def disapprove_quote():
quote = syndbb.request.args.get('quote', '')
uniqid = syndbb.request.args.get('uniqid', '')
if quote and uniqid:
userid = check_session_by_id(uniqid)
if userid:
user = d2_user.query.filter_by(user_id=userid).first()
if user.rank >= 100:
quote = d2_quotes.query.filter_by(id=quote).first()
if quote:
syndbb.db.session.delete(quote)
syndbb.db.session.commit()
syndbb.flash('Quote has been disapproved.', 'danger')
return syndbb.redirect(syndbb.url_for('siteadmin_quotes'))
else:
syndbb.flash('No such quote exists.', 'danger')
return syndbb.redirect(syndbb.url_for('siteadmin_quotes'))
else:
return "Insufficient permission."
else:
return "Invalid Session"
else:
return "Invalid Request"
def view_user_posts(user):
if 'logged_in' in syndbb.session:
userid = check_session_by_id(str(syndbb.session['logged_in']))
if userid:
dynamic_css_header = ["css/bbcode_editor.css"]
isInline = syndbb.request.args.get('inlinecontent', '')
posts = []
postcheck = d2_activity.query.filter_by(user_id=user).filter(d2_activity.replyto != 0).filter(d2_activity.anonymous != 1).order_by(d2_activity.time.desc()).all()
usercheck = d2_user.query.filter_by(user_id=user).first()
if usercheck:
if postcheck:
for post in postcheck:
replycheck = d2_activity.query.filter_by(id=post.replyto).first()
channelcheck = d2_channels.query.filter_by(id=replycheck.category).first()
if channelcheck and check_channel_auth(channelcheck): posts.append(post)
syndbb.logger.debug(posts)
subheading = []
subheading.append('<a href="/user/'+usercheck.username+'">'+usercheck.username+'</a>')
return syndbb.render_template('view_user_posts.html', isInline=isInline, posts=posts, title="All posts by " + usercheck.username, subheading=subheading)
else:
return syndbb.render_template('invalid.html', title=" • No posts found")
else:
return syndbb.render_template('invalid.html', title=" • No user found")
else:
return syndbb.render_template('error_not_logged_in.html', title="Not logged in")
def edit_post(post):
if 'logged_in' in syndbb.session:
userid = check_session_by_id(str(syndbb.session['logged_in']))
if userid:
isInline = syndbb.request.args.get('inlinecontent', '')
postcheck = d2_activity.query.filter_by(id=post).first()
if postcheck:
if postcheck.title:
thread_title = (postcheck.title[:75] + '...') if len(postcheck.title) > 75 else postcheck.title
postvars = postcheck
else:
threadcheck = get_thread_contents(postcheck.replyto)
thread_title = (threadcheck.title[:75] + '...') if len(threadcheck.title) > 75 else threadcheck.title
postvars = threadcheck
channelcheck = d2_channels.query.filter_by(id=postvars.category).first()
if not check_channel_auth(channelcheck): return syndbb.render_template('error_insufficient_permissions.html', title="Insufficient permission")
dynamic_css_header = ["css/bbcode_editor.css"]
dynamic_js_footer = ["js/jquery.rangyinputs.js", "js/bbcode_editor_channels.js", "js/editing.js", "js/bootbox.min.js"]
subheading = []
subheading.append("<a href='/" + channelcheck.short_name + "/'>" + channelcheck.name + "</a>")
subheading.append("<a href='/" + channelcheck.short_name + "/"+str(postvars.id)+"'>" + thread_title + "</a>")
return syndbb.render_template('edit_post.html', isInline=isInline, post=postcheck, dynamic_css_header=dynamic_css_header, dynamic_js_footer=dynamic_js_footer, title="#"+channelcheck.short_name + " • " + thread_title + " • " + channelcheck.name, channeltitle="Editing Post", subheading=subheading)
else:
return syndbb.render_template('invalid.html', title=" • No post found")
else:
