Exemplo n.º 1
0
int
bbslogout_main()
{
	struct userec *tmp;
	int st;
	char buf[50];
	int uid;
	html_header(1);
	//modified by safari@20091222
	if (!loginok) {
		redirect(FIRST_PAGE);
		http_quit();
		//http_fatal("你没有登录");
	}
	if (isguest)
		http_fatal("guest不带注销的");
	tmp = getuser(currentuser.userid);
	currentuser.numposts = tmp->numposts;
	currentuser.userlevel = tmp->userlevel;
	currentuser.numlogins = tmp->numlogins;
	currentuser.stay = tmp->stay;
	if (now_t > w_info->login_start_time) {
		st = now_t - w_info->login_start_time;
		if (st > 86400)
			errlog("Strange long stay time,%d!, logout, %s", st, currentuser.userid);
		else {
			currentuser.stay += st;
			sprintf(buf, "%s exitbbs %d", currentuser.userid, st);
			newtrace(buf);
		}
	}
	save_user_data(&currentuser);
	uid = u_info->uid;
	remove_uindex(u_info->uid, utmpent);
	bzero(u_info, sizeof (struct user_info));
	if ((currentuser.userlevel & PERM_BOARDS) && count_uindex(uid)==0)
		setbmstatus(&currentuser, 0);
	redirect(FIRST_PAGE);
	return 0;
}
Exemplo n.º 2
0
char *
wwwlogin(struct userec *user, int ipmask)
{
	FILE *fp, *fp1;
	int n, dolog = 0, st, clubnum, uid, i, nsearch;
	struct user_info *u;
	char ULIST[STRLEN];
	char genbuf[256], *urlbase, fname[80];
	uid = getusernum(user->userid) + 1;

	if ((urlbase = check_multi(user->userid, uid)))
		return urlbase;

	if (strcasecmp(user->userid, "guest") && count_uindex(uid) >= 3)
		http_fatal("您已经登录了三个帐号,不能再登录了");
//      如果要限制WWW登录窗口数 就打开这个注释. lepton

	gethostname(genbuf, 256);
	sprintf(ULIST, MY_BBS_HOME "/%s.%s", ULIST_BASE, genbuf);

	fp = fopen(ULIST, "a");
	flock(fileno(fp), LOCK_EX);
	nsearch = NSEARCH;
	//if (strcasecmp(user->userid, "guest"))
	//      nsearch = MAXACTIVE / 4;
	for (i = 0, n = iphash(fromhost) * (MAXACTIVE / NHASH); i < nsearch;
	     i++, n++) {
		if (n >= MAXACTIVE)
			n = 0;
		u = &(shm_utmp->uinfo[n]);
		if (u->active && u->pid == 1
		    && ((now_t - u->lasttime) > 20 * 60 || u->wwwinfo.iskicked)) {
			st = u->lasttime - u->wwwinfo.login_start_time;
			if (st > 86400) {
				errlog("Strange long stay time,%d!, drop %s",
				       st, u->userid);
				st = 86400;
			}
			sprintf(genbuf, "%s drop %d www", u->userid, st);
			newtrace(genbuf);
			remove_uindex(u->uid, n + 1);
			bzero(u, sizeof (struct user_info));
		}
		if (!dolog && u->active == 0) {
			u_info = u;
			bzero(u, sizeof (struct user_info));
			u->active = 1;
			u->uid = uid;
			u->pid = 1;
			//u->pid = thispid;			//modify by mintbaggio@BMY for kill www user
			u->mode = LOGIN;
			if (strcasecmp(user->userid, "guest"))
				u_info->unreadmsg = get_unreadmsg(user->userid);
			else
				u_info->unreadmsg = 0;
			u->userlevel = user->userlevel;
			u->lasttime = now_t;
			u->curboard = 0;
			if (user_perm(user, PERM_LOGINCLOAK) &&
			    (user->flags[0] & CLOAK_FLAG))
				u->invisible = YEA;
			u->pager = 0;
			if (user->userdefine & DEF_FRIENDCALL)
				u->pager |= FRIEND_PAGER;
			if (user->flags[0] & PAGER_FLAG) {
				u->pager |= ALL_PAGER;
				u->pager |= FRIEND_PAGER;
			}
			if (user->userdefine & DEF_FRIENDMSG)
				u->pager |= FRIENDMSG_PAGER;
			if (user->userdefine & DEF_ALLMSG) {
				u->pager |= ALLMSG_PAGER;
				u->pager |= FRIENDMSG_PAGER;
			}
			strsncpy(u->from, fromhost, 24);
			strsncpy(u->username, user->username, NAMELEN);
			strsncpy(u->userid, user->userid, IDLEN + 1);
			getrandomstr(u->sessionid);
			if (strcasecmp(user->userid, "guest"))
				initfriends(u);
			else
				memset(u->friend, 0, sizeof (u->friend));
			urlbase = makeurlbase(n);
			w_info = &(u_info->wwwinfo);
			w_info->login_start_time = now_t;
			w_info->ipmask = ipmask;
			if (strcasecmp(user->userid, "guest")) {
				sethomefile(fname, user->userid, "clubrights");
				if ((fp1 = fopen(fname, "r")) == NULL) {
					memset(u_info->clubrights, 0,
					       4 * sizeof (int));
				} else {
					while (fgets(genbuf, STRLEN, fp1) !=
					       NULL) {
						clubnum = atoi(genbuf);
						u_info->clubrights[clubnum /
								   32] |=
						    (1 << clubnum % 32);
					}
					fclose(fp1);
				}

