int bbslogin_main() { int n, t; time_t dtime; char filename[128], buf[256], id[20], pw[20], url[10], *ub = FIRST_PAGE; // main_page[STRLEN]; struct userec *x; int ipmask; html_header(3); strsncpy(id, getparm("id"), 13); strsncpy(pw, getparm("pw"), 13); strsncpy(url, getparm("url"), 3); ipmask = atoi(getparm("ipmask")); if (loginok && strcasecmp(id, currentuser.userid) && !isguest) { http_fatal ("系统检测到目前你的计算机上已经登录有一个帐号 %s,请先退出.(选择正常logout)", currentuser.userid); } if (!strcmp(id, "")) { strcpy(id, "guest"); } x = getuser(id); if (x == 0) { printf("%s<br>", id); http_fatal("错误的使用者帐号"); } strcpy(id, x->userid); if (strcasecmp(id, "guest")) { if (checkbansite(fromhost)) { http_fatal ("对不起, 本站不欢迎来自 [%s] 的登录. <br>若有疑问, 请与SYSOP联系.", fromhost); } if (userbansite(x->userid, fromhost)) http_fatal("本ID已设置禁止从%s登录", fromhost); if (!checkpasswd(x->passwd, pw)) { logattempt(x->userid, fromhost, "WWW", now_t); http_fatal("密码错误"); } if (!user_perm(x, PERM_BASIC)) http_fatal ("此帐号已被停机, 若有疑问, 请用其他帐号在sysop版询问."); if (file_has_word(MY_BBS_HOME "/etc/prisonor", x->userid)) http_fatal("安心改造,不要胡闹"); if (x->dietime) http_fatal("死了?还要做什么? :)"); t = x->lastlogin; x->lastlogin = now_t; if (abs(t - now_t) < 20) { http_fatal("两次登录间隔过密!"); } dtime = t - 4 * 3600; t = localtime(&dtime)->tm_mday; dtime = now_t - 4 * 3600; if (t < localtime(&dtime)->tm_mday && x->numdays < 800) x->numdays++; x->numlogins++; strsncpy(x->lasthost, fromhost, 16); save_user_data(x); currentuser = *x; } sprintf(buf, "%s enter %s www", x->userid, fromhost); newtrace(buf); n = 0; if (loginok && isguest) { bzero(u_info, sizeof (struct user_info)); } if (strcasecmp(id, "guest")) { sethomepath(filename, x->userid); mkdir(filename, 0755); strsncpy(buf, getparm("style"), 3); wwwstylenum = -1; if (isdigit(buf[0])) wwwstylenum = atoi(buf); if ((wwwstylenum > NWWWSTYLE || wwwstylenum < 0)) if (!readuservalue (x->userid, "wwwstyle", buf, sizeof (buf))) wwwstylenum = atoi(buf); if (wwwstylenum < 0 || wwwstylenum >= NWWWSTYLE) wwwstylenum = 1; currstyle = &wwwstyle[wwwstylenum]; } else { wwwstylenum = 1; currstyle = &wwwstyle[wwwstylenum]; } ub = wwwlogin(x, ipmask); if (!strcmp(url, "1")) /*printf("<link href=\"images/@byron.css\" rel=stylesheet type=\"text/css\">\n <frameset cols=135,* frameSpacing=0 frameborder=no id=fs0>\n <frame src=\"%sbbsleft?t=%ld\" name=f2 frameborder=no scrolling=no>\n <frameset id=fs1 rows=0,*,18 frameSpacing=0 frameborder=no border=0>\n <frame scrolling=no name=fmsg src=\"%sbbsmsg\">\n <frame name=f3 src=\"%sbbsfoot\">\n <frame scrolling=no name=f4 src=\"%sbbsfoot.htm\">\n </frameset>\n </frameset>\n", ub, now_t, ub, ub, ub);*/ //add by mintbaggio 040411 for new www // html_header(3); printf ("<script>opener.parent.f2.location.href=\"%sbbsleft?t=%ld\";\n" "opener.parent.fmsg.location.href=\"%sbbsgetmsg\";\n" //"opener.parent.f4.location.href=\"%sbbsfoot\";\n" "a=window.opener.location.href;\n" "l=a.length;\n" "t=a.indexOf('/" SMAGIC "',1);\n" "t=a.indexOf('/',t+1);\n" "nu=\"%s\"+a.substring(t+1,l);\n" "window.opener.location.href=nu;window.close();</script>", ub, now_t, ub, ub, ub); //} else redirect(ub); //else { // print_session_string(ub); // html_header(3); // // sprintf(main_page, "/%s/", SMAGIC); // redirect(main_page); //} http_quit(); return 0; }
