示例#1
0
int
bbslogin_main()
{
	int n, t;
	time_t dtime;
	char filename[128], buf[256], id[20], pw[20], url[10], *ub = FIRST_PAGE; // main_page[STRLEN];
	struct userec *x;
	int ipmask;
	html_header(3);
	strsncpy(id, getparm("id"), 13);
	strsncpy(pw, getparm("pw"), 13);
	strsncpy(url, getparm("url"), 3);
	ipmask = atoi(getparm("ipmask"));

	if (loginok && strcasecmp(id, currentuser.userid) && !isguest) {
		http_fatal
		    ("系统检测到目前你的计算机上已经登录有一个帐号 %s,请先退出.(选择正常logout)",
		     currentuser.userid);
	}
	if (!strcmp(id, "")) {
		strcpy(id, "guest");
	}
	x = getuser(id);
	if (x == 0) {
		printf("%s<br>", id);
		http_fatal("错误的使用者帐号");
	}
	strcpy(id, x->userid);
	if (strcasecmp(id, "guest")) {
		if (checkbansite(fromhost)) {
			http_fatal
			    ("对不起, 本站不欢迎来自 [%s] 的登录. <br>若有疑问, 请与SYSOP联系.",
			     fromhost);
		}
		if (userbansite(x->userid, fromhost))
			http_fatal("本ID已设置禁止从%s登录", fromhost);
		if (!checkpasswd(x->passwd, pw)) {
			logattempt(x->userid, fromhost, "WWW", now_t);
			http_fatal("密码错误");
		}
		if (!user_perm(x, PERM_BASIC))
			http_fatal
			    ("此帐号已被停机, 若有疑问, 请用其他帐号在sysop版询问.");
		if (file_has_word(MY_BBS_HOME "/etc/prisonor", x->userid))
			http_fatal("安心改造,不要胡闹");
		if (x->dietime)
			http_fatal("死了?还要做什么? :)");
		t = x->lastlogin;
		x->lastlogin = now_t;
		if (abs(t - now_t) < 20) {
			http_fatal("两次登录间隔过密!");
		}

		dtime = t - 4 * 3600;
		t = localtime(&dtime)->tm_mday;
		dtime = now_t - 4 * 3600;
		if (t < localtime(&dtime)->tm_mday && x->numdays < 800)
			x->numdays++;
		x->numlogins++;
		strsncpy(x->lasthost, fromhost, 16);
		save_user_data(x);
		currentuser = *x;
	}
	sprintf(buf, "%s enter %s www", x->userid, fromhost);
	newtrace(buf);
	n = 0;
	if (loginok && isguest) {
		bzero(u_info, sizeof (struct user_info));
	}
	if (strcasecmp(id, "guest")) {
		sethomepath(filename, x->userid);
		mkdir(filename, 0755);

		strsncpy(buf, getparm("style"), 3);
		wwwstylenum = -1;
		if (isdigit(buf[0]))
			wwwstylenum = atoi(buf);
		if ((wwwstylenum > NWWWSTYLE || wwwstylenum < 0))
			if (!readuservalue
			    (x->userid, "wwwstyle", buf, sizeof (buf)))
				    wwwstylenum = atoi(buf);
		if (wwwstylenum < 0 || wwwstylenum >= NWWWSTYLE)
			wwwstylenum = 1;
		currstyle = &wwwstyle[wwwstylenum];
	} else {
		wwwstylenum = 1;
		currstyle = &wwwstyle[wwwstylenum];

	}

	ub = wwwlogin(x, ipmask);
	if (!strcmp(url, "1")) 
		/*printf("<link href=\"images/@byron.css\" rel=stylesheet type=\"text/css\">\n
			<frameset cols=135,* frameSpacing=0 frameborder=no id=fs0>\n
			<frame src=\"%sbbsleft?t=%ld\" name=f2 frameborder=no scrolling=no>\n
			<frameset id=fs1 rows=0,*,18 frameSpacing=0 frameborder=no border=0>\n
			<frame scrolling=no name=fmsg src=\"%sbbsmsg\">\n
			<frame name=f3 src=\"%sbbsfoot\">\n
			<frame scrolling=no name=f4 src=\"%sbbsfoot.htm\">\n
			</frameset>\n
			</frameset>\n", ub, now_t, ub, ub, ub);*/			//add by mintbaggio 040411 for new www

