perror("Problem in checkfiles module.\n");
perror("You should have seen errors...\n");
// module bombed, clean up
rm();
return(0);
}
}
// did user put it in exclude list?
if (xarray[10] == 0)
{
retval = 0;
retval = checkumask(out_file, verbose, html);
if (retval < 0)
{
// something went wrong...
perror("Problem in chumask module.\n");
perror("You should have seen errors...\n");
// module bombed, clean up
rm();
return(0);
}
}
// did user put it in exclude list?
if (xarray[11] == 0)
{
retval = 0;
retval = checkftpusers(out_file, verbose, html);
if (retval < 0)
{
// something went wrong...
perror("Problem in checkftpusers module.\n");
perror("You should have seen errors...\n");
// module bombed, clean up
rm();
return(0);
}
}
// did user put it in exclude list?
if (xarray[12] == 0)
{
retval = 0;
retval = checkrc(release, kernel, distribution, out_file, verbose, html);
if (retval < 0)
{
// something went wrong...
perror("Problem in checkrc module.\n");
perror("You should have seen errors...\n");
// module bombed, clean up
rm();
return(0);
}
}
// did user put it in exclude list?
if (xarray[13] == 0)
{
retval = 0;
retval = checkkbd(release, out_file, verbose, html);
if (retval < 0)
{
// something went wrong...
perror("Problem in checkkbd module.\n");
perror("You should have seen errors...\n");
// module bombed, clean up
rm();
return(0);
}
}
// did user put it in exclude list?
if (xarray[14] == 0)
{
if (distribution != 6) // need to fix for slack, JTO
{
retval = 0;
retval = checklimits(out_file, verbose, html);
if (retval < 0)
{
// something went wrong...
perror("Problem in checklimits module.\n");
perror("You should have seen errors...\n");
// module bombed, clean up
rm();
return(0);
}
} // end if its not slack if statement
}
// did user put it in exclude list?
if (xarray[15] == 0)
{
retval = 0;
retval = checkssh(out_file, distribution, verbose, html);
if (retval < 0)
{
// something went wrong..
perror("Problem in checkssh module.\n");
perror("You should have seen errors...\n");
rm();
return(0);
}
}
// did user put it in exclude list?
if (xarray[16] == 0)
{
retval = 0;
retval = checkopenfiles(out_file, distribution, verbose, html);
if (retval < 0)
{
// something went wrong..
perror("Problem in checkopenfiles module.\n");
perror("You should have seen errors...\n");
rm();
return(0);
}
}
// did user put it in exclude list?
if (xarray[17] == 0)
{
retval = 0;
retval = checkissue(out_file, verbose, html);
if (retval < 0)
{
// something went wrong..
perror("Problem in checksissue module.\n");
perror("You should have seen errors...\n");
rm();
return(0);
}
}
// did user put it in exclude list?
if (xarray[18] == 0)
{
retval = 0;
retval = checkwww(out_file, distribution, verbose, html);
if (retval < 0)
{
// something went wrong..
perror("Problem in checkwww module.\n");
perror("You should have seen errors...\n");
rm();
return(0);
}
}
// did user put it in exclude list?
if (xarray[19] == 0)
{
retval = 0;
retval = checkmd5(out_file, distribution, verbose, html, diff);
if (retval < 0)
{
// something went wrong..
perror("Problem in checkmd5 module.\n");
perror("You should have seen errors...\n");
rm();
return(0);
}
}
// did user put it in exclude list?
if (xarray[20] == 0)
{
if ((distribution != 3) && (distribution !=5))
// we are not on Solaris, so we can run this module
{
retval = 0;
retval = checkmodules(out_file, verbose, html);
if (retval < 0)
{
// something went wrong..
perror("Problem in checkmodules module.\n");
perror("You should have seen errors...\n");
rm();
return(0);
}
}
}
// did user put it in exclude list?
if (xarray[21] == 0)
{
retval = 0;
retval = checksecuretty(out_file, verbose, html);
if (retval < 0)
{
// something went wrong..
perror("Problem in checksecuretty module.\n");
perror("You should have seen errors...\n");
rm();
return(0);
}
}
// did user put it in exclude list?
if (xarray[22] == 0)
{
retval = 0;
retval = checkrcperms(out_file, distribution, verbose, html);
if (retval < 0)
{
// something went wrong...
perror("Problem in checkrcperms module.\n");
perror("You should have seen errors...\n");
rm();
return(0);
}
}
// did user put it in exclude list?
if (xarray[23] == 0)
{
retval = 0;
retval = checknet(out_file, distribution, verbose, html);
if (retval < 0)
{
// something went wrong...
perror("Problem in checknet module.\n");
perror("You should have seen errors...\n");
// module bombed, clean up
rm();
return(0);
}
}
// did user put it in exclude list?
if (xarray[24] == 0)
{
retval = 0;
retval = checknetforward(out_file, distribution, verbose, html);
if (retval < 0)
{
// something went wrong...
