def is_banned(id):
user = d2_user.query.filter_by(user_id=id).first()
if user and user.rank <= 500:
bans = d2_bans.query.order_by(d2_bans.time.desc()).all()
for ban in bans:
if (ban.length is 0) or (int(ban.expires) >= unix_time_current()):
if ban.banned_id == user.user_id:
ips = d2_ip.query.filter_by(user_id=ban.banned_id).all()
for ipad in ips:
if syndbb.request.remote_addr == ipad.ip:
return {'ban': ban, 'banduration': "NEVER"}
if user and user.rank >= 500:
return 0
else:
ban = d2_bans.query.filter_by(banned_id=id).order_by(
d2_bans.time.desc()).first()
if ban:
if ban.length is not 0:
if int(ban.expires) <= unix_time_current():
return 0
else:
return {
'ban': ban,
'banduration': display_time(ban.length)
}
else:
return {'ban': ban, 'banduration': "NEVER"}
else:
return 0
def inject_user():
if 'logged_in' in syndbb.session:
user_session = d2_ip.query.filter_by(
sessionid=syndbb.session['logged_in']).filter_by(
ip=syndbb.request.remote_addr).first()
if user_session:
user = d2_user.query.filter_by(
user_id=user_session.user_id).first()
if user and user.user_id:
user.last_activity = unix_time_current()
syndbb.db.session.commit()
my_ip = syndbb.request.remote_addr
ipcheck = d2_ip.query.filter_by(ip=my_ip).filter_by(
user_id=user.user_id).filter_by(
sessionid=user_session.sessionid).first()
if ipcheck:
ipcheck.time = unix_time_current()
ipcheck.page = syndbb.request.path
syndbb.db.session.commit()
bancheck = is_banned(user.user_id)
if bancheck:
return {
'user': user,
'user_session': user_session,
'bancheck': bancheck
}
else:
return {'user': user, 'user_session': user_session}
else:
syndbb.session.pop('logged_in', None)
user = {'user_id': 0, 'username': "******", 'rank': 0}
user_session = {'sessionid': 0}
return {'user': user, 'user_session': user_session}
def do_unban_user():
banuser = syndbb.request.form['user_id']
uniqid = syndbb.request.form['uniqid']
if banuser and uniqid:
userid = check_session_by_id(uniqid)
if userid:
user = d2_user.query.filter_by(user_id=userid).first()
if user.rank >= 500:
ban = d2_bans.query.filter_by(banned_id=banuser).order_by(d2_bans.time.desc()).first()
if ban.length == 0:
ban.length = "-1"
ban.expires = unix_time_current()
syndbb.db.session.commit()
syndbb.cache.delete_memoized(syndbb.models.users.get_title_by_id)
syndbb.cache.delete_memoized(syndbb.models.users.get_group_style_by_id)
syndbb.cache.delete_memoized(syndbb.models.activity.ban_list)
syndbb.flash('User unbanned successfully.', 'success')
return syndbb.redirect(syndbb.url_for('siteadmin_ban'))
else:
return syndbb.render_template('error_insufficient_permissions.html', title="Insufficient permission")
else:
return "Invalid Session"
else:
return "Invalid Request"
def set_avatar():
avatar = syndbb.request.args.get('file', '')
uniqid = syndbb.request.args.get('uniqid', '')
if uniqid:
userid = checkSession(uniqid)
if userid:
avatar_original_source = syndbb.app.static_folder + "/data/avatars/"+str(userid)+"/"+avatar+"-src.png"
avatar_original_destination = syndbb.app.static_folder + "/data/avatars/"+str(userid)+"-src.png"
avatar_source = syndbb.app.static_folder + "/data/avatars/"+str(userid)+"/"+avatar+".png"
avatar_destination = syndbb.app.static_folder + "/data/avatars/"+str(userid)+".png"
if syndbb.os.path.isfile(avatar_source):
shutil.copy2(avatar_source, avatar_destination)
if syndbb.os.path.isfile(avatar_original_source):
shutil.copy2(avatar_original_source, avatar_original_destination)
else:
if syndbb.os.path.isfile(avatar_original_destination):
syndbb.os.remove(avatar_original_destination)
user = d2_user.query.filter_by(user_id=userid).first()
user.avatar_date = unix_time_current()
syndbb.db.session.commit()
syndbb.flash('Avatar updated successfully.', 'success')
return syndbb.redirect(syndbb.url_for('change_avatar'))
else:
syndbb.flash('No such avatar exists.', 'danger')
return syndbb.redirect(syndbb.url_for('change_avatar'))
else:
return "Invalid Session"
else:
return "Invalid Request"
def upload_avatar():
if syndbb.request.method == 'POST':
uploaded_avatar = syndbb.request.form['avatar']
uploaded_avatar = uploaded_avatar[uploaded_avatar.find(",")+1:]
userid = check_session_by_id(str(syndbb.session['logged_in']))
if userid:
user = d2_user.query.filter_by(user_id=userid).first()
avatar_original_folder = syndbb.app.static_folder + "/data/avatars/"+str(userid)+"-src.png"
avatar_original_history = syndbb.app.static_folder + "/data/avatars/"+str(userid)+"/"+str(unix_time_current())+"-src.png"
avatar_folder = syndbb.app.static_folder + "/data/avatars/"+str(userid)+".png"
avatar_history = syndbb.app.static_folder + "/data/avatars/"+str(userid)+"/"+str(unix_time_current())+".png"
if 'avatar_source' not in syndbb.request.files:
return "No avatar selected."
avatar_source = syndbb.request.files['avatar_source']
if avatar_source.filename == '':
return "No avatar selected."
