int
bbslogin_main()
{
int n, t;
time_t dtime;
char filename[128], buf[256], id[20], pw[20], url[10], *ub = FIRST_PAGE; // main_page[STRLEN];
struct userec *x;
int ipmask;
html_header(3);
strsncpy(id, getparm("id"), 13);
strsncpy(pw, getparm("pw"), 13);
strsncpy(url, getparm("url"), 3);
ipmask = atoi(getparm("ipmask"));
if (loginok && strcasecmp(id, currentuser.userid) && !isguest) {
http_fatal
("系统检测到目前你的计算机上已经登录有一个帐号 %s,请先退出.(选择正常logout)",
currentuser.userid);
}
if (!strcmp(id, "")) {
strcpy(id, "guest");
}
x = getuser(id);
if (x == 0) {
printf("%s<br>", id);
http_fatal("错误的使用者帐号");
}
strcpy(id, x->userid);
if (strcasecmp(id, "guest")) {
if (checkbansite(fromhost)) {
http_fatal
("对不起, 本站不欢迎来自 [%s] 的登录. <br>若有疑问, 请与SYSOP联系.",
fromhost);
}
if (userbansite(x->userid, fromhost))
http_fatal("本ID已设置禁止从%s登录", fromhost);
if (!checkpasswd(x->passwd, pw)) {
logattempt(x->userid, fromhost, "WWW", now_t);
http_fatal("密码错误");
}
if (!user_perm(x, PERM_BASIC))
http_fatal
("此帐号已被停机, 若有疑问, 请用其他帐号在sysop版询问.");
if (file_has_word(MY_BBS_HOME "/etc/prisonor", x->userid))
http_fatal("安心改造,不要胡闹");
if (x->dietime)
http_fatal("死了?还要做什么? :)");
t = x->lastlogin;
x->lastlogin = now_t;
if (abs(t - now_t) < 20) {
http_fatal("两次登录间隔过密!");
}
dtime = t - 4 * 3600;
t = localtime(&dtime)->tm_mday;
dtime = now_t - 4 * 3600;
if (t < localtime(&dtime)->tm_mday && x->numdays < 800)
x->numdays++;
x->numlogins++;
strsncpy(x->lasthost, fromhost, 16);
save_user_data(x);
currentuser = *x;
}
sprintf(buf, "%s enter %s www", x->userid, fromhost);
newtrace(buf);
n = 0;
if (loginok && isguest) {
bzero(u_info, sizeof (struct user_info));
}
if (strcasecmp(id, "guest")) {
sethomepath(filename, x->userid);
mkdir(filename, 0755);
strsncpy(buf, getparm("style"), 3);
wwwstylenum = -1;
if (isdigit(buf[0]))
wwwstylenum = atoi(buf);
if ((wwwstylenum > NWWWSTYLE || wwwstylenum < 0))
if (!readuservalue
(x->userid, "wwwstyle", buf, sizeof (buf)))
wwwstylenum = atoi(buf);
if (wwwstylenum < 0 || wwwstylenum >= NWWWSTYLE)
wwwstylenum = 1;
currstyle = &wwwstyle[wwwstylenum];
} else {
wwwstylenum = 1;
currstyle = &wwwstyle[wwwstylenum];
}
ub = wwwlogin(x, ipmask);
if (!strcmp(url, "1"))
/*printf("<link href=\"images/@byron.css\" rel=stylesheet type=\"text/css\">\n
<frameset cols=135,* frameSpacing=0 frameborder=no id=fs0>\n
<frame src=\"%sbbsleft?t=%ld\" name=f2 frameborder=no scrolling=no>\n
<frameset id=fs1 rows=0,*,18 frameSpacing=0 frameborder=no border=0>\n
<frame scrolling=no name=fmsg src=\"%sbbsmsg\">\n
<frame name=f3 src=\"%sbbsfoot\">\n
<frame scrolling=no name=f4 src=\"%sbbsfoot.htm\">\n
</frameset>\n
</frameset>\n", ub, now_t, ub, ub, ub);*/ //add by mintbaggio 040411 for new www
// html_header(3);
printf
("<script>opener.parent.f2.location.href=\"%sbbsleft?t=%ld\";\n"