perror("Problem in checknetforward module.\n");
perror("You should have seen errors...\n");
// module bombed, clean up
rm();
return(0);
}
}
// did user put it in exclude list?
if (xarray[25] == 0)
{
if ((distribution !=3) && (distribution != 5))
{
// we are on linux...
retval = 0;
retval = checknetp(kernel, out_file, distribution, verbose, html);
if (retval < 0)
{
perror("Problem in checknetpromisc module.\n");
perror("You should have seen errors...\n");
rm();
return(0);
}
}
}
// did user put it in exclude list?
if (xarray[26] == 0)
{
if (distribution == 1) // redhat (or derived) specific
{
retval = 0;
retval = checkcfg(out_file, verbose, html);
if (retval < 0)
{
// something went wrong...
perror("Problem in checkcfg module.\n");
perror("You should have seen errors...\n");
// module bombed, clean up
rm();
return(0);
}
}
}
// did user put it in exclude list?
if (xarray[27] == 0)
{
if ((distribution !=3) && (distribution != 5)) // we are on linux
{
retval = 0;
retval = checkbpass(distribution, out_file, verbose, html);
if (retval < 0)
{
// something went wrong...
perror("Problem in checkbpass module.\n");
perror("You should have seen errors...\n");
// module bombed, clean up
rm();
return(0);
}
}
}
// did user put it in exclude list?
if (xarray[28] == 0)
{
if ((distribution != 3) && (distribution != 5)) // we are on linux
{
retval = 0;
retval = checkipv4(out_file, verbose, html);
if (retval < 0)
{
// something went wrong...
perror("Problem in checkipv4 module.\n");
perror("You should have seen errors...\n");
// module bombed, clean up
rm();
return(0);
}
}
}
// did user put it in exclude list?
if (xarray[29] == 0)
{
if ((distribution !=3) && (distribution !=5)) // we are on linux
{
retval = 0;
retval = checkx(out_file, verbose, html);
if (retval < 0)
{
// something went wrong...
perror("Problem in checkx module.\n");
perror("You should have seen errors...\n");
// module bombed, clean up
rm();
return(0);
}
}
}
// did user put it in exclude list?
if (xarray[30] == 0)
{
if ((distribution !=3) && (distribution !=5)) // we are on linux
{
retval = 0;
retval = checkftp(out_file, distribution, verbose, html);
if (retval < 0)
{
// something went wrong...
perror("Problem in checkftp module.\n");
perror("You should have seen errors...\n");
// module bombed, clean up
rm();
return(0);
}
}
}
// did user put it in exclude list?
if (xarray[31] == 0)
{
retval = 0;
retval = checklistening(out_file, distribution, verbose, html);
if (retval < 0)
{
// something went wrong..
perror("Problem in checklistening module.\n");
perror("You should have seen errors...\n");
rm();
return(0);
}
}
// did user put it in exclude list?
if (xarray[32] == 0)
{
retval = 0;
retval = checkdisk(out_file, verbose, html);
if (retval < 0)
{
// something went wrong...
perror("Problem in checkdisk module.\n");
perror("You should have seen errors...\n");
rm();
return(0);
}
}
// this is to put a footer html at the end of the output
// file if the user wanted html output.
if (html == 1)
{
html = 3; // tells dostuff to do an html footer
header = "\n"; // can't be NULL
if ((dostuff(0, out_file, 0, header, html)) < 0)
{
// something went wrong
perror(" Creation of list failed.");
return (-1);
}
html = 1; // set html int back... habit
}
else
{
// print a general footer
header = "\n";
if ((dostuff(0, out_file, 0, header, 0)) < 0)
{
// something went wrong
perror(" Creation of footer failed.");
return(-1);
}
}
// tell the user we are finished and where the output is
// we print this out no matter what verbose is
printf("Finished.\n");
printf("Check %s for details.\n", out_file);
// in silent mode we don't say much
if (verbose >= 0)
{
printf("Don't forget to check your umask or file perms\n");
printf("when modifying files on the system.\n");
}
// set the umask back...
umask(old_umask);
return(0);
}
int bbslogin_main(void)
{
char fname[STRLEN];
char buf[256], id[IDLEN + 1], pw[PASSLEN];
struct userec user;
if (parse_post_data() < 0)
return BBS_EINVAL;
strlcpy(id, getparm("id"), sizeof(id));
if (*id == '\0')
return login_screen();
strlcpy(pw, getparm("pw"), sizeof(pw));
if (loginok && !strcasecmp(id, currentuser.userid)) {
const char *ref = get_login_referer();
printf("Location: %s\n\n", ref);
return 0;
}
if (getuserec(id, &user) == 0)
return BBS_ENOUSR;
user.numlogins++;
if (strcasecmp(id, "guest")) {
int total;
time_t stay, recent, now, t;
if (!checkpasswd(user.passwd, pw)) {
sprintf(buf, "%-12.12s %s @%s\n", user.userid,
getdatestring(time(NULL), DATE_ZH), fromhost);
sethomefile(fname, user.userid, "logins.bad");
file_append(fname, buf);
file_append("logins.bad", buf);
return BBS_EWPSWD;
}
total = check_multi(&user);
if (!HAS_PERM2(PERM_SYSOPS, &user) && total >= 2)
return BBS_ELGNQE;
if (!HAS_PERM2(PERM_LOGIN, &user))
return BBS_EACCES;
now = time(NULL);
// Do not count frequent logins.