if avatar_source:
filename = secure_filename(avatar_source.filename)
avatar_source.save(avatar_original_folder)
try:
im = Image.open(avatar_original_folder)
im.thumbnail((1024,1024))
im.save(avatar_original_folder, "PNG")
shutil.copy2(avatar_original_folder, avatar_original_history)
except IOError:
syndbb.flash('Problem setting avatar.', 'danger')
return syndbb.redirect(syndbb.url_for('configure_avatar'))
if 'avatar' not in syndbb.request.form:
syndbb.flash('No avatar selected.', 'danger')
return syndbb.redirect(syndbb.url_for('configure_avatar'))
else:
try:
with open(avatar_folder, "wb") as fh:
fh.write(base64.b64decode(uploaded_avatar))
im = Image.open(avatar_folder)
im.thumbnail((256,256))
im.save(avatar_folder, "PNG")
shutil.copy2(avatar_folder, avatar_history)
user.avatar_date = unix_time_current()
syndbb.db.session.commit()
syndbb.flash('Avatar uploaded successfully.', 'success')
except IOError:
syndbb.flash('Problem setting flair.', 'danger')
return syndbb.redirect(syndbb.url_for('configure_flair'))
syndbb.cache.delete_memoized(syndbb.models.users.get_avatar_by_id)
syndbb.cache.delete_memoized(syndbb.models.users.get_avatar_source_by_id)
return syndbb.redirect(syndbb.url_for('configure_avatar'))
def do_ban_user():
banuser = syndbb.request.form['user_id']
bantime = syndbb.request.form['time']
if 'reason' in syndbb.request.form:
banreason = syndbb.request.form['reason']
else:
banreason = ""
if 'post_id' in syndbb.request.form and syndbb.request.form['post_id'] != "":
banpost = syndbb.request.form['post_id']
else:
banpost = 0
if 'display' in syndbb.request.form:
display = 1
else:
display = 0
uniqid = syndbb.request.form['uniqid']
if banuser and bantime and uniqid:
userid = check_session_by_id(uniqid)
if userid:
user = d2_user.query.filter_by(user_id=userid).first()
if user.rank >= 500:
if banreason != "":
banmessage = "\n\n[ban](User was banned for this post. Reason: " + banreason + ")[/ban]"
else:
banmessage = "\n\n[ban](User was banned for this post.)[/ban]"
if bantime == 0:
banexpire = 0
else:
banexpire = int(bantime) + unix_time_current()
if banpost and banpost != 0:
post = d2_activity.query.filter_by(id=banpost).first()
post.content += banmessage
syndbb.db.session.commit()
new_ban = d2_bans(banned_id=banuser, reason=banreason, length=bantime, time=unix_time_current(), expires=banexpire, post=banpost, banner=userid, display=display)
syndbb.db.session.add(new_ban)
syndbb.db.session.commit()
syndbb.cache.delete_memoized(syndbb.models.users.get_title_by_id)
syndbb.cache.delete_memoized(syndbb.models.users.get_group_style_by_id)
syndbb.cache.delete_memoized(syndbb.models.activity.ban_list)
syndbb.flash('User banned successfully.', 'success')
return syndbb.redirect(syndbb.url_for('siteadmin_ban'))
else:
return syndbb.render_template('error_insufficient_permissions.html', title="Insufficient permission")
else:
return "Invalid Session"
else:
return "Invalid Request"
def create_quotes():
uniqid = syndbb.request.form['uniqid']
tpost = syndbb.request.form['post_content']
if tpost and uniqid:
userid = checkSession(uniqid)
if userid:
lastquote = d2_quotes.query.filter_by(user_id=userid).order_by(
d2_quotes.time.desc()).first()
if lastquote and (unix_time_current() - lastquote.time) <= 1:
return "Trying to submit quotes too quickly, wait a while before trying again."
else:
create_quote = d2_quotes(userid, unix_time_current(), tpost, 0,
0)
syndbb.db.session.add(create_quote)
syndbb.db.session.commit()
syndbb.flash('Quote has been submitted.', 'success')
return syndbb.redirect(syndbb.url_for('view_qdb'))
else:
return "Invalid Session"
else:
return "Invalid Request"
def inject_user():
if 'logged_in' in syndbb.session:
user_session = d2_ip.query.filter_by(
sessionid=syndbb.session['logged_in']).filter_by(
iphash=get_ip_hash(syndbb.request.remote_addr)).first()
if user_session:
user = d2_user.query.filter_by(
user_id=user_session.user_id).first()
if user and user.user_id:
user.last_activity = unix_time_current()
syndbb.db.session.commit()
ip_check = d2_ip.query.filter_by(
iphash=get_ip_hash(syndbb.request.remote_addr)).filter_by(
user_id=user.user_id).filter_by(
sessionid=user_session.sessionid).first()
if ip_check:
ip_check.ip = gdpr_check(syndbb.request.remote_addr)
ip_check.iphash = get_ip_hash(syndbb.request.remote_addr)
ip_check.useragent = syndbb.request.headers.get(
'User-Agent')
ip_check.time = unix_time_current()
ip_check.page = syndbb.request.path
syndbb.db.session.commit()
ban_check = check_ban_by_id(user.user_id)
if ban_check:
return {
'user': user,
'user_session': user_session,
'ban_check': ban_check
}
else:
return {'user': user, 'user_session': user_session}
else:
syndbb.session.pop('logged_in', None)
user = {'user_id': 0, 'username': "******", 'rank': 0}
user_session = {'sessionid': 0}
return {'user': user, 'user_session': user_session}
def dologin():
if 'logged_in' in syndbb.session:
userid = checkSession(str(syndbb.session['logged_in']))
if userid:
return "You are already logged in!"
