def is_banned(id): user = d2_user.query.filter_by(user_id=id).first() if user and user.rank <= 500: bans = d2_bans.query.order_by(d2_bans.time.desc()).all() for ban in bans: if (ban.length is 0) or (int(ban.expires) >= unix_time_current()): if ban.banned_id == user.user_id: ips = d2_ip.query.filter_by(user_id=ban.banned_id).all() for ipad in ips: if syndbb.request.remote_addr == ipad.ip: return {'ban': ban, 'banduration': "NEVER"} if user and user.rank >= 500: return 0 else: ban = d2_bans.query.filter_by(banned_id=id).order_by( d2_bans.time.desc()).first() if ban: if ban.length is not 0: if int(ban.expires) <= unix_time_current(): return 0 else: return { 'ban': ban, 'banduration': display_time(ban.length) } else: return {'ban': ban, 'banduration': "NEVER"} else: return 0
def inject_user(): if 'logged_in' in syndbb.session: user_session = d2_ip.query.filter_by( sessionid=syndbb.session['logged_in']).filter_by( ip=syndbb.request.remote_addr).first() if user_session: user = d2_user.query.filter_by( user_id=user_session.user_id).first() if user and user.user_id: user.last_activity = unix_time_current() syndbb.db.session.commit() my_ip = syndbb.request.remote_addr ipcheck = d2_ip.query.filter_by(ip=my_ip).filter_by( user_id=user.user_id).filter_by( sessionid=user_session.sessionid).first() if ipcheck: ipcheck.time = unix_time_current() ipcheck.page = syndbb.request.path syndbb.db.session.commit() bancheck = is_banned(user.user_id) if bancheck: return { 'user': user, 'user_session': user_session, 'bancheck': bancheck } else: return {'user': user, 'user_session': user_session} else: syndbb.session.pop('logged_in', None) user = {'user_id': 0, 'username': "******", 'rank': 0} user_session = {'sessionid': 0} return {'user': user, 'user_session': user_session}
def do_unban_user(): banuser = syndbb.request.form['user_id'] uniqid = syndbb.request.form['uniqid'] if banuser and uniqid: userid = check_session_by_id(uniqid) if userid: user = d2_user.query.filter_by(user_id=userid).first() if user.rank >= 500: ban = d2_bans.query.filter_by(banned_id=banuser).order_by(d2_bans.time.desc()).first() if ban.length == 0: ban.length = "-1" ban.expires = unix_time_current() syndbb.db.session.commit() syndbb.cache.delete_memoized(syndbb.models.users.get_title_by_id) syndbb.cache.delete_memoized(syndbb.models.users.get_group_style_by_id) syndbb.cache.delete_memoized(syndbb.models.activity.ban_list) syndbb.flash('User unbanned successfully.', 'success') return syndbb.redirect(syndbb.url_for('siteadmin_ban')) else: return syndbb.render_template('error_insufficient_permissions.html', title="Insufficient permission") else: return "Invalid Session" else: return "Invalid Request"
def set_avatar(): avatar = syndbb.request.args.get('file', '') uniqid = syndbb.request.args.get('uniqid', '') if uniqid: userid = checkSession(uniqid) if userid: avatar_original_source = syndbb.app.static_folder + "/data/avatars/"+str(userid)+"/"+avatar+"-src.png" avatar_original_destination = syndbb.app.static_folder + "/data/avatars/"+str(userid)+"-src.png" avatar_source = syndbb.app.static_folder + "/data/avatars/"+str(userid)+"/"+avatar+".png" avatar_destination = syndbb.app.static_folder + "/data/avatars/"+str(userid)+".png" if syndbb.os.path.isfile(avatar_source): shutil.copy2(avatar_source, avatar_destination) if syndbb.os.path.isfile(avatar_original_source): shutil.copy2(avatar_original_source, avatar_original_destination) else: if syndbb.os.path.isfile(avatar_original_destination): syndbb.os.remove(avatar_original_destination) user = d2_user.query.filter_by(user_id=userid).first() user.avatar_date = unix_time_current() syndbb.db.session.commit() syndbb.flash('Avatar updated successfully.', 'success') return syndbb.redirect(syndbb.url_for('change_avatar')) else: syndbb.flash('No such avatar exists.', 'danger') return syndbb.redirect(syndbb.url_for('change_avatar')) else: return "Invalid Session" else: return "Invalid Request"
def upload_avatar(): if syndbb.request.method == 'POST': uploaded_avatar = syndbb.request.form['avatar'] uploaded_avatar = uploaded_avatar[uploaded_avatar.find(",")+1:] userid = check_session_by_id(str(syndbb.session['logged_in'])) if userid: user = d2_user.query.filter_by(user_id=userid).first() avatar_original_folder = syndbb.app.static_folder + "/data/avatars/"+str(userid)+"-src.png" avatar_original_history = syndbb.app.static_folder + "/data/avatars/"+str(userid)+"/"+str(unix_time_current())+"-src.png" avatar_folder = syndbb.app.static_folder + "/data/avatars/"+str(userid)+".png" avatar_history = syndbb.app.static_folder + "/data/avatars/"+str(userid)+"/"+str(unix_time_current())+".png" if 'avatar_source' not in syndbb.request.files: return "No avatar selected." avatar_source = syndbb.request.files['avatar_source'] if avatar_source.filename == '': return "No avatar selected." if avatar_source: filename = secure_filename(avatar_source.filename) avatar_source.save(avatar_original_folder) try: im = Image.open(avatar_original_folder) im.thumbnail((1024,1024)) im.save(avatar_original_folder, "PNG") shutil.copy2(avatar_original_folder, avatar_original_history) except IOError: syndbb.flash('Problem setting avatar.', 'danger') return syndbb.redirect(syndbb.url_for('configure_avatar')) if 'avatar' not in syndbb.request.form: syndbb.flash('No avatar selected.', 'danger') return syndbb.redirect(syndbb.url_for('configure_avatar')) else: try: with open(avatar_folder, "wb") as fh: fh.write(base64.b64decode(uploaded_avatar)) im = Image.open(avatar_folder) im.thumbnail((256,256)) im.save(avatar_folder, "PNG") shutil.copy2(avatar_folder, avatar_history) user.avatar_date = unix_time_current() syndbb.db.session.commit() syndbb.flash('Avatar uploaded successfully.', 'success') except IOError: syndbb.flash('Problem setting flair.', 'danger') return syndbb.redirect(syndbb.url_for('configure_flair')) syndbb.cache.delete_memoized(syndbb.models.users.get_avatar_by_id) syndbb.cache.delete_memoized(syndbb.models.users.get_avatar_source_by_id) return syndbb.redirect(syndbb.url_for('configure_avatar'))
