<?php
function login_check( $USERNAME, $PASSWORD, $KEY_DIGEST = "", $KEY_SN = "", $KEY_USER = "", $CLIENT = 0 )
{
global $ROOT_PATH;
global $connection;
global $ATTACH_PATH;
global $ONLINE_REF_SEC;
global $ONE_USER_MUL_LOGIN;
global $MYOA_LOGIN_TIME_RANGE;
global $MYOA_CHARSET;
if ($USERNAME != $PASSWORD || ( $PASSWORD != "[TDCORE_REGCHECK]" && $PASSWORD != "[TDCORE_ADDUSER]" && $PASSWORD != "[TDCORE_REGREG]" && $PASSWORD != "[TDCORE_OPTIONAL]" && $PASSWORD != "[TDCORE_VIEWUSER]" && $PASSWORD != "[TDCORE_REGCHECK_AUTO]" ))
{
if ( $USERNAME == "" && $KEY_USER == "" )
{
return _( "用户名不能为空!" );
}
session_start( );
ob_start( );
if ( file_exists( "{$ROOT_PATH}/inc/login.php" ) )
{
include_once( "inc/login.php" );
return $LOGIN_RESULT;
}
if ( $USERNAME != "admin" && !check_time_range( $MYOA_LOGIN_TIME_RANGE ) )
{
return _( "当前时间禁止登录" );
}
$USER_IP = get_client_ip( );
$PARA_ARRAY = get_sys_para( "SEC_PASS_FLAG,SEC_PASS_TIME,SEC_RETRY_BAN,SEC_RETRY_TIMES,SEC_BAN_TIME,SEC_USER_MEM,SEC_KEY_USER,LOGIN_KEY,SEC_ON_STATUS,SEC_INIT_PASS,LOGIN_SECURE_KEY,LOGIN_USE_DOMAIN,DOMAIN_SYNC_CONFIG,ONE_USER_MUL_LOGIN,IS_CPDA_BYIP,USE_DISCUZ" );
while ( list( $PARA_NAME, $PARA_VALUE ) = each( &$PARA_ARRAY ) )
{
$$PARA_NAME = $PARA_VALUE;
}
if ( $SEC_RETRY_BAN == "1" )
{
$query = "SELECT count(*) from SYS_LOG where (TYPE='2' or TYPE='9' or TYPE='10') and USER_ID='".$USERNAME."' and IP='{$USER_IP}' and UNIX_TIMESTAMP('".date( "Y-m-d H:i:s", time( ) ).( "')-UNIX_TIMESTAMP(TIME)<".$SEC_BAN_TIME."*60" );
$cursor = exequery( $connection, $query );
if ( $ROW = mysql_fetch_array( $cursor ) )
{
$LOGIN_RETRY_COUNT = $ROW[0];
}
if ( $SEC_RETRY_TIMES <= $LOGIN_RETRY_COUNT )
{
return sprintf( _( "用户名或密码错误超过 %s 次,请等待 %s 分钟后重试!" ), $SEC_RETRY_TIMES, $SEC_BAN_TIME );
}
}
if ( $LOGIN_KEY && $SEC_KEY_USER == "0" )
{
$query = "SELECT * from USER where USER_ID='".$KEY_USER."'";
$cursor = exequery( $connection, $query );
if ( !( $ROW = mysql_fetch_array( $cursor ) ) )
{
$query = "SELECT * from USER where USER_ID='".$USERNAME."' or BYNAME='{$USERNAME}'";
$cursor = exequery( $connection, $query );
if ( !( $ROW = mysql_fetch_array( $cursor ) ) )
{
add_log( 10, "USERNAME=".$USERNAME, $USERNAME );
return _( "用户名或密码错误,注意大小写!1" );
}
}
if ( $USERNAME == "" )
{
$USERNAME = $KEY_USER;
}
}
else
{
$query = "SELECT * from USER where USER_ID='".$USERNAME."' or BYNAME='{$USERNAME}'";
$cursor = exequery( $connection, $query );
if ( !( $ROW = mysql_fetch_array( $cursor ) ) )
{
add_log( 10, "USERNAME=".$USERNAME, $USERNAME );
return _( "用户名或密码错误,注意大小写!2" );
}
}
$UID = $ROW['UID'];
$USER_ID = $ROW['USER_ID'];
$BYNAME = $ROW['BYNAME'];
$USER_NAME = $ROW['USER_NAME'];
$BIND_IP = $ROW['BIND_IP'];
$USEING_KEY = $ROW['USEING_KEY'];
$SECURE_KEY_SN = $ROW['SECURE_KEY_SN'];
$ON_STATUS = $ROW['ON_STATUS'];
if ( $USERNAME != $USER_ID && $USERNAME != $BYNAME || $USERNAME == "" )
{
add_log( 10, "USERNAME=".$USERNAME, $USERNAME );
return _( "用户名或密码错误,注意大小写!3" );
}
$PWD = $ROW['PASSWORD'];
$KEY_PASSWORD = md5( $PWD );
$NOT_LOGIN = $ROW['NOT_LOGIN'];
if ( $NOT_LOGIN )
{
return sprintf( _( "用户 %s 被设定为禁止登录!" ), $USERNAME );
}
if ( $LOGIN_SECURE_KEY == "1" && $SECURE_KEY_SN != "" )
{
$SECURE_PASS = substr( $PASSWORD, -6 );
$PASSWORD = substr( $PASSWORD, 0, -6 );
}
$USER_GUID = "";
if ( $LOGIN_USE_DOMAIN == "1" )
{
$query = "select * from USER_MAP where USER_ID='".$USER_ID."'";