if (now - user.lastlogin < 20 * 60
&& user.numlogins >= 100)
user.numlogins--;
if (total > 1) {
recent = user.lastlogout;
if (user.lastlogin > recent)
recent = user.lastlogin;
stay = now - recent;
if (stay < 0)
stay = 0;
} else {
stay = 0;
}
t = user.lastlogin;
user.lastlogin = now;
user.stay += stay;
#ifdef CHECK_FREQUENTLOGIN
if (!HAS_PERM(PERM_SYSOPS)
&& abs(t - time(NULL)) < 10) {
report("Too Frequent", user.userid);
return BBS_ELFREQ;
}
#endif
strlcpy(user.lasthost, fromhost, sizeof(user.lasthost));
save_user_data(&user);
currentuser = user;
}
log_usies("ENTER", fromhost, &user);
if (!loginok && strcasecmp(id, "guest"))
wwwlogin(&user, getparm("ref"));
return 0;
}
static void login_query() {
char uid[IDLEN + 1], passbuf[PASSLEN];
int attempts;
char genbuf[200];
extern struct utmpfile_t *utmpshm;
resolve_utmp();
attach_uhash();
attempts = utmpshm->number;
show_file("etc/Welcome", 1, -1, NO_RELOAD);
output("1",1);
if(attempts >= MAX_ACTIVE) {
outs("由於人數太多,請您稍後再來。\n");
refresh();
exit(1);
}
/* hint */
attempts = 0;
while(1) {
if(attempts++ >= LOGINATTEMPTS) {
more("etc/goodbye", NA);
pressanykey();
exit(1);
}
getdata(20, 0, "請輸入代號,或以[guest]參觀,以[new]註冊:",
uid, IDLEN + 1, DOECHO);
if(strcasecmp(uid, str_new) == 0) {
#ifdef LOGINASNEW
new_register();
break;
#else
outs("本系統目前無法以 new 註冊, 請用 guest 進入\n");
continue;
#endif
} else if(uid[0] == '\0' || !dosearchuser(uid)) {
outs(err_uid);
} else if(strcmp(uid, STR_GUEST)) {
getdata(21, 0, MSG_PASSWD, passbuf, PASSLEN, NOECHO);
passbuf[8] = '\0';
if(!checkpasswd(cuser.passwd, passbuf) /* ||
(HAS_PERM(PERM_SYSOP) && !use_shell_login_mode)*/) {
logattempt(cuser.userid, '-');
outs(ERR_PASSWD);
} else {
logattempt(cuser.userid, ' ');
if(strcasecmp("SYSOP", cuser.userid) == 0)
cuser.userlevel = PERM_BASIC | PERM_CHAT | PERM_PAGE |
PERM_POST | PERM_LOGINOK | PERM_MAILLIMIT |
PERM_CLOAK | PERM_SEECLOAK | PERM_XEMPT |
PERM_DENYPOST | PERM_BM | PERM_ACCOUNTS |
PERM_CHATROOM | PERM_BOARD | PERM_SYSOP |
PERM_BBSADM;
break;
}
} else { /* guest */
cuser.userlevel = 0;
cuser.uflag = COLOR_FLAG | PAGER_FLAG | BRDSORT_FLAG | MOVIE_FLAG;
break;
}
}
multi_user_check();
sethomepath(genbuf, cuser.userid);
mkdir(genbuf, 0755);
}
int uinfo_query(struct userec *u, int real, int unum)
{
struct userec newinfo;
char ans[3], buf[STRLEN], genbuf[128];
char src[STRLEN], dst[STRLEN];
int i, fail = 0 ;
#ifdef MAILCHANGED
int netty_check = 0;
#endif
time_t now;
struct tm *tmnow;
memcpy(&newinfo, u, sizeof(currentuser));
getdata(t_lines - 1, 0, real ?
