int
bbslogout_main()
{
struct userec *tmp;
int st;
char buf[50];
int uid;
html_header(1);
//modified by safari@20091222
if (!loginok) {
redirect(FIRST_PAGE);
http_quit();
//http_fatal("你没有登录");
}
if (isguest)
http_fatal("guest不带注销的");
tmp = getuser(currentuser.userid);
currentuser.numposts = tmp->numposts;
currentuser.userlevel = tmp->userlevel;
currentuser.numlogins = tmp->numlogins;
currentuser.stay = tmp->stay;
if (now_t > w_info->login_start_time) {
st = now_t - w_info->login_start_time;
if (st > 86400)
errlog("Strange long stay time,%d!, logout, %s", st, currentuser.userid);
else {
currentuser.stay += st;
sprintf(buf, "%s exitbbs %d", currentuser.userid, st);
newtrace(buf);
}
}
save_user_data(¤tuser);
uid = u_info->uid;
remove_uindex(u_info->uid, utmpent);
bzero(u_info, sizeof (struct user_info));
if ((currentuser.userlevel & PERM_BOARDS) && count_uindex(uid)==0)
setbmstatus(¤tuser, 0);
redirect(FIRST_PAGE);
return 0;
}
char *
wwwlogin(struct userec *user, int ipmask)
{
FILE *fp, *fp1;
int n, dolog = 0, st, clubnum, uid, i, nsearch;
struct user_info *u;
char ULIST[STRLEN];
char genbuf[256], *urlbase, fname[80];
uid = getusernum(user->userid) + 1;
if ((urlbase = check_multi(user->userid, uid)))
return urlbase;
if (strcasecmp(user->userid, "guest") && count_uindex(uid) >= 3)
http_fatal("您已经登录了三个帐号,不能再登录了");
// 如果要限制WWW登录窗口数 就打开这个注释. lepton
gethostname(genbuf, 256);
sprintf(ULIST, MY_BBS_HOME "/%s.%s", ULIST_BASE, genbuf);
fp = fopen(ULIST, "a");
flock(fileno(fp), LOCK_EX);
nsearch = NSEARCH;
//if (strcasecmp(user->userid, "guest"))
// nsearch = MAXACTIVE / 4;
for (i = 0, n = iphash(fromhost) * (MAXACTIVE / NHASH); i < nsearch;
i++, n++) {
if (n >= MAXACTIVE)
n = 0;
u = &(shm_utmp->uinfo[n]);
if (u->active && u->pid == 1
&& ((now_t - u->lasttime) > 20 * 60 || u->wwwinfo.iskicked)) {
st = u->lasttime - u->wwwinfo.login_start_time;
if (st > 86400) {
errlog("Strange long stay time,%d!, drop %s",
st, u->userid);
st = 86400;
}
sprintf(genbuf, "%s drop %d www", u->userid, st);
newtrace(genbuf);
remove_uindex(u->uid, n + 1);
bzero(u, sizeof (struct user_info));
}
if (!dolog && u->active == 0) {
u_info = u;
bzero(u, sizeof (struct user_info));
u->active = 1;
u->uid = uid;
u->pid = 1;
//u->pid = thispid; //modify by mintbaggio@BMY for kill www user
u->mode = LOGIN;
if (strcasecmp(user->userid, "guest"))
u_info->unreadmsg = get_unreadmsg(user->userid);
else
u_info->unreadmsg = 0;
u->userlevel = user->userlevel;
u->lasttime = now_t;
u->curboard = 0;
if (user_perm(user, PERM_LOGINCLOAK) &&
(user->flags[0] & CLOAK_FLAG))
u->invisible = YEA;
u->pager = 0;
if (user->userdefine & DEF_FRIENDCALL)
u->pager |= FRIEND_PAGER;
if (user->flags[0] & PAGER_FLAG) {
u->pager |= ALL_PAGER;
u->pager |= FRIEND_PAGER;
}
if (user->userdefine & DEF_FRIENDMSG)
u->pager |= FRIENDMSG_PAGER;
if (user->userdefine & DEF_ALLMSG) {
u->pager |= ALLMSG_PAGER;
u->pager |= FRIENDMSG_PAGER;
}
strsncpy(u->from, fromhost, 24);
strsncpy(u->username, user->username, NAMELEN);
strsncpy(u->userid, user->userid, IDLEN + 1);
getrandomstr(u->sessionid);
if (strcasecmp(user->userid, "guest"))
initfriends(u);