return syndbb.render_template('error_not_logged_in.html', title="Not logged in")
def siteadmin_emoticons():
if 'logged_in' in syndbb.session:
userid = check_session_by_id(str(syndbb.session['logged_in']))
if userid:
user = d2_user.query.filter_by(user_id=userid).first()
if user.rank >= 100:
emote_list = []
emotfolder = syndbb.app.static_folder + "/data/emoticons/"
if not syndbb.os.path.exists(emotfolder):
syndbb.os.makedirs(emotfolder)
for emote in glob.glob(emotfolder+"**", recursive=True):
filepath = emote.replace(emotfolder, "")
if syndbb.os.path.isfile(emote):
addtime = int(syndbb.os.stat(emote).st_mtime)
code = syndbb.os.path.splitext(emote)[0]
code = ":" + syndbb.re.sub(r'.*/', '', code) + ":"
emote_list.append([filepath, code])
emote_list.sort(reverse=False)
return syndbb.render_template('admin_emoticons.html', emote_list=emote_list, title="Administration • Emoticon List")
else:
return syndbb.render_template('error_insufficient_permissions.html', title="Insufficient permission")
else:
return syndbb.render_template('error_not_logged_in.html', title="Administration")
else:
return syndbb.render_template('error_not_logged_in.html', title="Administration")
def approve_emoticon():
emote = syndbb.request.args.get('file', '')
uniqid = syndbb.request.args.get('uniqid', '')
if uniqid:
userid = check_session_by_id(uniqid)
if userid:
user = d2_user.query.filter_by(user_id=userid).first()
if user.rank >= 500:
emotepath = syndbb.app.static_folder + "/data/emoticons/" + emote
destpath = syndbb.app.static_folder + "/images/emots/"
if syndbb.os.path.isfile(emotepath):
shutil.copy2(emotepath, destpath)
syndbb.os.remove(emotepath)
syndbb.flash('Emoticon approved successfully.', 'success')
return syndbb.redirect(syndbb.url_for('siteadmin_emoticons'))
else:
syndbb.flash('No such emoticon exists.', 'danger')
return syndbb.redirect(syndbb.url_for('siteadmin_emoticons'))
else:
return syndbb.render_template('error_insufficient_permissions.html', title="Insufficient permission")
else:
return "Invalid Session"
else:
return "Invalid Request"
def do_rank_user():
rankuser = syndbb.request.form['user_id']
rank = syndbb.request.form['rank']
uniqid = syndbb.request.form['uniqid']
if rankuser and rank and uniqid:
userid = check_session_by_id(uniqid)
if userid:
user = d2_user.query.filter_by(user_id=userid).first()
if user.rank >= 500:
changeuser = d2_user.query.filter_by(user_id=rankuser).first()
changeuser.rank = rank
syndbb.db.session.commit()
syndbb.cache.delete_memoized(syndbb.models.users.get_title_by_id)
syndbb.cache.delete_memoized(syndbb.models.users.get_group_style_by_id)
syndbb.flash('User rank changed successfully.', 'success')
return syndbb.redirect(syndbb.url_for('siteadmin_users'))
else:
return syndbb.render_template('error_insufficient_permissions.html', title="Insufficient permission")
else:
return "Invalid Session"
else:
return "Invalid Request"
def disapprove_channel():
channel = syndbb.request.args.get('channel', '')
uniqid = syndbb.request.args.get('uniqid', '')
if channel and uniqid:
userid = check_session_by_id(uniqid)
if userid:
user = d2_user.query.filter_by(user_id=userid).first()
if user.rank >= 500:
channel = d2_channels.query.filter_by(id=channel).first()
if channel:
syndbb.db.session.delete(channel)
syndbb.db.session.commit()
syndbb.flash('Channel has been disapproved.', 'danger')
return syndbb.redirect(syndbb.url_for('siteadmin_channels'))
else:
syndbb.flash('No such channel exists.', 'danger')
return syndbb.redirect(syndbb.url_for('siteadmin_channels'))
else:
return "Insufficient permission."
