def message_list_get():
if not session.get('is_logged'):
return json.dumps({
'result': 'error',
'data': {
'message': 'Login please'
}
}), 403
my_uid = get_user_info(['uid'], {'id': session.get('user_id')}).get('uid')
if not my_uid:
return json.dumps({
'result': 'error',
'data': {
'message': 'Something unexpected error occurred!'
}
}), 403
_page = re.findall(r'[0-9]+', request.form.get('page'))[:1]
page = int(_page[0] if _page else 0)
messages = get_messages(my_uid, page)
return json.dumps({
'result': 'ok',
'data': {
'messages': messages
}
},
default=json_default)
def board_read(board, no):
if (board not in boards or security.check_hack(board)
or not security.is_valid(r'[a-zA-Z0-9_-]+', board) or no > maxint):
return abort(400, '')
article = get_article(board, no)
if not article:
return abort(404)
# Check permission on qna board
if board == 'qna':
if not article.get('pinned'):
user_id = get_user_info(['id'], {
'uid': article.get('uid')
}).get('id')
is_writer = (session.get('user_id') == user_id)
if not session.get('is_logged'):
return abort(403, 'You are not logged in!')
if (not session.get('is_admin')
and request.remote_addr != '127.0.0.1' and not is_writer):
return abort(403, 'You are not admin!')
# Admin cannot see forum board articles
if board == 'forum' and session.get('is_admin'):
article['content'] = 'CANNOT LOAD CONTENT BY SECURITY ISSUE'
return render_template('board_read.html', article=article, board=board)
def send_check():
if not session.get('is_logged'):
return abort(403, 'Login please')
title = request.form['title'] if request.form.get('title') else 'Untitled'
content = request.form['content']
if session.get('user_id') != 'admin':
content = content.replace('<', '<').replace('>', '>')
if security.check_hack(title, content):
return abort(400, '')
target = request.form['to']
target_type = ''
if target[:1] == '@': # If target identifier is name
target = target[1:]
target_type = 'name'
else:
target_type = 'id'
cond = {target_type: target}
target_info = get_user_info(['uid', 'id', 'name'], cond)
target_uid = target_info.get('uid')
if not target_uid:
return abort(403, 'User not found!')
sender_result = get_user_info(['uid'], {'id': session.get('user_id')})
sender_uid = sender_result.get('uid')
ip = request.remote_addr
if sender_uid == target_uid:
return abort(400, 'You cannot send a message to yourself!')
send_message(sender_uid, target_uid, title, content, ip)
return render_template('redirect.html',
script="""
<script>
alert('Send success!');
location.href = '/message';
</script>
""")
def message_get():
if not session.get('is_logged'):
return json.dumps({
'result': 'error',
'data': {
'message': 'Login please'
}
}), 403
no = request.form.get('no')
message = get_message(no)
if not message:
return json.dumps({
'result': 'error',
'data': {
'message': 'No message!'
}
}), 404
my_uid = get_user_info(['uid'], {'id': session.get('user_id')}).get('uid')
if message['recv_uid'] != my_uid:
return json.dumps({
'result': 'error',
'data': {
'message': 'Not your message!'
}
}), 403
if not message['readed']:
mark_read_message(no)
return json.dumps({
'result': 'ok',
'data': {
'message': message
}
},
default=json_default)
def login_check():
user_id = request.form['user_id'].strip()
user_pw = request.form['user_pw'].strip()
if security.check_hack(user_id, user_pw):
return abort(400, '')
if validate_login(user_id, user_pw):
session['is_logged'] = True
session['user_id'] = user_id
name = get_user_info(['name'], {'id': user_id}).get('name')
session['user_name'] = name
if user_id == 'admin' and request.remote_addr == '127.0.0.1':
session['is_admin'] = True
return redirect('/', code=302)
else:
return render_template('redirect.html',
script="""
<script>alert('ID, PW not match!');history.back();</script>
"""), 403
def board_write_check(board):
if board not in boards:
return abort(400, '')
if not session.get('is_logged'):
return render_template('redirect.html',
script="""
<script>
alert('You are not logged in!');
location = '/login';
</script>
"""), 403
# Notice board admin only
if (board == 'notice' and
(session.get('user_id') != 'admin' or not session.get('is_admin')
or request.remote_addr != '127.0.0.1')):
return abort(403, 'Not that easy LOL')
title = request.form['title'].replace('<', '').replace('>', '')
content = request.form['content']
uid = get_user_info(['uid'], {'id': session.get('user_id')}).get('uid')
# Limit qna board content length
if board == 'qna' and len(content) > 180:
return abort(400, 'Contents length limited to 180 characters!')
# Abort if input contains malicious payloads
if security.check_hack(title, content):
return abort(400, '')
content = security.purify(content)
if not uid:
return abort(400, 'What the hell??')
ip = request.remote_addr
write_article(board, title, content, uid, ip)
# Make bot check article
if board == 'qna':
from app import run_bot
result = run_bot.delay()
#result.wait()
# Send flag if hacked
if (board == 'notice' and title[:10].lower() == 'hacked by '):
sender_uid = get_user_info(['uid'], {'id': 'admin'}).get('uid')
target_id = title.lower().split()[-1]
target_uid = get_user_info(['uid'], {'id': target_id}).get('uid')
if sender_uid and target_uid:
flag = giveme_flag()
html = '''
<img src="https://i.imgur.com/GYso5uF.jpg" class="img-fluid">
<br>
<p>%s</p>
''' % (flag)
send_message(sender_uid, target_uid, 'HERE IS YOUR FLAG!', html,
ip)
return redirect('/' + board, code=302)