	//	html_header(3);

		printf
		    ("<script>opener.parent.f2.location.href=\"%sbbsleft?t=%ld\";\n"
		     "opener.parent.fmsg.location.href=\"%sbbsgetmsg\";\n"
		     //"opener.parent.f4.location.href=\"%sbbsfoot\";\n"
		     "a=window.opener.location.href;\n" "l=a.length;\n"
		     "t=a.indexOf('/" SMAGIC "',1);\n" "t=a.indexOf('/',t+1);\n"
		     "nu=\"%s\"+a.substring(t+1,l);\n"
		     "window.opener.location.href=nu;window.close();</script>",
		     ub, now_t, ub, ub, ub);

		
	//}
	else
		redirect(ub);
	//else {
	//	print_session_string(ub);
	//	html_header(3);
	//	
	//	sprintf(main_page, "/%s/", SMAGIC);
	//	redirect(main_page);
	//}
	http_quit();
	return 0;
}
示例#2
0
static void login_query() {
    char uid[IDLEN + 1], passbuf[PASSLEN];
    int attempts;
    char genbuf[200];
    extern struct utmpfile_t *utmpshm;
    resolve_utmp();
    attach_uhash();
    attempts = utmpshm->number;
    show_file("etc/Welcome", 1, -1, NO_RELOAD);
    output("1",1);
    if(attempts >= MAX_ACTIVE) {
	outs("由於人數太多,請您稍後再來。\n");
	refresh();
	exit(1);
    }

    /* hint */
    
    attempts = 0;
    while(1) {

	if(attempts++ >= LOGINATTEMPTS) {
	    more("etc/goodbye", NA);
	    pressanykey();
	    exit(1);
	}

	getdata(20, 0, "請輸入代號,或以[guest]參觀,以[new]註冊:",
		uid, IDLEN + 1, DOECHO);
	if(strcasecmp(uid, str_new) == 0) {
#ifdef LOGINASNEW
	    new_register();
	    break;
#else
	    outs("本系統目前無法以 new 註冊, 請用 guest 進入\n");
	    continue;
#endif
	} else if(uid[0] == '\0' || !dosearchuser(uid)) {
	    outs(err_uid);
	} else if(strcmp(uid, STR_GUEST)) {
	    getdata(21, 0, MSG_PASSWD, passbuf, PASSLEN, NOECHO);
	    passbuf[8] = '\0';
	    
	    if(!checkpasswd(cuser.passwd, passbuf) /* ||
	       (HAS_PERM(PERM_SYSOP) && !use_shell_login_mode)*/) {
		logattempt(cuser.userid, '-');
		outs(ERR_PASSWD);
	    } else {
		logattempt(cuser.userid, ' ');
		if(strcasecmp("SYSOP", cuser.userid) == 0)
		    cuser.userlevel = PERM_BASIC | PERM_CHAT | PERM_PAGE |
			PERM_POST | PERM_LOGINOK | PERM_MAILLIMIT |
			PERM_CLOAK | PERM_SEECLOAK | PERM_XEMPT |
			PERM_DENYPOST | PERM_BM | PERM_ACCOUNTS |
			PERM_CHATROOM | PERM_BOARD | PERM_SYSOP |
			PERM_BBSADM;
		break;
	    }
	} else {	/* guest */
	    cuser.userlevel = 0;
	    cuser.uflag = COLOR_FLAG | PAGER_FLAG | BRDSORT_FLAG | MOVIE_FLAG;
	    break;
	}
    }
    multi_user_check();
    sethomepath(genbuf, cuser.userid);
    mkdir(genbuf, 0755);
}
示例#3
0
int
bbslpassport_main()
{
	int uid, infochanged = 0;
	char id[IDLEN + 1], pw[PASSLEN], site[256], md5pass[MD5LEN], buf[384];
	struct userec *x, tmpu;
	time_t t, dtime;
	html_header(3);
	strsncpy(id, strtrim(getparm("id")), IDLEN + 1);
	strsncpy(pw, getparm("pw"), PASSLEN);
	strsncpy(site, getparm("site"), 256);