"opener.parent.fmsg.location.href=\"%sbbsgetmsg\";\n"
//"opener.parent.f4.location.href=\"%sbbsfoot\";\n"
"a=window.opener.location.href;\n" "l=a.length;\n"
"t=a.indexOf('/" SMAGIC "',1);\n" "t=a.indexOf('/',t+1);\n"
"nu=\"%s\"+a.substring(t+1,l);\n"
"window.opener.location.href=nu;window.close();</script>",
ub, now_t, ub, ub, ub);
//}
else
redirect(ub);
//else {
// print_session_string(ub);
// html_header(3);
//
// sprintf(main_page, "/%s/", SMAGIC);
// redirect(main_page);
//}
http_quit();
return 0;
}
//struct file_to_appendix a;
int main()
{
FILE *fp;
char filename[80], dir[80], board[80], title[80], buf[80], *content, vfrom[80];
char tmpbuf [5], title2 [10];
char redirfile[80];
int r, i=0, length=0, sig, mode=0, accessed=0;
struct fileheader x;
struct shortfile *brd;
init_all();
if(!loginok)
http_fatal("匆匆过客不能发表文章,请先登录");
mode=atoi(getparm("mode"));
if(mode)
strsncpy(redirfile, getparm("redir"), 20);
strsncpy(board, getparm("board"), 18);
strsncpy(vfrom, getparm("vfrom"), 18);
if (!*vfrom)
{
strcpy(vfrom, board);
}
if(dashf("NOPOST")&&!HAS_PERM(PERM_OBOARDS)
&& insec(1,board)
)
http_fatal("对不起,系统进入只读状态,暂停发表文章.你先四处看看吧");
/* efan: very faint */
if (dashf ("NOPOST.2") && ! HAS_PERM (PERM_OBOARDS) && (
!strcmp (board, "VoiceofNankai") ||
!strcmp (board, "Military") ||
!strcmp (board, "TaiWan") ||
!strcmp (board, "Salon"))
)
http_fatal("对不起,本板进入只读状态,暂停发表文章");
if(!(currentuser.userlevel & PERM_POST)&&strcmp(board, "appeal")&&strcmp(board, "sysop"))
http_fatal("您尚未通过注册,暂无发表文章权限");
if(check_post_limit(board)) return 0;
strsncpy(title, getparm("title"), 50);
strsncpy (tmpbuf, getparm ("title2"), 5);
if (tmpbuf [0] != 0)
sprintf (title2, "【%s】", tmpbuf);
else
title2[0] = 0;
content=getparm("text");
brd=getbcache(board);
/* add by wzk for outgo post */
//out=strlen(getparm("out"));
//if (!(brd->flag & OUT_FLAG)) out=0;
/* end */
if(brd==0)
http_fatal("错误的讨论区名称");
strcpy(board, brd->filename);
//huangxu@070217:no_word_filter flag
int bd=0;
char temp[80];
if(!(brd->flag2&NOFILTER_FLAG)&&(bad_words(title) || bad_words (tmpbuf) || bad_words(content) )){
bd=1;
printf("您的文章可能包含不便显示的内容,已经提交审核。请返回并进行修改。");
sprintf(temp,"TEMP-%s",board);
strcpy(board,"TEMP");
}else
strcpy(temp,board);
for(i=0; i<strlen(title); i++)
if(title[i]<=27 && title[i]>=-1)
title[i]=' ';
sig=atoi(getparm("signature"));
if(title[0]==0)
http_fatal("文章必须要有标题");
if (title2 [0] == 0 && !strcmp (board, "Secondhand"))
http_fatal ("在Secondhand板请说清楚您的需要!");
if (tmpbuf [0] != ' ') {
char tmptmpbuf [80];
sprintf (tmptmpbuf, "%s%s", title2, title);
strcpy (title, tmptmpbuf);
}
sprintf(dir, "boards/%s/.DIR", board);
if(bd==0)
if(!has_post_perm(¤tuser, board))
http_fatal("此讨论区是唯读的, 或是您尚无权限在此发表文章.");
sprintf(filename, "boards/%s/deny_users", board);
if(file_has_word(filename, currentuser.userid))