def do_ban_user(): banuser = syndbb.request.form['user_id'] bantime = syndbb.request.form['time'] if 'reason' in syndbb.request.form: banreason = syndbb.request.form['reason'] else: banreason = "" if 'post_id' in syndbb.request.form and syndbb.request.form['post_id'] != "": banpost = syndbb.request.form['post_id'] else: banpost = 0 if 'display' in syndbb.request.form: display = 1 else: display = 0 uniqid = syndbb.request.form['uniqid'] if banuser and bantime and uniqid: userid = check_session_by_id(uniqid) if userid: user = d2_user.query.filter_by(user_id=userid).first() if user.rank >= 500: if banreason != "": banmessage = "\n\n[ban](User was banned for this post. Reason: " + banreason + ")[/ban]" else: banmessage = "\n\n[ban](User was banned for this post.)[/ban]" if bantime == 0: banexpire = 0 else: banexpire = int(bantime) + unix_time_current() if banpost and banpost != 0: post = d2_activity.query.filter_by(id=banpost).first() post.content += banmessage syndbb.db.session.commit() new_ban = d2_bans(banned_id=banuser, reason=banreason, length=bantime, time=unix_time_current(), expires=banexpire, post=banpost, banner=userid, display=display) syndbb.db.session.add(new_ban) syndbb.db.session.commit() syndbb.cache.delete_memoized(syndbb.models.users.get_title_by_id) syndbb.cache.delete_memoized(syndbb.models.users.get_group_style_by_id) syndbb.cache.delete_memoized(syndbb.models.activity.ban_list) syndbb.flash('User banned successfully.', 'success') return syndbb.redirect(syndbb.url_for('siteadmin_ban')) else: return syndbb.render_template('error_insufficient_permissions.html', title="Insufficient permission") else: return "Invalid Session" else: return "Invalid Request"
def create_quotes(): uniqid = syndbb.request.form['uniqid'] tpost = syndbb.request.form['post_content'] if tpost and uniqid: userid = checkSession(uniqid) if userid: lastquote = d2_quotes.query.filter_by(user_id=userid).order_by( d2_quotes.time.desc()).first() if lastquote and (unix_time_current() - lastquote.time) <= 1: return "Trying to submit quotes too quickly, wait a while before trying again." else: create_quote = d2_quotes(userid, unix_time_current(), tpost, 0, 0) syndbb.db.session.add(create_quote) syndbb.db.session.commit() syndbb.flash('Quote has been submitted.', 'success') return syndbb.redirect(syndbb.url_for('view_qdb')) else: return "Invalid Session" else: return "Invalid Request"
def inject_user(): if 'logged_in' in syndbb.session: user_session = d2_ip.query.filter_by( sessionid=syndbb.session['logged_in']).filter_by( iphash=get_ip_hash(syndbb.request.remote_addr)).first() if user_session: user = d2_user.query.filter_by( user_id=user_session.user_id).first() if user and user.user_id: user.last_activity = unix_time_current() syndbb.db.session.commit() ip_check = d2_ip.query.filter_by( iphash=get_ip_hash(syndbb.request.remote_addr)).filter_by( user_id=user.user_id).filter_by( sessionid=user_session.sessionid).first() if ip_check: ip_check.ip = gdpr_check(syndbb.request.remote_addr) ip_check.iphash = get_ip_hash(syndbb.request.remote_addr) ip_check.useragent = syndbb.request.headers.get( 'User-Agent') ip_check.time = unix_time_current() ip_check.page = syndbb.request.path syndbb.db.session.commit() ban_check = check_ban_by_id(user.user_id) if ban_check: return { 'user': user, 'user_session': user_session, 'ban_check': ban_check } else: return {'user': user, 'user_session': user_session} else: syndbb.session.pop('logged_in', None) user = {'user_id': 0, 'username': "******", 'rank': 0} user_session = {'sessionid': 0} return {'user': user, 'user_session': user_session}
def dologin(): if 'logged_in' in syndbb.session: userid = checkSession(str(syndbb.session['logged_in'])) if userid: return "You are already logged in!" username = syndbb.request.form['username'] password = d2_hash(syndbb.request.form['password']) user = d2_user.query.filter_by(username=username).first() my_ip = syndbb.request.remote_addr useragent = syndbb.request.headers.get('User-Agent') if user: session_id = str(syndbb.uuid.uuid1()) if user.password == password: login_ip = d2_ip(my_ip, useragent, user.user_id, unix_time_current(), 1, syndbb.request.path, session_id, d2_hash(my_ip)[:10]) syndbb.db.session.add(login_ip) syndbb.db.session.commit() syndbb.session['logged_in'] = session_id syndbb.session.permanent = True user.last_login = unix_time_current() return "Login successful." else: login_ip = d2_ip(my_ip, user.user_id, unix_time_current(), 0, syndbb.request.path) syndbb.db.session.add(login_ip) syndbb.db.session.commit() return "Invalid password." else: return "Invalid username."