				set_my_cookie();
			} else {
				memset(u_info->clubrights, 0, 4 * sizeof (int));
				w_info->t_lines = 20;
				w_info->att_mode = 0;
				w_info->doc_mode = 1;
			}
			dolog = 1;
			add_uindex(u->uid, n + 1);
		}
	}
Exemplo n.º 3
0
int
bbslogin_main()
{
	int n, t, infochanged = 0;
	time_t dtime;
	char filename[128], buf[256], id[20], pw[PASSLEN], url[10], *ub =
	    FIRST_PAGE;
	char *ptr;
	char md5pass[MD5LEN];
	struct userec *x, tmpu;
	int ipmask;
	int uid;
	html_header(3);

	if (loginok && !isguest) {
		sprintf(buf, "/" SMAGIC "/?t=%d", (int) now_t);
		redirect(buf);
	}

	strsncpy(id, strtrim(getparm("id")), 13);
	strsncpy(pw, getparm("pw"), PASSLEN);
	strsncpy(url, getparm("url"), 3);
	ipmask = atoi(getparm("ipmask"));
	if (!id[0]) {
		strcpy(id, "guest");
		ipmask = 8;
	}
	if (!strcmp(MY_BBS_ID, "YTHT") && !strcmp(id, "guest")) {
		http_fatal("请输入用户名和密码以登录。");
	}
	if (strcmp(id, "guest")) {
		ipmask = extandipmask(ipmask, getparm("lastip1"), realfromhost);
		ipmask = extandipmask(ipmask, getparm("lastip2"), realfromhost);
	}
	if ((uid = getuser(id, &x)) <= 0) {
		printf("%s<br>", id);
		http_fatal("错误的使用者帐号");
	}
	strcpy(id, x->userid);
	if (strcasecmp(id, "guest")) {
		if (checkbansite(realfromhost)) {
			http_fatal
			    ("对不起, 本站不欢迎来自 [%s] 的登录. <br>若有疑问, 请与SYSOP联系.",
			     realfromhost);
		}
		if (userbansite(x->userid, realfromhost))
			http_fatal("本ID已设置禁止从%s登录", realfromhost);
		if (!checkpasswd(x->passwd, x->salt, pw)) {
			logattempt(x->userid, realfromhost, "WWW", now_t);
			http_fatal
			    ("密码错误,如有疑问请联系站务组,提供注册资料找回密码");
		}
		if (!user_perm(x, PERM_BASIC))
			http_fatal
			    ("由于本帐号名称不符合帐号管理办法,已经被管理员禁止继续上站。<br>请用其他帐号登录在 <font color=red>"
			     DEFAULTBOARD "</font> 版询问.");
		if (file_has_word(MY_BBS_HOME "/etc/prisonor", x->userid)) {
			if (x->inprison == 0) {
				memcpy(&tmpu, x, sizeof (tmpu));
				tmpu.inprison = 1;
				tmpu.dieday = 2;
				updateuserec(&tmpu, 0);
			}
			http_fatal("安心改造,不要胡闹");
		}
		if (x->dieday)
			http_fatal("死了?还要做什么? :)");
		t = x->lastlogin;
		memcpy(&tmpu, x, sizeof (tmpu));
		if (tmpu.salt == 0) {
			tmpu.salt = getsalt_md5();
			genpasswd(md5pass, tmpu.salt, pw);
			memcpy(tmpu.passwd, md5pass, MD5LEN);
			infochanged = 1;
		}
		if (count_uindex(uid) == 0) {
			if (now_t - t > 1800)
				tmpu.numlogins++;
			infochanged = 1;
			tmpu.lastlogin = now_t;
			dtime = t - 4 * 3600;
			t = localtime(&dtime)->tm_mday;
			dtime = now_t - 4 * 3600;
			if (t < localtime(&dtime)->tm_mday
			    && x->numdays < 60000) {
				tmpu.numdays++;
			}
		}
		if (abs(t - now_t) < 5) {
			http_fatal("两次登录间隔过密!");
		}