username = syndbb.request.form['username']
password = d2_hash(syndbb.request.form['password'])
user = d2_user.query.filter_by(username=username).first()
my_ip = syndbb.request.remote_addr
useragent = syndbb.request.headers.get('User-Agent')
if user:
session_id = str(syndbb.uuid.uuid1())
if user.password == password:
login_ip = d2_ip(my_ip, useragent, user.user_id,
unix_time_current(), 1, syndbb.request.path,
session_id,
d2_hash(my_ip)[:10])
syndbb.db.session.add(login_ip)
syndbb.db.session.commit()
syndbb.session['logged_in'] = session_id
syndbb.session.permanent = True
user.last_login = unix_time_current()
return "Login successful."
else:
login_ip = d2_ip(my_ip, user.user_id, unix_time_current(), 0,
syndbb.request.path)
syndbb.db.session.add(login_ip)
syndbb.db.session.commit()
return "Invalid password."
else:
return "Invalid username."
def update_status():
status = syndbb.request.form['status']
uniqid = syndbb.request.form['uniqid']
if uniqid:
userid = checkSession(uniqid)
if userid:
user = d2_user.query.filter_by(user_id=userid).first()
user.status = status
user.status_time = unix_time_current()
syndbb.db.session.commit()
syndbb.cache.delete_memoized(syndbb.models.users.get_all_status_updates)
return syndbb.redirect(syndbb.url_for('home'))
else:
return "Invalid Session"
else:
return "Invalid Request"
def dopaste():
paste_title = syndbb.request.form['paste_title']
paste_content = syndbb.request.form['paste_content']
uniqid = syndbb.request.form['uniqid']
if paste_title and paste_content and uniqid:
userid = checkSession(uniqid)
if userid:
pasteid = str(syndbb.uuid.uuid4().hex)
new_paste = d2_paste(userid, pasteid, unix_time_current(), html_escape(paste_content), html_escape(paste_title))
syndbb.db.session.add(new_paste)
syndbb.db.session.commit()
syndbb.flash('Paste created successfully.', 'success')
return syndbb.redirect(syndbb.url_for('pastebin'))
else:
return "Invalid Session"
else:
return "Invalid Request"
def save_preferences():
possibleurls = ["local", "i.d2k5.com", "i.hardcats.net", "i.lulzsec.co.uk"]
status = syndbb.request.form['status']
location = syndbb.request.form['location']
gender = syndbb.request.form['gender']
occupation = syndbb.request.form['occupation']
url = syndbb.request.form['url']
ircauth = syndbb.request.form['ircauth']
uploadauth = syndbb.request.form['uploadauth']
upload_url = syndbb.request.form['upload_url']
bio = syndbb.request.form['bio']
uniqid = syndbb.request.form['uniqid']
if uniqid:
userid = checkSession(uniqid)
if userid:
user = d2_user.query.filter_by(user_id=userid).first()
if status is not user.status:
user.status = status
user.status_time = unix_time_current()
user.location = location
user.gender = gender
user.occupation = occupation
user.site = url
user.ircauth = ircauth
user.uploadauth = uploadauth
if upload_url in possibleurls:
user.upload_url = upload_url
else:
user.upload_url = "i.d2k5.com"
user.bio = bio
syndbb.db.session.commit()
syndbb.cache.delete_memoized(syndbb.models.users.get_all_status_updates)
syndbb.flash('Preferences updated successfully.', 'success')
if ircauth is not user.ircauth:
# try:
# udata = {'username': user.username, 'password': ircauth}
# reqheader = {'Accept': 'application/json', 'Content-Type': 'application/json', 'Authorization': syndbb.xmpp_key}
# req = requests.get("https://" + syndbb.xmpp_address + ":" + syndbb.xmpp_port + "/plugins/restapi/v1/users", data=json.dumps(udata), headers=reqheader, verify=False, timeout=5)
# print(req.request.headers)
# except requests.exceptions.RequestException:
# syndbb.flash('Couldn\'t create an XMPP user.', 'danger')
try:
requests.get("https://" + syndbb.znc_address + ":" + syndbb.znc_port + "/mods/global/httpadmin/adduser?username="******"&password="******"https://" + syndbb.znc_address + ":" + syndbb.znc_port + "/mods/global/httpadmin/userpassword?username="******"&password="******"https://" + syndbb.znc_address + ":" + syndbb.znc_port + "/mods/global/httpadmin/addnetwork?username="******"&net_name=" + syndbb.irc_network_name + "&net_addr=" + syndbb.irc_network_address + "&net_port=" + syndbb.irc_network_port, auth=(syndbb.znc_user, syndbb.znc_password), verify=False, timeout=5)
except requests.exceptions.RequestException:
syndbb.flash('Couldn\'t assign an IRC network.', 'danger')
return syndbb.redirect(syndbb.url_for('preferences'))
else:
return "Invalid Session"
else:
return "Invalid Request"
def create_reply():
uniqid = syndbb.request.form['uniqid']
tpost = syndbb.request.form['post_content']
reply_to = syndbb.request.form['reply_to']
if 'reply_post' in syndbb.request.form:
reply_post = syndbb.request.form['reply_post']
else:
reply_post = "0"
post_as = int(syndbb.request.form['post_as']) if 'post_as' in syndbb.request.form else check_session_by_id(uniqid)
anonymous = 0
if tpost and reply_to and uniqid:
userid = check_session_by_id(uniqid)
if userid:
threadcheck = get_thread_contents(reply_to)
if threadcheck:
channelcheck = d2_channels.query.filter_by(id=threadcheck.category).first()
if channelcheck:
if not check_channel_auth(channelcheck): return "Insufficient permission"
allowed_ids = []
for profile in get_linked_by_id(userid):
allowed_ids.append(profile.user_id)
if post_as in allowed_ids:
userid = post_as
if post_as == 0:
anonymous = 1
if channelcheck.anon == 0:
anonymous = 0
if reply_post != "0":
postcheck = d2_activity.query.filter_by(id=reply_post).first()
if not postcheck:
return 'Trying to reply to a post which doesn\'t exist.'