else
memset(u->friend, 0, sizeof (u->friend));
urlbase = makeurlbase(n);
w_info = &(u_info->wwwinfo);
w_info->login_start_time = now_t;
w_info->ipmask = ipmask;
if (strcasecmp(user->userid, "guest")) {
sethomefile(fname, user->userid, "clubrights");
if ((fp1 = fopen(fname, "r")) == NULL) {
memset(u_info->clubrights, 0,
4 * sizeof (int));
} else {
while (fgets(genbuf, STRLEN, fp1) !=
NULL) {
clubnum = atoi(genbuf);
u_info->clubrights[clubnum /
32] |=
(1 << clubnum % 32);
}
fclose(fp1);
}
set_my_cookie();
} else {
memset(u_info->clubrights, 0, 4 * sizeof (int));
w_info->t_lines = 20;
w_info->att_mode = 0;
w_info->doc_mode = 1;
}
dolog = 1;
add_uindex(u->uid, n + 1);
}
}
int
bbslogin_main()
{
int n, t, infochanged = 0;
time_t dtime;
char filename[128], buf[256], id[20], pw[PASSLEN], url[10], *ub =
FIRST_PAGE;
char *ptr;
char md5pass[MD5LEN];
struct userec *x, tmpu;
int ipmask;
int uid;
html_header(3);
if (loginok && !isguest) {
sprintf(buf, "/" SMAGIC "/?t=%d", (int) now_t);
redirect(buf);
}
strsncpy(id, strtrim(getparm("id")), 13);
strsncpy(pw, getparm("pw"), PASSLEN);
strsncpy(url, getparm("url"), 3);
ipmask = atoi(getparm("ipmask"));
if (!id[0]) {
strcpy(id, "guest");
ipmask = 8;
}
if (!strcmp(MY_BBS_ID, "YTHT") && !strcmp(id, "guest")) {
http_fatal("请输入用户名和密码以登录。");
}
if (strcmp(id, "guest")) {
ipmask = extandipmask(ipmask, getparm("lastip1"), realfromhost);
ipmask = extandipmask(ipmask, getparm("lastip2"), realfromhost);
}
if ((uid = getuser(id, &x)) <= 0) {
printf("%s<br>", id);
http_fatal("错误的使用者帐号");
}
strcpy(id, x->userid);
if (strcasecmp(id, "guest")) {
if (checkbansite(realfromhost)) {
http_fatal
("对不起, 本站不欢迎来自 [%s] 的登录. <br>若有疑问, 请与SYSOP联系.",
realfromhost);
}
if (userbansite(x->userid, realfromhost))
http_fatal("本ID已设置禁止从%s登录", realfromhost);
if (!checkpasswd(x->passwd, x->salt, pw)) {
logattempt(x->userid, realfromhost, "WWW", now_t);
http_fatal
("密码错误,如有疑问请联系站务组,提供注册资料找回密码");
}
if (!user_perm(x, PERM_BASIC))
http_fatal
("由于本帐号名称不符合帐号管理办法,已经被管理员禁止继续上站。<br>请用其他帐号登录在 <font color=red>"
DEFAULTBOARD "</font> 版询问.");
if (file_has_word(MY_BBS_HOME "/etc/prisonor", x->userid)) {
if (x->inprison == 0) {
memcpy(&tmpu, x, sizeof (tmpu));
tmpu.inprison = 1;
tmpu.dieday = 2;
updateuserec(&tmpu, 0);
}
http_fatal("安心改造,不要胡闹");
}
if (x->dieday)
http_fatal("死了?还要做什么? :)");
t = x->lastlogin;
memcpy(&tmpu, x, sizeof (tmpu));
if (tmpu.salt == 0) {
tmpu.salt = getsalt_md5();
genpasswd(md5pass, tmpu.salt, pw);
memcpy(tmpu.passwd, md5pass, MD5LEN);
infochanged = 1;
}
if (count_uindex(uid) == 0) {
if (now_t - t > 1800)
tmpu.numlogins++;
infochanged = 1;
tmpu.lastlogin = now_t;
dtime = t - 4 * 3600;
t = localtime(&dtime)->tm_mday;
dtime = now_t - 4 * 3600;
if (t < localtime(&dtime)->tm_mday
&& x->numdays < 60000) {
tmpu.numdays++;
}
}
if (abs(t - now_t) < 5) {
http_fatal("两次登录间隔过密!");
}
if (x->lasthost != from_addr.s_addr) {
tmpu.lasthost = from_addr.s_addr;
infochanged = 1;
}
if (infochanged)
updateuserec(&tmpu, 0);
currentuser = x;
}
ptr = getsenv("HTTP_X_FORWARDED_FOR");
tracelog("%s enter %s www %d %s", x->userid, realfromhost, infochanged,
ptr);
n = 0;