int wmllogin(char * buf) { char id[IDLEN + 2], pw[20]; struct userec *x; struct user_info * uol[MULTI_LOGINS]; char buf2[256], filename[256]; int i, kick; page_init(NULL); strncpy(id, getparm("id"), IDLEN + 1); strncpy(pw, getparm("pw"), 19); if (!*pw) { strncpy(pw, getparm("pw2"), 19); } kick = atoi(getparm("kick")) - 1; if (!strcasecmp(id, "SYSOP")) { strcpy (buf, "用户SYSOP登录受限。"); return -65536; } if(file_has_word(".bad_host", fromhost)) { sprintf (buf, "对不起, 本站不欢迎来自 [%s] 的登录。 若有疑问, 请与SYSOP联系,", fromhost); return -256; } if(loginok && strcasecmp(id, currentuser.userid)) { sprintf (buf, "系统检测到目前你的计算机上已经登录有一个帐号 %s,请先退出。", currentuser.userid); return 1; } x = getuser(id); if (!x) { strcpy (buf, "错误的使用者帐号"); return -1; } sprintf(buf2, "home/%c/%s/badhost", toupper(x->userid[0]), x->userid); if(bad_host(fromhost,buf2)) { sprintf (buf, "对不起,此帐号已被设定为不可从 [%s] 登录本站。",fromhost); return -257; } if(strcasecmp(id, "guest")) { if(!checkpasswd(x->passwd, pw)) { if(*pw) { sleep(2); getdatestring (time(0), NA); sprintf(buf2, "%-12.12s %-30s %s[Wap]\n",id, datestring, fromhost); sprintf(filename, "home/%c/%s/logins.bad", toupper(x->userid[0]), x->userid); f_append(filename, buf2); } sprintf (buf, "密码错误"); return -2; } if (check_login_limit(x)) { strcpy (buf, "此ID在24小时内上站次数过多,请稍候再来。"); return -4; } if(!user_perm(x, PERM_BASIC)) { strcpy (buf, "此帐号已被停机。若有疑问,请用其他帐号在sysop版询问。"); return -5; } if (check_multi_d(x, uol, kick)) { wml_httpheader(); wml_head(); printf ("<card title=\"登录 -- %s\">", BBSNAME); printf ("<p>用户%s已经在本站登录了%d个线程,你需要踢掉一个才能登录。<br />", x->userid, MULTI_LOGINS); for (i = 0; i < MULTI_LOGINS; i++) { printf ("#%d %s %s%s 发呆%d分<br />", i, uol[i]->from, uol[i]->mode >= 20000 ? "@" : "", ModeType(uol[i]->mode >= 20000 ? uol[i]->mode - 20000 : uol[i]->mode), (time(0) - uol[i]->idle_time) / 60); } printf ("踢掉哪个:<select name=\"inp_kick\">"); for (i = 0; i < MULTI_LOGINS; i++) { printf ("<option value=\"%d\">%d</option>", i + 1, i + 1); } printf ("</select><br />"); printf ("您的密码:<input type=\"password\" maxlength=\"8\" name=\"inp_pw\" /><br />"); printf ("<anchor><go href=\"login.wml?id=%s\" method=\"post\"><postfield name=\"pw\" value=\"$(inp_pw)\" /><postfield name=\"kick\" value=\"$(inp_kick)\" /></go>登录</anchor></p>", x->userid); return 0; } x->lastlogin = time(0); x->numlogins++; strsncpy(x->lasthost, fromhost, 17); save_user_data(x); currentuser = *x; } report("WapEnter"); int iutmpnum, iutmpkey; if (!wwwlogin(x, &iutmpnum, &iutmpkey))//0 : succeed { encodingtest(); sprintf(buf2, "%d", iutmpnum); headerCookie("utmpnum", buf2); sprintf(buf2, "%d", iutmpkey); headerCookie("utmpkey", buf2); headerCookie("utmpuserid", currentuser.userid); wml_httpheader(); } else { strcpy (buf, "抱歉,登录人数太多,请稍候再来:("); return -65537; } sprintf (buf, "用户 %s 登录成功。", x->userid); wml_head(); printf ("<card title=\"登录 -- %s\" ontimer=\"%s\">", BBSNAME, "bbsboa.wml"); printf ("<timer value=\"50\" />"); printf ("<p>"); w_hprintf(buf); printf ("</p>"); printf ("<p>跳转中……</p>"); printf ("<p><anchor><go href=\"%s\" />如果不能自动跳转,请使用此链接。</anchor></p>", "bbsboa.wml"); return 0; }
