- give_money: require user input password again, to prevent malicious macros

git-svn-id: http://opensvn.csie.org/pttbbs/trunk/pttbbs@3950 63ad8ddf-47c3-0310-b6dd-a9e9d9715204
author: piaip <piaip@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> 2008-02-26 01:21:54 +0800
committer: piaip <piaip@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> 2008-02-26 01:21:54 +0800
commit: 8a9bdc8996d0632a833bfe66f225f23b1e8ad40e (patch)
tree: b9d43771ae826840511a6cae0ab2ebb7c65d66d6
parent: 3217095b1f68b1beb329d89a31d7bf11e75b1c1d (diff)
download: pttbbs-8a9bdc8996d0632a833bfe66f225f23b1e8ad40e.tar
pttbbs-8a9bdc8996d0632a833bfe66f225f23b1e8ad40e.tar.gz
pttbbs-8a9bdc8996d0632a833bfe66f225f23b1e8ad40e.tar.bz2
pttbbs-8a9bdc8996d0632a833bfe66f225f23b1e8ad40e.tar.lz
pttbbs-8a9bdc8996d0632a833bfe66f225f23b1e8ad40e.tar.xz
pttbbs-8a9bdc8996d0632a833bfe66f225f23b1e8ad40e.tar.zst
pttbbs-8a9bdc8996d0632a833bfe66f225f23b1e8ad40e.zip
1 files changed, 41 insertions, 5 deletions
diff --git a/mbbsd/cal.c b/mbbsd/cal.c
index 2a299e2f..22d34d29 100644
--- a/mbbsd/cal.c
+++ b/mbbsd/cal.c
@@ -415,11 +415,24 @@ p_give(void)
 {
     int             uid;
     char            id[IDLEN + 1], money_buf[20];
+    char	    passbuf[PASSLEN];
+    int		    m = 0, tries = 3;
 
-    move(1, 0);
-    usercomplete("�o�쩯�B�઺id:", id);
-    if (!id[0] || !strcmp(cuser.userid, id) ||
-	!getdata(2, 0, "�n���h�ֿ�:", money_buf, 7, LCECHO)) {
+    // TODO prevent macros, we should check something here,
+    // like user pw/id/...
+    clear();
+    stand_title("��������");
+    usercomplete("�o�쩯�B�઺id: ", id);
+    move(2, 0); clrtobot();
+
+    if (!id[0] || !strcasecmp(cuser.userid, id))
+    {
+	vmsg("�������!");
+	return -1;
+    }
+    if (!getdata(2, 0, "�n���L�h�ֿ��O: ", money_buf, 7, LCECHO) ||
+	((m = atoi(money_buf)) <= 0))
+    {
 	vmsg("�������!");
 	return -1;
     }
@@ -427,7 +440,30 @@ p_give(void)
 	vmsg("�d�L���H!");
 	return -1;
     }
-    return do_give_money(id, uid, atoi(money_buf));
+    move(4, 0);
+    prints("������e: %s �N���� %s : %d �� (�n�A���|�� %d ��)\n", 
+	    cuser.userid, id, m, give_tax(m));
+
+    outs(ANSI_COLOR(1;31) "���F�קK�~���άO�c�N�B�F�A"
+	    "�b��������e�n���s�T�{�z�������C" ANSI_RESET);
+    while (tries-- > 0)
+    {
+	getdata(6, 0, MSG_PASSWD,
+		passbuf, sizeof(passbuf), NOECHO);
+	passbuf[8] = '\0';
+	if (checkpasswd(cuser.passwd, passbuf))
+	    break;
+	if (tries > 0)
+	    vmsgf("�K�X���~�A�٦� %d �����|�C", tries);
+    }
+    if (tries < 0)
+    {
+	vmsg("�������!");
+	return -1;
+    }
+    // vmsg("�ǳƥ���C");
+    // return -1;
+    return do_give_money(id, uid, m);
 }
 
 void
author	piaip <piaip@63ad8ddf-47c3-0310-b6dd-a9e9d9715204>	2008-02-26 01:21:54 +0800
committer	piaip <piaip@63ad8ddf-47c3-0310-b6dd-a9e9d9715204>	2008-02-26 01:21:54 +0800
commit	8a9bdc8996d0632a833bfe66f225f23b1e8ad40e (patch)
tree	b9d43771ae826840511a6cae0ab2ebb7c65d66d6
parent	3217095b1f68b1beb329d89a31d7bf11e75b1c1d (diff)
download	pttbbs-8a9bdc8996d0632a833bfe66f225f23b1e8ad40e.tar pttbbs-8a9bdc8996d0632a833bfe66f225f23b1e8ad40e.tar.gz pttbbs-8a9bdc8996d0632a833bfe66f225f23b1e8ad40e.tar.bz2 pttbbs-8a9bdc8996d0632a833bfe66f225f23b1e8ad40e.tar.lz pttbbs-8a9bdc8996d0632a833bfe66f225f23b1e8ad40e.tar.xz pttbbs-8a9bdc8996d0632a833bfe66f225f23b1e8ad40e.tar.zst pttbbs-8a9bdc8996d0632a833bfe66f225f23b1e8ad40e.zip