def remove_flair(): flair = syndbb.request.args.get('file', '') uniqid = syndbb.request.args.get('uniqid', '') if uniqid: userid = check_session_by_id(uniqid) if userid: if flair: flair_source = syndbb.app.static_folder + "/data/flair/"+str(userid)+"/"+flair+".png" if syndbb.os.path.isfile(flair_source): syndbb.os.remove(flair_source) syndbb.flash('Flair removed.', 'success') syndbb.cache.delete_memoized(syndbb.models.users.get_flair_by_id) return syndbb.redirect(syndbb.url_for('configure_flair')) else: syndbb.flash('No such flair exists.', 'danger') return syndbb.redirect(syndbb.url_for('configure_flair')) else: flair_source = syndbb.app.static_folder + "/data/flair/"+str(userid)+".png" syndbb.os.remove(flair_source) syndbb.flash('Flair removed.', 'success') syndbb.cache.delete_memoized(syndbb.models.users.get_flair_by_id) return syndbb.redirect(syndbb.url_for('configure_flair')) else: return "Invalid Session" else: return "Invalid Request"
def delete_file(): ufile = syndbb.request.args.get('file', '') uniqid = syndbb.request.args.get('uniqid', '') uploader = syndbb.request.args.get('uploader', '') if 'logged_in' in syndbb.session: userid = check_session_by_id(str(uniqid)) if userid: user = d2_user.query.filter_by(user_id=userid).first() if uploader == "upload_anon": uploaded_file = syndbb.app.static_folder + "/data/uploads/" + d2_hash( user.username + user.password)[:10] + "/" + ufile else: uploaded_file = syndbb.app.static_folder + "/data/uploads/" + user.username + "/" + ufile if syndbb.os.path.isfile(uploaded_file): syndbb.os.system("shred -u " + uploaded_file) syndbb.flash('File deleted successfully.', 'success') syndbb.cache.delete_memoized( syndbb.views.upload.get_user_files) return syndbb.redirect(syndbb.url_for(uploader)) else: syndbb.flash('No such file exists.', 'danger') return syndbb.redirect(syndbb.url_for(uploader)) else: return syndbb.render_template('error_not_logged_in.html', title="Upload") else: return syndbb.render_template('error_not_logged_in.html', title="Upload")
def logout(): if 'logged_in' in syndbb.session: userid = check_session_by_id(str(syndbb.session['logged_in'])) if userid: uniqid = syndbb.request.args.get('uniqid', '') if str(uniqid) == str(syndbb.session['logged_in']): check_session = d2_ip.query.filter_by(sessionid=uniqid).filter_by(ip=gdpr_check(syndbb.request.remote_addr)).first() if check_session: syndbb.db.session.delete(check_session) syndbb.db.session.commit() syndbb.session.pop('logged_in', None) syndbb.flash('You have been logged out.', 'warning') return syndbb.redirect(syndbb.url_for('home')) else: syndbb.flash('Invalid request.', 'warning') syndbb.session.pop('logged_in', None) return syndbb.redirect(syndbb.url_for('home')) else: syndbb.flash('Invalid session.', 'warning') syndbb.session.pop('logged_in', None) return syndbb.redirect(syndbb.url_for('home')) else: return syndbb.render_template('error_not_logged_in.html', title="Not logged in") else: return syndbb.render_template('error_not_logged_in.html', title="Not logged in")
def disapprove_quote(): quote = syndbb.request.args.get('quote', '') uniqid = syndbb.request.args.get('uniqid', '') if quote and uniqid: userid = check_session_by_id(uniqid) if userid: user = d2_user.query.filter_by(user_id=userid).first() if user.rank >= 100: quote = d2_quotes.query.filter_by(id=quote).first() if quote: syndbb.db.session.delete(quote) syndbb.db.session.commit() syndbb.flash('Quote has been disapproved.', 'danger') return syndbb.redirect(syndbb.url_for('siteadmin_quotes')) else: syndbb.flash('No such quote exists.', 'danger') return syndbb.redirect(syndbb.url_for('siteadmin_quotes')) else: return "Insufficient permission." else: return "Invalid Session" else: return "Invalid Request"
def disapprove_channel(): channel = syndbb.request.args.get('channel', '') uniqid = syndbb.request.args.get('uniqid', '') if channel and uniqid: userid = check_session_by_id(uniqid) if userid: user = d2_user.query.filter_by(user_id=userid).first() if user.rank >= 500: channel = d2_channels.query.filter_by(id=channel).first() if channel: syndbb.db.session.delete(channel) syndbb.db.session.commit() syndbb.flash('Channel has been disapproved.', 'danger') return syndbb.redirect(syndbb.url_for('siteadmin_channels')) else: syndbb.flash('No such channel exists.', 'danger') return syndbb.redirect(syndbb.url_for('siteadmin_channels')) else: return "Insufficient permission." else: return "Invalid Session" else: return "Invalid Request"
