Files
hustoj/web/include/login-hustoj.php
2024-10-10 12:56:56 +08:00

51 lines
2.7 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<?php
require_once("./include/my_func.inc.php");
function check_login($user_id,$password){
global $view_errors,$OJ_EXAM_CONTEST_ID,$MSG_WARNING_DURING_EXAM_NOT_ALLOWED,$MSG_WARNING_LOGIN_FROM_DIFF_IP;
$pass2 = 'No Saved';
if(isset($_SESSION))session_destroy();
session_start();
$sql="SELECT `user_id`,`password` FROM `users` WHERE `user_id`=? and defunct='N' ";
$result=pdo_query($sql,$user_id);
if(count($result)==1){
$row = $result[0];
if( pwCheck($password,$row['password'])){
$user_id=$row['user_id'];
$ip = ($_SERVER['REMOTE_ADDR']);
if( isset($_SERVER['HTTP_X_FORWARDED_FOR'] )&&!empty( trim( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) ){
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
$tmp_ip=explode(',',$REMOTE_ADDR);
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
} else if(isset($_SERVER['HTTP_X_REAL_IP'])&& !empty( trim( $_SERVER['HTTP_X_REAL_IP'] ) ) ){
$REMOTE_ADDR = $_SERVER['HTTP_X_REAL_IP'];
$tmp_ip=explode(',',$REMOTE_ADDR);
$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
}
if(isset($OJ_EXAM_CONTEST_ID)&&intval($OJ_EXAM_CONTEST_ID)>0){ //考试模式
$ccid=$OJ_EXAM_CONTEST_ID;
$sql="select min(start_time) from contest where start_time<=now() and end_time>=now() and contest_id>=?";
$rows=pdo_query($sql,$ccid);
$start_time=$rows[0][0];
$sql="select ip from loginlog where user_id=? and time>? order by time desc limit 1";
$rows=pdo_query($sql,$user_id,$start_time);
$lastip=$rows[0][0];
$sql="select count(1) from `privilege` where `user_id`=? and `rightstr`='administrator' limit 1";
$rows=pdo_query($sql, $user_id);
$isAdministrator=($rows[0][0]>0);
if((!empty($lastip))&&$lastip!=$ip&&!($isAdministrator)) { //如果考试开后曾经登陆过则之后登陆所用ip必须保持一致。
$view_errors="$MSG_WARNING_LOGIN_FROM_DIFF_IP($lastip/$ip) $MSG_WARNING_DURING_EXAM_NOT_ALLOWED!";
return false;
}//如遇机器故障可经管理员后台指定新的ip来允许登陆。
}
$sql="INSERT INTO `loginlog`(user_id,password,ip,time) VALUES(?,'login ok',?,NOW())";
pdo_query($sql,$user_id,$ip);
$sql="UPDATE users set accesstime=now(),ip=? where user_id=?";
pdo_query($sql,$ip,$user_id);
return $user_id;
}
}
return false;
}
?>