def update_status(): status = syndbb.request.form['status'] uniqid = syndbb.request.form['uniqid'] if uniqid: userid = checkSession(uniqid) if userid: user = d2_user.query.filter_by(user_id=userid).first() user.status = status user.status_time = unix_time_current() syndbb.db.session.commit() syndbb.cache.delete_memoized(syndbb.models.users.get_all_status_updates) return syndbb.redirect(syndbb.url_for('home')) else: return "Invalid Session" else: return "Invalid Request"
def dopaste(): paste_title = syndbb.request.form['paste_title'] paste_content = syndbb.request.form['paste_content'] uniqid = syndbb.request.form['uniqid'] if paste_title and paste_content and uniqid: userid = checkSession(uniqid) if userid: pasteid = str(syndbb.uuid.uuid4().hex) new_paste = d2_paste(userid, pasteid, unix_time_current(), html_escape(paste_content), html_escape(paste_title)) syndbb.db.session.add(new_paste) syndbb.db.session.commit() syndbb.flash('Paste created successfully.', 'success') return syndbb.redirect(syndbb.url_for('pastebin')) else: return "Invalid Session" else: return "Invalid Request"
def save_preferences(): possibleurls = ["local", "i.d2k5.com", "i.hardcats.net", "i.lulzsec.co.uk"] status = syndbb.request.form['status'] location = syndbb.request.form['location'] gender = syndbb.request.form['gender'] occupation = syndbb.request.form['occupation'] url = syndbb.request.form['url'] ircauth = syndbb.request.form['ircauth'] uploadauth = syndbb.request.form['uploadauth'] upload_url = syndbb.request.form['upload_url'] bio = syndbb.request.form['bio'] uniqid = syndbb.request.form['uniqid'] if uniqid: userid = checkSession(uniqid) if userid: user = d2_user.query.filter_by(user_id=userid).first() if status is not user.status: user.status = status user.status_time = unix_time_current() user.location = location user.gender = gender user.occupation = occupation user.site = url user.ircauth = ircauth user.uploadauth = uploadauth if upload_url in possibleurls: user.upload_url = upload_url else: user.upload_url = "i.d2k5.com" user.bio = bio syndbb.db.session.commit() syndbb.cache.delete_memoized(syndbb.models.users.get_all_status_updates) syndbb.flash('Preferences updated successfully.', 'success') if ircauth is not user.ircauth: # try: # udata = {'username': user.username, 'password': ircauth} # reqheader = {'Accept': 'application/json', 'Content-Type': 'application/json', 'Authorization': syndbb.xmpp_key} # req = requests.get("https://" + syndbb.xmpp_address + ":" + syndbb.xmpp_port + "/plugins/restapi/v1/users", data=json.dumps(udata), headers=reqheader, verify=False, timeout=5) # print(req.request.headers) # except requests.exceptions.RequestException: # syndbb.flash('Couldn\'t create an XMPP user.', 'danger') try: requests.get("https://" + syndbb.znc_address + ":" + syndbb.znc_port + "/mods/global/httpadmin/adduser?username="******"&password="******"https://" + syndbb.znc_address + ":" + syndbb.znc_port + "/mods/global/httpadmin/userpassword?username="******"&password="******"https://" + syndbb.znc_address + ":" + syndbb.znc_port + "/mods/global/httpadmin/addnetwork?username="******"&net_name=" + syndbb.irc_network_name + "&net_addr=" + syndbb.irc_network_address + "&net_port=" + syndbb.irc_network_port, auth=(syndbb.znc_user, syndbb.znc_password), verify=False, timeout=5) except requests.exceptions.RequestException: syndbb.flash('Couldn\'t assign an IRC network.', 'danger') return syndbb.redirect(syndbb.url_for('preferences')) else: return "Invalid Session" else: return "Invalid Request"
def create_reply(): uniqid = syndbb.request.form['uniqid'] tpost = syndbb.request.form['post_content'] reply_to = syndbb.request.form['reply_to'] if 'reply_post' in syndbb.request.form: reply_post = syndbb.request.form['reply_post'] else: reply_post = "0" post_as = int(syndbb.request.form['post_as']) if 'post_as' in syndbb.request.form else check_session_by_id(uniqid) anonymous = 0 if tpost and reply_to and uniqid: userid = check_session_by_id(uniqid) if userid: threadcheck = get_thread_contents(reply_to) if threadcheck: channelcheck = d2_channels.query.filter_by(id=threadcheck.category).first() if channelcheck: if not check_channel_auth(channelcheck): return "Insufficient permission" allowed_ids = [] for profile in get_linked_by_id(userid): allowed_ids.append(profile.user_id) if post_as in allowed_ids: userid = post_as if post_as == 0: anonymous = 1 if channelcheck.anon == 0: anonymous = 0 if reply_post != "0": postcheck = d2_activity.query.filter_by(id=reply_post).first() if not postcheck: return 'Trying to reply to a post which doesn\'t exist.' lastpost = d2_activity.query.filter_by(user_id=userid).order_by(d2_activity.time.desc()).first() if lastpost and (unix_time_current() - lastpost.time) <= int(syndbb.core_config['site']['post_timeout'] ): return "Trying to post too quickly, wait a while before trying again." else: # syndbb.flash('Your thread has been created.', 'success') threadcheck.reply_time = unix_time_current() threadcheck.reply_count += 1 