def remove_admin_entry(task_data, num, override_log=False, no_redirect=False): session = model.Session() table = model.admin sql = table.select().where(table.c.num == num) row = session.execute(sql).fetchone() if not row: raise WakaError('Entry not found. Deleted?') ival1 = row['ival1'] ip = misc.dec_to_dot(ival1) if ival1 else '' string_val = row['sval1'] if row['total']: remove_htaccess_entry(ip) sql = table.delete().where(table.c.num == num) session.execute(sql) task_data.action = row['type'] + '_remove' if string_val: task_data.contents.append(row['sval1']) else: task_data.contents.append(ip + ' (' + misc.dec_to_dot(row['ival2']) \ + ')') board = local.environ['waka.board'] forward_url = misc.make_script_url(task='bans', board=board.name) return util.make_http_forward(forward_url, config.ALTERNATE_REDIRECT)
def edit_staff_proxy( cookie, mpass, username, newpassword=None, newclass=None, originalpassword="", reign=None, disable=None ): user = staff.StaffMember.get_from_cookie(cookie) if user.username == username: if misc.hide_critical_data(originalpassword, config.SECRET) != user.password: raise WakaError(strings.WRONGPASS) newclass = None reign = None elif user.account == staff.ADMIN: edited_user = staff.StaffMember.get(username) if edited_user.account == staff.ADMIN and mpass != config.ADMIN_PASS: raise WakaError("Incorrect management password.") else: raise WakaError(strings.INSUFFICIENTPRIVILEGES) staff.edit_staff(username, clear_pass=newpassword, new_class=newclass, reign=reign, disable=disable) board = local.environ["waka.board"] forward_task = "admin" if user.username == username else "staff" return make_http_forward(misc.make_script_url(task=forward_task, board=board.name), config.ALTERNATE_REDIRECT)
def global_cache_rebuild_proxy(task_data): if task_data.user.account != staff.ADMIN: raise WakaError(strings.INSUFFICIENTPRIVILEGES) Popen([sys.executable, sys.argv[0], "rebuild_global_cache"], env=util.proxy_environ()) referer = local.environ["HTTP_REFERER"] task_data.contents.append(referer) return util.make_http_forward(referer, config.ALTERNATE_REDIRECT)
def edit_staff_proxy(admin, mpass, username, newpassword=None, newclass=None, originalpassword='', reign=None, disable=None): user = staff.check_password(admin) if user.username == username: if misc.hide_critical_data(originalpassword, config.SECRET) \ != user.password: raise WakaError(strings.WRONGPASS) newclass = None reign = None elif user.account == staff.ADMIN: edited_user = staff.StaffMember.get(username) if edited_user.account == staff.ADMIN and mpass != config.ADMIN_PASS: raise WakaError('Incorrect management password.') else: raise WakaError(strings.INUSUFFICENTPRIVLEDGES) staff.edit_staff(username, clear_pass=newpassword, new_class=newclass, reign=reign, disable=disable) board = local.environ['waka.board'] forward_task = 'admin' if user.username == username else 'staff' return make_http_forward(misc.make_script_url(task=forward_task, board=board.name), config.ALTERNATE_REDIRECT)
def remove_admin_entry(task_data, num, override_log=False, no_redirect=False): session = model.Session() table = model.admin sql = table.select().where(table.c.num == num) row = session.execute(sql).fetchone() if not row: raise WakaError("Entry not found. Deleted?") ival1 = row["ival1"] ip = misc.dec_to_dot(ival1) if ival1 else "" string_val = row["sval1"] if row["total"]: remove_htaccess_entry(ip) sql = table.delete().where(table.c.num == num) session.execute(sql) task_data.action = row["type"] + "_remove" if string_val: task_data.contents.append(row["sval1"]) else: task_data.contents.append(ip + " (" + misc.dec_to_dot(row["ival2"]) + ")") board = local.environ["waka.board"] forward_url = misc.make_script_url(task="bans", board=board.name) return util.make_http_forward(forward_url, config.ALTERNATE_REDIRECT)
def global_cache_rebuild_proxy(task_data): if task_data.user.account != staff.ADMIN: raise WakaError(strings.INSUFFICIENTPRIVILEGES) Popen([sys.executable, sys.argv[0], 'rebuild_global_cache'], env=util.proxy_environ()) referer = local.environ['HTTP_REFERER'] task_data.contents.append(referer) return util.make_http_forward(referer, config.ALTERNATE_REDIRECT)