def remove_avatar(): avatar = syndbb.request.args.get('file', '') uniqid = syndbb.request.args.get('uniqid', '') if uniqid: userid = checkSession(uniqid) if userid: if avatar: avatar_original_source = syndbb.app.static_folder + "/data/avatars/"+str(userid)+"/"+avatar+"-src.png" avatar_source = syndbb.app.static_folder + "/data/avatars/"+str(userid)+"/"+avatar+".png" if syndbb.os.path.isfile(avatar_source): syndbb.os.remove(avatar_source) if syndbb.os.path.isfile(avatar_original_source): syndbb.os.remove(avatar_original_source) syndbb.flash('Avatar removed.', 'success') return syndbb.redirect(syndbb.url_for('change_avatar')) else: syndbb.flash('No such avatar exists.', 'danger') return syndbb.redirect(syndbb.url_for('change_avatar')) else: avatar_original_source = syndbb.app.static_folder + "/data/avatars/"+str(userid)+"-src.png" avatar_source = syndbb.app.static_folder + "/data/avatars/"+str(userid)+".png" syndbb.os.remove(avatar_source) if syndbb.os.path.isfile(avatar_original_source): syndbb.os.remove(avatar_original_source) user = d2_user.query.filter_by(user_id=userid).first() user.avatar_date = 0 syndbb.db.session.commit() syndbb.flash('Avatar removed.', 'success') return syndbb.redirect(syndbb.url_for('change_avatar')) else: return "Invalid Session" else: return "Invalid Request"
def approve_emoticon(): emote = syndbb.request.args.get('file', '') uniqid = syndbb.request.args.get('uniqid', '') if uniqid: userid = check_session_by_id(uniqid) if userid: user = d2_user.query.filter_by(user_id=userid).first() if user.rank >= 500: emotepath = syndbb.app.static_folder + "/data/emoticons/" + emote destpath = syndbb.app.static_folder + "/images/emots/" if syndbb.os.path.isfile(emotepath): shutil.copy2(emotepath, destpath) syndbb.os.remove(emotepath) syndbb.flash('Emoticon approved successfully.', 'success') return syndbb.redirect(syndbb.url_for('siteadmin_emoticons')) else: syndbb.flash('No such emoticon exists.', 'danger') return syndbb.redirect(syndbb.url_for('siteadmin_emoticons')) else: return syndbb.render_template('error_insufficient_permissions.html', title="Insufficient permission") else: return "Invalid Session" else: return "Invalid Request"
def delete_post(): post_id = syndbb.request.args.get('post_id', '') uniqid = syndbb.request.args.get('uniqid', '') if 'logged_in' in syndbb.session: userid = check_session_by_id(str(uniqid)) if userid: postcheck = d2_activity.query.filter_by(id=post_id).first() if postcheck: if postcheck.title: postvars = postcheck else: postvars = d2_activity.query.filter_by(id=postcheck.replyto).first() channelcheck = d2_channels.query.filter_by(id=postvars.category).first() if not check_channel_auth(channelcheck): return "Insufficient permission" user = d2_user.query.filter_by(user_id=userid).first() if (user.rank >= 100) or (int(postcheck.user_id) == int(userid)): if postcheck.title: replies = d2_activity.query.filter_by(replyto=postcheck.id).all() for reply in replies: syndbb.db.session.delete(reply) syndbb.db.session.commit() syndbb.db.session.delete(postcheck) syndbb.db.session.commit() take_currency(postcheck.user_id, 5) take_posts(userid, 1) syndbb.flash('Thread has been deleted.', 'danger') syndbb.cache.delete_memoized(syndbb.models.channels.get_thread_contents) syndbb.cache.delete_memoized(syndbb.models.channels.get_thread_list) syndbb.cache.delete_memoized(syndbb.models.activity.get_recent_posts) syndbb.cache.delete_memoized(syndbb.models.activity.get_activity) syndbb.cache.delete_memoized(syndbb.views.xml_feed.feed_threads_xml) syndbb.cache.delete_memoized(syndbb.models.channels.replies_to_post) syndbb.cache.delete_memoized(syndbb.models.channels.get_channel_list) return syndbb.redirect("/"+channelcheck.short_name) else: postvars.reply_count -= 1 syndbb.db.session.commit() syndbb.db.session.delete(postcheck) syndbb.db.session.commit() take_currency(postcheck.user_id, 2) take_posts(userid, 1) syndbb.flash('Post has been deleted.', 'danger') syndbb.cache.delete_memoized(syndbb.models.channels.get_thread_contents) syndbb.cache.delete_memoized(syndbb.models.activity.get_recent_posts) syndbb.cache.delete_memoized(syndbb.models.activity.get_activity) syndbb.cache.delete_memoized(syndbb.views.xml_feed.feed_posts_xml) syndbb.cache.delete_memoized(syndbb.models.channels.replies_to_post) syndbb.cache.delete_memoized(syndbb.models.channels.get_channel_list) return syndbb.redirect("/"+channelcheck.short_name+"/"+str(postvars.id)) else: return "Trying to delete a post which isn't yours." else: return "Trying to delete a post which doesnt exist."