"��ѡ�� (0)���� (1)������ (2)�趨���� (3) �� ID ==> [0]" :
"��ѡ�� (0)���� (1)������ (2)�趨���� (3) ѡǩ���� ==> [0]",
ans, 2, DOECHO, YEA);
clear();
refresh();
now = time(0);
tmnow = localtime(&now);
i = 3;
move(i++, 0);
if (ans[0] != '3' || real)
prints("ʹ���ߴ���: %s\n", u->userid);
switch (ans[0])
{
case '1':
move(1, 0);
prints("��������,ֱ�Ӱ� <ENTER> ����ʹ�� [] �ڵ����ϡ�\n");
sprintf(genbuf, "�dz� [%s]: ", u->username);
getdata(i++, 0, genbuf, buf, NAMELEN, DOECHO, YEA);
if (buf[0])
strncpy(newinfo.username, buf, NAMELEN);
sprintf(genbuf, "��ʵ���� [%s]: ", u->realname);
getdata(i++, 0, genbuf, buf, NAMELEN, DOECHO, YEA);
if (buf[0])
strncpy(newinfo.realname, buf, NAMELEN);
sprintf(genbuf, "��ס��ַ [%s]: ", u->address);
getdata(i++, 0, genbuf, buf, STRLEN - 10, DOECHO, YEA);
if (buf[0])
strncpy(newinfo.address, buf, NAMELEN);
sprintf(genbuf, "�������� [%s]: ", u->email);
getdata(i++, 0, genbuf, buf, 48, DOECHO, YEA);
if (buf[0])
{
#ifdef MAILCHECK
#ifdef MAILCHANGED
if(u->uid == usernum)
netty_check = 1;
#endif
#endif
strncpy(newinfo.email, buf, 48);
}
sprintf(genbuf, "�ն˻���̬ [%s]: ", u->termtype);
getdata(i++, 0, genbuf, buf, 16, DOECHO, YEA);
if (buf[0])
strncpy(newinfo.termtype, buf, 16);
sprintf(genbuf, "������ [%d]: ", u->birthyear + 1900);
getdata(i++, 0, genbuf, buf, 5, DOECHO, YEA);
if ( buf[0] && atoi(buf) > 1920 && atoi(buf) < 1998)
newinfo.birthyear = atoi(buf) - 1900;
sprintf(genbuf, "������ [%d]: ", u->birthmonth);
getdata(i++, 0, genbuf, buf, 3, DOECHO, YEA);
if (buf[0] && atoi(buf) >= 1 && atoi(buf) <= 12)
newinfo.birthmonth = atoi(buf);
sprintf(genbuf, "������ [%d]: ", u->birthday);
getdata(i++, 0, genbuf, buf, 3, DOECHO, YEA);
if (buf[0] && atoi(buf) >= 1 && atoi(buf) <= 31)
newinfo.birthday = atoi(buf);
sprintf(genbuf, "�Ա�(M.��)(F.Ů) [%c]: ", u->gender);
getdata(i++, 0, genbuf, buf, 2, DOECHO, YEA);
if (buf[0])
{
if (strchr("MmFf", buf[0]))
newinfo.gender = toupper(buf[0]);
}
if (real)
uinfo_change1(i,u,&newinfo);
break;
case '2':
if (!real)
{
getdata(i++, 0, "������ԭ����: ", buf, PASSLEN, NOECHO, YEA);
if (*buf == '\0' || !checkpasswd(u->passwd, buf))
{
prints("\n\n�ܱ�Ǹ, ����������벻��ȷ��\n");
fail++;
break;
}
}
getdata(i++, 0, "���趨������: ", buf, PASSLEN, NOECHO, YEA);
if (buf[0] == '\0')
{
prints("\n\n�����趨ȡ��, ����ʹ�þ�����\n");
fail++;
break;
}
strncpy(genbuf, buf, PASSLEN);
getdata(i++, 0, "����������������: ", buf, PASSLEN, NOECHO, YEA);
if (strncmp(buf, genbuf, PASSLEN))
{
prints("\n\n������ȷ��ʧ��, ���趨�����롣\n");
fail++;
break;
}
buf[8] = '\0';
strncpy(newinfo.passwd, genpasswd(buf), ENCPASSLEN);
break;
case '3':
if (!real)
{
sprintf(genbuf, "Ŀǰʹ��ǩ���� [%d]: ", u->signature);
getdata(i++, 0, genbuf, buf, 16, DOECHO, YEA);
if (atoi(buf) > 0)
newinfo.signature = atoi(buf);
}
else
{
struct user_info uin;
extern int t_cmpuids();
if(t_search_ulist(&uin, t_cmpuids, unum, NA, NA)!=0)
{
prints("\n�Բ��𣬸��û�Ŀǰ�������ϡ�");
fail++;
}
else if(!strcmp(lookupuser.userid,"SYSOP"))
{
prints("\n�Բ����㲻������ SYSOP �� ID��");
fail++;
}
else
{
getdata(i++,0,"�µ�ʹ���ߴ���: ",genbuf,IDLEN+1,DOECHO, YEA);
if (*genbuf != '\0')
{
if (getuser(genbuf))
{
prints("\n�Բ���! �Ѿ���ͬ�� ID ��ʹ����\n");
fail++;
}
else
{