lastpost = d2_activity.query.filter_by(user_id=userid).order_by(d2_activity.time.desc()).first()
if lastpost and (unix_time_current() - lastpost.time) <= int(syndbb.core_config['site']['post_timeout'] ):
return "Trying to post too quickly, wait a while before trying again."
else:
# syndbb.flash('Your thread has been created.', 'success')
threadcheck.reply_time = unix_time_current()
threadcheck.reply_count += 1
syndbb.db.session.commit()
create_reply = d2_activity(userid, unix_time_current(), tpost, reply_to, reply_post, '', 0, 0, 0, 0, 1, anonymous)
syndbb.db.session.add(create_reply)
syndbb.db.session.flush()
thread_id = str(create_reply.id)
syndbb.db.session.commit()
give_currency(userid, 2)
give_posts(userid, 1)
syndbb.cache.delete_memoized(syndbb.models.channels.get_thread_contents)
syndbb.cache.delete_memoized(syndbb.models.channels.get_thread_list)
syndbb.cache.delete_memoized(syndbb.models.activity.get_recent_posts)
syndbb.cache.delete_memoized(syndbb.models.activity.get_activity)
syndbb.cache.delete_memoized(syndbb.views.xml_feed.feed_posts_xml)
syndbb.cache.delete_memoized(syndbb.models.channels.replies_to_post)
syndbb.cache.delete_memoized(syndbb.models.channels.get_channel_list)
return "/"
else:
return "Channel not found!"
else:
return 'Trying to post in a thread which doesn\'t exist.'
else:
return "Invalid Session"
else:
return "Invalid Request"
def create_thread():
uniqid = syndbb.request.form['uniqid']
tname = syndbb.request.form['thread_title']
tpost = syndbb.request.form['post_content']
ticon = syndbb.request.form['post_icon']
tcat = syndbb.request.form['category']
post_as = int(syndbb.request.form['post_as']) if 'post_as' in syndbb.request.form else check_session_by_id(uniqid)
anonymous = 0
allowed_icons = []
for tficon in get_post_icons(whitelist=True):
allowed_icons.append(tficon[1])
if not tname:
return "Thread title not specified."
if not tpost:
return "No thread content."
if not tcat:
return "No category specified."
if not ticon:
return "No thread icon specified."
if tname and tpost and tcat and ticon and uniqid:
userid = check_session_by_id(uniqid)
if userid:
if len(tname) < 2:
return 'Thread title is too short (less than 2 characters).'
elif len(tname) > 100:
return 'Thread title is too long (over 100 characters).'
if ticon not in allowed_icons:
return 'Invalid thread icon.'
channelcheck = d2_channels.query.filter_by(id=tcat).first()
if channelcheck:
if not check_channel_auth(channelcheck): return "Insufficient permission"
allowed_ids = []
for profile in get_linked_by_id(userid):
allowed_ids.append(profile.user_id)
if post_as in allowed_ids:
userid = post_as
if post_as == 0:
anonymous = 1
if channelcheck.anon == 0:
anonymous = 0
lastpost = d2_activity.query.filter_by(user_id=userid).order_by(d2_activity.time.desc()).first()
if lastpost and (unix_time_current() - lastpost.time) <= syndbb.core_config['site']['post_timeout']:
return "Trying to create threads too quickly, wait a while before trying again."
else:
# syndbb.flash('Your thread has been created.', 'success')
create_thread = d2_activity(userid, unix_time_current(), tpost, 0, 0, html_escape(tname), tcat, unix_time_current(), 0, 0, ticon, anonymous)
syndbb.db.session.add(create_thread)
syndbb.db.session.flush()
thread_id = str(create_thread.id)
syndbb.db.session.commit()
give_currency(userid, 5)
give_posts(userid, 1)
syndbb.cache.delete_memoized(syndbb.models.channels.get_thread_contents)
syndbb.cache.delete_memoized(syndbb.models.channels.get_thread_list)
syndbb.cache.delete_memoized(syndbb.models.activity.get_recent_posts)
syndbb.cache.delete_memoized(syndbb.models.activity.get_activity)
syndbb.cache.delete_memoized(syndbb.views.xml_feed.feed_threads_xml)
syndbb.cache.delete_memoized(syndbb.models.channels.replies_to_post)
syndbb.cache.delete_memoized(syndbb.models.channels.get_channel_list)
return "/" + channelcheck.short_name + "/" + thread_id
else:
return 'Trying to post in a channel which doesn\'t exist.'
else:
return "Invalid Session"
else:
return "Invalid Request"
def create_reply():
uniqid = syndbb.request.form['uniqid']
tpost = syndbb.request.form['post_content']
reply_to = syndbb.request.form['reply_to']
if 'reply_post' in syndbb.request.form:
reply_post = syndbb.request.form['reply_post']
else:
reply_post = "0"
if 'anonymous' in syndbb.request.form:
anonymous = 1
else:
anonymous = 0
if tpost and reply_to and uniqid:
userid = checkSession(uniqid)
if userid:
threadcheck = d2_activity.query.filter_by(id=reply_to).first()
if threadcheck:
forumcheck = d2_forums.query.filter_by(
id=threadcheck.category).first()
if forumcheck and forumcheck.anon == 0:
anonymous = 0
if reply_post is not "0":
postcheck = d2_activity.query.filter_by(
id=reply_post).first()
if not postcheck:
return 'Trying to reply to a post which doesn\'t exist.'