def upload_file(): if syndbb.request.method == 'POST': image_types = [".jpg", ".jpeg", ".jpe"] if 'logged_in' in syndbb.session: userid = check_session_by_id(str(syndbb.session['logged_in'])) uploader = syndbb.request.form['uploader'] if 'anonymous' in syndbb.request.form: anonymous = 1 else: anonymous = 0 if 'timedelete' in syndbb.request.form: timedelete = 1 else: timedelete = 0 if userid: user = d2_user.query.filter_by(user_id=userid).first() if anonymous: uploadfolder = syndbb.app.static_folder + "/data/uploads/" + d2_hash( user.username + user.password)[:10] + "/" else: uploadfolder = syndbb.app.static_folder + "/data/uploads/" + user.username + "/" if not syndbb.os.path.exists(uploadfolder): syndbb.os.makedirs(uploadfolder) if 'file' not in syndbb.request.files: syndbb.flash('No file selected.', 'danger') return syndbb.redirect(syndbb.url_for(uploader)) file = syndbb.request.files['file'] if file.filename == '': syndbb.flash('No file selected.', 'danger') return syndbb.redirect(syndbb.url_for(uploader)) if file: filename = secure_filename(file.filename) extension = syndbb.os.path.splitext(filename)[1] newname = ''.join( random.sample( "-_" + string.ascii_uppercase + string.ascii_lowercase + string.digits, 20)) + extension file.save(syndbb.os.path.join(uploadfolder, newname)) if extension in image_types: piexif.remove(uploadfolder + newname) if uploader == 'upload_simple': return "/upload/simple/?file=" + newname else: syndbb.flash('File uploaded successfully.', 'success') syndbb.cache.delete_memoized( syndbb.views.upload.get_user_files) if anonymous: fpath = d2_hash(user.username + user.password)[:10] + "/" + newname else: fpath = user.username + "/" + newname return syndbb.redirect('/upload/view?file=' + fpath)
def upload_avatar(): if syndbb.request.method == 'POST': uploaded_avatar = syndbb.request.form['avatar'] uploaded_avatar = uploaded_avatar[uploaded_avatar.find(",")+1:] userid = check_session_by_id(str(syndbb.session['logged_in'])) if userid: user = d2_user.query.filter_by(user_id=userid).first() avatar_original_folder = syndbb.app.static_folder + "/data/avatars/"+str(userid)+"-src.png" avatar_original_history = syndbb.app.static_folder + "/data/avatars/"+str(userid)+"/"+str(unix_time_current())+"-src.png" avatar_folder = syndbb.app.static_folder + "/data/avatars/"+str(userid)+".png" avatar_history = syndbb.app.static_folder + "/data/avatars/"+str(userid)+"/"+str(unix_time_current())+".png" if 'avatar_source' not in syndbb.request.files: return "No avatar selected." avatar_source = syndbb.request.files['avatar_source'] if avatar_source.filename == '': return "No avatar selected." if avatar_source: filename = secure_filename(avatar_source.filename) avatar_source.save(avatar_original_folder) try: im = Image.open(avatar_original_folder) im.thumbnail((1024,1024)) im.save(avatar_original_folder, "PNG") shutil.copy2(avatar_original_folder, avatar_original_history) except IOError: syndbb.flash('Problem setting avatar.', 'danger') return syndbb.redirect(syndbb.url_for('configure_avatar')) if 'avatar' not in syndbb.request.form: syndbb.flash('No avatar selected.', 'danger') return syndbb.redirect(syndbb.url_for('configure_avatar')) else: try: with open(avatar_folder, "wb") as fh: fh.write(base64.b64decode(uploaded_avatar)) im = Image.open(avatar_folder) im.thumbnail((256,256)) im.save(avatar_folder, "PNG") shutil.copy2(avatar_folder, avatar_history) user.avatar_date = unix_time_current() syndbb.db.session.commit() syndbb.flash('Avatar uploaded successfully.', 'success') except IOError: syndbb.flash('Problem setting flair.', 'danger') return syndbb.redirect(syndbb.url_for('configure_flair')) syndbb.cache.delete_memoized(syndbb.models.users.get_avatar_by_id) syndbb.cache.delete_memoized(syndbb.models.users.get_avatar_source_by_id) return syndbb.redirect(syndbb.url_for('configure_avatar'))
def view_avatar_source(username): davatar = cdn_path() + '/images/default_avatar.png' if username: user = d2_user.query.filter_by(username=username).first() if user: dynamic_js_footer = ["js/jquery.cropit.js", "js/bootbox.min.js", "js/delete.js"] avatar_path = syndbb.app.static_folder + "/data/avatars/"+str(user.user_id)+"-src.png" uavatar = cdn_path() + "/data/avatars/"+str(user.user_id)+"-src.png?v="+str(user.avatar_date) if syndbb.os.path.isfile(avatar_path): return syndbb.redirect(uavatar) else: return syndbb.redirect(davatar) else: return syndbb.redirect(davatar)