http_fatal("很抱歉, 你被板务人员停止了本板的post权利.");
if(abs(time(0) - *(int*)(u_info->from+36))<6) {
*(int*)(u_info->from+36)=time(0);
http_fatal("两次发文间隔过密, 请休息几秒后再试");
}
*(int*)(u_info->from+36)=time(0);
sprintf(filename, "tmp/%d.%s.tmp", getpid(),currentuser.userid);
f_append(filename, content);
accessed=0;
if(strlen(getparm("noreply"))>0)
accessed=FILE_NOREPLY;
int outgo=0;
if(strlen(getparm("outgo"))>0)
outgo=1;
int attach=atoi(getparm("attach"));
r=0;
r=post_article2(temp, title, filename, currentuser.userid, currentuser.username, fromhost, sig-1, accessed, attach,outgo);
if(r<=0)
http_fatal("内部错误,无法发文");
char path[STRLEN];
/* while( appendix != NULL ) {
bzero(&a,sizeof(struct appendix));
strcpy(a.appendixname,appendix);
a.filename=r;
a.sign=0;
strcpy(a.path,board);
sprintf(path,"%s/file_appendix",UPLOAD_PATH);
append_record(&a,sizeof(struct appendix),path);
appendix = strtok( NULL, "," );
}
*/
sprintf(buf,"M.%d.A",r);
brc_init(currentuser.userid, board);
brc_add_read(buf);
brc_update(currentuser.userid, board);
unlink(filename);
sprintf(buf, "posted WWW '%s' on '%s'", title, board);
report(buf);
if(mode==0)
sprintf(buf, "bbsdoc?board=%s#bottom", vfrom);
else if(mode==1)
sprintf(buf, "bbstcon?board=%s&file=%s&vfrom=%s#bottom", board, redirfile, vfrom);
else if(mode==2)
sprintf(buf, "bbstdoc?board=%s#bottom", vfrom);
if(!junkboard(board))
{
currentuser.numposts++;
save_user_data(¤tuser);
// write_posts(currentuser.userid, board, title);
}
if(toptenboard(board))
{
write_posts(currentuser.userid, board, title);
}
else if(!strcmp("Blessing",board)) write_posts(currentuser.userid, board, title);
// return 0;
if(bd==0) redirect(buf);
}
int
bbslpassport_main()
{
int uid, infochanged = 0;
char id[IDLEN + 1], pw[PASSLEN], site[256], md5pass[MD5LEN], buf[384];
struct userec *x, tmpu;
time_t t, dtime;
html_header(3);
strsncpy(id, strtrim(getparm("id")), IDLEN + 1);
strsncpy(pw, getparm("pw"), PASSLEN);
strsncpy(site, getparm("site"), 256);
if (!id[0])
http_fatal("请输入帐号");
if (!site[0])
http_fatal("no...");
if (key_fail)
http_fatal("内部错误, 联系维护!\n");
if ((uid = getuser(id, &x)) <= 0) {
printf("%s<br>", id);
http_fatal("错误的使用者帐号");
}
strcpy(id, x->userid);
if (!strcasecmp(id, "guest"))
http_fatal("错误的使用者帐号");
if (checkbansite(fromhost)) {
http_fatal
("对不起, 本站不欢迎来自 [%s] 的登录. <br>若有疑问, 请与SYSOP联系.",
fromhost);
}
if (userbansite(x->userid, fromhost))
http_fatal("本ID已设置禁止从%s登录", fromhost);
if (!checkpasswd(x->passwd, x->salt, pw)) {
logattempt(x->userid, fromhost, "PASSPORT", now_t);
http_fatal
("密码错误,如有疑问请联系站务组,提供注册资料找回密码");
}
#if 0
if (!user_perm(x, PERM_BASIC))
http_fatal
("由于本帐号名称不符合帐号管理办法,已经被管理员禁止继续上站。<br>请用其他帐号登录在 <font color=red>"
DEFAULTBOARD "</font> 版询问.");
if (file_has_word(MY_BBS_HOME "/etc/prisonor", x->userid)) {