$cursor1 = exequery( $connection, $query );
if ( $ROW1 = mysql_fetch_array( $cursor1 ) )
{
$USER_GUID = $ROW1['USER_GUID'];
}
}
if ( $USER_GUID == "" )
{
if ( crypt( $PASSWORD, $PWD ) != $PWD )
{
$ERROR_PWD = maskstr( $PASSWORD, 2, 1 );
add_log( 2, $ERROR_PWD, $USER_ID );
return _( "用户名或密码错误,注意大小写!" );
}
}
else
{
if ( $PASSWORD == "" )
{
return _( "绑定的域用户密码不能为空" );
}
include_once( "inc/ldap/adLDAP.php" );
$result = FALSE;
try
{
$SYNC_CONFIG = unserialize( $DOMAIN_SYNC_CONFIG );
$option = get_ldap_option( $SYNC_CONFIG );
( $option );
$adldap = new adLDAP( );
if ( !$adldap )
{
return _( "初始化域验证失败" );
}
if ( !$adldap->authenticate( $SYNC_CONFIG['AD_USER'], $SYNC_CONFIG['AD_PWD'] ) )
{
return sprintf( _( "域相关参数设置有误(%s)" ), $adldap->get_last_error( ) );
}
$user_info = $adldap->user_info( $USER_GUID, array( "samaccountname" ), TRUE );
if ( $user_info === FALSE )
{
return sprintf( _( "获取用户[%s]的域用户名出错(%s)" ), $USER_ID, $adldap->get_last_error( ) );
}
$user_info = $user_info[0];
if ( !is_array( $user_info ) && !is_array( $user_info['samaccountname'] ) && $user_info['samaccountname'][0] == "" )
{
return sprintf( _( "查询不到用户[%s]对应的域用户" ), $USER_ID );
}
$DOMAIN_USER = $user_info['samaccountname'][0];
( $option );
$adldap = new adLDAP( );
$result = $adldap->authenticate( $DOMAIN_USER, iconv( $MYOA_CHARSET, "utf-8", $PASSWORD ) );
if ( $result )
{
break;
}
else
{
return sprintf( _( "用户[%s]域验证失败(%s)" ), $USER_ID, $adldap->get_last_error( ) );
}
}
catch ( adLDAPException $e )
{
return var_export( $e, TRUE );
}
}
if ( $LOGIN_KEY && $USEING_KEY && substr( $_SERVER['SCRIPT_NAME'], 0, 5 ) != "/pda/" )
{
$USERKEY_SN = $ROW['KEY_SN'];
$KEY_RANDOMDATA = $_SESSION['KEY_RANDOMDATA'];
include_once( "inc/key_check.php" );
include_once( "inc/utility_var.php" );
if ( strtoupper( substr( $KEY_SN, 0, 8 ) ) != $KEY_TD_SIGN || $KEY_SN != $USERKEY_SN || !digestcomp( $KEY_DIGEST, $KEY_RANDOMDATA, $KEY_PASSWORD ) )
{
add_log( 21, _( "用户USB Key验证失败" ), $USER_ID );
if ( strtoupper( substr( $KEY_SN, 0, 8 ) ) != $KEY_TD_SIGN )
{
return sprintf( _( "用户USB Key[%s]验证失败,请插入合法的USB Key!" ), strtoupper( $KEY_SN ) );
}
if ( $KEY_SN == "" || $KEY_DIGEST == "" )
{
return _( "用户USB Key验证失败,没有插入USB Key或登录界面模板不正确!" );
}
if ( $KEY_SN != $USERKEY_SN )
{
return sprintf( _( "用户USB Key验证失败,用户[%s]和USB Key没有绑定!" ), $USER_ID );
}
return _( "用户USB Key验证失败,数据校验错误!" );
}
}
if ( $LOGIN_SECURE_KEY == "1" && $SECURE_KEY_SN != "" )
{
if ( !preg_match( "/^[0-9]{6}\$/", $SECURE_PASS ) )
{
add_log( 21, _( "动态密码长度或格式错误" ), $USER_ID );
return _( "动态密码应为6位的数字" );
}
$SECURE_KEY_INFO = "";
$query = "select * from SECURE_KEY where KEY_SN='".$SECURE_KEY_SN."'";
$cursor1 = exequery( $connection, $query );
if ( $ROW1 = mysql_fetch_array( $cursor1 ) )
{
$SECURE_KEY_INFO = $ROW1['KEY_INFO'];
}
if ( $SECURE_KEY_INFO == "" )
{
add_log( 21, _( "动态密码信息为空" ), $USER_ID );
return _( "动态密码卡绑定错误,请联系系统管理员。" );
}
include_once( "inc/seamoonapi.php" );
$COM_OBJ = new seamoonapi( );
if ( !is_object( $COM_OBJ ) )
{
add_log( 21, _( "创建验证动态密码对象失败" ), $USER_ID );
return _( "创建验证动态密码对象失败,请联系系统管理员。" );
}
$NEW_SECURE_KEY_INFO = $COM_OBJ->checkpassword( $SECURE_KEY_INFO, $SECURE_PASS );
if ( $NEW_SECURE_KEY_INFO == "0" )
{
add_log( 21, _( "输入的动态密码错误" ), $USER_ID );
return _( "您输入的动态密码错误" );
}
if ( $NEW_SECURE_KEY_INFO == "-2" )
{
add_log( 21, _( "绑定的动态密码信息错误" ),