static void fill_new_userec(struct userec *user, const char *userid, const char *passwd, bool usegbk) { memset(user, 0, sizeof(*user)); strlcpy(user->userid, userid, sizeof(user->userid)); strlcpy(user->passwd, genpasswd(passwd), ENCPASSLEN); user->gender = 'X'; #ifdef ALLOWGAME user->money = 1000; #endif user->userdefine = ~0; if (!strcmp(userid, "guest")) { user->userlevel = 0; user->userdefine &= ~(DEF_FRIENDCALL | DEF_ALLMSG | DEF_FRIENDMSG); } else { user->userlevel = PERM_LOGIN; user->flags[0] = PAGER_FLAG; } user->userdefine &= ~(DEF_NOLOGINSEND); if (!usegbk) user->userdefine &= ~DEF_USEGB; user->flags[1] = 0; user->firstlogin = user->lastlogin = time(NULL); }
int main(int argc, char *argv[]) { char password[DISCUZ_PASSWD_LENGTH]; int salt; int i; char md5password[MD5LEN]; char md5hexpasswd[DISCUZ_PASSWD_LENGTH+1]; // 32 is defined in discuz and add \0 at the end if(argc != 3) { printf("Usage: discuzgenpasswd <salt> <input_password>\n"); exit(0); } strcpy(password, argv[2]); salt = atoi(argv[1]); genpasswd(md5password, salt, password); if(ascii2hex(md5password, md5hexpasswd) == -1) { printf("convert password error \n"); exit(0); } for(i=0; i<DISCUZ_PASSWD_LENGTH; i++) printf("%c",md5hexpasswd[i]); return 1; }
//�������ܱ���¼���� int b_notes_passwd() { FILE *pass; char passbuf[20], prepass[20]; char buf[STRLEN]; if (!chkBM(currbp, ¤tuser)) return 0; clear(); move(1, 0); prints("�趨/����/ȡ�������ܱ���¼������..."); setvfile(buf, currboard, "secnotes"); if (!dashf(buf)) { move(3, 0); prints("�����������ޡ����ܱ���¼����\n\n"); prints("������ W ��á����ܱ���¼�������趨����..."); pressanykey(); return FULLUPDATE; } if (!check_notespasswd()) return FULLUPDATE; getdata(3, 0, "�������µ����ܱ���¼����(Enter ȡ������): ", passbuf, 19, NOECHO, YEA); if (passbuf[0] == '\0') { setvfile(buf, currboard, "notespasswd"); unlink(buf); prints("�Ѿ�ȡ������¼���롣"); pressanykey(); return FULLUPDATE; } getdata(4, 0, "ȷ���µ����ܱ���¼����: ", prepass, 19, NOECHO, YEA); if (strcmp(passbuf, prepass)) { prints("\n���벻���, ���趨�����...."); pressanykey(); return FULLUPDATE; } setvfile(buf, currboard, "notespasswd"); if ((pass = fopen(buf, "w")) == NULL) { move(5, 0); prints("����¼�������趨...."); pressanykey(); return FULLUPDATE; } fprintf(pass, "%s\n", genpasswd(passbuf)); fclose(pass); move(5, 0); prints("���ܱ���¼�����趨���..."); pressanykey(); return FULLUPDATE; }