if (loginok && isguest) {
u_info->wwwinfo.iskicked = 1;
}
if (strcasecmp(id, "guest")) {
sethomepath(filename, x->userid);
mkdir(filename, 0755);
strsncpy(buf, getparm("style"), 3);
wwwstylenum = -1;
if (isdigit(buf[0]))
wwwstylenum = atoi(buf);
if ((wwwstylenum > NWWWSTYLE || wwwstylenum < 0))
if (!readuservalue
(x->userid, "wwwstyle", buf, sizeof (buf)))
wwwstylenum = atoi(buf);
if (wwwstylenum < 0 || wwwstylenum >= NWWWSTYLE)
wwwstylenum = 1;
currstyle = &wwwstyle[wwwstylenum];
} else {
wwwstylenum = 1;
currstyle = &wwwstyle[wwwstylenum];
}
ub = wwwlogin(x, ipmask);
#ifdef USESESSIONCOOKIE
{
extern char sessionCookie[];
printf
("<script>document.cookie='SESSION=%s; path=/';</script>",
urlencode(sessionCookie));
}
#endif
if (!strcmp(url, "1")) {
#if 1
printf
("<script>\n"
"function URLencode(sStr) {\n"
"return escape(sStr).replace(/\\+/g, '%%2C').replace(/\\\"/g,'%%22').replace(/\\'/g, '%%27');\n"
"}\n"
"a=window.opener.location.href;\n" "l=a.length;\n"
"t=a.indexOf('/" SMAGIC "',1);\n" "t=a.indexOf('/',t+1);\n"
//"nu=\"%s\"+\"?t=%ld&b=\"+URLencode(a.substring(t+1,l));\n"
"nu=\"%s\"+\"?t=%ld&b=\"+a.substring(t+1,l);\n"
"opener.top.location.href=nu;window.close();</script>",
ub, now_t);
#else
printf
("<script>opener.top.location.href='%s?t=%d';window.close();</script>",
ub, now_t);
#endif
} else {
char buf[256];
if (strcmp(x->userid, "guest") && shouldbroadcast(uid))
sprintf(buf, "%s?t=%d&b=ooo", ub, (int) now_t);
else
sprintf(buf, "%s?t=%d", ub, (int) now_t);
redirect(buf);
}
http_quit();
return 0;
}
int
bbslpassport_main()
{
int uid, infochanged = 0;
char id[IDLEN + 1], pw[PASSLEN], site[256], md5pass[MD5LEN], buf[384];
struct userec *x, tmpu;
time_t t, dtime;
html_header(3);
strsncpy(id, strtrim(getparm("id")), IDLEN + 1);
strsncpy(pw, getparm("pw"), PASSLEN);
strsncpy(site, getparm("site"), 256);
if (!id[0])
http_fatal("请输入帐号");
if (!site[0])
http_fatal("no...");
if (key_fail)
http_fatal("内部错误, 联系维护!\n");
if ((uid = getuser(id, &x)) <= 0) {
printf("%s<br>", id);
http_fatal("错误的使用者帐号");
}
strcpy(id, x->userid);
if (!strcasecmp(id, "guest"))
http_fatal("错误的使用者帐号");
if (checkbansite(fromhost)) {
http_fatal
("对不起, 本站不欢迎来自 [%s] 的登录. <br>若有疑问, 请与SYSOP联系.",
fromhost);
}
if (userbansite(x->userid, fromhost))
http_fatal("本ID已设置禁止从%s登录", fromhost);
if (!checkpasswd(x->passwd, x->salt, pw)) {
logattempt(x->userid, fromhost, "PASSPORT", now_t);
http_fatal
("密码错误,如有疑问请联系站务组,提供注册资料找回密码");
}
#if 0
if (!user_perm(x, PERM_BASIC))
http_fatal
("由于本帐号名称不符合帐号管理办法,已经被管理员禁止继续上站。<br>请用其他帐号登录在 <font color=red>"
DEFAULTBOARD "</font> 版询问.");
if (file_has_word(MY_BBS_HOME "/etc/prisonor", x->userid)) {
if (x->inprison == 0) {
memcpy(&tmpu, x, sizeof (tmpu));
tmpu.inprison = 1;
tmpu.dieday = 2;
updateuserec(&tmpu, 0);
}
http_fatal("安心改造,不要胡闹");
}
if (x->dieday)
http_fatal("死了?还要做什么? :)");
#endif
t = x->lastlogin;
memcpy(&tmpu, x, sizeof (tmpu));
if (tmpu.salt == 0) {
tmpu.salt = getsalt_md5();
genpasswd(md5pass, tmpu.salt, pw);
memcpy(tmpu.passwd, md5pass, MD5LEN);
infochanged = 1;
}
#if 1
if (count_uindex(uid) == 0) {
if (now_t - t > 1800)
tmpu.numlogins++;
infochanged = 1;
tmpu.lastlogin = now_t;