lastpost = d2_activity.query.filter_by(
user_id=userid).order_by(d2_activity.time.desc()).first()
if lastpost and (unix_time_current() - lastpost.time) <= 15:
return "Trying to create posts too quickly, wait a while before trying again."
else:
# syndbb.flash('Your thread has been created.', 'success')
threadcheck.reply_time = unix_time_current()
threadcheck.reply_count += 1
syndbb.db.session.commit()
create_reply = d2_activity(userid, unix_time_current(),
tpost, reply_to, reply_post, '',
0, 0, 0, 0, 1, anonymous)
syndbb.db.session.add(create_reply)
syndbb.db.session.flush()
thread_id = str(create_reply.id)
syndbb.db.session.commit()
give_currency(userid, 2)
give_posts(userid, 1)
syndbb.cache.delete_memoized(
syndbb.models.activity.get_recent_posts)
syndbb.cache.delete_memoized(
syndbb.models.activity.get_activity)
syndbb.cache.delete_memoized(
syndbb.views.xml_feed.feed_posts_xml)
syndbb.cache.delete_memoized(
syndbb.models.forums.replies_to_post)
return "/"
else:
return 'Trying to post in a thread which doesn\'t exist.'
else:
return "Invalid Session"
else:
return "Invalid Request"
def create_thread():
uniqid = syndbb.request.form['uniqid']
tname = syndbb.request.form['thread_title']
tpost = syndbb.request.form['post_content']
ticon = syndbb.request.form['post_icon']
tcat = syndbb.request.form['category']
if 'anonymous' in syndbb.request.form:
anonymous = 1
else:
anonymous = 0
if not tname:
return "Thread title not specified."
if not tpost:
return "No thread content."
if not tcat:
return "No category specified."
if not ticon:
return "No thread icon specified."
if tname and tpost and tcat and ticon and uniqid:
userid = checkSession(uniqid)
if userid:
if len(tname) < 2:
return 'Thread title is too short (less than 2 characters).'
elif len(tname) > 100:
return 'Thread title is too long (over 100 characters).'
ticon = ticon.strip("icon")
if int(ticon) not in range(1, 35):
return 'Thread icon doesn\'t exist.'
forumcheck = d2_forums.query.filter_by(id=tcat).first()
if forumcheck:
if forumcheck.anon == 0:
anonymous = 0
lastpost = d2_activity.query.filter_by(
user_id=userid).order_by(d2_activity.time.desc()).first()
if lastpost and (unix_time_current() - lastpost.time) <= 15:
return "Trying to create threads too quickly, wait a while before trying again."
else:
# syndbb.flash('Your thread has been created.', 'success')
create_thread = d2_activity(userid, unix_time_current(),
tpost, 0, 0,
html_escape(tname), tcat,
unix_time_current(), 0, 0,
ticon, anonymous)
syndbb.db.session.add(create_thread)
syndbb.db.session.flush()
thread_id = str(create_thread.id)
syndbb.db.session.commit()
give_currency(userid, 5)
give_posts(userid, 1)
syndbb.cache.delete_memoized(
syndbb.models.activity.get_recent_posts)
syndbb.cache.delete_memoized(
syndbb.models.activity.get_activity)
syndbb.cache.delete_memoized(
syndbb.views.xml_feed.feed_posts_xml)
syndbb.cache.delete_memoized(
syndbb.views.xml_feed.feed_threads_xml)
return "/" + forumcheck.short_name + "/" + thread_id
else:
return 'Trying to post in a forum which doesn\'t exist.'
else:
return "Invalid Session"
else:
return "Invalid Request"
def dologin():
if 'logged_in' in syndbb.session:
userid = check_session_by_id(str(syndbb.session['logged_in']))
if userid:
return "You are already logged in!"
username = syndbb.request.form['username']
password = syndbb.request.form['password']
user = d2_user.query.filter_by(username=username).first()
my_ip = gdpr_check(syndbb.request.remote_addr)
my_ip_hash = get_ip_hash(syndbb.request.remote_addr)
useragent = syndbb.request.headers.get('User-Agent')
session_hash = d2_hash(syndbb.request.remote_addr + useragent + d2_hash(str(syndbb.uuid.uuid1())))[:20]
if user:
if syndbb.core_config['ldap']['enabled'] :
password_hash = syndbb.request.form['password_hash']
is_ldap_user = ldap_user.query.filter(syndbb.core_config['ldap']['attribute_cn'] + ': '+username).first()
if user.password == d2_hash(password_hash):
if not is_ldap_user:
login_ip = d2_ip(my_ip, useragent, user.user_id, unix_time_current(), 1, syndbb.request.path, session_hash, my_ip_hash)
syndbb.db.session.add(login_ip)
syndbb.db.session.commit()
syndbb.session['logged_in'] = session_hash
syndbb.session.permanent = True
user.last_login = unix_time_current()
ldap_add_user = ldap_user(
display_name=username,
username=username,
surname=username,
password=ldap_hash(password)
)
ldap_add_user.save()
return "Login successful."
valid = syndbb.ldap.authenticate(username, password, syndbb.core_config['ldap']['attribute_cn'], syndbb.core_config['ldap']['base_dn'] )
if not valid:
login_ip = d2_ip(my_ip, useragent, user.user_id, unix_time_current(), 0, syndbb.request.path, "N/A", my_ip_hash)
syndbb.db.session.add(login_ip)
syndbb.db.session.commit()
return 'Invalid credentials.'
login_ip = d2_ip(my_ip, useragent, user.user_id, unix_time_current(), 1, syndbb.request.path, session_hash, my_ip_hash)
syndbb.db.session.add(login_ip)
syndbb.db.session.commit()
syndbb.session['logged_in'] = session_hash
syndbb.session.permanent = True
return 'Login successful.'