		if (x->lasthost != from_addr.s_addr) {
			tmpu.lasthost = from_addr.s_addr;
			infochanged = 1;
		}
		if (infochanged)
			updateuserec(&tmpu, 0);
		currentuser = x;
	}
	ptr = getsenv("HTTP_X_FORWARDED_FOR");
	tracelog("%s enter %s www %d %s", x->userid, realfromhost, infochanged,
		 ptr);
	n = 0;
	if (loginok && isguest) {
		u_info->wwwinfo.iskicked = 1;
	}
	if (strcasecmp(id, "guest")) {
		sethomepath(filename, x->userid);
		mkdir(filename, 0755);

		strsncpy(buf, getparm("style"), 3);
		wwwstylenum = -1;
		if (isdigit(buf[0]))
			wwwstylenum = atoi(buf);
		if ((wwwstylenum > NWWWSTYLE || wwwstylenum < 0))
			if (!readuservalue
			    (x->userid, "wwwstyle", buf, sizeof (buf)))
				wwwstylenum = atoi(buf);
		if (wwwstylenum < 0 || wwwstylenum >= NWWWSTYLE)
			wwwstylenum = 1;
		currstyle = &wwwstyle[wwwstylenum];
	} else {
		wwwstylenum = 1;
		currstyle = &wwwstyle[wwwstylenum];

	}
	ub = wwwlogin(x, ipmask);
#ifdef USESESSIONCOOKIE
	{
		extern char sessionCookie[];
		printf
		    ("<script>document.cookie='SESSION=%s; path=/';</script>",
		     urlencode(sessionCookie));
	}
#endif
	if (!strcmp(url, "1")) {
#if 1
		printf
		    ("<script>\n"
		     "function URLencode(sStr) {\n"
		     "return escape(sStr).replace(/\\+/g, '%%2C').replace(/\\\"/g,'%%22').replace(/\\'/g, '%%27');\n"
		     "}\n"
		     "a=window.opener.location.href;\n" "l=a.length;\n"
		     "t=a.indexOf('/" SMAGIC "',1);\n" "t=a.indexOf('/',t+1);\n"
		     //"nu=\"%s\"+\"?t=%ld&b=\"+URLencode(a.substring(t+1,l));\n"
		     "nu=\"%s\"+\"?t=%ld&b=\"+a.substring(t+1,l);\n"
		     "opener.top.location.href=nu;window.close();</script>",
		     ub, now_t);
#else
		printf
		    ("<script>opener.top.location.href='%s?t=%d';window.close();</script>",
		     ub, now_t);
#endif
	} else {
		char buf[256];
		if (strcmp(x->userid, "guest") && shouldbroadcast(uid))
			sprintf(buf, "%s?t=%d&b=ooo", ub, (int) now_t);
		else
			sprintf(buf, "%s?t=%d", ub, (int) now_t);
		redirect(buf);
	}
	http_quit();
	return 0;
}
Exemplo n.º 4
0
int
bbslpassport_main()
{
	int uid, infochanged = 0;
	char id[IDLEN + 1], pw[PASSLEN], site[256], md5pass[MD5LEN], buf[384];
	struct userec *x, tmpu;
	time_t t, dtime;
	html_header(3);
	strsncpy(id, strtrim(getparm("id")), IDLEN + 1);
	strsncpy(pw, getparm("pw"), PASSLEN);
	strsncpy(site, getparm("site"), 256);