if (x->inprison == 0) {
memcpy(&tmpu, x, sizeof (tmpu));
tmpu.inprison = 1;
tmpu.dieday = 2;
updateuserec(&tmpu, 0);
}
http_fatal("安心改造,不要胡闹");
}
if (x->dieday)
http_fatal("死了?还要做什么? :)");
#endif
t = x->lastlogin;
memcpy(&tmpu, x, sizeof (tmpu));
if (tmpu.salt == 0) {
tmpu.salt = getsalt_md5();
genpasswd(md5pass, tmpu.salt, pw);
memcpy(tmpu.passwd, md5pass, MD5LEN);
infochanged = 1;
}
#if 1
if (count_uindex(uid) == 0) {
if (now_t - t > 1800)
tmpu.numlogins++;
infochanged = 1;
tmpu.lastlogin = now_t;
dtime = t - 4 * 3600;
t = localtime(&dtime)->tm_mday;
dtime = now_t - 4 * 3600;
if (t < localtime(&dtime)->tm_mday && x->numdays < 60000) {
tmpu.numdays++;
}
}
#endif
if (abs(t - now_t) < 20) {
http_fatal("两次登录间隔过密!");
}
if (x->lasthost != from_addr.s_addr) {
tmpu.lasthost = from_addr.s_addr;
infochanged = 1;
}
if (infochanged)
updateuserec(&tmpu, 0);
tracelog("%s enter %s passport %d %s", x->userid, fromhost, infochanged,
getsenv("HTTP_X_FORWARDED_FOR"));
printf
("<script>exDate = new Date; exDate.setMonth(exDate.getMonth()+9);"
"document.cookie='pp=%s;path=/;expires=' + exDate.toGMTString();</script>",
des3_encode(id, 0));
snprintf(buf, sizeof (buf), "http://%s?q=%s", site, des3_encode(id, 1));
redirect(buf);
http_quit();
return 0;
}
int wmllogin(char * buf)
{
char id[IDLEN + 2], pw[20];
struct userec *x;
struct user_info * uol[MULTI_LOGINS];
char buf2[256], filename[256];
int i, kick;
page_init(NULL);
strncpy(id, getparm("id"), IDLEN + 1);
strncpy(pw, getparm("pw"), 19);
if (!*pw)
{
strncpy(pw, getparm("pw2"), 19);
}
kick = atoi(getparm("kick")) - 1;
if (!strcasecmp(id, "SYSOP"))
{
strcpy (buf, "用户SYSOP登录受限。");
return -65536;
}
if(file_has_word(".bad_host", fromhost))
{
sprintf (buf, "对不起, 本站不欢迎来自 [%s] 的登录。 若有疑问, 请与SYSOP联系,", fromhost);
return -256;
}
if(loginok && strcasecmp(id, currentuser.userid))
{
sprintf (buf, "系统检测到目前你的计算机上已经登录有一个帐号 %s,请先退出。", currentuser.userid);
return 1;
}
x = getuser(id);
if (!x)
{
strcpy (buf, "错误的使用者帐号");
return -1;
}
sprintf(buf2, "home/%c/%s/badhost", toupper(x->userid[0]), x->userid);
if(bad_host(fromhost,buf2))
{
sprintf (buf, "对不起,此帐号已被设定为不可从 [%s] 登录本站。",fromhost);
return -257;
}
if(strcasecmp(id, "guest"))
{
if(!checkpasswd(x->passwd, pw))
{
if(*pw)
{
sleep(2);
getdatestring (time(0), NA);
sprintf(buf2, "%-12.12s %-30s %s[Wap]\n",id, datestring, fromhost);
sprintf(filename, "home/%c/%s/logins.bad", toupper(x->userid[0]), x->userid);
f_append(filename, buf2);
}
sprintf (buf, "密码错误");
return -2;
}
if (check_login_limit(x))
{
strcpy (buf, "此ID在24小时内上站次数过多,请稍候再来。");
return -4;
}
if(!user_perm(x, PERM_BASIC))
{
strcpy (buf, "此帐号已被停机。若有疑问,请用其他帐号在sysop版询问。");
return -5;
}
if (check_multi_d(x, uol, kick))
{
wml_httpheader();
wml_head();
printf ("<card title=\"登录 -- %s\">", BBSNAME);