syndbb.db.session.commit() create_reply = d2_activity(userid, unix_time_current(), tpost, reply_to, reply_post, '', 0, 0, 0, 0, 1, anonymous) syndbb.db.session.add(create_reply) syndbb.db.session.flush() thread_id = str(create_reply.id) syndbb.db.session.commit() give_currency(userid, 2) give_posts(userid, 1) syndbb.cache.delete_memoized(syndbb.models.channels.get_thread_contents) syndbb.cache.delete_memoized(syndbb.models.channels.get_thread_list) syndbb.cache.delete_memoized(syndbb.models.activity.get_recent_posts) syndbb.cache.delete_memoized(syndbb.models.activity.get_activity) syndbb.cache.delete_memoized(syndbb.views.xml_feed.feed_posts_xml) syndbb.cache.delete_memoized(syndbb.models.channels.replies_to_post) syndbb.cache.delete_memoized(syndbb.models.channels.get_channel_list) return "/" else: return "Channel not found!" else: return 'Trying to post in a thread which doesn\'t exist.' else: return "Invalid Session" else: return "Invalid Request"
def create_thread(): uniqid = syndbb.request.form['uniqid'] tname = syndbb.request.form['thread_title'] tpost = syndbb.request.form['post_content'] ticon = syndbb.request.form['post_icon'] tcat = syndbb.request.form['category'] post_as = int(syndbb.request.form['post_as']) if 'post_as' in syndbb.request.form else check_session_by_id(uniqid) anonymous = 0 allowed_icons = [] for tficon in get_post_icons(whitelist=True): allowed_icons.append(tficon[1]) if not tname: return "Thread title not specified." if not tpost: return "No thread content." if not tcat: return "No category specified." if not ticon: return "No thread icon specified." if tname and tpost and tcat and ticon and uniqid: userid = check_session_by_id(uniqid) if userid: if len(tname) < 2: return 'Thread title is too short (less than 2 characters).' elif len(tname) > 100: return 'Thread title is too long (over 100 characters).' if ticon not in allowed_icons: return 'Invalid thread icon.' channelcheck = d2_channels.query.filter_by(id=tcat).first() if channelcheck: if not check_channel_auth(channelcheck): return "Insufficient permission" allowed_ids = [] for profile in get_linked_by_id(userid): allowed_ids.append(profile.user_id) if post_as in allowed_ids: userid = post_as if post_as == 0: anonymous = 1 if channelcheck.anon == 0: anonymous = 0 lastpost = d2_activity.query.filter_by(user_id=userid).order_by(d2_activity.time.desc()).first() if lastpost and (unix_time_current() - lastpost.time) <= syndbb.core_config['site']['post_timeout']: return "Trying to create threads too quickly, wait a while before trying again." else: # syndbb.flash('Your thread has been created.', 'success') create_thread = d2_activity(userid, unix_time_current(), tpost, 0, 0, html_escape(tname), tcat, unix_time_current(), 0, 0, ticon, anonymous) syndbb.db.session.add(create_thread) syndbb.db.session.flush() thread_id = str(create_thread.id) syndbb.db.session.commit() give_currency(userid, 5) give_posts(userid, 1) syndbb.cache.delete_memoized(syndbb.models.channels.get_thread_contents) syndbb.cache.delete_memoized(syndbb.models.channels.get_thread_list) syndbb.cache.delete_memoized(syndbb.models.activity.get_recent_posts) syndbb.cache.delete_memoized(syndbb.models.activity.get_activity) syndbb.cache.delete_memoized(syndbb.views.xml_feed.feed_threads_xml) syndbb.cache.delete_memoized(syndbb.models.channels.replies_to_post) syndbb.cache.delete_memoized(syndbb.models.channels.get_channel_list) return "/" + channelcheck.short_name + "/" + thread_id else: return 'Trying to post in a channel which doesn\'t exist.' else: return "Invalid Session" else: return "Invalid Request"
def create_reply(): uniqid = syndbb.request.form['uniqid'] tpost = syndbb.request.form['post_content'] reply_to = syndbb.request.form['reply_to'] if 'reply_post' in syndbb.request.form: reply_post = syndbb.request.form['reply_post'] else: reply_post = "0" if 'anonymous' in syndbb.request.form: anonymous = 1 else: anonymous = 0 if tpost and reply_to and uniqid: userid = checkSession(uniqid) if userid: threadcheck = d2_activity.query.filter_by(id=reply_to).first() if threadcheck: forumcheck = d2_forums.query.filter_by( id=threadcheck.category).first() if forumcheck and forumcheck.anon == 0: anonymous = 0 if reply_post is not "0": postcheck = d2_activity.query.filter_by( id=reply_post).first() if not postcheck: return 'Trying to reply to a post which doesn\'t exist.' lastpost = d2_activity.query.filter_by( user_id=userid).order_by(d2_activity.time.desc()).first() if lastpost and (unix_time_current() - lastpost.time) <= 15: return "Trying to create posts too quickly, wait a while before trying again." else: # syndbb.flash('Your thread has been created.', 'success') threadcheck.reply_time = unix_time_current() threadcheck.reply_count += 1 syndbb.db.session.commit() create_reply = d2_activity(userid, unix_time_current(), tpost, reply_to, reply_post, '', 0, 0, 0, 0, 1, anonymous) syndbb.db.session.add(create_reply) syndbb.db.session.flush() thread_id = str(create_reply.id) syndbb.db.session.commit() give_currency(userid, 2) give_posts(userid, 1) syndbb.cache.delete_memoized( syndbb.models.activity.get_recent_posts) syndbb.cache.delete_memoized( syndbb.models.activity.get_activity) syndbb.cache.delete_memoized( syndbb.views.xml_feed.feed_posts_xml) syndbb.cache.delete_memoized( syndbb.models.forums.replies_to_post) return "/" else: return 'Trying to post in a thread which doesn\'t exist.' else: return "Invalid Session" else: return "Invalid Request"