	if (!id[0])
		http_fatal("请输入帐号");
	if (!site[0])
		http_fatal("no...");
	if (key_fail)
		http_fatal("内部错误, 联系维护!\n");
	if ((uid = getuser(id, &x)) <= 0) {
		printf("%s<br>", id);
		http_fatal("错误的使用者帐号");
	}
	strcpy(id, x->userid);
	if (!strcasecmp(id, "guest"))
		http_fatal("错误的使用者帐号");

	if (checkbansite(fromhost)) {
		http_fatal
		    ("对不起, 本站不欢迎来自 [%s] 的登录. <br>若有疑问, 请与SYSOP联系.",
		     fromhost);
	}
	if (userbansite(x->userid, fromhost))
		http_fatal("本ID已设置禁止从%s登录", fromhost);
	if (!checkpasswd(x->passwd, x->salt, pw)) {
		logattempt(x->userid, fromhost, "PASSPORT", now_t);
		http_fatal
		    ("密码错误,如有疑问请联系站务组,提供注册资料找回密码");
	}
#if 0
	if (!user_perm(x, PERM_BASIC))
		http_fatal
		    ("由于本帐号名称不符合帐号管理办法,已经被管理员禁止继续上站。<br>请用其他帐号登录在 <font color=red>"
		     DEFAULTBOARD "</font> 版询问.");
	if (file_has_word(MY_BBS_HOME "/etc/prisonor", x->userid)) {
		if (x->inprison == 0) {
			memcpy(&tmpu, x, sizeof (tmpu));
			tmpu.inprison = 1;
			tmpu.dieday = 2;
			updateuserec(&tmpu, 0);
		}
		http_fatal("安心改造,不要胡闹");
	}
	if (x->dieday)
		http_fatal("死了?还要做什么? :)");
#endif
	t = x->lastlogin;
	memcpy(&tmpu, x, sizeof (tmpu));
	if (tmpu.salt == 0) {
		tmpu.salt = getsalt_md5();
		genpasswd(md5pass, tmpu.salt, pw);
		memcpy(tmpu.passwd, md5pass, MD5LEN);
		infochanged = 1;
	}
#if 1
	if (count_uindex(uid) == 0) {
		if (now_t - t > 1800)
			tmpu.numlogins++;
		infochanged = 1;
		tmpu.lastlogin = now_t;
		dtime = t - 4 * 3600;
		t = localtime(&dtime)->tm_mday;
		dtime = now_t - 4 * 3600;
		if (t < localtime(&dtime)->tm_mday && x->numdays < 60000) {
			tmpu.numdays++;
		}
	}
#endif
	if (abs(t - now_t) < 20) {
		http_fatal("两次登录间隔过密!");
	}

	if (x->lasthost != from_addr.s_addr) {
		tmpu.lasthost = from_addr.s_addr;
		infochanged = 1;
	}
	if (infochanged)
		updateuserec(&tmpu, 0);
	tracelog("%s enter %s passport %d %s", x->userid, fromhost, infochanged,
		 getsenv("HTTP_X_FORWARDED_FOR"));
	printf
	    ("<script>exDate = new Date; exDate.setMonth(exDate.getMonth()+9);"
	     "document.cookie='pp=%s;path=/;expires=' + exDate.toGMTString();</script>",
	     des3_encode(id, 0));
	snprintf(buf, sizeof (buf), "http://%s?q=%s", site, des3_encode(id, 1));
	redirect(buf);
	http_quit();
	return 0;
}
示例#4
0
文件: mbbsd.c 项目: yrchen/Athena
static void
login_query()
{
	char		uid       [IDLEN + 1], passbuf[PASSLEN];
	int		attempts;
	char		genbuf    [200];

	resolve_utmp();
	attempts = utmpshm->number;
	clear();

#ifdef CAMERA
	film_out(time(0) % 5, 0);
#else
	show_file("etc/Welcome0", 0, 20, ONLY_COLOR);
#endif

	if (attempts >= MAXACTIVE) {
		pressanykey("目前站上人數已達上限,請您稍後再來。");
		oflush();
		sleep(1);
		exit(1);
	}
	attempts = 0;
	while (1) {
		if (attempts++ >= LOGINATTEMPTS) {
			more("etc/goodbye", NA);
			pressanykey_old("錯誤太多次,掰掰~~~~~");
			exit(1);
		}
		uid[0] = '\0';
		getdata(22, 2, "您的代號:", uid, IDLEN + 1, DOECHO, 0);
		if (strcasecmp(uid, str_new) == 0) {