	if (!id[0])
		http_fatal("请输入帐号");
	if (!site[0])
		http_fatal("no...");
	if (key_fail)
		http_fatal("内部错误, 联系维护!\n");
	if ((uid = getuser(id, &x)) <= 0) {
		printf("%s<br>", id);
		http_fatal("错误的使用者帐号");
	}
	strcpy(id, x->userid);
	if (!strcasecmp(id, "guest"))
		http_fatal("错误的使用者帐号");

	if (checkbansite(fromhost)) {
		http_fatal
		    ("对不起, 本站不欢迎来自 [%s] 的登录. <br>若有疑问, 请与SYSOP联系.",
		     fromhost);
	}
	if (userbansite(x->userid, fromhost))
		http_fatal("本ID已设置禁止从%s登录", fromhost);
	if (!checkpasswd(x->passwd, x->salt, pw)) {
		logattempt(x->userid, fromhost, "PASSPORT", now_t);
		http_fatal
		    ("密码错误,如有疑问请联系站务组,提供注册资料找回密码");
	}
#if 0
	if (!user_perm(x, PERM_BASIC))
		http_fatal
		    ("由于本帐号名称不符合帐号管理办法,已经被管理员禁止继续上站。<br>请用其他帐号登录在 <font color=red>"
		     DEFAULTBOARD "</font> 版询问.");
	if (file_has_word(MY_BBS_HOME "/etc/prisonor", x->userid)) {
		if (x->inprison == 0) {
			memcpy(&tmpu, x, sizeof (tmpu));
			tmpu.inprison = 1;
			tmpu.dieday = 2;
			updateuserec(&tmpu, 0);
		}
		http_fatal("安心改造,不要胡闹");
	}
	if (x->dieday)
		http_fatal("死了?还要做什么? :)");
#endif
	t = x->lastlogin;
	memcpy(&tmpu, x, sizeof (tmpu));
	if (tmpu.salt == 0) {
		tmpu.salt = getsalt_md5();
		genpasswd(md5pass, tmpu.salt, pw);
		memcpy(tmpu.passwd, md5pass, MD5LEN);
		infochanged = 1;
	}
#if 1
	if (count_uindex(uid) == 0) {
		if (now_t - t > 1800)
			tmpu.numlogins++;
		infochanged = 1;
		tmpu.lastlogin = now_t;
		dtime = t - 4 * 3600;
		t = localtime(&dtime)->tm_mday;
		dtime = now_t - 4 * 3600;
		if (t < localtime(&dtime)->tm_mday && x->numdays < 60000) {
			tmpu.numdays++;
		}
	}
#endif
	if (abs(t - now_t) < 20) {
		http_fatal("两次登录间隔过密!");
	}