strncpy(newinfo.userid, genbuf, IDLEN + 2);
}
}
else
fail ++;
}
}
break;
default:
clear();
return 0;
}
if (fail != 0)
{
pressreturn();
clear();
return 0;
}
if (askyn("ȷ��Ҫ�ı���", NA, YEA) == YEA)
{
if (real)
{
char secu[STRLEN];
sprintf(secu, "�� %s �Ļ������ϻ����롣", u->userid);
securityreport1(secu);
}
if (strcmp(u->userid, newinfo.userid))
{
sprintf(src, "mail/%c/%s", toupper(u->userid[0]), u->userid);
sprintf(dst, "mail/%c/%s", toupper(newinfo.userid[0]), newinfo.userid);
rename(src, dst);
sethomepath(src, u->userid);
sethomepath(dst, newinfo.userid);
rename(src, dst);
sethomefile(src, u->userid, "register");
unlink(src);
sethomefile(src, u->userid, "register.old");
unlink(src);
setuserid(unum, newinfo.userid);
}
if(!strcmp(u->userid, currentuser.userid))
{
extern int WishNum;
strncpy(uinfo.username,newinfo.username,NAMELEN);
WishNum = 9999;
}
#ifdef MAILCHECK
#ifdef MAILCHANGED
if ((netty_check == 1)&&!HAS_PERM(PERM_SYSOP))
{
sprintf(genbuf, "%s", BBSHOST);
if ( (!strstr(newinfo.email, genbuf)) &&
(!invalidaddr(newinfo.email)) &&
(!invalid_email(newinfo.email)))
{
strcpy(u->email, newinfo.email);
send_regmail(u);
}
else
{
move(t_lines - 5, 0);
prints("\n������ĵ����ʼ���ַ ��[1;33m%s[m��\n",newinfo.email);
prints("ˡ���ܱ�վ���ϣ�ϵͳ����Ͷ��ע���ţ������������...\n");
pressanykey();
return 0;
}
}
#endif
#endif
memcpy(u, &newinfo, (size_t)sizeof(currentuser));
#ifdef MAILCHECK
#ifdef MAILCHANGED
if ((netty_check == 1)&&!HAS_PERM(PERM_SYSOP))
{
newinfo.userlevel &= ~(PERM_LOGINOK | PERM_PAGE | PERM_MESSAGE);
sethomefile(src, newinfo.userid, "register");
sethomefile(dst, newinfo.userid, "register.old");
rename(src, dst);
}
#endif
#endif
substitute_record(PASSFILE, &newinfo, sizeof(newinfo), unum);
}
clear();
return 0;
}
int
bbslogin_main()
{
int n, t, infochanged = 0;
time_t dtime;
char filename[128], buf[256], id[20], pw[PASSLEN], url[10], *ub =
FIRST_PAGE;
char *ptr;
char md5pass[MD5LEN];
struct userec *x, tmpu;
int ipmask;
int uid;
html_header(3);
if (loginok && !isguest) {
sprintf(buf, "/" SMAGIC "/?t=%d", (int) now_t);
redirect(buf);
}
strsncpy(id, strtrim(getparm("id")), 13);
strsncpy(pw, getparm("pw"), PASSLEN);
strsncpy(url, getparm("url"), 3);
ipmask = atoi(getparm("ipmask"));
if (!id[0]) {
strcpy(id, "guest");
ipmask = 8;
}
if (!strcmp(MY_BBS_ID, "YTHT") && !strcmp(id, "guest")) {
http_fatal("请输入用户名和密码以登录。");
}
if (strcmp(id, "guest")) {
ipmask = extandipmask(ipmask, getparm("lastip1"), realfromhost);
ipmask = extandipmask(ipmask, getparm("lastip2"), realfromhost);
}
if ((uid = getuser(id, &x)) <= 0) {
printf("%s<br>", id);
http_fatal("错误的使用者帐号");
}
strcpy(id, x->userid);
if (strcasecmp(id, "guest")) {
if (checkbansite(realfromhost)) {
http_fatal
("对不起, 本站不欢迎来自 [%s] 的登录. <br>若有疑问, 请与SYSOP联系.",
realfromhost);
}
if (userbansite(x->userid, realfromhost))
http_fatal("本ID已设置禁止从%s登录", realfromhost);
if (!checkpasswd(x->passwd, x->salt, pw)) {
logattempt(x->userid, realfromhost, "WWW", now_t);
http_fatal
("密码错误,如有疑问请联系站务组,提供注册资料找回密码");
}
if (!user_perm(x, PERM_BASIC))
http_fatal
("由于本帐号名称不符合帐号管理办法,已经被管理员禁止继续上站。<br>请用其他帐号登录在 <font color=red>"
DEFAULTBOARD "</font> 版询问.");
if (file_has_word(MY_BBS_HOME "/etc/prisonor", x->userid)) {
if (x->inprison == 0) {