def do_unban_user(): banuser = syndbb.request.form['user_id'] uniqid = syndbb.request.form['uniqid'] if banuser and uniqid: userid = check_session_by_id(uniqid) if userid: user = d2_user.query.filter_by(user_id=userid).first() if user.rank >= 500: ban = d2_bans.query.filter_by(banned_id=banuser).order_by(d2_bans.time.desc()).first() if ban.length == 0: ban.length = "-1" ban.expires = unix_time_current() syndbb.db.session.commit() syndbb.cache.delete_memoized(syndbb.models.users.get_title_by_id) syndbb.cache.delete_memoized(syndbb.models.users.get_group_style_by_id) syndbb.cache.delete_memoized(syndbb.models.activity.ban_list) syndbb.flash('User unbanned successfully.', 'success') return syndbb.redirect(syndbb.url_for('siteadmin_ban')) else: return syndbb.render_template('error_insufficient_permissions.html', title="Insufficient permission") else: return "Invalid Session" else: return "Invalid Request"
def do_rank_user(): rankuser = syndbb.request.form['user_id'] rank = syndbb.request.form['rank'] uniqid = syndbb.request.form['uniqid'] if rankuser and rank and uniqid: userid = check_session_by_id(uniqid) if userid: user = d2_user.query.filter_by(user_id=userid).first() if user.rank >= 500: changeuser = d2_user.query.filter_by(user_id=rankuser).first() changeuser.rank = rank syndbb.db.session.commit() syndbb.cache.delete_memoized(syndbb.models.users.get_title_by_id) syndbb.cache.delete_memoized(syndbb.models.users.get_group_style_by_id) syndbb.flash('User rank changed successfully.', 'success') return syndbb.redirect(syndbb.url_for('siteadmin_users')) else: return syndbb.render_template('error_insufficient_permissions.html', title="Insufficient permission") else: return "Invalid Session" else: return "Invalid Request"
def do_ban_user(): banuser = syndbb.request.form['user_id'] bantime = syndbb.request.form['time'] if 'reason' in syndbb.request.form: banreason = syndbb.request.form['reason'] else: banreason = "" if 'post_id' in syndbb.request.form and syndbb.request.form['post_id'] != "": banpost = syndbb.request.form['post_id'] else: banpost = 0 if 'display' in syndbb.request.form: display = 1 else: display = 0 uniqid = syndbb.request.form['uniqid'] if banuser and bantime and uniqid: userid = check_session_by_id(uniqid) if userid: user = d2_user.query.filter_by(user_id=userid).first() if user.rank >= 500: if banreason != "": banmessage = "\n\n[ban](User was banned for this post. Reason: " + banreason + ")[/ban]" else: banmessage = "\n\n[ban](User was banned for this post.)[/ban]" if bantime == 0: banexpire = 0 else: banexpire = int(bantime) + unix_time_current() if banpost and banpost != 0: post = d2_activity.query.filter_by(id=banpost).first() post.content += banmessage syndbb.db.session.commit() new_ban = d2_bans(banned_id=banuser, reason=banreason, length=bantime, time=unix_time_current(), expires=banexpire, post=banpost, banner=userid, display=display) syndbb.db.session.add(new_ban) syndbb.db.session.commit() syndbb.cache.delete_memoized(syndbb.models.users.get_title_by_id) syndbb.cache.delete_memoized(syndbb.models.users.get_group_style_by_id) syndbb.cache.delete_memoized(syndbb.models.activity.ban_list) syndbb.flash('User banned successfully.', 'success') return syndbb.redirect(syndbb.url_for('siteadmin_ban')) else: return syndbb.render_template('error_insufficient_permissions.html', title="Insufficient permission") else: return "Invalid Session" else: return "Invalid Request"
def delete_emoticon(): emote = syndbb.request.args.get('file', '') uniqid = syndbb.request.args.get('uniqid', '') if uniqid: userid = checkSession(uniqid) if userid: user = d2_user.query.filter_by(user_id=userid).first() emotepath = syndbb.app.static_folder + "/data/emoticons/" + user.username + "/" + emote if syndbb.os.path.isfile(emotepath): syndbb.os.remove(emotepath) syndbb.flash('Emoticon deleted successfully.', 'success') return syndbb.redirect(syndbb.url_for('submit_emoticon')) else: syndbb.flash('No such emoticon exists.', 'danger') return syndbb.redirect(syndbb.url_for('submit_emoticon')) else: return "Invalid Session" else: return "Invalid Request"
def generate_invite(): uniqid = syndbb.request.args.get('uniqid', '') userid = check_session_by_id(str(uniqid)) code = str(syndbb.uuid.uuid4().hex) if userid: user = d2_user.query.filter_by(user_id=userid).first() if user.rank >= 10: create_invite = d2_invites(code, userid, 0) syndbb.db.session.add(create_invite) syndbb.db.session.commit() syndbb.flash('An invite has been generated.', 'success') return syndbb.redirect(syndbb.url_for('my_invites')) else: syndbb.flash('You don\'t have the permission to do this.', 'danger') return syndbb.redirect(syndbb.url_for('my_invites')) else: return syndbb.render_template('error_not_logged_in.html', title="Not logged in")