def global_cache_rebuild_proxy(task_data): if task_data.user.account != staff.ADMIN: raise WakaError(strings.INUSUFFICENTPRIVLEDGES) Popen([ sys.executable, sys.argv[0], 'rebuild_global_cache', local.environ['DOCUMENT_ROOT'], local.environ['SCRIPT_NAME'], local.environ['SERVER_NAME'] ]) referer = local.environ['HTTP_REFERER'] task_data.contents.append(referer) return util.make_http_forward(referer, config.ALTERNATE_REDIRECT)
def remove_proxy_entry(task_data, num): session = model.Session() table = model.proxy query = table.delete().where(table.c.num == num) session.execute(query) board = local.environ['waka.board'] forward_url = misc.make_script_url(task='proxy', board=board.name) return util.make_http_forward(forward_url, config.ALTERNATE_REDIRECT)
def global_cache_rebuild_proxy(task_data): if task_data.user.account != staff.ADMIN: raise WakaError(strings.INUSUFFICENTPRIVLEDGES) Popen( [sys.executable, sys.argv[0], 'rebuild_global_cache', local.environ['DOCUMENT_ROOT'], local.environ['SCRIPT_NAME'], local.environ['SERVER_NAME']] ) referer = local.environ['HTTP_REFERER'] task_data.contents.append(referer) return util.make_http_forward(referer, config.ALTERNATE_REDIRECT)
def update_spam_file(task_data, spam): if task_data.user.account == staff.MODERATOR: raise WakaError(strings.INUSUFFICENTPRIVLEDGES) # Dump all contents to first spam file. with open(config.SPAM_FILES[0], 'w') as f: f.write(spam) board = local.environ['waka.board'] forward_url = misc.make_script_url(task='spam', board=board.name) return util.make_http_forward(forward_url, config.ALTERNATE_REDIRECT)
def do_logout(cookie): # Clear login cache. try: user = staff.StaffMember.get_from_cookie(cookie) user.logout_user() except staff.LoginError: pass clear_login_cookies() board = local.environ["waka.board"] return make_http_forward(misc.make_script_url(task="admin", board=board.name), config.ALTERNATE_REDIRECT)
def do_first_time_setup(cookie, username, password): # Checks. if cookie != staff.crypt_pass(config.ADMIN_PASS, local.environ["REMOTE_ADDR"]): return make_first_time_setup_gateway() if not username: raise WakaError("Missing username.") if not password: raise WakaError("Missing password.") staff.add_staff(username, password, staff.ADMIN, []) board = local.environ["waka.board"] return make_http_forward(misc.make_script_url(task="loginpanel", board=board.name), config.ALTERNATE_REDIRECT)
def add_staff_proxy(cookie, mpass, usertocreate, passtocreate, account, reign): user = staff.StaffMember.get_from_cookie(cookie) if user.account != staff.ADMIN: raise WakaError(strings.INSUFFICIENTPRIVILEGES) if account == staff.ADMIN and mpass != config.ADMIN_PASS: raise WakaError("Incorrect management password.") staff.add_staff(usertocreate, passtocreate, account, reign) board = local.environ["waka.board"] return make_http_forward(misc.make_script_url(task="staff", board=board.name), config.ALTERNATE_REDIRECT)
def do_logout(admin): # Clear login cache. try: user = staff.check_password(admin) user.logout_user() except staff.LoginError: pass clear_login_cookies() board = local.environ['waka.board'] return make_http_forward(misc.make_script_url(task='admin', board=board.name), config.ALTERNATE_REDIRECT)
def add_staff_proxy(admin, mpass, usertocreate, passtocreate, account, reign): user = staff.check_password(admin) if user.account != staff.ADMIN: raise WakaError(strings.INUSUFFICENTPRIVLEDGES) if account == staff.ADMIN and mpass != config.ADMIN_PASS: raise WakaError('Incorrect management password.') staff.add_staff(usertocreate, passtocreate, account, reign) board = local.environ['waka.board'] return make_http_forward(misc.make_script_url(task='staff', board=board.name), config.ALTERNATE_REDIRECT)
def do_logout(admin): # Clear login cache. try: user = staff.check_password(admin) user.logout_user() except staff.LoginError: pass clear_login_cookies() board = local.environ['waka.board'] return make_http_forward( misc.make_script_url(task='admin', board=board.name), config.ALTERNATE_REDIRECT)