memcpy(&tmpu, x, sizeof (tmpu));
tmpu.inprison = 1;
tmpu.dieday = 2;
updateuserec(&tmpu, 0);
}
http_fatal("安心改造,不要胡闹");
}
if (x->dieday)
http_fatal("死了?还要做什么? :)");
t = x->lastlogin;
memcpy(&tmpu, x, sizeof (tmpu));
if (tmpu.salt == 0) {
tmpu.salt = getsalt_md5();
genpasswd(md5pass, tmpu.salt, pw);
memcpy(tmpu.passwd, md5pass, MD5LEN);
infochanged = 1;
}
if (count_uindex(uid) == 0) {
if (now_t - t > 1800)
tmpu.numlogins++;
infochanged = 1;
tmpu.lastlogin = now_t;
dtime = t - 4 * 3600;
t = localtime(&dtime)->tm_mday;
dtime = now_t - 4 * 3600;
if (t < localtime(&dtime)->tm_mday
&& x->numdays < 60000) {
tmpu.numdays++;
}
}
if (abs(t - now_t) < 5) {
http_fatal("两次登录间隔过密!");
}
if (x->lasthost != from_addr.s_addr) {
tmpu.lasthost = from_addr.s_addr;
infochanged = 1;
}
if (infochanged)
updateuserec(&tmpu, 0);
currentuser = x;
}
ptr = getsenv("HTTP_X_FORWARDED_FOR");
tracelog("%s enter %s www %d %s", x->userid, realfromhost, infochanged,
ptr);
n = 0;
if (loginok && isguest) {
u_info->wwwinfo.iskicked = 1;
}
if (strcasecmp(id, "guest")) {
sethomepath(filename, x->userid);
mkdir(filename, 0755);
strsncpy(buf, getparm("style"), 3);
wwwstylenum = -1;
if (isdigit(buf[0]))
wwwstylenum = atoi(buf);
if ((wwwstylenum > NWWWSTYLE || wwwstylenum < 0))
if (!readuservalue
(x->userid, "wwwstyle", buf, sizeof (buf)))
wwwstylenum = atoi(buf);
if (wwwstylenum < 0 || wwwstylenum >= NWWWSTYLE)
wwwstylenum = 1;
currstyle = &wwwstyle[wwwstylenum];
} else {
wwwstylenum = 1;
currstyle = &wwwstyle[wwwstylenum];
}
ub = wwwlogin(x, ipmask);
#ifdef USESESSIONCOOKIE
{
extern char sessionCookie[];
printf
("<script>document.cookie='SESSION=%s; path=/';</script>",
urlencode(sessionCookie));
}
#endif
if (!strcmp(url, "1")) {
#if 1
printf
("<script>\n"
"function URLencode(sStr) {\n"
"return escape(sStr).replace(/\\+/g, '%%2C').replace(/\\\"/g,'%%22').replace(/\\'/g, '%%27');\n"
"}\n"
"a=window.opener.location.href;\n" "l=a.length;\n"
"t=a.indexOf('/" SMAGIC "',1);\n" "t=a.indexOf('/',t+1);\n"
//"nu=\"%s\"+\"?t=%ld&b=\"+URLencode(a.substring(t+1,l));\n"
"nu=\"%s\"+\"?t=%ld&b=\"+a.substring(t+1,l);\n"
"opener.top.location.href=nu;window.close();</script>",
ub, now_t);
#else
printf
("<script>opener.top.location.href='%s?t=%d';window.close();</script>",
ub, now_t);
#endif
} else {
char buf[256];
if (strcmp(x->userid, "guest") && shouldbroadcast(uid))
sprintf(buf, "%s?t=%d&b=ooo", ub, (int) now_t);
else
sprintf(buf, "%s?t=%d", ub, (int) now_t);
redirect(buf);
}
http_quit();
return 0;
}
int wmllogin(char * buf)
{
char id[IDLEN + 2], pw[20];
struct userec *x;
struct user_info * uol[MULTI_LOGINS];
char buf2[256], filename[256];
int i, kick;
page_init(NULL);
strncpy(id, getparm("id"), IDLEN + 1);
strncpy(pw, getparm("pw"), 19);
if (!*pw)
{
strncpy(pw, getparm("pw2"), 19);
}
kick = atoi(getparm("kick")) - 1;
if (!strcasecmp(id, "SYSOP"))
{
strcpy (buf, "用户SYSOP登录受限。");
return -65536;
}
if(file_has_word(".bad_host", fromhost))
{
sprintf (buf, "对不起, 本站不欢迎来自 [%s] 的登录。 若有疑问, 请与SYSOP联系,", fromhost);
return -256;
}
if(loginok && strcasecmp(id, currentuser.userid))
{
sprintf (buf, "系统检测到目前你的计算机上已经登录有一个帐号 %s,请先退出。", currentuser.userid);
return 1;
}
x = getuser(id);
if (!x)
{