#ifdef LOGINASNEW
			DL_func("SO/register.so:va_new_register", 0);
			break;
#else
			pressanykey("本系統目前無法以 new 註冊, 請用 guest 進入");
			continue;
#endif
		} else if (uid[0] == '\0' /* || !dosearchuser(uid) */ )
			pressanykey(err_uid);
		else if (belong(FN_DISABLED, uid)) {
			pressanykey("該 ID 為本站禁止上站之 ID");
			logattempt(uid, '*');
		} else if (strcmp(uid, STR_GUEST)) {
			getdata(22, 30, "您的密碼:", passbuf, PASSLEN, PASS, 0);
			passbuf[8] = '\0';

			if (!dosearchuser(uid)) {
				logattempt(uid, '!');
				pressanykey(ERR_PASSWD);
			} else if (!chkpasswd(cuser.passwd, passbuf)) {
				logattempt(cuser.userid, '-');
				pressanykey(ERR_PASSWD);
			} else {
				/* SYSOP gets all permission bits */

				if (!strcasecmp(cuser.userid, str_sysop))
					cuser.userlevel = ~0;

				logattempt(cuser.userid, ' ');
				break;
			}
		} else {
			/* guest 的話 */
#ifdef LOGINASGUEST
			cuser.userlevel = 0;
			cuser.uflag = COLOR_FLAG | PAGER_FLAG | BRDSORT_FLAG | MOVIE_FLAG;
			break;
#else
			pressanykey("本站不提供 guest 上站");
			continue;
#endif
		}
	}

	multi_user_check();
	sethomepath(genbuf, cuser.userid);
	mkdir(genbuf, 0755);
	srand(time(0) ^ getpid() ^ (getpid() << 10));
	srandom(time(0) ^ getpid() ^ (getpid() << 10));
}
示例#5
0
文件: bbslogin.c 项目: lytsing/ytht
int
bbslogin_main()
{
	int n, t, infochanged = 0;
	time_t dtime;
	char filename[128], buf[256], id[20], pw[PASSLEN], url[10], *ub =
	    FIRST_PAGE;
	char *ptr;
	char md5pass[MD5LEN];
	struct userec *x, tmpu;
	int ipmask;
	int uid;
	html_header(3);

	if (loginok && !isguest) {
		sprintf(buf, "/" SMAGIC "/?t=%d", (int) now_t);
		redirect(buf);
	}

	strsncpy(id, strtrim(getparm("id")), 13);
	strsncpy(pw, getparm("pw"), PASSLEN);
	strsncpy(url, getparm("url"), 3);
	ipmask = atoi(getparm("ipmask"));
	if (!id[0]) {
		strcpy(id, "guest");
		ipmask = 8;
	}
	if (!strcmp(MY_BBS_ID, "YTHT") && !strcmp(id, "guest")) {
		http_fatal("请输入用户名和密码以登录。");
	}
	if (strcmp(id, "guest")) {
		ipmask = extandipmask(ipmask, getparm("lastip1"), realfromhost);
		ipmask = extandipmask(ipmask, getparm("lastip2"), realfromhost);
	}
	if ((uid = getuser(id, &x)) <= 0) {
		printf("%s<br>", id);
		http_fatal("错误的使用者帐号");
	}
	strcpy(id, x->userid);
	if (strcasecmp(id, "guest")) {
		if (checkbansite(realfromhost)) {
			http_fatal
			    ("对不起, 本站不欢迎来自 [%s] 的登录. <br>若有疑问, 请与SYSOP联系.",
			     realfromhost);
		}
		if (userbansite(x->userid, realfromhost))
			http_fatal("本ID已设置禁止从%s登录", realfromhost);
		if (!checkpasswd(x->passwd, x->salt, pw)) {
			logattempt(x->userid, realfromhost, "WWW", now_t);
			http_fatal
			    ("密码错误,如有疑问请联系站务组,提供注册资料找回密码");
		}
		if (!user_perm(x, PERM_BASIC))
			http_fatal
			    ("由于本帐号名称不符合帐号管理办法,已经被管理员禁止继续上站。<br>请用其他帐号登录在 <font color=red>"
			     DEFAULTBOARD "</font> 版询问.");
		if (file_has_word(MY_BBS_HOME "/etc/prisonor", x->userid)) {
			if (x->inprison == 0) {
				memcpy(&tmpu, x, sizeof (tmpu));
				tmpu.inprison = 1;
				tmpu.dieday = 2;
				updateuserec(&tmpu, 0);
			}
			http_fatal("安心改造,不要胡闹");
		}
		if (x->dieday)
			http_fatal("死了?还要做什么? :)");
		t = x->lastlogin;
		memcpy(&tmpu, x, sizeof (tmpu));
		if (tmpu.salt == 0) {
			tmpu.salt = getsalt_md5();
			genpasswd(md5pass, tmpu.salt, pw);
			memcpy(tmpu.passwd, md5pass, MD5LEN);
			infochanged = 1;
		}
		if (count_uindex(uid) == 0) {
			if (now_t - t > 1800)
				tmpu.numlogins++;
			infochanged = 1;
			tmpu.lastlogin = now_t;
			dtime = t - 4 * 3600;
			t = localtime(&dtime)->tm_mday;
			dtime = now_t - 4 * 3600;
			if (t < localtime(&dtime)->tm_mday
			    && x->numdays < 60000) {
				tmpu.numdays++;
			}
		}
		if (abs(t - now_t) < 5) {
			http_fatal("两次登录间隔过密!");
		}