def do_first_time_setup(admin, username, password): # Checks. if admin != staff.crypt_pass(config.ADMIN_PASS, local.environ['REMOTE_ADDR']): return make_first_time_setup_gateway() if not username: raise WakaError('Missing username.') if not password: raise WakaError('Missing password.') staff.add_staff(username, password, staff.ADMIN, []) board = local.environ['waka.board'] return make_http_forward(misc.make_script_url(task='loginpanel', board=board.name), config.ALTERNATE_REDIRECT)
def del_staff_proxy(admin, mpass, username): user = staff.check_password(admin) if user.account != staff.ADMIN: raise WakaError(strings.INUSUFFICENTPRIVLEDGES) user_to_kill = staff.StaffMember.get(username) if user_to_kill.account == staff.ADMIN and mpass != config.ADMIN_PASS: raise WakaError('Incorrect management password.') staff.del_staff(username) board = local.environ['waka.board'] return make_http_forward(misc.make_script_url(task='staff', board=board.name), config.ALTERNATE_REDIRECT)
def add_staff_proxy(admin, mpass, usertocreate, passtocreate, account, reign): user = staff.check_password(admin) if user.account != staff.ADMIN: raise WakaError(strings.INSUFFICIENTPRIVILEGES) if account == staff.ADMIN and mpass != config.ADMIN_PASS: raise WakaError('Incorrect management password.') staff.add_staff(usertocreate, passtocreate, account, reign) board = local.environ['waka.board'] return make_http_forward( misc.make_script_url(task='staff', board=board.name), config.ALTERNATE_REDIRECT)
def delete_by_ip(task_data, ip, mask='255.255.255.255'): task_data.contents.append(ip) user = task_data.user if user.account == staff.MODERATOR: reign = user.reign else: reign = [x['board_entry'] for x in get_all_boards()] Popen([sys.executable, sys.argv[0], 'delete_by_ip', ip, ','.join(reign)], env=util.proxy_environ()) board_name = local.environ['waka.board'].name redir = misc.make_script_url(task='mpanel', board=board_name) return util.make_http_forward(redir, config.ALTERNATE_REDIRECT)
def del_staff_proxy(admin, mpass, username): user = staff.check_password(admin) if user.account != staff.ADMIN: raise WakaError(strings.INSUFFICIENTPRIVILEGES) user_to_kill = staff.StaffMember.get(username) if user_to_kill.account == staff.ADMIN and mpass != config.ADMIN_PASS: raise WakaError('Incorrect management password.') staff.del_staff(username) board = local.environ['waka.board'] return make_http_forward( misc.make_script_url(task='staff', board=board.name), config.ALTERNATE_REDIRECT)
def do_first_time_setup(admin, username, password): # Checks. if admin != staff.crypt_pass(config.ADMIN_PASS, local.environ['REMOTE_ADDR']): return make_first_time_setup_gateway() if not username: raise WakaError('Missing username.') if not password: raise WakaError('Missing password.') staff.add_staff(username, password, staff.ADMIN, []) board = local.environ['waka.board'] return make_http_forward( misc.make_script_url(task='loginpanel', board=board.name), config.ALTERNATE_REDIRECT)
def delete_by_ip(task_data, ip, mask="255.255.255.255", caller=""): task_data.contents.append(ip) user = task_data.user if user.account == staff.MODERATOR: reign = user.reign else: reign = [x["board_entry"] for x in get_all_boards()] Popen([sys.executable, sys.argv[0], "delete_by_ip", ip, ",".join(reign)], env=util.proxy_environ()) board_name = local.environ["waka.board"].name redir = misc.make_script_url(task="mpanel", board=board_name) if caller != "internal": return util.make_http_forward(redir, config.ALTERNATE_REDIRECT)