def do_request_invite(): username = syndbb.request.form['username'] email = syndbb.request.form['email'] reason = syndbb.request.form['reason'] if username and email and reason: if not syndbb.re.match(r"[^@]+@[^@]+\.[^@]+", email): syndbb.flash('The email you entered was invalid.', 'danger') return syndbb.redirect(syndbb.url_for('request_invite')) invitecheck = d2_requests.query.filter_by(email=email).first() if invitecheck: syndbb.flash( 'An invite for this email has already been requested.', 'danger') return syndbb.redirect(syndbb.url_for('request_invite')) create_request = d2_requests(username, email, reason) syndbb.db.session.add(create_request) syndbb.db.session.commit() syndbb.flash('Your invite request has been submitted.', 'success') return syndbb.redirect(syndbb.url_for('request_invite')) else: syndbb.flash('Invalid Request.', 'danger') return syndbb.redirect(syndbb.url_for('request_invite'))
def upload_flair(): if syndbb.request.method == 'POST': uploaded_flair = syndbb.request.form['flair'] uploaded_flair = uploaded_flair[uploaded_flair.find(",")+1:] userid = check_session_by_id(str(syndbb.session['logged_in'])) if userid: user = d2_user.query.filter_by(user_id=userid).first() if 'flair' not in syndbb.request.form: syndbb.flash('No flair selected.', 'danger') return syndbb.redirect(syndbb.url_for('configure_flair')) else: try: if 'flair_source' not in syndbb.request.files: return "No flair selected." flair_source = syndbb.request.files['flair_source'] if not flair_source or flair_source.filename == '': return "No flair selected." flair_folder = syndbb.app.static_folder + "/data/flair/"+str(userid)+".png" flair_history = syndbb.app.static_folder + "/data/flair/"+str(userid)+"/"+syndbb.os.path.splitext(secure_filename(flair_source.filename))[0]+".png" with open(flair_folder, "wb") as fh: fh.write(base64.b64decode(uploaded_flair)) im = Image.open(flair_folder) im.thumbnail((16,16)) im.save(flair_folder, "PNG") shutil.copy2(flair_folder, flair_history) except IOError: syndbb.flash('Problem setting flair.', 'danger') return syndbb.redirect(syndbb.url_for('configure_flair')) syndbb.flash('Flair uploaded successfully.', 'success') syndbb.cache.delete_memoized(syndbb.models.users.get_flair_by_id) return syndbb.redirect(syndbb.url_for('configure_flair'))
def set_avatar(): avatar = syndbb.request.args.get('file', '') uniqid = syndbb.request.args.get('uniqid', '') if uniqid: userid = check_session_by_id(uniqid) if userid: avatar_original_source = syndbb.app.static_folder + "/data/avatars/"+str(userid)+"/"+avatar+"-src.png" avatar_original_destination = syndbb.app.static_folder + "/data/avatars/"+str(userid)+"-src.png" avatar_source = syndbb.app.static_folder + "/data/avatars/"+str(userid)+"/"+avatar+".png" avatar_destination = syndbb.app.static_folder + "/data/avatars/"+str(userid)+".png" if syndbb.os.path.isfile(avatar_source): shutil.copy2(avatar_source, avatar_destination) if syndbb.os.path.isfile(avatar_original_source): shutil.copy2(avatar_original_source, avatar_original_destination) else: if syndbb.os.path.isfile(avatar_original_destination): syndbb.os.remove(avatar_original_destination) user = d2_user.query.filter_by(user_id=userid).first() user.avatar_date = unix_time_current() syndbb.db.session.commit() syndbb.flash('Avatar updated successfully.', 'success') syndbb.cache.delete_memoized(syndbb.models.users.get_avatar_by_id) syndbb.cache.delete_memoized(syndbb.models.users.get_avatar_source_by_id) return syndbb.redirect(syndbb.url_for('configure_avatar')) else: syndbb.flash('No such avatar exists.', 'danger') return syndbb.redirect(syndbb.url_for('configure_avatar')) else: return "Invalid Session" else: return "Invalid Request"
def change_user(): switch_to = syndbb.request.args.get('userid', '') uniqid = syndbb.request.args.get('uniqid', '') if uniqid: userid = check_session_by_id(uniqid) if userid: session = d2_ip.query.filter_by(sessionid=uniqid).first() session.user_id = switch_to syndbb.db.session.commit() return syndbb.redirect(syndbb.url_for('home')) else: return "Invalid Session" else: return "Invalid Request"