		if (x->lasthost != from_addr.s_addr) {
			tmpu.lasthost = from_addr.s_addr;
			infochanged = 1;
		}
		if (infochanged)
			updateuserec(&tmpu, 0);
		currentuser = x;
	}
	ptr = getsenv("HTTP_X_FORWARDED_FOR");
	tracelog("%s enter %s www %d %s", x->userid, realfromhost, infochanged,
		 ptr);
	n = 0;
	if (loginok && isguest) {
		u_info->wwwinfo.iskicked = 1;
	}
	if (strcasecmp(id, "guest")) {
		sethomepath(filename, x->userid);
		mkdir(filename, 0755);

		strsncpy(buf, getparm("style"), 3);
		wwwstylenum = -1;
		if (isdigit(buf[0]))
			wwwstylenum = atoi(buf);
		if ((wwwstylenum > NWWWSTYLE || wwwstylenum < 0))
			if (!readuservalue
			    (x->userid, "wwwstyle", buf, sizeof (buf)))
				wwwstylenum = atoi(buf);
		if (wwwstylenum < 0 || wwwstylenum >= NWWWSTYLE)
			wwwstylenum = 1;
		currstyle = &wwwstyle[wwwstylenum];
	} else {
		wwwstylenum = 1;
		currstyle = &wwwstyle[wwwstylenum];

	}
	ub = wwwlogin(x, ipmask);
#ifdef USESESSIONCOOKIE
	{
		extern char sessionCookie[];
		printf
		    ("<script>document.cookie='SESSION=%s; path=/';</script>",
		     urlencode(sessionCookie));
	}
#endif
	if (!strcmp(url, "1")) {
#if 1
		printf
		    ("<script>\n"
		     "function URLencode(sStr) {\n"
		     "return escape(sStr).replace(/\\+/g, '%%2C').replace(/\\\"/g,'%%22').replace(/\\'/g, '%%27');\n"
		     "}\n"
		     "a=window.opener.location.href;\n" "l=a.length;\n"
		     "t=a.indexOf('/" SMAGIC "',1);\n" "t=a.indexOf('/',t+1);\n"
		     //"nu=\"%s\"+\"?t=%ld&b=\"+URLencode(a.substring(t+1,l));\n"
		     "nu=\"%s\"+\"?t=%ld&b=\"+a.substring(t+1,l);\n"
		     "opener.top.location.href=nu;window.close();</script>",
		     ub, now_t);
#else
		printf
		    ("<script>opener.top.location.href='%s?t=%d';window.close();</script>",
		     ub, now_t);
#endif
	} else {
		char buf[256];
		if (strcmp(x->userid, "guest") && shouldbroadcast(uid))
			sprintf(buf, "%s?t=%d&b=ooo", ub, (int) now_t);
		else
			sprintf(buf, "%s?t=%d", ub, (int) now_t);
		redirect(buf);
	}
	http_quit();
	return 0;
}