def create_thread(): uniqid = syndbb.request.form['uniqid'] tname = syndbb.request.form['thread_title'] tpost = syndbb.request.form['post_content'] ticon = syndbb.request.form['post_icon'] tcat = syndbb.request.form['category'] if 'anonymous' in syndbb.request.form: anonymous = 1 else: anonymous = 0 if not tname: return "Thread title not specified." if not tpost: return "No thread content." if not tcat: return "No category specified." if not ticon: return "No thread icon specified." if tname and tpost and tcat and ticon and uniqid: userid = checkSession(uniqid) if userid: if len(tname) < 2: return 'Thread title is too short (less than 2 characters).' elif len(tname) > 100: return 'Thread title is too long (over 100 characters).' ticon = ticon.strip("icon") if int(ticon) not in range(1, 35): return 'Thread icon doesn\'t exist.' forumcheck = d2_forums.query.filter_by(id=tcat).first() if forumcheck: if forumcheck.anon == 0: anonymous = 0 lastpost = d2_activity.query.filter_by( user_id=userid).order_by(d2_activity.time.desc()).first() if lastpost and (unix_time_current() - lastpost.time) <= 15: return "Trying to create threads too quickly, wait a while before trying again." else: # syndbb.flash('Your thread has been created.', 'success') create_thread = d2_activity(userid, unix_time_current(), tpost, 0, 0, html_escape(tname), tcat, unix_time_current(), 0, 0, ticon, anonymous) syndbb.db.session.add(create_thread) syndbb.db.session.flush() thread_id = str(create_thread.id) syndbb.db.session.commit() give_currency(userid, 5) give_posts(userid, 1) syndbb.cache.delete_memoized( syndbb.models.activity.get_recent_posts) syndbb.cache.delete_memoized( syndbb.models.activity.get_activity) syndbb.cache.delete_memoized( syndbb.views.xml_feed.feed_posts_xml) syndbb.cache.delete_memoized( syndbb.views.xml_feed.feed_threads_xml) return "/" + forumcheck.short_name + "/" + thread_id else: return 'Trying to post in a forum which doesn\'t exist.' else: return "Invalid Session" else: return "Invalid Request"
def dologin(): if 'logged_in' in syndbb.session: userid = check_session_by_id(str(syndbb.session['logged_in'])) if userid: return "You are already logged in!" username = syndbb.request.form['username'] password = syndbb.request.form['password'] user = d2_user.query.filter_by(username=username).first() my_ip = gdpr_check(syndbb.request.remote_addr) my_ip_hash = get_ip_hash(syndbb.request.remote_addr) useragent = syndbb.request.headers.get('User-Agent') session_hash = d2_hash(syndbb.request.remote_addr + useragent + d2_hash(str(syndbb.uuid.uuid1())))[:20] if user: if syndbb.core_config['ldap']['enabled'] : password_hash = syndbb.request.form['password_hash'] is_ldap_user = ldap_user.query.filter(syndbb.core_config['ldap']['attribute_cn'] + ': '+username).first() if user.password == d2_hash(password_hash): if not is_ldap_user: login_ip = d2_ip(my_ip, useragent, user.user_id, unix_time_current(), 1, syndbb.request.path, session_hash, my_ip_hash) syndbb.db.session.add(login_ip) syndbb.db.session.commit() syndbb.session['logged_in'] = session_hash syndbb.session.permanent = True user.last_login = unix_time_current() ldap_add_user = ldap_user( display_name=username, username=username, surname=username, password=ldap_hash(password) ) ldap_add_user.save() return "Login successful." valid = syndbb.ldap.authenticate(username, password, syndbb.core_config['ldap']['attribute_cn'], syndbb.core_config['ldap']['base_dn'] ) if not valid: login_ip = d2_ip(my_ip, useragent, user.user_id, unix_time_current(), 0, syndbb.request.path, "N/A", my_ip_hash) syndbb.db.session.add(login_ip) syndbb.db.session.commit() return 'Invalid credentials.' login_ip = d2_ip(my_ip, useragent, user.user_id, unix_time_current(), 1, syndbb.request.path, session_hash, my_ip_hash) syndbb.db.session.add(login_ip) syndbb.db.session.commit() syndbb.session['logged_in'] = session_hash syndbb.session.permanent = True return 'Login successful.' else: if user.password == d2_hash(password): login_ip = d2_ip(my_ip, useragent, user.user_id, unix_time_current(), 1, syndbb.request.path, session_hash, my_ip_hash) syndbb.db.session.add(login_ip) syndbb.db.session.commit() syndbb.session['logged_in'] = session_hash syndbb.session.permanent = True user.last_login = unix_time_current() return "Login successful." else: login_ip = d2_ip(my_ip, useragent, user.user_id, unix_time_current(), 0, syndbb.request.path, "N/A", my_ip_hash) syndbb.db.session.add(login_ip) syndbb.db.session.commit() return "Invalid credentials." else: return "Invalid credentials."
