<?php include "funcs.php"; $requesttext = int_getreq(); $request = json_decode($requesttext); set_fromhost(); if (bbs_check_ban_ip($request->userid, $fromhost) != 0) { ie("ip denied."); } if ($request->userid == "guest" || bbs_checkpasswd($request->userid, $request->passwd) != 0) { ie("invalid user."); } $bid = $request->bid; $userec = array(); bbs_getuser($request->userid, $userec); $uid = $userec["index"]; $bname = bbs_getbname($bid); if ($bname == "") { ie("board not found."); } if (!bbs_checkreadperm($uid, $bid)) { ie("permission denied."); } $barr = array(); bbs_getboard($bname, $barr); if (bbs_is_readonly_board($barr)) { ie("board is readonly."); } if (!bbs_checkpostperm($uid, $bid)) { ie("post is denied."); }
if ($id == "") { error_alert("用户名不能为空"); } $ret = bbs_check_ban_ip($id, $fromhost); switch ($ret) { case 1: error_alert("对不起,当前位置不允许登录该ID。"); break; case 2: error_alert("该 ID 不欢迎来自该 IP 的用户。"); break; case 3: error_alert("用户密码错误,请重新登录!"); break; } if ($id != "guest" && bbs_checkpasswd($id, $passwd) != 0) { error_alert("用户密码错误,请重新登录!"); } $error = bbs_wwwlogin($kick_multi != "" ? 1 : 0, $fromhost, $fullfromhost); switch ($error) { case 0: case 2: //normal break; case -1: prompt_multilogin(); exit; case 3: error_alert("本帐号已停机或正在戒网"); case 5: error_alert("登录过于频繁");
/** * function checkPwd check password right or not * if login must log because it will set current user OMG * this is not a well design function * * @param string $id * @param string $pwd * @param boolean $md5 * @param boolean $log if false, can not use $md5 * @return boolean true|false * @static * @access public */ public static function checkPwd($id, $pwd, $md5, $log) { //bbs_checkuserpasswd only check no log //bbs_checkpasswd check, set current user and log error for login $md5 = $md5 ? 1 : 0; if ($md5) { return bbs_checkpasswd($id, $pwd, $md5) == 0; } else { if ($log) { return bbs_checkpasswd($id, $pwd, $md5) == 0; } else { return bbs_checkuserpasswd($id, $pwd) == 0; } } }