int bbslogin_main(void) { char fname[STRLEN]; char buf[256], id[IDLEN + 1], pw[PASSLEN]; struct userec user; if (parse_post_data() < 0) return BBS_EINVAL; strlcpy(id, getparm("id"), sizeof(id)); if (*id == '\0') return login_screen(); strlcpy(pw, getparm("pw"), sizeof(pw)); if (loginok && !strcasecmp(id, currentuser.userid)) { const char *ref = get_login_referer(); printf("Location: %s\n\n", ref); return 0; } if (getuserec(id, &user) == 0) return BBS_ENOUSR; user.numlogins++; if (strcasecmp(id, "guest")) { int total; time_t stay, recent, now, t; if (!checkpasswd(user.passwd, pw)) { sprintf(buf, "%-12.12s %s @%s\n", user.userid, getdatestring(time(NULL), DATE_ZH), fromhost); sethomefile(fname, user.userid, "logins.bad"); file_append(fname, buf); file_append("logins.bad", buf); return BBS_EWPSWD; } total = check_multi(&user); if (!HAS_PERM2(PERM_SYSOPS, &user) && total >= 2) return BBS_ELGNQE; if (!HAS_PERM2(PERM_LOGIN, &user)) return BBS_EACCES; now = time(NULL); // Do not count frequent logins. if (now - user.lastlogin < 20 * 60 && user.numlogins >= 100) user.numlogins--; if (total > 1) { recent = user.lastlogout; if (user.lastlogin > recent) recent = user.lastlogin; stay = now - recent; if (stay < 0) stay = 0; } else { stay = 0; } t = user.lastlogin; user.lastlogin = now; user.stay += stay; #ifdef CHECK_FREQUENTLOGIN if (!HAS_PERM(PERM_SYSOPS) && abs(t - time(NULL)) < 10) { report("Too Frequent", user.userid); return BBS_ELFREQ; } #endif strlcpy(user.lasthost, fromhost, sizeof(user.lasthost)); save_user_data(&user); currentuser = user; } log_usies("ENTER", fromhost, &user); if (!loginok && strcasecmp(id, "guest")) wwwlogin(&user, getparm("ref")); return 0; }
int bbslogin_main() { int n, t, infochanged = 0; time_t dtime; char filename[128], buf[256], id[20], pw[PASSLEN], url[10], *ub = FIRST_PAGE; char *ptr; char md5pass[MD5LEN]; struct userec *x, tmpu; int ipmask; int uid; html_header(3); if (loginok && !isguest) { sprintf(buf, "/" SMAGIC "/?t=%d", (int) now_t); redirect(buf); } strsncpy(id, strtrim(getparm("id")), 13); strsncpy(pw, getparm("pw"), PASSLEN); strsncpy(url, getparm("url"), 3); ipmask = atoi(getparm("ipmask")); if (!id[0]) { strcpy(id, "guest"); ipmask = 8; } if (!strcmp(MY_BBS_ID, "YTHT") && !strcmp(id, "guest")) { http_fatal("请输入用户名和密码以登录。"); } if (strcmp(id, "guest")) { ipmask = extandipmask(ipmask, getparm("lastip1"), realfromhost); ipmask = extandipmask(ipmask, getparm("lastip2"), realfromhost); } if ((uid = getuser(id, &x)) <= 0) { printf("%s<br>", id); http_fatal("错误的使用者帐号"); } strcpy(id, x->userid); if (strcasecmp(id, "guest")) { if (checkbansite(realfromhost)) { http_fatal ("对不起, 本站不欢迎来自 [%s] 的登录. <br>若有疑问, 请与SYSOP联系.", realfromhost); } if (userbansite(x->userid, realfromhost)) http_fatal("本ID已设置禁止从%s登录", realfromhost); if (!checkpasswd(x->passwd, x->salt, pw)) { logattempt(x->userid, realfromhost, "WWW", now_t); http_fatal ("密码错误,如有疑问请联系站务组,提供注册资料找回密码"); } if (!user_perm(x, PERM_BASIC)) http_fatal ("由于本帐号名称不符合帐号管理办法,已经被管理员禁止继续上站。