def save_preferences(): possibleurls = ["local", "i.d2k5.com", "i.hardcats.net", "i.hard.cat", "i.lulzsec.co.uk", "i.hurr.ca"] display_name = syndbb.request.form['display_name'] status = syndbb.request.form['status'] irc_auth = 0 #syndbb.request.form['irc_auth'] upload_auth = syndbb.request.form['upload_auth'] user_auth = syndbb.request.form['user_auth'] upload_url = syndbb.request.form['upload_url'] bio = syndbb.request.form['bio'] tags = syndbb.request.form['tags'] uniqid = syndbb.request.form['uniqid'] nsfw = 1 if 'nsfw_toggle' in syndbb.request.form else 0 full_avatar = 1 if 'full_avatar' in syndbb.request.form else 0 if uniqid: userid = check_session_by_id(uniqid) if userid: user = d2_user.query.filter_by(user_id=userid).first() user.display_name = display_name if syndbb.core_config['ldap']['enabled'] : is_ldap_user = ldap_user.query.filter(syndbb.core_config['ldap']['attribute_cn'] + ': '+user.username).first() if is_ldap_user: is_ldap_user.display_name = display_name is_ldap_user.save() if status != user.status: user.status = status user.status_time = unix_time_current() user.irc_auth = irc_auth user.upload_auth = upload_auth user.user_auth = user_auth user.nsfw_toggle = nsfw user.full_avatar = full_avatar user.tags = tags if upload_url in possibleurls: user.upload_url = upload_url else: user.upload_url = "i.d2k5.com" user.bio = bio syndbb.db.session.commit() syndbb.cache.delete_memoized(syndbb.views.profile.get_user_profile) syndbb.cache.delete_memoized(syndbb.models.users.get_linked_by_id) syndbb.cache.delete_memoized(syndbb.models.users.get_all_status_updates) syndbb.cache.delete_memoized(syndbb.models.users.get_displayed_name_by_id) syndbb.cache.delete_memoized(syndbb.models.users.get_displayed_name_by_username) syndbb.flash('Preferences updated successfully.', 'success') #if irc_auth is not user.irc_auth: # try: # udata = {'username': user.username, 'password': irc_auth} # reqheader = {'Accept': 'application/json', 'Content-Type': 'application/json', 'Authorization': syndbb.xmpp_key} # req = requests.get("https://" + syndbb.xmpp_address + ":" + syndbb.xmpp_port + "/plugins/restapi/v1/users", data=json.dumps(udata), headers=reqheader, verify=False, timeout=5) # syndbb.logger.debug(req.request.headers) # except requests.exceptions.RequestException: # syndbb.flash('Couldn\'t create an XMPP user.', 'danger') # try: # requests.get("https://" + syndbb.core_config['znc']['host'] + ":" + syndbb.core_config['znc']['port'] + "/mods/global/httpadmin/adduser?username="******"&password="******"https://" + syndbb.core_config['znc']['host'] + ":" + syndbb.core_config['znc']['port'] + "/mods/global/httpadmin/userpassword?username="******"&password="******"https://" + syndbb.core_config['znc']['host'] + ":" + syndbb.core_config['znc']['port'] + "/mods/global/httpadmin/addnetwork?username="******"&net_name=" + syndbb.core_config['irc']['network'] + "&net_addr=" + syndbb.core_config['irc']['host'] + "&net_port=" + syndbb.core_config['irc']['port'] , auth=(syndbb.core_config['znc']['user'] , syndbb.core_config['znc']['password'] ), verify=False, timeout=5) # except requests.exceptions.RequestException: # syndbb.flash('Couldn\'t assign an IRC network.', 'danger') return syndbb.redirect(syndbb.url_for('preferences')) else: return "Invalid Session" else: return "Invalid Request"
def site_api(): apikey = syndbb.request.form['api'] if apikey == syndbb.core_config['site']['api']: # 127.0.0.1:5000/api/site/?api=INVALID_API&create_thread=true&username=admin&category=general&content=hello&title=test&icon=shitpost&anon=0 if 'create_thread' in syndbb.request.form: username = syndbb.request.form['username'] category = syndbb.request.form['category'] content = syndbb.request.form['content'] title = syndbb.request.form['title'] icon = syndbb.request.form['icon'] anon = syndbb.request.form['anon'] if not username: return "username not set" if not category: return "category not set" if not content: return "content not set" if not title: return "title not set" if not icon: return "icon not set" if not anon: return "anon not set" message = """Posting as: &username=""" + username + """<br/> Category: &category=""" + category + """<br/> Content: &content=""" + content + """<br/> Title: &title=""" + title + """<br/> Icon: &icon=""" + icon + """<br/> Anon: &anon=""" + anon + """<br/> <br/>""" user = d2_user.query.filter_by(username=username).first() if not user: return "user not found" category = d2_channels.query.filter_by(short_name=category).first() if not category: return "category not found" thread = d2_activity.query.filter_by( title=html_escape(title)).first() if thread: return str(thread.id) tcontent = d2_activity.query.filter_by(content=content).first() if tcontent: return str(tcontent.id) allowed_icons = [] # allow all icons in the posticons folder for ticon in get_post_icons(whitelist=False): allowed_icons.append(ticon[1]) # allowed_icons = ['art', 'attention', 'banme', 'computers', 'en', 'event', 'fap', 'funny', 'gaming', 'gross', 'help', 