int uinfo_query(struct userec *u, int real, int unum) { struct userec newinfo; char ans[3], buf[STRLEN], genbuf[128]; char src[STRLEN], dst[STRLEN]; int i, fail = 0 ; #ifdef MAILCHANGED int netty_check = 0; #endif time_t now; struct tm *tmnow; memcpy(&newinfo, u, sizeof(currentuser)); getdata(t_lines - 1, 0, real ? "��ѡ�� (0)���� (1)������ (2)�趨���� (3) �� ID ==> [0]" : "��ѡ�� (0)���� (1)������ (2)�趨���� (3) ѡǩ���� ==> [0]", ans, 2, DOECHO, YEA); clear(); refresh(); now = time(0); tmnow = localtime(&now); i = 3; move(i++, 0); if (ans[0] != '3' || real) prints("ʹ���ߴ���: %s\n", u->userid); switch (ans[0]) { case '1': move(1, 0); prints("��������,ֱ�Ӱ� <ENTER> ����ʹ�� [] �ڵ����ϡ�\n"); sprintf(genbuf, "�dz� [%s]: ", u->username); getdata(i++, 0, genbuf, buf, NAMELEN, DOECHO, YEA); if (buf[0]) strncpy(newinfo.username, buf, NAMELEN); sprintf(genbuf, "��ʵ���� [%s]: ", u->realname); getdata(i++, 0, genbuf, buf, NAMELEN, DOECHO, YEA); if (buf[0]) strncpy(newinfo.realname, buf, NAMELEN); sprintf(genbuf, "��ס��ַ [%s]: ", u->address); getdata(i++, 0, genbuf, buf, STRLEN - 10, DOECHO, YEA); if (buf[0]) strncpy(newinfo.address, buf, NAMELEN); sprintf(genbuf, "�������� [%s]: ", u->email); getdata(i++, 0, genbuf, buf, 48, DOECHO, YEA); if (buf[0]) { #ifdef MAILCHECK #ifdef MAILCHANGED if(u->uid == usernum) netty_check = 1; #endif #endif strncpy(newinfo.email, buf, 48); } sprintf(genbuf, "�ն˻���̬ [%s]: ", u->termtype); getdata(i++, 0, genbuf, buf, 16, DOECHO, YEA); if (buf[0]) strncpy(newinfo.termtype, buf, 16); sprintf(genbuf, "������ [%d]: ", u->birthyear + 1900); getdata(i++, 0, genbuf, buf, 5, DOECHO, YEA); if ( buf[0] && atoi(buf) > 1920 && atoi(buf) < 1998) newinfo.birthyear = atoi(buf) - 1900; sprintf(genbuf, "������ [%d]: ", u->birthmonth); getdata(i++, 0, genbuf, buf, 3, DOECHO, YEA); if (buf[0] && atoi(buf) >= 1 && atoi(buf) <= 12) newinfo.birthmonth = atoi(buf); sprintf(genbuf, "������ [%d]: ", u->birthday); getdata(i++, 0, genbuf, buf, 3, DOECHO, YEA); if (buf[0] && atoi(buf) >= 1 && atoi(buf) <= 31) newinfo.birthday = atoi(buf); sprintf(genbuf, "�Ա�(M.��)(F.Ů) [%c]: ", u->gender); getdata(i++, 0, genbuf, buf, 2, DOECHO, YEA); if (buf[0]) { if (strchr("MmFf", buf[0])) newinfo.gender = toupper(buf[0]); } if (real) uinfo_change1(i,u,&newinfo); break; case '2': if (!real) { getdata(i++, 0, "������ԭ����: ", buf, PASSLEN, NOECHO, YEA); if (*buf == '\0' || !checkpasswd(u->passwd, buf)) { prints("\n\n�ܱ�Ǹ, ����������벻��ȷ��\n"); fail++; break; } } getdata(i++, 0, "���趨������: ", buf, PASSLEN, NOECHO, YEA); if (buf[0] == '\0') { prints("\n\n�����趨ȡ��, ����ʹ�þ�����\n"); fail++; break; } strncpy(genbuf, buf, PASSLEN); getdata(i++, 0, "����������������: ", buf, PASSLEN, NOECHO, YEA); if (strncmp(buf, genbuf, PASSLEN)) { prints("\n\n������ȷ��ʧ��, ���趨�����롣\n"); fail++; break; } buf[8] = '\0'; strncpy(newinfo.passwd, genpasswd(buf), ENCPASSLEN); break; case '3': if (!real) { sprintf(genbuf, "Ŀǰʹ��ǩ���� [%d]: ", u->signature); getdata(i++, 0, genbuf, buf, 16, DOECHO, YEA); if (atoi(buf) > 0) newinfo.signature = atoi(buf); } else { struct user_info uin; extern int t_cmpuids(); if(t_search_ulist(&uin, t_cmpuids, unum, NA, NA)!