else:
if user.password == d2_hash(password):
login_ip = d2_ip(my_ip, useragent, user.user_id, unix_time_current(), 1, syndbb.request.path, session_hash, my_ip_hash)
syndbb.db.session.add(login_ip)
syndbb.db.session.commit()
syndbb.session['logged_in'] = session_hash
syndbb.session.permanent = True
user.last_login = unix_time_current()
return "Login successful."
else:
login_ip = d2_ip(my_ip, useragent, user.user_id, unix_time_current(), 0, syndbb.request.path, "N/A", my_ip_hash)
syndbb.db.session.add(login_ip)
syndbb.db.session.commit()
return "Invalid credentials."
else:
return "Invalid credentials."
def save_preferences():
possibleurls = ["local", "i.d2k5.com", "i.hardcats.net", "i.hard.cat", "i.lulzsec.co.uk", "i.hurr.ca"]
display_name = syndbb.request.form['display_name']
status = syndbb.request.form['status']
irc_auth = 0 #syndbb.request.form['irc_auth']
upload_auth = syndbb.request.form['upload_auth']
user_auth = syndbb.request.form['user_auth']
upload_url = syndbb.request.form['upload_url']
bio = syndbb.request.form['bio']
tags = syndbb.request.form['tags']
uniqid = syndbb.request.form['uniqid']
nsfw = 1 if 'nsfw_toggle' in syndbb.request.form else 0
full_avatar = 1 if 'full_avatar' in syndbb.request.form else 0
if uniqid:
userid = check_session_by_id(uniqid)
if userid:
user = d2_user.query.filter_by(user_id=userid).first()
user.display_name = display_name
if syndbb.core_config['ldap']['enabled'] :
is_ldap_user = ldap_user.query.filter(syndbb.core_config['ldap']['attribute_cn'] + ': '+user.username).first()
if is_ldap_user:
is_ldap_user.display_name = display_name
is_ldap_user.save()
if status != user.status:
user.status = status
user.status_time = unix_time_current()
user.irc_auth = irc_auth
user.upload_auth = upload_auth
user.user_auth = user_auth
user.nsfw_toggle = nsfw
user.full_avatar = full_avatar
user.tags = tags
if upload_url in possibleurls:
user.upload_url = upload_url
else:
user.upload_url = "i.d2k5.com"
user.bio = bio
syndbb.db.session.commit()
syndbb.cache.delete_memoized(syndbb.views.profile.get_user_profile)
syndbb.cache.delete_memoized(syndbb.models.users.get_linked_by_id)
syndbb.cache.delete_memoized(syndbb.models.users.get_all_status_updates)
syndbb.cache.delete_memoized(syndbb.models.users.get_displayed_name_by_id)
syndbb.cache.delete_memoized(syndbb.models.users.get_displayed_name_by_username)
syndbb.flash('Preferences updated successfully.', 'success')
#if irc_auth is not user.irc_auth:
# try:
# udata = {'username': user.username, 'password': irc_auth}
# reqheader = {'Accept': 'application/json', 'Content-Type': 'application/json', 'Authorization': syndbb.xmpp_key}
# req = requests.get("https://" + syndbb.xmpp_address + ":" + syndbb.xmpp_port + "/plugins/restapi/v1/users", data=json.dumps(udata), headers=reqheader, verify=False, timeout=5)
# syndbb.logger.debug(req.request.headers)
# except requests.exceptions.RequestException:
# syndbb.flash('Couldn\'t create an XMPP user.', 'danger')
# try:
# requests.get("https://" + syndbb.core_config['znc']['host'] + ":" + syndbb.core_config['znc']['port'] + "/mods/global/httpadmin/adduser?username="******"&password="******"https://" + syndbb.core_config['znc']['host'] + ":" + syndbb.core_config['znc']['port'] + "/mods/global/httpadmin/userpassword?username="******"&password="******"https://" + syndbb.core_config['znc']['host'] + ":" + syndbb.core_config['znc']['port'] + "/mods/global/httpadmin/addnetwork?username="******"&net_name=" + syndbb.core_config['irc']['network'] + "&net_addr=" + syndbb.core_config['irc']['host'] + "&net_port=" + syndbb.core_config['irc']['port'] , auth=(syndbb.core_config['znc']['user'] , syndbb.core_config['znc']['password'] ), verify=False, timeout=5)
# except requests.exceptions.RequestException:
# syndbb.flash('Couldn\'t assign an IRC network.', 'danger')
return syndbb.redirect(syndbb.url_for('preferences'))
else:
return "Invalid Session"
else:
return "Invalid Request"
def site_api():
apikey = syndbb.request.form['api']
if apikey == syndbb.core_config['site']['api']:
# 127.0.0.1:5000/api/site/?api=INVALID_API&create_thread=true&username=admin&category=general&content=hello&title=test&icon=shitpost&anon=0
if 'create_thread' in syndbb.request.form:
username = syndbb.request.form['username']
category = syndbb.request.form['category']
content = syndbb.request.form['content']
title = syndbb.request.form['title']
icon = syndbb.request.form['icon']
anon = syndbb.request.form['anon']
if not username: return "username not set"
if not category: return "category not set"
if not content: return "content not set"
if not title: return "title not set"
if not icon: return "icon not set"
if not anon: return "anon not set"
message = """Posting as: &username=""" + username + """<br/>
Category: &category=""" + category + """<br/>
Content: &content=""" + content + """<br/>
Title: &title=""" + title + """<br/>
Icon: &icon=""" + icon + """<br/>
Anon: &anon=""" + anon + """<br/>
<br/>"""
user = d2_user.query.filter_by(username=username).first()
if not user: return "user not found"
category = d2_channels.query.filter_by(short_name=category).first()
if not category: return "category not found"
thread = d2_activity.query.filter_by(
title=html_escape(title)).first()
if thread: return str(thread.id)
tcontent = d2_activity.query.filter_by(content=content).first()
if tcontent: return str(tcontent.id)
allowed_icons = [] # allow all icons in the posticons folder