printf ("<p>用户%s已经在本站登录了%d个线程,你需要踢掉一个才能登录。<br />", x->userid, MULTI_LOGINS);
for (i = 0; i < MULTI_LOGINS; i++)
{
printf ("#%d %s %s%s 发呆%d分<br />", i, uol[i]->from, uol[i]->mode >= 20000 ? "@" : "", ModeType(uol[i]->mode >= 20000 ? uol[i]->mode - 20000 : uol[i]->mode), (time(0) - uol[i]->idle_time) / 60);
}
printf ("踢掉哪个:<select name=\"inp_kick\">");
for (i = 0; i < MULTI_LOGINS; i++)
{
printf ("<option value=\"%d\">%d</option>", i + 1, i + 1);
}
printf ("</select><br />");
printf ("您的密码:<input type=\"password\" maxlength=\"8\" name=\"inp_pw\" /><br />");
printf ("<anchor><go href=\"login.wml?id=%s\" method=\"post\"><postfield name=\"pw\" value=\"$(inp_pw)\" /><postfield name=\"kick\" value=\"$(inp_kick)\" /></go>登录</anchor></p>", x->userid);
return 0;
}
x->lastlogin = time(0);
x->numlogins++;
strsncpy(x->lasthost, fromhost, 17);
save_user_data(x);
currentuser = *x;
}
report("WapEnter");
int iutmpnum, iutmpkey;
if (!wwwlogin(x, &iutmpnum, &iutmpkey))//0 : succeed
{
encodingtest();
sprintf(buf2, "%d", iutmpnum);
headerCookie("utmpnum", buf2);
sprintf(buf2, "%d", iutmpkey);
headerCookie("utmpkey", buf2);
headerCookie("utmpuserid", currentuser.userid);
wml_httpheader();
}
else
{
strcpy (buf, "抱歉,登录人数太多,请稍候再来:(");
return -65537;
}
sprintf (buf, "用户 %s 登录成功。", x->userid);
wml_head();
printf ("<card title=\"登录 -- %s\" ontimer=\"%s\">", BBSNAME, "bbsboa.wml");
printf ("<timer value=\"50\" />");
printf ("<p>");
w_hprintf(buf);
printf ("</p>");
printf ("<p>跳转中……</p>");
printf ("<p><anchor><go href=\"%s\" />如果不能自动跳转,请使用此链接。</anchor></p>", "bbsboa.wml");
return 0;
}
int
bbslogin_main()
{
int n, t, infochanged = 0;
time_t dtime;
char filename[128], buf[256], id[20], pw[PASSLEN], url[10], *ub =
FIRST_PAGE;
char *ptr;
char md5pass[MD5LEN];
struct userec *x, tmpu;
int ipmask;
int uid;
html_header(3);
if (loginok && !isguest) {
sprintf(buf, "/" SMAGIC "/?t=%d", (int) now_t);
redirect(buf);
}
strsncpy(id, strtrim(getparm("id")), 13);
strsncpy(pw, getparm("pw"), PASSLEN);
strsncpy(url, getparm("url"), 3);
ipmask = atoi(getparm("ipmask"));
if (!id[0]) {
strcpy(id, "guest");
ipmask = 8;
}
if (!strcmp(MY_BBS_ID, "YTHT") && !strcmp(id, "guest")) {
http_fatal("请输入用户名和密码以登录。");
}
if (strcmp(id, "guest")) {
ipmask = extandipmask(ipmask, getparm("lastip1"), realfromhost);
ipmask = extandipmask(ipmask, getparm("lastip2"), realfromhost);
}
if ((uid = getuser(id, &x)) <= 0) {
printf("%s<br>", id);
http_fatal("错误的使用者帐号");
}
strcpy(id, x->userid);
if (strcasecmp(id, "guest")) {
if (checkbansite(realfromhost)) {
http_fatal
("对不起, 本站不欢迎来自 [%s] 的登录. <br>若有疑问, 请与SYSOP联系.",
realfromhost);
}
if (userbansite(x->userid, realfromhost))
http_fatal("本ID已设置禁止从%s登录", realfromhost);
if (!checkpasswd(x->passwd, x->salt, pw)) {
logattempt(x->userid, realfromhost, "WWW", now_t);