=0) { prints("\n�Բ��𣬸��û�Ŀǰ�������ϡ�"); fail++; } else if(!strcmp(lookupuser.userid,"SYSOP")) { prints("\n�Բ����㲻������ SYSOP �� ID��"); fail++; } else { getdata(i++,0,"�µ�ʹ���ߴ���: ",genbuf,IDLEN+1,DOECHO, YEA); if (*genbuf != '\0') { if (getuser(genbuf)) { prints("\n�Բ���! �Ѿ���ͬ�� ID ��ʹ����\n"); fail++; } else { strncpy(newinfo.userid, genbuf, IDLEN + 2); } } else fail ++; } } break; default: clear(); return 0; } if (fail != 0) { pressreturn(); clear(); return 0; } if (askyn("ȷ��Ҫ�ı���", NA, YEA) == YEA) { if (real) { char secu[STRLEN]; sprintf(secu, "�� %s �Ļ������ϻ����롣", u->userid); securityreport1(secu); } if (strcmp(u->userid, newinfo.userid)) { sprintf(src, "mail/%c/%s", toupper(u->userid[0]), u->userid); sprintf(dst, "mail/%c/%s", toupper(newinfo.userid[0]), newinfo.userid); rename(src, dst); sethomepath(src, u->userid); sethomepath(dst, newinfo.userid); rename(src, dst); sethomefile(src, u->userid, "register"); unlink(src); sethomefile(src, u->userid, "register.old"); unlink(src); setuserid(unum, newinfo.userid); } if(!strcmp(u->userid, currentuser.userid)) { extern int WishNum; strncpy(uinfo.username,newinfo.username,NAMELEN); WishNum = 9999; } #ifdef MAILCHECK #ifdef MAILCHANGED if ((netty_check == 1)&&!HAS_PERM(PERM_SYSOP)) { sprintf(genbuf, "%s", BBSHOST); if ( (!strstr(newinfo.email, genbuf)) && (!invalidaddr(newinfo.email)) && (!invalid_email(newinfo.email))) { strcpy(u->email, newinfo.email); send_regmail(u); } else { move(t_lines - 5, 0); prints("\n������ĵ����ʼ���ַ ��[1;33m%s[m��\n",newinfo.email); prints("ˡ���ܱ�վ���ϣ�ϵͳ����Ͷ��ע���ţ������������...\n"); pressanykey(); return 0; } } #endif #endif memcpy(u, &newinfo, (size_t)sizeof(currentuser)); #ifdef MAILCHECK #ifdef MAILCHANGED if ((netty_check == 1)&&!HAS_PERM(PERM_SYSOP)) { newinfo.userlevel &= ~(PERM_LOGINOK | PERM_PAGE | PERM_MESSAGE); sethomefile(src, newinfo.userid, "register"); sethomefile(dst, newinfo.userid, "register.old"); rename(src, dst); } #endif #endif substitute_record(PASSFILE, &newinfo, sizeof(newinfo), unum); } clear(); return 0; }
int bbslpassport_main() { int uid, infochanged = 0; char id[IDLEN + 1], pw[PASSLEN], site[256], md5pass[MD5LEN], buf[384]; struct userec *x, tmpu; time_t t, dtime; html_header(3); strsncpy(id, strtrim(getparm("id")), IDLEN + 1); strsncpy(pw, getparm("pw"), PASSLEN); strsncpy(site, getparm("site"), 256); if (!id[0]) http_fatal("请输入帐号"); if (!site[0]) http_fatal("no..."); if (key_fail) http_fatal("内部错误, 联系维护!\n"); if ((uid = getuser(id, &x)) <= 0) { printf("%s<br>", id); http_fatal("错误的使用者帐号"); } strcpy(id, x->userid); if (!strcasecmp(id, "guest")) http_fatal("错误的使用者帐号"); if (checkbansite(fromhost)) { http_fatal ("对不起, 本站不欢迎来自 [%s] 的登录. <br>若有疑问, 请与SYSOP联系.", fromhost); } if (userbansite(x->userid, fromhost)) http_fatal("本ID已设置禁止从%s登录", fromhost); if (!checkpasswd(x->passwd, x->salt, pw)) { logattempt(x->userid, fromhost, "PASSPORT", now_t); http_fatal ("密码错误,如有疑问请联系站务组,提供注册资料找回密码"); } #if 0 if (!user_perm(x, PERM_BASIC)) http_fatal ("由于本帐号名称不符合帐号管理办法,已经被管理员禁止继续上站。