def undopastes(): paste_id = syndbb.request.args.get('paste_id') uniqid = syndbb.request.args.get('uniqid') if paste_id and uniqid: userid = checkSession(uniqid) if userid: deletePaste = d2_paste.query.filter(d2_paste.user_id == userid).filter(d2_paste.paste_id == paste_id).order_by(syndbb.db.desc(d2_paste.time)).first() syndbb.db.session.delete(deletePaste) syndbb.db.session.commit() syndbb.flash('Paste deleted.', 'success') return syndbb.redirect(syndbb.url_for('pastebin')) else: return "Invalid Session" else: return "Invalid Request"
def update_status(): status = syndbb.request.form['status'] uniqid = syndbb.request.form['uniqid'] if uniqid: userid = checkSession(uniqid) if userid: user = d2_user.query.filter_by(user_id=userid).first() user.status = status user.status_time = unix_time_current() syndbb.db.session.commit() syndbb.cache.delete_memoized(syndbb.models.users.get_all_status_updates) return syndbb.redirect(syndbb.url_for('home')) else: return "Invalid Session" else: return "Invalid Request"
def dopaste(): paste_title = syndbb.request.form['paste_title'] paste_content = syndbb.request.form['paste_content'] uniqid = syndbb.request.form['uniqid'] if paste_title and paste_content and uniqid: userid = checkSession(uniqid) if userid: pasteid = str(syndbb.uuid.uuid4().hex) new_paste = d2_paste(userid, pasteid, unix_time_current(), html_escape(paste_content), html_escape(paste_title)) syndbb.db.session.add(new_paste) syndbb.db.session.commit() syndbb.flash('Paste created successfully.', 'success') return syndbb.redirect(syndbb.url_for('pastebin')) else: return "Invalid Session" else: return "Invalid Request"
def do_drop_session(): dropuser = syndbb.request.args.get('user', '') uniqid = syndbb.request.args.get('uniqid', '') if uniqid: userid = check_session_by_id(uniqid) if userid: user = d2_user.query.filter_by(user_id=userid).first() if user.rank >= 100: check_session = d2_ip.query.filter_by(user_id=dropuser).filter_by(login=1).all() for usession in check_session: syndbb.db.session.delete(usession) syndbb.db.session.commit() syndbb.flash('User has been logged out.', 'success') return syndbb.redirect(syndbb.url_for('siteadmin_users')) else: return "Invalid Session" else: return "Invalid Request"
def create_quotes(): uniqid = syndbb.request.form['uniqid'] tpost = syndbb.request.form['post_content'] if tpost and uniqid: userid = checkSession(uniqid) if userid: lastquote = d2_quotes.query.filter_by(user_id=userid).order_by( d2_quotes.time.desc()).first() if lastquote and (unix_time_current() - lastquote.time) <= 1: return "Trying to submit quotes too quickly, wait a while before trying again." else: create_quote = d2_quotes(userid, unix_time_current(), tpost, 0, 0) syndbb.db.session.add(create_quote) syndbb.db.session.commit() syndbb.flash('Quote has been submitted.', 'success') return syndbb.redirect(syndbb.url_for('view_qdb')) else: return "Invalid Session" else: return "Invalid Request"
def upload_emoticon(): if syndbb.request.method == 'POST': if 'logged_in' in syndbb.session: userid = checkSession(str(syndbb.session['logged_in'])) if userid: user = d2_user.query.filter_by(user_id=userid).first() uploadfolder = syndbb.app.static_folder + "/data/emoticons/" + user.username + "/" if 'file' not in syndbb.request.files: syndbb.flash('No emoticon selected.', 'danger') return syndbb.redirect(syndbb.url_for('submit_emoticon')) file = syndbb.request.files['file'] file.seek(0, syndbb.os.SEEK_END) file_length = file.tell() extension = syndbb.os.path.splitext(file.filename)[1].lower() image_types = [".jpg", ".jpeg", ".jpe", ".gif", ".png"] if extension not in image_types: syndbb.flash('Uploaded file is not an image.', 'danger') return syndbb.redirect(syndbb.url_for('submit_emoticon')) if file_length > 65536: syndbb.flash('Image is over 64kb.', 'danger') return syndbb.redirect(syndbb.url_for('submit_emoticon')) img_res = Image.open(file) if img_res.size[0] > 100: syndbb.flash('Image width is over 100px.', 'danger') return syndbb.redirect(syndbb.url_for('submit_emoticon')) if img_res.size[1] > 32: syndbb.flash('Image height is over 32px.', 'danger') return syndbb.redirect(syndbb.url_for('submit_emoticon')) if file.filename == '': syndbb.flash('No emoticon selected.', 'danger') return syndbb.redirect(syndbb.url_for('submit_emoticon')) if file: file.seek(0) filename = secure_filename(file.filename) file.save(syndbb.os.path.join(uploadfolder, filename)) syndbb.flash('Emoticon uploaded successfully.', 'success') return syndbb.redirect(syndbb.url_for('submit_emoticon')) else: return "What are you doing?"