strcpy (buf, "错误的使用者帐号");
return -1;
}
sprintf(buf2, "home/%c/%s/badhost", toupper(x->userid[0]), x->userid);
if(bad_host(fromhost,buf2))
{
sprintf (buf, "对不起,此帐号已被设定为不可从 [%s] 登录本站。",fromhost);
return -257;
}
if(strcasecmp(id, "guest"))
{
if(!checkpasswd(x->passwd, pw))
{
if(*pw)
{
sleep(2);
getdatestring (time(0), NA);
sprintf(buf2, "%-12.12s %-30s %s[Wap]\n",id, datestring, fromhost);
sprintf(filename, "home/%c/%s/logins.bad", toupper(x->userid[0]), x->userid);
f_append(filename, buf2);
}
sprintf (buf, "密码错误");
return -2;
}
if (check_login_limit(x))
{
strcpy (buf, "此ID在24小时内上站次数过多,请稍候再来。");
return -4;
}
if(!user_perm(x, PERM_BASIC))
{
strcpy (buf, "此帐号已被停机。若有疑问,请用其他帐号在sysop版询问。");
return -5;
}
if (check_multi_d(x, uol, kick))
{
wml_httpheader();
wml_head();
printf ("<card title=\"登录 -- %s\">", BBSNAME);
printf ("<p>用户%s已经在本站登录了%d个线程,你需要踢掉一个才能登录。<br />", x->userid, MULTI_LOGINS);
for (i = 0; i < MULTI_LOGINS; i++)
{
printf ("#%d %s %s%s 发呆%d分<br />", i, uol[i]->from, uol[i]->mode >= 20000 ? "@" : "", ModeType(uol[i]->mode >= 20000 ? uol[i]->mode - 20000 : uol[i]->mode), (time(0) - uol[i]->idle_time) / 60);
}
printf ("踢掉哪个:<select name=\"inp_kick\">");
for (i = 0; i < MULTI_LOGINS; i++)
{
printf ("<option value=\"%d\">%d</option>", i + 1, i + 1);
}
printf ("</select><br />");
printf ("您的密码:<input type=\"password\" maxlength=\"8\" name=\"inp_pw\" /><br />");
printf ("<anchor><go href=\"login.wml?id=%s\" method=\"post\"><postfield name=\"pw\" value=\"$(inp_pw)\" /><postfield name=\"kick\" value=\"$(inp_kick)\" /></go>登录</anchor></p>", x->userid);
return 0;
}
x->lastlogin = time(0);
x->numlogins++;
strsncpy(x->lasthost, fromhost, 17);
save_user_data(x);
currentuser = *x;
}
report("WapEnter");
int iutmpnum, iutmpkey;
if (!wwwlogin(x, &iutmpnum, &iutmpkey))//0 : succeed
{
encodingtest();
sprintf(buf2, "%d", iutmpnum);
headerCookie("utmpnum", buf2);
sprintf(buf2, "%d", iutmpkey);
headerCookie("utmpkey", buf2);
headerCookie("utmpuserid", currentuser.userid);
wml_httpheader();
}
else
{
strcpy (buf, "抱歉,登录人数太多,请稍候再来:(");
return -65537;
}
sprintf (buf, "用户 %s 登录成功。", x->userid);
wml_head();
printf ("<card title=\"登录 -- %s\" ontimer=\"%s\">", BBSNAME, "bbsboa.wml");
printf ("<timer value=\"50\" />");
printf ("<p>");
w_hprintf(buf);
printf ("</p>");
printf ("<p>跳转中……</p>");
printf ("<p><anchor><go href=\"%s\" />如果不能自动跳转,请使用此链接。</anchor></p>", "bbsboa.wml");
return 0;
}
int
m_sob(void)
{
char genbuf[256], buf[256], userid[25], passbuf[24], msg[2048]="";
int count=0, i, isimported=0, corrected;
FILE *fp;
sobuserec man;
time4_t d;
clear();
move(1,0);
outs(
" 請注意 這是只給陽光沙灘使用者!\n"
" 讓沙灘的使用者轉移個人資產以及重要信用資料, 享有平等安全的環境.\n"
" 如果您不需要, 請直離開.\n"
" -----------------------------------------------------------------\n"
" 特別叮嚀:\n"
" 為了帳號安全,您只有連續十次密碼錯誤的機會,請小心輸入.\n"
" 連續次錯誤您的變身功\能就會被開罰單並直接通知站長.\n"
" 請不要在變身過程中不正常斷線, 刻意斷線變半獸人站長不救唷.\n"
);
if(getkey("是否要繼續?(y/N)")!='y') return 0;
if(search_ulistn(usernum,2))
{vmsg("請登出其他視窗, 以免變身失敗"); return 0;}
do
{
if(!getdata(10,0, " 沙灘的ID [大小寫要完全正確]:", userid, 20,
DOECHO)) return 0;
if(bad_user_id(userid)) continue;
sprintf(genbuf, "sob/passwd/%c/%s.inf",userid[0], userid);
if(!(fp=fopen(genbuf, "r")))
{
isimported = 1;
strcat(genbuf, ".done");