<br>请用其他帐号登录在 <font color=red>" DEFAULTBOARD "</font> 版询问."); if (file_has_word(MY_BBS_HOME "/etc/prisonor", x->userid)) { if (x->inprison == 0) { memcpy(&tmpu, x, sizeof (tmpu)); tmpu.inprison = 1; tmpu.dieday = 2; updateuserec(&tmpu, 0); } http_fatal("安心改造,不要胡闹"); } if (x->dieday) http_fatal("死了?还要做什么? :)"); #endif t = x->lastlogin; memcpy(&tmpu, x, sizeof (tmpu)); if (tmpu.salt == 0) { tmpu.salt = getsalt_md5(); genpasswd(md5pass, tmpu.salt, pw); memcpy(tmpu.passwd, md5pass, MD5LEN); infochanged = 1; } #if 1 if (count_uindex(uid) == 0) { if (now_t - t > 1800) tmpu.numlogins++; infochanged = 1; tmpu.lastlogin = now_t; dtime = t - 4 * 3600; t = localtime(&dtime)->tm_mday; dtime = now_t - 4 * 3600; if (t < localtime(&dtime)->tm_mday && x->numdays < 60000) { tmpu.numdays++; } } #endif if (abs(t - now_t) < 20) { http_fatal("两次登录间隔过密!"); } if (x->lasthost != from_addr.s_addr) { tmpu.lasthost = from_addr.s_addr; infochanged = 1; } if (infochanged) updateuserec(&tmpu, 0); tracelog("%s enter %s passport %d %s", x->userid, fromhost, infochanged, getsenv("HTTP_X_FORWARDED_FOR")); printf ("<script>exDate = new Date; exDate.setMonth(exDate.getMonth()+9);" "document.cookie='pp=%s;path=/;expires=' + exDate.toGMTString();</script>", des3_encode(id, 0)); snprintf(buf, sizeof (buf), "http://%s?q=%s", site, des3_encode(id, 1)); redirect(buf); http_quit(); return 0; }
int bbslogin_main() { int n, t, infochanged = 0; time_t dtime; char filename[128], buf[256], id[20], pw[PASSLEN], url[10], *ub = FIRST_PAGE; char *ptr; char md5pass[MD5LEN]; struct userec *x, tmpu; int ipmask; int uid; html_header(3); if (loginok && !isguest) { sprintf(buf, "/" SMAGIC "/?t=%d", (int) now_t); redirect(buf); } strsncpy(id, strtrim(getparm("id")), 13); strsncpy(pw, getparm("pw"), PASSLEN); strsncpy(url, getparm("url"), 3); ipmask = atoi(getparm("ipmask")); if (!id[0]) { strcpy(id, "guest"); ipmask = 8; } if (!strcmp(MY_BBS_ID, "YTHT") && !strcmp(id, "guest")) { http_fatal("请输入用户名和密码以登录。"); } if (strcmp(id, "guest")) { ipmask = extandipmask(ipmask, getparm("lastip1"), realfromhost); ipmask = extandipmask(ipmask, getparm("lastip2"), realfromhost); } if ((uid = getuser(id, &x)) <= 0) { printf("%s<br>", id); http_fatal("错误的使用者帐号"); } strcpy(id, x->userid); if (strcasecmp(id, "guest")) { if (checkbansite(realfromhost)) { http_fatal ("对不起, 本站不欢迎来自 [%s] 的登录. <br>若有疑问, 请与SYSOP联系.", realfromhost); } if (userbansite(x->userid, realfromhost)) http_fatal("本ID已设置禁止从%s登录", realfromhost); if (!checkpasswd(x->passwd, x->salt, pw)) { logattempt(x->userid, realfromhost, "WWW", now_t); http_fatal ("密码错误,如有疑问请联系站务组,提供注册资料找回密码"); } if (!user_perm(x, PERM_BASIC)) http_fatal ("由于本帐号名称不符合帐号管理办法,已经被管理员禁止继续上站。