dtime = t - 4 * 3600;
t = localtime(&dtime)->tm_mday;
dtime = now_t - 4 * 3600;
if (t < localtime(&dtime)->tm_mday && x->numdays < 60000) {
tmpu.numdays++;
}
}
#endif
if (abs(t - now_t) < 20) {
http_fatal("两次登录间隔过密!");
}
if (x->lasthost != from_addr.s_addr) {
tmpu.lasthost = from_addr.s_addr;
infochanged = 1;
}
if (infochanged)
updateuserec(&tmpu, 0);
tracelog("%s enter %s passport %d %s", x->userid, fromhost, infochanged,
getsenv("HTTP_X_FORWARDED_FOR"));
printf
("<script>exDate = new Date; exDate.setMonth(exDate.getMonth()+9);"
"document.cookie='pp=%s;path=/;expires=' + exDate.toGMTString();</script>",
des3_encode(id, 0));
snprintf(buf, sizeof (buf), "http://%s?q=%s", site, des3_encode(id, 1));
redirect(buf);
http_quit();
return 0;
}
char *
wwwlogin(struct userec *user, int ipmask)
{
FILE *fp1;
int fd;
int n, uid;
struct user_info u;
char *urlbase, fname[80];
char buf[20];
uid = getuser(user->userid, NULL);
fd = open(MY_BBS_HOME "/" ULIST_BASE "." MY_BBS_DOMAIN, O_WRONLY);
flock(fd, LOCK_EX);
if ((urlbase = check_multi(user->userid, uid))) {
flock(fd, LOCK_UN);
close(fd);
return urlbase;
}
if (strcasecmp(user->userid, "guest") && count_uindex(uid) >= 3) {
flock(fd, LOCK_UN);
close(fd);
http_fatal("您已经登录了三个帐号,不能再登录了");
}
bzero(&u, sizeof (struct user_info));
u.active = 1;
u.uid = uid;
u.pid = 1;
u.mode = LOGIN;
u.userlevel = user->userlevel;
u.lasttime = now_t;
u.curboard = 0;
if (user_perm(user, PERM_LOGINCLOAK) && (user->flags[0] & CLOAK_FLAG))
u.invisible = YEA;
u.pager = 0;
if (user->userdefine & DEF_FRIENDCALL)
u.pager |= FRIEND_PAGER;
if (user->flags[0] & PAGER_FLAG) {
u.pager |= ALL_PAGER;
u.pager |= FRIEND_PAGER;
}
if (user->userdefine & DEF_FRIENDMSG)
u.pager |= FRIENDMSG_PAGER;
if (user->userdefine & DEF_ALLMSG) {
u.pager |= ALLMSG_PAGER;
u.pager |= FRIENDMSG_PAGER;
}
strsncpy(u.from, fromhost, sizeof (u.from));
u.fromIP = from_addr.s_addr;
strsncpy(u.username, user->username, NAMELEN);
strsncpy(u.userid, user->userid, IDLEN + 1);
getrandomstr(u.sessionid);
n = utmp_login(&u);
if (n > MAXACTIVERUN || n <= 0) {
flock(fd, LOCK_UN);
close(fd);
http_fatal
("抱歉,目前在线用户数已达上限%d,无法登录。请稍后再来。",
MAXACTIVERUN);
}
flock(fd, LOCK_UN);
close(fd);
n--;
urlbase = makeurlbase(n, uid);
u_info = &(shm_utmp->uinfo[n]);
w_info = &(u_info->wwwinfo);
w_info->login_start_time = now_t;
w_info->ipmask = ipmask;
if (strcasecmp(user->userid, "guest")) {
u_info->unreadmsg = get_unreadcount(user->userid);
initfriends(u_info);
sethomefile(fname, user->userid, "clubrights");
if ((fp1 = fopen(fname, "r")) == NULL) {
memset(u_info->clubrights, 0, CLUB_SIZE * sizeof (int));
} else {
fread(&(u_info->clubrights), sizeof (int), CLUB_SIZE,
fp1);
fclose(fp1);
}
if (readuservalue(user->userid, "signature", buf, sizeof (buf))
>= 0)
u_info->signature = atoi(buf);
w_info->edit_mode = 1;
set_my_cookie();
} else {
u_info->unreadmsg = 0;
memset(u_info->friend, 0, sizeof (u.friend));
memset(u_info->clubrights, 0, CLUB_SIZE * sizeof (int));
w_info->t_lines = 20;
w_info->att_mode = 0;
w_info->doc_mode = 1;
}
if ((user->userlevel & PERM_BOARDS))
setbmstatus(user, 1);
return urlbase;
}