for ticon in get_post_icons(whitelist=False):
allowed_icons.append(ticon[1])
# allowed_icons = ['art', 'attention', 'banme', 'computers', 'en', 'event', 'fap', 'funny', 'gaming', 'gross', 'help', 'hot', 'letsplay', 'link', 'music', 'newbie', 'news', 'photos', 'politics', 'poll', 'postyour', 'question', 'rant', 'release', 'repeat', 'request', 'school', 'serious', 'shitpost', 'stupid', 'tv', 'unfunny', 'weird', 'whine']
if icon not in allowed_icons:
return "thread icon does not exist (allowed: " + str(
allowed_icons) + ")"
create_thread = d2_activity(user.user_id,
unix_time_current(), content, 0, 0,
html_escape(title), category.id,
unix_time_current(), 0, 0, icon,
int(anon))
syndbb.db.session.add(create_thread)
syndbb.db.session.flush()
thread_id = str(create_thread.id)
syndbb.db.session.commit()
get_post_thumbnail(thread_id, 'resize', False)
syndbb.cache.delete_memoized(
syndbb.models.channels.get_thread_contents)
syndbb.cache.delete_memoized(
syndbb.models.channels.get_thread_list)
syndbb.cache.delete_memoized(syndbb.models.activity.get_activity)
syndbb.cache.delete_memoized(
syndbb.views.xml_feed.feed_threads_xml)
syndbb.cache.delete_memoized(
syndbb.models.channels.replies_to_post)
return str(thread_id)
# 127.0.0.1:5000/api/site/?api=INVALID_API&create_post=true&username=admin&reply_to_thread=23&reply_to_post=23&content=hello&anon=0
if 'create_post' in syndbb.request.form:
username = syndbb.request.form['username']
content = syndbb.request.form['content']
reply_to_thread = syndbb.request.form['reply_to_thread']
reply_to_post = syndbb.request.form[
'reply_to_post'] #leave as 0 for no reply to any post
anon = syndbb.request.form['anon']
if not username: return "username not set"
if not content: return "content not set"
if not reply_to_thread: return "reply_to_thread not set"
if not reply_to_post: reply_to_post = 0
if not anon: return "anon not set"
# message = """Replying as: &username="""+username+"""<br/>
# To thread: &reply_to_thread="""+reply_to_thread+"""<br/>
# To post: &reply_to_post="""+reply_to_post+"""<br/>
# Content: &content="""+content+"""<br/>
# Anon: &anon="""+anon+"""<br/>
# <br/>"""
user = d2_user.query.filter_by(username=username).first()
if not user: return "user not found"
thread = d2_activity.query.filter_by(id=reply_to_thread).first()
if not thread: return "thread not found"
if int(reply_to_post) != 0:
post = d2_activity.query.filter_by(id=reply_to_post).first()
if not post: return "post not found"
cthread = d2_activity.query.filter_by(replyto=0).filter_by(
content=content).first()
if cthread: return "reply exists"
tfcontent = d2_activity.query.filter_by(
replyto=thread.id).filter_by(content=content).first()
if tfcontent: return "reply exists"
create_reply = d2_activity(user.user_id, unix_time_current(),
content, int(reply_to_thread),
int(reply_to_post), '', 0, 0, 0, 0, 1,
int(anon))
syndbb.db.session.add(create_reply)
syndbb.db.session.flush()
reply_id = str(create_reply.id)
syndbb.db.session.commit()
get_post_thumbnail(reply_id, 'resize', False)
syndbb.cache.delete_memoized(
syndbb.models.channels.get_thread_contents)
syndbb.cache.delete_memoized(
syndbb.models.channels.get_thread_list)
syndbb.cache.delete_memoized(syndbb.models.activity.get_activity)
syndbb.cache.delete_memoized(syndbb.views.xml_feed.feed_posts_xml)
syndbb.cache.delete_memoized(
syndbb.models.channels.replies_to_post)
return str(reply_id)
if 'create_user' in syndbb.request.form:
username = syndbb.request.form['username']
password = syndbb.request.form['password']
rank = syndbb.request.form['rank']
if not username: return "username not set"
if not password: return "password not set"
if not rank: return "rank not set"
user = d2_user.query.filter_by(username=username).first()
if user:
return "A user with that username already exists."
else:
create_user = d2_user(username=username,
display_name='',
token='',
title='',
bio='',
status='',
status_time=0,
rank=rank,
avatar_date=0,
password=d2_hash(password),
post_count=0,
line_count=0,
word_count=0,
profanity_count=0,
karma_positive=0,
karma_negative=0,
points=0,
join_date=unix_time_current(),
last_login=unix_time_current(),
last_activity=unix_time_current(),
irc_auth='',
upload_auth='',
user_auth='',
upload_url='local',
nsfw_toggle=0,
full_avatar=0,
tags='')
syndbb.db.session.add(create_user)
syndbb.db.session.flush()
created_user_id = str(create_user.user_id)
syndbb.db.session.commit()
return str(created_user_id)
else:
return 0
def doregister():
if 'logged_in' in syndbb.session:
userid = check_session_by_id(str(syndbb.session['logged_in']))
if userid:
return "You are already logged in!"
username = syndbb.request.form['username']
password = syndbb.request.form['password']
tos = syndbb.request.form['tos']
my_ip = gdpr_check(syndbb.request.remote_addr)
my_ip_hash = get_ip_hash(syndbb.request.remote_addr)
# tor = requests.get('https://check.torproject.org/exit-addresses', verify=False, timeout=5, stream=True)
# torlines = ""
# for line in tor.iter_lines():
# if line: torlines += str(line)
# for ip_tor in torlines:
# ip_tor = ip_tor.replace("\n","")
# if "ExitAddress" in ip_tor:
# ip_tor = ip_tor.split(" ")[1]
# if my_ip == ip_tor:
# return "You seem to be using Tor or a proxy."
# response = query(ip=my_ip)
# if response.ip.appears == True:
# return "You seem to be using Tor or a proxy, or your IP is blacklisted for spam."
if not tos:
return "You have not agreed to the rules and terms of service."