def edit_staff_proxy(admin, mpass, username, newpassword=None, newclass=None, originalpassword='', reign=None, disable=None): user = staff.check_password(admin) if user.username == username: if misc.hide_critical_data(originalpassword, config.SECRET) \ != user.password: raise WakaError(strings.WRONGPASS) newclass = None reign = None elif user.account == staff.ADMIN: edited_user = staff.StaffMember.get(username) if edited_user.account == staff.ADMIN and mpass != config.ADMIN_PASS: raise WakaError('Incorrect management password.') else: raise WakaError(strings.INSUFFICIENTPRIVILEGES) staff.edit_staff(username, clear_pass=newpassword, new_class=newclass, reign=reign, disable=disable) board = local.environ['waka.board'] forward_task = 'admin' if user.username == username else 'staff' return make_http_forward( misc.make_script_url(task=forward_task, board=board.name), config.ALTERNATE_REDIRECT)
def add_proxy_entry(task_data, type, ip, timestamp): session = model.Session() table = model.proxy if not misc.validate_ip(ip): raise WakaError(strings.BADIP) age = config.PROXY_WHITE_AGE if type == 'white' else config.PROXY_BLACK_AGE timestamp = int(timestamp or '0') - age + time.time() date = misc.make_date(time.time(), style=config.DATE_STYLE) query = table.delete().where(table.c.ip == ip) session.execute(query) query = table.insert().values(type=type, ip=ip, timestamp=timestamp, date=date) session.execute(query) board = local.environ['waka.board'] forward_url = misc.make_script_url(task='proxy', board=board.name) return util.make_http_forward(forward_url, config.ALTERNATE_REDIRECT)
def add_admin_entry(task_data, option, comment, ip='', mask='255.255.255.255', sval1='', total='', expiration=0, caller=''): session = model.Session() table = model.admin ival1 = ival2 = 0 if not comment: raise WakaError(strings.COMMENT_A_MUST) if option in ('ipban', 'whitelist'): if not ip: raise WakaError('IP address required.') if not mask: mask = '255.255.255.255' # Convert to decimal. (ival1, ival2) = (misc.dot_to_dec(ip), misc.dot_to_dec(mask)) sql = table.select().where(table.c.type == option) query = session.execute(sql) for row in query: try: if int(row.ival1) & int(row.ival2) == ival1 & ival2: raise WakaError('IP address and mask match ban #%d.' % \ (row.num)) except ValueError: raise WakaError("Entry #%s on ban table is inconsistent. " "This shouldn't happen." % row.num) # Add info to task data. content = ip + (' (' + mask + ')' if mask else '') if total == 'yes': add_htaccess_entry(ip) content += ' (no browse)' content += ' "' + comment + '"' task_data.contents.append(content) else: if not sval1: raise WakaError(strings.STRINGFIELDMISSING) sql = table.select().where( and_(table.c.sval1 == sval1, table.c.type == option)) row = session.execute(sql).fetchone() if row: raise WakaError('Duplicate String in ban #%d.' % (row.num)) # Add ifno to task data. task_data.contents.append(sval1) comment = str_format.clean_string(\ str_format.decode_string(comment, config.CHARSET)) expiration = int(expiration) if expiration else 0 if expiration: expiration = expiration + time.time() sql = table.insert().values(type=option, comment=comment, ival1=int(ival1), ival2=int(ival2), sval1=sval1, total=total, expiration=expiration) result = session.execute(sql) task_data.admin_id = result.inserted_primary_key[0] # Add specific action name to task data. task_data.action = option board = local.environ['waka.board'] forward_url = misc.make_script_url(task='bans', board=board.name) if caller == 'window': return Template('edit_successful') return util.make_http_forward(forward_url, config.ALTERNATE_REDIRECT)
def add_admin_entry(task_data, option, comment, ip='', mask='255.255.255.255', sval1='', total='', expiration=0, caller=''): session = model.Session() table = model.admin ival1 = ival2 = 0 if not comment: raise WakaError(strings.COMMENT_A_MUST) if option in ('ipban', 'whitelist'): if not ip: raise WakaError('IP address required.') if not mask: mask = '255.255.255.255' # Convert to decimal. (ival1, ival2) = (misc.dot_to_dec(ip), misc.dot_to_dec(mask)) sql = table.select().where(table.c.type == option) query = session.execute(sql) for row in query: try: if int(row.ival1) & int(row.ival2) == ival1 & ival2: raise WakaError('IP address and mask match ban #%d.' % \ (row.num)) except ValueError: raise WakaError("Entry #%s on ban table is inconsistent. " "This shouldn't