<br>请用其他帐号登录在 <font color=red>" DEFAULTBOARD "</font> 版询问."); if (file_has_word(MY_BBS_HOME "/etc/prisonor", x->userid)) { if (x->inprison == 0) { memcpy(&tmpu, x, sizeof (tmpu)); tmpu.inprison = 1; tmpu.dieday = 2; updateuserec(&tmpu, 0); } http_fatal("安心改造,不要胡闹"); } if (x->dieday) http_fatal("死了?还要做什么? :)"); t = x->lastlogin; memcpy(&tmpu, x, sizeof (tmpu)); if (tmpu.salt == 0) { tmpu.salt = getsalt_md5(); genpasswd(md5pass, tmpu.salt, pw); memcpy(tmpu.passwd, md5pass, MD5LEN); infochanged = 1; } if (count_uindex(uid) == 0) { if (now_t - t > 1800) tmpu.numlogins++; infochanged = 1; tmpu.lastlogin = now_t; dtime = t - 4 * 3600; t = localtime(&dtime)->tm_mday; dtime = now_t - 4 * 3600; if (t < localtime(&dtime)->tm_mday && x->numdays < 60000) { tmpu.numdays++; } } if (abs(t - now_t) < 5) { http_fatal("两次登录间隔过密!"); } if (x->lasthost != from_addr.s_addr) { tmpu.lasthost = from_addr.s_addr; infochanged = 1; } if (infochanged) updateuserec(&tmpu, 0); currentuser = x; } ptr = getsenv("HTTP_X_FORWARDED_FOR"); tracelog("%s enter %s www %d %s", x->userid, realfromhost, infochanged, ptr); n = 0; if (loginok && isguest) { u_info->wwwinfo.iskicked = 1; } if (strcasecmp(id, "guest")) { sethomepath(filename, x->userid); mkdir(filename, 0755); strsncpy(buf, getparm("style"), 3); wwwstylenum = -1; if (isdigit(buf[0])) wwwstylenum = atoi(buf); if ((wwwstylenum > NWWWSTYLE || wwwstylenum < 0)) if (!readuservalue (x->userid, "wwwstyle", buf, sizeof (buf))) wwwstylenum = atoi(buf); if (wwwstylenum < 0 || wwwstylenum >= NWWWSTYLE) wwwstylenum = 1; currstyle = &wwwstyle[wwwstylenum]; } else { wwwstylenum = 1; currstyle = &wwwstyle[wwwstylenum]; } ub = wwwlogin(x, ipmask); #ifdef USESESSIONCOOKIE { extern char sessionCookie[]; printf ("<script>document.cookie='SESSION=%s; path=/';</script>", urlencode(sessionCookie)); } #endif if (!strcmp(url, "1")) { #if 1 printf ("<script>\n" "function URLencode(sStr) {\n" "return escape(sStr).replace(/\\+/g, '%%2C').replace(/\\\"/g,'%%22').replace(/\\'/g, '%%27');\n" "}\n" "a=window.opener.location.href;\n" "l=a.length;\n" "t=a.indexOf('/" SMAGIC "',1);\n" "t=a.indexOf('/',t+1);\n" //"nu=\"%s\"+\"?t=%ld&b=\"+URLencode(a.substring(t+1,l));\n" "nu=\"%s\"+\"?t=%ld&b=\"+a.substring(t+1,l);\n" "opener.top.location.href=nu;window.close();</script>", ub, now_t); #else printf ("<script>opener.top.location.href='%s?t=%d';window.close();</script>", ub, now_t); #endif } else { char buf[256]; if (strcmp(x->userid, "guest") && shouldbroadcast(uid)) sprintf(buf, "%s?t=%d&b=ooo", ub, (int) now_t); else sprintf(buf, "%s?t=%d", ub, (int) now_t); redirect(buf); } http_quit(); return 0; }