	if (x->lasthost != from_addr.s_addr) {
		tmpu.lasthost = from_addr.s_addr;
		infochanged = 1;
	}
	if (infochanged)
		updateuserec(&tmpu, 0);
	tracelog("%s enter %s passport %d %s", x->userid, fromhost, infochanged,
		 getsenv("HTTP_X_FORWARDED_FOR"));
	printf
	    ("<script>exDate = new Date; exDate.setMonth(exDate.getMonth()+9);"
	     "document.cookie='pp=%s;path=/;expires=' + exDate.toGMTString();</script>",
	     des3_encode(id, 0));
	snprintf(buf, sizeof (buf), "http://%s?q=%s", site, des3_encode(id, 1));
	redirect(buf);
	http_quit();
	return 0;
}
Exemplo n.º 5
0
char *
wwwlogin(struct userec *user, int ipmask)
{
	FILE *fp1;
	int fd;
	int n, uid;
	struct user_info u;
	char *urlbase, fname[80];
	char buf[20];
	uid = getuser(user->userid, NULL);
	fd = open(MY_BBS_HOME "/" ULIST_BASE "." MY_BBS_DOMAIN, O_WRONLY);
	flock(fd, LOCK_EX);

	if ((urlbase = check_multi(user->userid, uid))) {
		flock(fd, LOCK_UN);
		close(fd);
		return urlbase;
	}

	if (strcasecmp(user->userid, "guest") && count_uindex(uid) >= 3) {
		flock(fd, LOCK_UN);
		close(fd);
		http_fatal("您已经登录了三个帐号,不能再登录了");
	}
	bzero(&u, sizeof (struct user_info));
	u.active = 1;
	u.uid = uid;
	u.pid = 1;
	u.mode = LOGIN;
	u.userlevel = user->userlevel;
	u.lasttime = now_t;
	u.curboard = 0;
	if (user_perm(user, PERM_LOGINCLOAK) && (user->flags[0] & CLOAK_FLAG))
		u.invisible = YEA;
	u.pager = 0;
	if (user->userdefine & DEF_FRIENDCALL)
		u.pager |= FRIEND_PAGER;
	if (user->flags[0] & PAGER_FLAG) {
		u.pager |= ALL_PAGER;
		u.pager |= FRIEND_PAGER;
	}
	if (user->userdefine & DEF_FRIENDMSG)
		u.pager |= FRIENDMSG_PAGER;
	if (user->userdefine & DEF_ALLMSG) {
		u.pager |= ALLMSG_PAGER;
		u.pager |= FRIENDMSG_PAGER;
	}
	strsncpy(u.from, fromhost, sizeof (u.from));
	u.fromIP = from_addr.s_addr;
	strsncpy(u.username, user->username, NAMELEN);
	strsncpy(u.userid, user->userid, IDLEN + 1);
	getrandomstr(u.sessionid);
	n = utmp_login(&u);
	if (n > MAXACTIVERUN || n <= 0) {
		flock(fd, LOCK_UN);
		close(fd);
		http_fatal
		    ("抱歉,目前在线用户数已达上限%d,无法登录。请稍后再来。",
		     MAXACTIVERUN);
	}
	flock(fd, LOCK_UN);
	close(fd);
	n--;
	urlbase = makeurlbase(n, uid);
	u_info = &(shm_utmp->uinfo[n]);
	w_info = &(u_info->wwwinfo);
	w_info->login_start_time = now_t;
	w_info->ipmask = ipmask;
	if (strcasecmp(user->userid, "guest")) {
		u_info->unreadmsg = get_unreadcount(user->userid);
		initfriends(u_info);
		sethomefile(fname, user->userid, "clubrights");
		if ((fp1 = fopen(fname, "r")) == NULL) {
			memset(u_info->clubrights, 0, CLUB_SIZE * sizeof (int));
		} else {
			fread(&(u_info->clubrights), sizeof (int), CLUB_SIZE,
			      fp1);
			fclose(fp1);
		}
		if (readuservalue(user->userid, "signature", buf, sizeof (buf))
		    >= 0)
			u_info->signature = atoi(buf);
		w_info->edit_mode = 1;
		set_my_cookie();
	} else {
		u_info->unreadmsg = 0;
		memset(u_info->friend, 0, sizeof (u.friend));
		memset(u_info->clubrights, 0, CLUB_SIZE * sizeof (int));
		w_info->t_lines = 20;
		w_info->att_mode = 0;
		w_info->doc_mode = 1;
	}

	if ((user->userlevel & PERM_BOARDS))
		setbmstatus(user, 1);
	return urlbase;
}