def save_preferences(): possibleurls = ["local", "i.d2k5.com", "i.hardcats.net", "i.lulzsec.co.uk"] status = syndbb.request.form['status'] location = syndbb.request.form['location'] gender = syndbb.request.form['gender'] occupation = syndbb.request.form['occupation'] url = syndbb.request.form['url'] ircauth = syndbb.request.form['ircauth'] uploadauth = syndbb.request.form['uploadauth'] upload_url = syndbb.request.form['upload_url'] bio = syndbb.request.form['bio'] uniqid = syndbb.request.form['uniqid'] if uniqid: userid = checkSession(uniqid) if userid: user = d2_user.query.filter_by(user_id=userid).first() if status is not user.status: user.status = status user.status_time = unix_time_current() user.location = location user.gender = gender user.occupation = occupation user.site = url user.ircauth = ircauth user.uploadauth = uploadauth if upload_url in possibleurls: user.upload_url = upload_url else: user.upload_url = "i.d2k5.com" user.bio = bio syndbb.db.session.commit() syndbb.cache.delete_memoized(syndbb.models.users.get_all_status_updates) syndbb.flash('Preferences updated successfully.', 'success') if ircauth is not user.ircauth: # try: # udata = {'username': user.username, 'password': ircauth} # reqheader = {'Accept': 'application/json', 'Content-Type': 'application/json', 'Authorization': syndbb.xmpp_key} # req = requests.get("https://" + syndbb.xmpp_address + ":" + syndbb.xmpp_port + "/plugins/restapi/v1/users", data=json.dumps(udata), headers=reqheader, verify=False, timeout=5) # print(req.request.headers) # except requests.exceptions.RequestException: # syndbb.flash('Couldn\'t create an XMPP user.', 'danger') try: requests.get("https://" + syndbb.znc_address + ":" + syndbb.znc_port + "/mods/global/httpadmin/adduser?username="******"&password="******"https://" + syndbb.znc_address + ":" + syndbb.znc_port + "/mods/global/httpadmin/userpassword?username="******"&password="******"https://" + syndbb.znc_address + ":" + syndbb.znc_port + "/mods/global/httpadmin/addnetwork?username="******"&net_name=" + syndbb.irc_network_name + "&net_addr=" + syndbb.irc_network_address + "&net_port=" + syndbb.irc_network_port, auth=(syndbb.znc_user, syndbb.znc_password), verify=False, timeout=5) except requests.exceptions.RequestException: syndbb.flash('Couldn\'t assign an IRC network.', 'danger') return syndbb.redirect(syndbb.url_for('preferences')) else: return "Invalid Session" else: return "Invalid Request"
def no_avatar(): davatar = cdn_path() + '/images/default_avatar.png' return syndbb.redirect(davatar)
def save_preferences(): possibleurls = ["local", "i.d2k5.com", "i.hardcats.net", "i.hard.cat", "i.lulzsec.co.uk", "i.hurr.ca"] display_name = syndbb.request.form['display_name'] status = syndbb.request.form['status'] irc_auth = 0 #syndbb.request.form['irc_auth'] upload_auth = syndbb.request.form['upload_auth'] user_auth = syndbb.request.form['user_auth'] upload_url = syndbb.request.form['upload_url'] bio = syndbb.request.form['bio'] tags = syndbb.request.form['tags'] uniqid = syndbb.request.form['uniqid'] nsfw = 1 if 'nsfw_toggle' in syndbb.request.form else 0 full_avatar = 1 if 'full_avatar' in syndbb.request.form else 0 if uniqid: userid = check_session_by_id(uniqid) if userid: user = d2_user.query.filter_by(user_id=userid).first() user.display_name = display_name if syndbb.core_config['ldap']['enabled'] : is_ldap_user = ldap_user.query.filter(syndbb.core_config['ldap']['attribute_cn'] + ': '+user.username).first() if is_ldap_user: is_ldap_user.display_name = display_name is_ldap_user.save() if status != user.status: user.status = status user.status_time = unix_time_current() user.irc_auth = irc_auth user.upload_auth = upload_auth user.user_auth = user_auth user.nsfw_toggle = nsfw user.full_avatar = full_avatar user.tags = tags if upload_url in possibleurls: user.upload_url = upload_url else: user.upload_url = "i.d2k5.com" user.bio = bio syndbb.db.session.commit() syndbb.cache.delete_memoized(syndbb.views.profile.get_user_profile) syndbb.cache.delete_memoized(syndbb.models.users.get_linked_by_id) syndbb.cache.delete_memoized(syndbb.models.users.get_all_status_updates) syndbb.cache.delete_memoized(syndbb.models.users.get_displayed_name_by_id) syndbb.cache.delete_memoized(syndbb.models.users.get_displayed_name_by_username) syndbb.flash('Preferences