if(!(fp=fopen(genbuf, "r")))
{
vmsg("查無此人或已經匯入過..請注意大小寫 ");
isimported = 0;
continue;
}
}
count = fread(&man, sizeof(man), 1, fp);
fclose(fp);
}while(!count);
count = 0;
do{
if(!getdata(11,0, " 沙灘的密碼:", passbuf, sizeof(passbuf),
NOECHO)) return 0;
if(++count>=10)
{
cuser.userlevel |= PERM_VIOLATELAW;
cuser.vl_count++;
passwd_update(usernum, &cuser);
post_violatelaw(cuser.userid, "[PTT警察]", "測試帳號錯誤十次",
"違法觀察");
mail_violatelaw(cuser.userid, "[PTT警察]", "測試帳號錯誤十次",
"違法觀察");
return 0;
}
if(!(corrected = checkpasswd(man.passwd, passbuf)))
vmsg("密碼錯誤");
} while(!corrected);
move(12,0);
clrtobot();
if(!isimported)
{
if(!dashf(genbuf)) // avoid multi-login
{
vmsg("請不要嘗試多重id踹匯入");
return 0;
}
sprintf(buf,"%s.done",genbuf);
rename(genbuf,buf);
#ifdef MERGEMONEY
reload_money();
sprintf(buf,
"您的沙灘鸚鵡螺 %10d 換算成 " MONEYNAME " 幣為 %9d (匯率 22:1), \n"
" 沙灘貝殼有 %10d 換算為 " MONEYNAME " 幣為 %9d (匯率 222105:1), \n"
" 原有 %10d 匯入後共有 %d\n",
(int)man.goldmoney, (int)man.goldmoney/22,
(int)man.silvermoney, (int)man.silvermoney/222105,
cuser.money,
(int)(cuser.money + man.goldmoney/22 + man.silvermoney/222105));
demoney(man.goldmoney/22 + man.silvermoney/222105 );
strcat(msg, buf);
#endif
i = cuser.exmailbox + man.exmailbox + man.exmailboxk/2000;
if (i > MAX_EXKEEPMAIL) i = MAX_EXKEEPMAIL;
sprintf(buf, "您的沙灘信箱有 %d (%dk), 原有 %d 匯入後共有 %d\n",
man.exmailbox, man.exmailboxk, cuser.exmailbox, i);
strcat(msg, buf);
cuser.exmailbox = i;
if(man.userlevel & PERM_MAILLIMIT)
{
sprintf(buf, "開啟信箱無上限\n");
strcat(msg, buf);
cuser.userlevel |= PERM_MAILLIMIT;
}
if (cuser.firstlogin > man.firstlogin)
d = man.firstlogin;
else
d = cuser.firstlogin;
cuser.firstlogin = d;
if (cuser.numlogins < man.numlogins)
i = man.numlogins;
else
i = cuser.numlogins;
sprintf(buf, "沙灘進站次數 %d 此帳號 %d 將取 %d \n", man.numlogins,
cuser.numlogins, i);
strcat(msg,buf);
cuser.numlogins = i;
if (cuser.numposts < man.numposts )
i = man.numposts;
else
i = cuser.numposts;
sprintf(buf, "沙灘文章次數 %d 此帳號 %d 將取 %d\n",
man.numposts,cuser.numposts,i);
strcat(msg,buf);
cuser.numposts = i;
outs(msg);
while (search_ulistn(usernum,2))
{vmsg("請將重覆上站其他線關閉! 再繼續");}
passwd_update(usernum, &cuser);
}
sethomeman(genbuf, cuser.userid);
mkdir(genbuf, 0755);
sprintf(buf, "tar zxvf %c/%s.tar.gz>/dev/null",
userid[0], userid);
chdir("sob/home");
system(buf);
chdir(BBSHOME);
if (getans("是否匯入個人信箱? (Y/n)")!='n')
{
sethomedir(buf, cuser.userid);
sprintf(genbuf, "sob/home/%c/%s/.DIR",
userid[0], userid);
merge_dir(buf, genbuf, 1);
strcat(msg, "匯入個人信箱\n");
}
if(getans("是否匯入個人信箱精華區(個人作品集)? (會覆蓋\現有設定) (y/N)")=='y')
{
fileheader_t fh;
sprintf(buf,
"rm -rd home/%c/%s/man>/dev/null ; "
"mv sob/home/%c/%s/man home/%c/%s>/dev/null;"
"mv sob/home/%c/%s/gem home/%c/%s/man>/dev/null",
cuser.userid[0], cuser.userid,
userid[0], userid,
cuser.userid[0], cuser.userid,
userid[0], userid,
cuser.userid[0], cuser.userid);
system(buf);
strcat(msg, "匯入個人信箱精華區(個人作品集)\n");
sprintf(buf,"home/%c/%s/man/gem", cuser.userid[0], cuser.userid);
if(dashd(buf))
{
strcat(fh.title, "◆ 個人作品集");
strcat(fh.filename, "gem");
sprintf(fh.owner, cuser.userid);
sprintf(buf, "home/%c/%s/man/.DIR", cuser.userid[0], cuser.userid);
append_record(buf, &fh, sizeof(fh));
}
}