'hot', 'letsplay', 'link', 'music', 'newbie', 'news', 'photos', 'politics', 'poll', 'postyour', 'question', 'rant', 'release', 'repeat', 'request', 'school', 'serious', 'shitpost', 'stupid', 'tv', 'unfunny', 'weird', 'whine'] if icon not in allowed_icons: return "thread icon does not exist (allowed: " + str( allowed_icons) + ")" create_thread = d2_activity(user.user_id, unix_time_current(), content, 0, 0, html_escape(title), category.id, unix_time_current(), 0, 0, icon, int(anon)) syndbb.db.session.add(create_thread) syndbb.db.session.flush() thread_id = str(create_thread.id) syndbb.db.session.commit() get_post_thumbnail(thread_id, 'resize', False) syndbb.cache.delete_memoized( syndbb.models.channels.get_thread_contents) syndbb.cache.delete_memoized( syndbb.models.channels.get_thread_list) syndbb.cache.delete_memoized(syndbb.models.activity.get_activity) syndbb.cache.delete_memoized( syndbb.views.xml_feed.feed_threads_xml) syndbb.cache.delete_memoized( syndbb.models.channels.replies_to_post) return str(thread_id) # 127.0.0.1:5000/api/site/?api=INVALID_API&create_post=true&username=admin&reply_to_thread=23&reply_to_post=23&content=hello&anon=0 if 'create_post' in syndbb.request.form: username = syndbb.request.form['username'] content = syndbb.request.form['content'] reply_to_thread = syndbb.request.form['reply_to_thread'] reply_to_post = syndbb.request.form[ 'reply_to_post'] #leave as 0 for no reply to any post anon = syndbb.request.form['anon'] if not username: return "username not set" if not content: return "content not set" if not reply_to_thread: return "reply_to_thread not set" if not reply_to_post: reply_to_post = 0 if not anon: return "anon not set" # message = """Replying as: &username="""+username+"""<br/> # To thread: &reply_to_thread="""+reply_to_thread+"""<br/> # To post: &reply_to_post="""+reply_to_post+"""<br/> # Content: &content="""+content+"""<br/> # Anon: &anon="""+anon+"""<br/> # <br/>""" user = d2_user.query.filter_by(username=username).first() if not user: return "user not found" thread = d2_activity.query.filter_by(id=reply_to_thread).first() if not thread: return "thread not found" if int(reply_to_post) != 0: post = d2_activity.query.filter_by(id=reply_to_post).first() if not post: return "post not found" cthread = d2_activity.query.filter_by(replyto=0).filter_by( content=content).first() if cthread: return "reply exists" tfcontent = d2_activity.query.filter_by( replyto=thread.id).filter_by(content=content).first() if tfcontent: return "reply exists" create_reply = d2_activity(user.user_id, unix_time_current(), content, int(reply_to_thread), int(reply_to_post), '', 0, 0, 0, 0, 1, int(anon)) syndbb.db.session.add(create_reply) syndbb.db.session.flush() reply_id = str(create_reply.id) syndbb.db.session.commit() get_post_thumbnail(reply_id, 'resize', False) syndbb.cache.delete_memoized( syndbb.models.channels.get_thread_contents) syndbb.cache.delete_memoized( syndbb.models.channels.get_thread_list) syndbb.cache.delete_memoized(syndbb.models.activity.get_activity) syndbb.cache.delete_memoized(syndbb.views.xml_feed.feed_posts_xml) syndbb.cache.delete_memoized( syndbb.models.channels.replies_to_post) return str(reply_id) if 'create_user' in syndbb.request.form: username = syndbb.request.form['username'] password = syndbb.request.form['password'] rank = syndbb.request.form['rank'] if not username: return "username not set" if not password: return "password not set" if not rank: return "rank not set" user = d2_user.query.filter_by(username=username).first() if user: return "A user with that username already exists." else: create_user = d2_user(username=username, display_name='', token='', title='', bio='', status='', status_time=0, rank=rank, avatar_date=0, password=d2_hash(password), post_count=0, line_count=0, word_count=0, profanity_count=0, karma_positive=0, karma_negative=0, points=0, join_date=unix_time_current(), last_login=unix_time_current(), last_activity=unix_time_current(), irc_auth='', upload_auth='', user_auth='', upload_url='local', nsfw_toggle=0, full_avatar=0, tags='') syndbb.db.session.add(create_user) syndbb.db.session.flush() created_user_id = str(create_user.user_id) syndbb.db.session.commit() return str(created_user_id) else: return 0
def doregister(): if 'logged_in' in syndbb.session: userid = check_session_by_id(str(syndbb.session['logged_in'])) if userid: return "You are already logged in!" username = syndbb.request.form['username'] password = syndbb.request.form['password'] tos = syndbb.request.form['tos'] my_ip = gdpr_check(syndbb.request.remote_addr) my_ip_hash = get_ip_hash(syndbb.request.remote_addr) # tor = requests.get('https://check.torproject.org/exit-addresses', verify=False, timeout=5, stream=True) # torlines = "" # for line in tor.iter_lines(): # if line: torlines += str(line) # for ip_tor in torlines: # ip_tor = ip_tor.replace("\n","") # if "ExitAddress" in ip_tor: # ip_tor = ip_tor.split(" ")[1] # if my_ip == ip_tor: # return "You seem to be using Tor or a proxy." # response = query(ip=my_ip) # if response.ip.appears == True: # return "You seem to be using Tor or a proxy, or your IP is blacklisted for spam." if not tos: return "You have not agreed to the rules and terms of service." # if not token: # return "You must verify yourself." # if captcha['success'] == False: # return "You must verify yourself." if username and password: if not syndbb.core_config['site']['registration']: return 'Registration is disabled.' if syndbb.core_config['site']['invite_only']: code = syndbb.request.form['code'] invites = d2_invites.query.filter_by(code=code, used_by=0).first() if not invites: return 'The invite code provided is invalid.' if not syndbb.re.search('^[a-z][a-z0-9-_]{2,32}$', username, syndbb.re.IGNORECASE): return "Invalid username (must match IRC standards)." user = d2_user.query.filter_by(username=username).first() if user: return "A user with that username already exists." else: useragent = syndbb.request.headers.get('User-Agent') session_hash = d2_hash(syndbb.request.remote_addr + useragent + d2_hash(str(syndbb.uuid.uuid1())))[:20] similar_user = d2_hash(syndbb.request.remote_addr + useragent)[:20] create_user = d2_user(username=username, display_name='', token='', title='', bio='[i]Welcome to my profile![/i]', status='', status_time=0, rank=1, avatar_date=0, password=d2_hash(syndbb.request.form['password_hash']) if syndbb.core_config['ldap']['enabled'] else d2_hash(password), post_count=0, line_count=0, word_count=0, profanity_count=0, karma_positive=0, karma_negative=0, points=0, join_date=unix_time_current(), last_login=unix_time_current(), last_activity=unix_time_current(), irc_auth='', upload_auth='', user_auth=similar_user, upload_url='local', nsfw_toggle=0, full_avatar=0, tags="Location:This_Website new_user") syndbb.db.session.add(create_user) syndbb.db.session.flush() created_user_id = str(create_user.user_id) syndbb.db.session.commit() if syndbb.core_config['ldap']['enabled'] : ldap_add_user = ldap_user( display_name=username, username=username, surname=username, password=ldap_hash(password) ) ldap_add_user.save() login_ip = d2_ip(my_ip, useragent, created_user_id, unix_time_current(), 1, syndbb.request.path, session_hash, my_ip_hash) syndbb.db.session.add(login_ip) syndbb.db.session.commit() if syndbb.core_config['site']['invite_only'] : invites.used_by = created_user_id syndbb.db.session.commit() syndbb.session['logged_in'] = session_hash return "Registration successful." else: return "Invalid request."
def doregister(): if 'logged_in' in syndbb.session: userid = checkSession(str(syndbb.session['logged_in'])) if userid: return "You are already logged in!" username = syndbb.request.form['username'] password = d2_hash(syndbb.request.form['password']) tos = syndbb.request.form['tos'] token = syndbb.request.form['coinhive-captcha-token'] my_ip = syndbb.request.remote_addr tor = requests.get('https://check.torproject.org/exit-addresses', verify=False, timeout=5, stream=True) torlines = "" for line in tor.iter_lines(): if line: torlines += str(line) for ip_tor in torlines: ip_tor = ip_tor.replace("\n", "") if "ExitAddress" in ip_tor: ip_tor = ip_tor.split(" ")[1] if my_ip == ip_tor: return "You seem to be using Tor or a proxy." response = query(ip=my_ip) if response.ip.appears == True: return "You seem to be using Tor or a proxy, or your IP is blacklisted for spam." if not tos: return "You have not agreed to the rules and terms of service." if not token: return "You must verify yourself." udata = {'secret': syndbb.captcha_key, 'token': token, 'hashes': "256"} headers = {'content-type': 'application/x-www-form-urlencoded'} reg = requests.post("https://api.coinhive.com/token/verify", headers=headers, data=udata, verify=False) captcha = json.loads(reg.text) if captcha['success'] == False: return "You must verify yourself." if username and password: # invites = d2_invites.query.filter_by(code=code, used_by=0).first() # if not invites: # return 'The invite code provided is invalid.' if not syndbb.re.search('^[a-z][a-z0-9-_]{2,32}$', username, syndbb.re.IGNORECASE): return "Invalid username (must match IRC standards)." user = d2_user.query.filter_by(username=username).first() if user: return "A user with that username already exists." else: create_user = d2_user(username, '', '', '', 0, 0, '', '', '', '', '', 0, password, 0, 0, 0, 0, 0, 0, 0, unix_time_current(), unix_time_current(), unix_time_current(), '', '', '') syndbb.db.session.add(create_user) syndbb.db.session.flush() created_user_id = str(create_user.user_id) syndbb.db.session.commit() useragent = syndbb.request.headers.get('User-Agent') session_id = str(syndbb.uuid.uuid1()) login_ip = d2_ip(my_ip, useragent, created_user_id, unix_time_current(), 1, syndbb.request.path, session_id, d2_hash(my_ip)[:10]) syndbb.db.session.add(login_ip) syndbb.db.session.commit() # invites.used_by = created_user_id syndbb.db.session.commit() syndbb.session['logged_in'] = session_id return "Registration successful." else: return "Invalid request."