# if not token:
# return "You must verify yourself."
# if captcha['success'] == False:
# return "You must verify yourself."
if username and password:
if not syndbb.core_config['site']['registration']:
return 'Registration is disabled.'
if syndbb.core_config['site']['invite_only']:
code = syndbb.request.form['code']
invites = d2_invites.query.filter_by(code=code, used_by=0).first()
if not invites:
return 'The invite code provided is invalid.'
if not syndbb.re.search('^[a-z][a-z0-9-_]{2,32}$', username, syndbb.re.IGNORECASE):
return "Invalid username (must match IRC standards)."
user = d2_user.query.filter_by(username=username).first()
if user:
return "A user with that username already exists."
else:
useragent = syndbb.request.headers.get('User-Agent')
session_hash = d2_hash(syndbb.request.remote_addr + useragent + d2_hash(str(syndbb.uuid.uuid1())))[:20]
similar_user = d2_hash(syndbb.request.remote_addr + useragent)[:20]
create_user = d2_user(username=username, display_name='', token='', title='', bio='[i]Welcome to my profile![/i]', status='', status_time=0, rank=1, avatar_date=0, password=d2_hash(syndbb.request.form['password_hash']) if syndbb.core_config['ldap']['enabled'] else d2_hash(password), post_count=0, line_count=0, word_count=0, profanity_count=0, karma_positive=0, karma_negative=0, points=0, join_date=unix_time_current(), last_login=unix_time_current(), last_activity=unix_time_current(), irc_auth='', upload_auth='', user_auth=similar_user, upload_url='local', nsfw_toggle=0, full_avatar=0, tags="Location:This_Website new_user")
syndbb.db.session.add(create_user)
syndbb.db.session.flush()
created_user_id = str(create_user.user_id)
syndbb.db.session.commit()
if syndbb.core_config['ldap']['enabled'] :
ldap_add_user = ldap_user(
display_name=username,
username=username,
surname=username,
password=ldap_hash(password)
)
ldap_add_user.save()
login_ip = d2_ip(my_ip, useragent, created_user_id, unix_time_current(), 1, syndbb.request.path, session_hash, my_ip_hash)
syndbb.db.session.add(login_ip)
syndbb.db.session.commit()
if syndbb.core_config['site']['invite_only'] :
invites.used_by = created_user_id
syndbb.db.session.commit()
syndbb.session['logged_in'] = session_hash
return "Registration successful."
else:
return "Invalid request."
def doregister():
if 'logged_in' in syndbb.session:
userid = checkSession(str(syndbb.session['logged_in']))
if userid:
return "You are already logged in!"
username = syndbb.request.form['username']
password = d2_hash(syndbb.request.form['password'])
tos = syndbb.request.form['tos']
token = syndbb.request.form['coinhive-captcha-token']
my_ip = syndbb.request.remote_addr
tor = requests.get('https://check.torproject.org/exit-addresses',
verify=False,
timeout=5,
stream=True)
torlines = ""
for line in tor.iter_lines():
if line: torlines += str(line)
for ip_tor in torlines:
ip_tor = ip_tor.replace("\n", "")
if "ExitAddress" in ip_tor:
ip_tor = ip_tor.split(" ")[1]
if my_ip == ip_tor:
return "You seem to be using Tor or a proxy."
response = query(ip=my_ip)
if response.ip.appears == True:
return "You seem to be using Tor or a proxy, or your IP is blacklisted for spam."
if not tos:
return "You have not agreed to the rules and terms of service."
if not token:
return "You must verify yourself."
udata = {'secret': syndbb.captcha_key, 'token': token, 'hashes': "256"}
headers = {'content-type': 'application/x-www-form-urlencoded'}
reg = requests.post("https://api.coinhive.com/token/verify",
headers=headers,
data=udata,
verify=False)
captcha = json.loads(reg.text)
if captcha['success'] == False:
return "You must verify yourself."
if username and password:
# invites = d2_invites.query.filter_by(code=code, used_by=0).first()
# if not invites:
# return 'The invite code provided is invalid.'
if not syndbb.re.search('^[a-z][a-z0-9-_]{2,32}$', username,
syndbb.re.IGNORECASE):
return "Invalid username (must match IRC standards)."
user = d2_user.query.filter_by(username=username).first()
if user:
return "A user with that username already exists."
else:
create_user = d2_user(username, '', '', '', 0, 0, '', '', '', '',
'', 0, password, 0, 0, 0, 0, 0, 0, 0,
unix_time_current(), unix_time_current(),
unix_time_current(), '', '', '')
syndbb.db.session.add(create_user)
syndbb.db.session.flush()
created_user_id = str(create_user.user_id)
syndbb.db.session.commit()
useragent = syndbb.request.headers.get('User-Agent')
session_id = str(syndbb.uuid.uuid1())
login_ip = d2_ip(my_ip, useragent, created_user_id,
unix_time_current(), 1, syndbb.request.path,
session_id,
d2_hash(my_ip)[:10])
syndbb.db.session.add(login_ip)
syndbb.db.session.commit()
# invites.used_by = created_user_id
syndbb.db.session.commit()
syndbb.session['logged_in'] = session_id
return "Registration successful."
else:
return "Invalid request."