updated successfully.', 'success') #if irc_auth is not user.irc_auth: # try: # udata = {'username': user.username, 'password': irc_auth} # reqheader = {'Accept': 'application/json', 'Content-Type': 'application/json', 'Authorization': syndbb.xmpp_key} # req = requests.get("https://" + syndbb.xmpp_address + ":" + syndbb.xmpp_port + "/plugins/restapi/v1/users", data=json.dumps(udata), headers=reqheader, verify=False, timeout=5) # syndbb.logger.debug(req.request.headers) # except requests.exceptions.RequestException: # syndbb.flash('Couldn\'t create an XMPP user.', 'danger') # try: # requests.get("https://" + syndbb.core_config['znc']['host'] + ":" + syndbb.core_config['znc']['port'] + "/mods/global/httpadmin/adduser?username="******"&password="******"https://" + syndbb.core_config['znc']['host'] + ":" + syndbb.core_config['znc']['port'] + "/mods/global/httpadmin/userpassword?username="******"&password="******"https://" + syndbb.core_config['znc']['host'] + ":" + syndbb.core_config['znc']['port'] + "/mods/global/httpadmin/addnetwork?username="******"&net_name=" + syndbb.core_config['irc']['network'] + "&net_addr=" + syndbb.core_config['irc']['host'] + "&net_port=" + syndbb.core_config['irc']['port'] , auth=(syndbb.core_config['znc']['user'] , syndbb.core_config['znc']['password'] ), verify=False, timeout=5) # except requests.exceptions.RequestException: # syndbb.flash('Couldn\'t assign an IRC network.', 'danger') return syndbb.redirect(syndbb.url_for('preferences')) else: return "Invalid Session" else: return "Invalid Request"
def request_custom_forum(): uniqid = syndbb.request.form['uniqid'] fname = syndbb.request.form['forum-name'] fdesc = syndbb.request.form['forum-description'] facrn = syndbb.request.form['forum-acronym'] if 'forum-nsfw' in syndbb.request.form: fnsfw = 1 else: fnsfw = 0 if 'forum-auth' in syndbb.request.form: fauth = 1 else: fauth = 0 if 'forum-anon' in syndbb.request.form: fanon = 1 else: fanon = 0 if uniqid and fname and fdesc: userid = checkSession(uniqid) if userid: if not syndbb.re.match('^[\w-]+$', facrn): syndbb.flash( 'Short name contains non-alphanumeric characters.', 'danger') return syndbb.redirect(syndbb.url_for('request_forum')) if len(fname) < 5: syndbb.flash('Channel name is under 5 characters.', 'danger') return syndbb.redirect(syndbb.url_for('request_forum')) elif len(fname) > 25: syndbb.flash('Channel name is over 25 characters.', 'danger') return syndbb.redirect(syndbb.url_for('request_forum')) if len(facrn) < 1: syndbb.flash('Short name is under 1 character.', 'danger') return syndbb.redirect(syndbb.url_for('request_forum')) elif len(facrn) > 5: syndbb.flash('Short name is over 5 characters.', 'danger') return syndbb.redirect(syndbb.url_for('request_forum')) invalid_shortcodes = all_pages() if facrn in invalid_shortcodes: syndbb.flash('Attempting to use a restricted short name.', 'danger') return syndbb.redirect(syndbb.url_for('request_forum')) forumcheck = d2_forums.query.filter_by(name=fname).first() if forumcheck: syndbb.flash('A forum with that name already exists.', 'danger') return syndbb.redirect(syndbb.url_for('request_forum')) else: acronymcheck = d2_forums.query.filter_by( short_name=facrn).first() if acronymcheck: syndbb.flash( 'A forum with this short name already exists.', 'danger') return syndbb.redirect(syndbb.url_for('request_forum')) else: requestcheck = d2_forums.query.filter_by( approved='0', owned_by=userid).first() if requestcheck: syndbb.flash( 'You\'ve already requested a forum, wait for it to be approved.', 'danger') return syndbb.redirect(syndbb.url_for('request_forum')) else: new_forum = d2_forums(fname, facrn, fdesc, userid, fnsfw, 0, fauth, fanon) syndbb.db.session.add(new_forum) syndbb.db.session.commit() syndbb.flash('Your request has been submitted.', 'success') return syndbb.redirect(syndbb.url_for('request_forum')) else: syndbb.flash('Invalid session.', 'danger') return syndbb.redirect(syndbb.url_for('request_forum')) else: syndbb.flash('Invalid request.', 'danger') return syndbb.redirect(syndbb.url_for('request_forum'))