http_fatal
("密码错误,如有疑问请联系站务组,提供注册资料找回密码");
}
if (!user_perm(x, PERM_BASIC))
http_fatal
("由于本帐号名称不符合帐号管理办法,已经被管理员禁止继续上站。<br>请用其他帐号登录在 <font color=red>"
DEFAULTBOARD "</font> 版询问.");
if (file_has_word(MY_BBS_HOME "/etc/prisonor", x->userid)) {
if (x->inprison == 0) {
memcpy(&tmpu, x, sizeof (tmpu));
tmpu.inprison = 1;
tmpu.dieday = 2;
updateuserec(&tmpu, 0);
}
http_fatal("安心改造,不要胡闹");
}
if (x->dieday)
http_fatal("死了?还要做什么? :)");
t = x->lastlogin;
memcpy(&tmpu, x, sizeof (tmpu));
if (tmpu.salt == 0) {
tmpu.salt = getsalt_md5();
genpasswd(md5pass, tmpu.salt, pw);
memcpy(tmpu.passwd, md5pass, MD5LEN);
infochanged = 1;
}
if (count_uindex(uid) == 0) {
if (now_t - t > 1800)
tmpu.numlogins++;
infochanged = 1;
tmpu.lastlogin = now_t;
dtime = t - 4 * 3600;
t = localtime(&dtime)->tm_mday;
dtime = now_t - 4 * 3600;
if (t < localtime(&dtime)->tm_mday
&& x->numdays < 60000) {
tmpu.numdays++;
}
}
if (abs(t - now_t) < 5) {
http_fatal("两次登录间隔过密!");
}
if (x->lasthost != from_addr.s_addr) {
tmpu.lasthost = from_addr.s_addr;
infochanged = 1;
}
if (infochanged)
updateuserec(&tmpu, 0);
currentuser = x;
}
ptr = getsenv("HTTP_X_FORWARDED_FOR");
tracelog("%s enter %s www %d %s", x->userid, realfromhost, infochanged,
ptr);
n = 0;
if (loginok && isguest) {
u_info->wwwinfo.iskicked = 1;
}
if (strcasecmp(id, "guest")) {
sethomepath(filename, x->userid);
mkdir(filename, 0755);
strsncpy(buf, getparm("style"), 3);
wwwstylenum = -1;
if (isdigit(buf[0]))
wwwstylenum = atoi(buf);
if ((wwwstylenum > NWWWSTYLE || wwwstylenum < 0))
if (!readuservalue
(x->userid, "wwwstyle", buf, sizeof (buf)))
wwwstylenum = atoi(buf);
if (wwwstylenum < 0 || wwwstylenum >= NWWWSTYLE)
wwwstylenum = 1;
currstyle = &wwwstyle[wwwstylenum];
} else {
wwwstylenum = 1;
currstyle = &wwwstyle[wwwstylenum];
}
ub = wwwlogin(x, ipmask);
#ifdef USESESSIONCOOKIE
{
extern char sessionCookie[];
printf
("<script>document.cookie='SESSION=%s; path=/';</script>",
urlencode(sessionCookie));
}
#endif
if (!strcmp(url, "1")) {
#if 1
printf
("<script>\n"
"function URLencode(sStr) {\n"
"return escape(sStr).replace(/\\+/g, '%%2C').replace(/\\\"/g,'%%22').replace(/\\'/g, '%%27');\n"
"}\n"
"a=window.opener.location.href;\n" "l=a.length;\n"
"t=a.indexOf('/" SMAGIC "',1);\n" "t=a.indexOf('/',t+1);\n"
//"nu=\"%s\"+\"?t=%ld&b=\"+URLencode(a.substring(t+1,l));\n"
"nu=\"%s\"+\"?t=%ld&b=\"+a.substring(t+1,l);\n"
"opener.top.location.href=nu;window.close();</script>",
ub, now_t);
#else
printf
("<script>opener.top.location.href='%s?t=%d';window.close();</script>",
ub, now_t);
#endif
} else {
char buf[256];
if (strcmp(x->userid, "guest") && shouldbroadcast(uid))
sprintf(buf, "%s?t=%d&b=ooo", ub, (int) now_t);
else
sprintf(buf, "%s?t=%d", ub, (int) now_t);
redirect(buf);
}
http_quit();
return 0;
}