<br>请用其他帐号登录在 <font color=red>" DEFAULTBOARD "</font> 版询问."); if (file_has_word(MY_BBS_HOME "/etc/prisonor", x->userid)) { if (x->inprison == 0) { memcpy(&tmpu, x, sizeof (tmpu)); tmpu.inprison = 1; tmpu.dieday = 2; updateuserec(&tmpu, 0); } http_fatal("安心改造,不要胡闹"); } if (x->dieday) http_fatal("死了?还要做什么? :)"); t = x->lastlogin; memcpy(&tmpu, x, sizeof (tmpu)); if (tmpu.salt == 0) { tmpu.salt = getsalt_md5(); genpasswd(md5pass, tmpu.salt, pw); memcpy(tmpu.passwd, md5pass, MD5LEN); infochanged = 1; } if (count_uindex(uid) == 0) { if (now_t - t > 1800) tmpu.numlogins++; infochanged = 1; tmpu.lastlogin = now_t; dtime = t - 4 * 3600; t = localtime(&dtime)->tm_mday; dtime = now_t - 4 * 3600; if (t < localtime(&dtime)->tm_mday && x->numdays < 60000) { tmpu.numdays++; } } if (abs(t - now_t) < 5) { http_fatal("两次登录间隔过密!"); } if (x->lasthost != from_addr.s_addr) { tmpu.lasthost = from_addr.s_addr; infochanged = 1; } if (infochanged) updateuserec(&tmpu, 0); currentuser = x; } ptr = getsenv("HTTP_X_FORWARDED_FOR"); tracelog("%s enter %s www %d %s", x->userid, realfromhost, infochanged, ptr); n = 0; if (loginok && isguest) { u_info->wwwinfo.iskicked = 1; } if (strcasecmp(id, "guest")) { sethomepath(filename, x->userid); mkdir(filename, 0755); strsncpy(buf, getparm("style"), 3); wwwstylenum = -1; if (isdigit(buf[0])) wwwstylenum = atoi(buf); if ((wwwstylenum > NWWWSTYLE || wwwstylenum < 0)) if (!readuservalue (x->userid, "wwwstyle", buf, sizeof (buf))) wwwstylenum = atoi(buf); if (wwwstylenum < 0 || wwwstylenum >= NWWWSTYLE) wwwstylenum = 1; currstyle = &wwwstyle[wwwstylenum]; } else { wwwstylenum = 1; currstyle = &wwwstyle[wwwstylenum]; } ub = wwwlogin(x, ipmask); #ifdef USESESSIONCOOKIE { extern char sessionCookie[]; printf ("<script>document.cookie='SESSION=%s; path=/';</script>", urlencode(sessionCookie)); } #endif if (!strcmp(url, "1")) { #if 1 printf ("<script>\n" "function URLencode(sStr) {\n" "return escape(sStr).replace(/\\+/g, '%%2C').replace(/\\\"/g,'%%22').replace(/\\'/g, '%%27');\n" "}\n" "a=window.opener.location.href;\n" "l=a.length;\n" "t=a.indexOf('/" SMAGIC "',1);\n" "t=a.indexOf('/',t+1);\n" //"nu=\"%s\"+\"?t=%ld&b=\"+URLencode(a.substring(t+1,l));\n" "nu=\"%s\"+\"?t=%ld&b=\"+a.substring(t+1,l);\n" "opener.top.location.href=nu;window.close();</script>", ub, now_t); #else printf ("<script>opener.top.location.href='%s?t=%d';window.close();</script>", ub, now_t); #endif } else { char buf[256]; if (strcmp(x->userid, "guest") && shouldbroadcast(uid)) sprintf(buf, "%s?t=%d&b=ooo", ub, (int) now_t); else sprintf(buf, "%s?t=%d", ub, (int) now_t); redirect(buf); } http_quit(); return 0; }