happen." % row.num) # Add info to task data. content = ip + (' (' + mask + ')' if mask else '') if total == 'yes': add_htaccess_entry(ip) content += ' (no browse)' content += ' "' + comment + '"' task_data.contents.append(content) else: if not sval1: raise WakaError(strings.STRINGFIELDMISSING) sql = table.select().where(and_(table.c.sval1 == sval1, table.c.type == option)) row = session.execute(sql).fetchone() if row: raise WakaError('Duplicate String in ban #%d.' % (row.num)) # Add ifno to task data. task_data.contents.append(sval1) comment = str_format.clean_string(\ str_format.decode_string(comment, config.CHARSET)) expiration = int(expiration) if expiration else 0 if expiration: expiration = expiration + time.time() sql = table.insert().values(type=option, comment=comment, ival1=int(ival1), ival2=int(ival2), sval1=sval1, total=total, expiration=expiration) result = session.execute(sql) task_data.admin_id = result.inserted_primary_key[0] # Add specific action name to task data. task_data.action = option board = local.environ['waka.board'] forward_url = misc.make_script_url(task='bans', board=board.name) if caller == 'window': return Template('edit_successful') return util.make_http_forward(forward_url, config.ALTERNATE_REDIRECT)
def move_thread(task_data, parent, src_brd_obj, dest_brd_obj): if not parent: raise WakaError('No thread specified.') if src_brd_obj.name == dest_brd_obj.name: raise WakaError('Source and destination boards match.') # Check administrative access rights to both boards. user = task_data.user src_brd_obj.check_access(user) dest_brd_obj.check_access(user) session = model.Session() src_table = src_brd_obj.table dest_table = dest_brd_obj.table sql = select([src_table.c.parent], src_table.c.num == parent) row = session.execute(sql).fetchone() if not row: raise WakaError('Thread not found.') elif row[0]: # Automatically correct if reply instead of thread was given. parent = row[0] sql = src_table.select().where(or_(src_table.c.num == parent, src_table.c.parent == parent))\ .order_by(src_table.c.num.asc()) thread = [dict(x.items()) for x in session.execute(sql).fetchall()] # Indicate OP post number after insertion. new_parent = 0 # List of images/thumbs to move around. image_move = [] thumb_move = [] lasthit = time.time() # DB operations for post in thread: # Grab post contents as dictionary of updates. Remove primary key. del post['num'] post['lasthit'] = lasthit image = post['image'] thumbnail = post['thumbnail'] if image: image_move.append(image) if re.match(src_brd_obj.options['THUMB_DIR'], thumbnail): thumb_move.append(thumbnail) # Update post reference links. if new_parent: post['parent'] = new_parent new_comment = re.sub(r'a href="(.*?)' + os.path.join(src_brd_obj.path, src_brd_obj.options['RES_DIR'], '%d%s' % (int(parent)), config.PAGE_EXT), r'a href="\1' + os.path.join(\ dest_brd_obj.path, dest_brd_obj.options['RES_DIR'], '%d%s' % (int((new_parent), config.PAGE_EXT))), post['comment']) post['comment'] = new_comment sql = dest_table.insert().values(**post) result = session.execute(sql) if not new_parent: new_parent = result.inserted_primary_key[0] # Nested associate for moving files in bulk. def rename_files(filename_list, dir_type): for filename in filename_list: src_filename = os.path.join(src_brd_obj.path, filename) dest_filename = re.sub('^/?' + src_brd_obj.options[dir_type], dest_brd_obj.options[dir_type], filename) dest_filename = os.path.join(dest_brd_obj.path, dest_filename) os.rename(src_filename, dest_filename) # File transfer operations. rename_files(image_move, 'IMG_DIR') rename_files(thumb_move, 'THUMB_DIR') dest_brd_obj.build_cache() dest_brd_obj.build_thread_cache(new_parent) src_brd_obj.delete_stuff([parent], '', False, False, caller='internal') forward_url = misc.make_script_url(task='mpanel', board=dest_brd_obj.name, page=('t%s' % new_parent)) # Log. task_data.contents.append('/%s/%d to /%s/%d' \ % (src_brd_obj.name, int(parent), dest_brd_obj.name, int(new_parent))) return util.make_http_forward(forward_url)