<?php
include "funcs.php";
$requesttext = int_getreq();
$request = json_decode($requesttext);
set_fromhost();
if (bbs_check_ban_ip($request->userid, $fromhost) != 0) {
ie("ip denied.");
}
if ($request->userid == "guest" || bbs_checkpasswd($request->userid, $request->passwd) != 0) {
ie("invalid user.");
}
$bid = $request->bid;
$userec = array();
bbs_getuser($request->userid, $userec);
$uid = $userec["index"];
$bname = bbs_getbname($bid);
if ($bname == "") {
ie("board not found.");
}
if (!bbs_checkreadperm($uid, $bid)) {
ie("permission denied.");
}
$barr = array();
bbs_getboard($bname, $barr);
if (bbs_is_readonly_board($barr)) {
ie("board is readonly.");
}
if (!bbs_checkpostperm($uid, $bid)) {
ie("post is denied.");
}
if ($id == "") {
error_alert("用户名不能为空");
}
$ret = bbs_check_ban_ip($id, $fromhost);
switch ($ret) {
case 1:
error_alert("对不起,当前位置不允许登录该ID。");
break;
case 2:
error_alert("该 ID 不欢迎来自该 IP 的用户。");
break;
case 3:
error_alert("用户密码错误,请重新登录!");
break;
}
if ($id != "guest" && bbs_checkpasswd($id, $passwd) != 0) {
error_alert("用户密码错误,请重新登录!");
}
$error = bbs_wwwlogin($kick_multi != "" ? 1 : 0, $fromhost, $fullfromhost);
switch ($error) {
case 0:
case 2:
//normal
break;
case -1:
prompt_multilogin();
exit;
case 3:
error_alert("本帐号已停机或正在戒网");
case 5:
error_alert("登录过于频繁");
/**
* function checkPwd check password right or not
* if login must log because it will set current user OMG
* this is not a well design function
*
* @param string $id
* @param string $pwd
* @param boolean $md5
* @param boolean $log if false, can not use $md5
* @return boolean true|false
* @static
* @access public
*/
public static function checkPwd($id, $pwd, $md5, $log)
{
//bbs_checkuserpasswd only check no log
//bbs_checkpasswd check, set current user and log error for login
$md5 = $md5 ? 1 : 0;
if ($md5) {
return bbs_checkpasswd($id, $pwd, $md5) == 0;
} else {
if ($log) {
return bbs_checkpasswd($id, $pwd, $md5) == 0;
} else {
return bbs_checkuserpasswd($id, $pwd) == 0;
}
}
}