else:
return "Invalid Session"
else:
return "Invalid Request"
def delete_file():
ufile = syndbb.request.args.get('file', '')
uniqid = syndbb.request.args.get('uniqid', '')
uploader = syndbb.request.args.get('uploader', '')
if 'logged_in' in syndbb.session:
userid = check_session_by_id(str(uniqid))
if userid:
user = d2_user.query.filter_by(user_id=userid).first()
if uploader == "upload_anon":
uploaded_file = syndbb.app.static_folder + "/data/uploads/" + d2_hash(
user.username + user.password)[:10] + "/" + ufile
else:
uploaded_file = syndbb.app.static_folder + "/data/uploads/" + user.username + "/" + ufile
if syndbb.os.path.isfile(uploaded_file):
syndbb.os.system("shred -u " + uploaded_file)
syndbb.flash('File deleted successfully.', 'success')
syndbb.cache.delete_memoized(
syndbb.views.upload.get_user_files)
return syndbb.redirect(syndbb.url_for(uploader))
else:
syndbb.flash('No such file exists.', 'danger')
return syndbb.redirect(syndbb.url_for(uploader))
else:
return syndbb.render_template('error_not_logged_in.html',
title="Upload")
else:
return syndbb.render_template('error_not_logged_in.html',
title="Upload")
def logout():
if 'logged_in' in syndbb.session:
userid = check_session_by_id(str(syndbb.session['logged_in']))
if userid:
uniqid = syndbb.request.args.get('uniqid', '')
if str(uniqid) == str(syndbb.session['logged_in']):
check_session = d2_ip.query.filter_by(sessionid=uniqid).filter_by(ip=gdpr_check(syndbb.request.remote_addr)).first()
if check_session:
syndbb.db.session.delete(check_session)
syndbb.db.session.commit()
syndbb.session.pop('logged_in', None)
syndbb.flash('You have been logged out.', 'warning')
return syndbb.redirect(syndbb.url_for('home'))
else:
syndbb.flash('Invalid request.', 'warning')
syndbb.session.pop('logged_in', None)
return syndbb.redirect(syndbb.url_for('home'))
else:
syndbb.flash('Invalid session.', 'warning')
syndbb.session.pop('logged_in', None)
return syndbb.redirect(syndbb.url_for('home'))
else:
return syndbb.render_template('error_not_logged_in.html', title="Not logged in")
else:
return syndbb.render_template('error_not_logged_in.html', title="Not logged in")
def remove_flair():
flair = syndbb.request.args.get('file', '')
uniqid = syndbb.request.args.get('uniqid', '')
if uniqid:
userid = check_session_by_id(uniqid)
if userid:
if flair:
flair_source = syndbb.app.static_folder + "/data/flair/"+str(userid)+"/"+flair+".png"
if syndbb.os.path.isfile(flair_source):
syndbb.os.remove(flair_source)
syndbb.flash('Flair removed.', 'success')
syndbb.cache.delete_memoized(syndbb.models.users.get_flair_by_id)
return syndbb.redirect(syndbb.url_for('configure_flair'))
else:
syndbb.flash('No such flair exists.', 'danger')
return syndbb.redirect(syndbb.url_for('configure_flair'))
else:
flair_source = syndbb.app.static_folder + "/data/flair/"+str(userid)+".png"
syndbb.os.remove(flair_source)
syndbb.flash('Flair removed.', 'success')
syndbb.cache.delete_memoized(syndbb.models.users.get_flair_by_id)
return syndbb.redirect(syndbb.url_for('configure_flair'))
else:
return "Invalid Session"
else:
return "Invalid Request"
def delete_post():
post_id = syndbb.request.args.get('post_id', '')
uniqid = syndbb.request.args.get('uniqid', '')
if 'logged_in' in syndbb.session:
userid = check_session_by_id(str(uniqid))
if userid:
postcheck = d2_activity.query.filter_by(id=post_id).first()
if postcheck:
if postcheck.title:
postvars = postcheck
else:
postvars = d2_activity.query.filter_by(id=postcheck.replyto).first()
channelcheck = d2_channels.query.filter_by(id=postvars.category).first()
if not check_channel_auth(channelcheck): return "Insufficient permission"
user = d2_user.query.filter_by(user_id=userid).first()
if (user.rank >= 100) or (int(postcheck.user_id) == int(userid)):
if postcheck.title:
replies = d2_activity.query.filter_by(replyto=postcheck.id).all()
for reply in replies:
syndbb.db.session.delete(reply)
syndbb.db.session.commit()
syndbb.db.session.delete(postcheck)
syndbb.db.session.commit()
take_currency(postcheck.user_id, 5)
take_posts(userid, 1)
syndbb.flash('Thread has been deleted.', 'danger')
syndbb.cache.delete_memoized(syndbb.models.channels.get_thread_contents)
syndbb.cache.delete_memoized(syndbb.models.channels.get_thread_list)
syndbb.cache.delete_memoized(syndbb.models.activity.get_recent_posts)
syndbb.cache.delete_memoized(syndbb.models.activity.get_activity)
syndbb.cache.delete_memoized(syndbb.views.xml_feed.feed_threads_xml)
syndbb.cache.delete_memoized(syndbb.models.channels.replies_to_post)
syndbb.cache.delete_memoized(syndbb.models.channels.get_channel_list)
return syndbb.redirect("/"+channelcheck.short_name)
else:
postvars.reply_count -= 1
syndbb.db.session.commit()
syndbb.db.session.delete(postcheck)
syndbb.db.session.commit()
take_currency(postcheck.user_id, 2)
take_posts(userid, 1)
syndbb.flash('Post has been deleted.', 'danger')
syndbb.cache.delete_memoized(syndbb.models.channels.get_thread_contents)
syndbb.cache.delete_memoized(syndbb.models.activity.get_recent_posts)
syndbb.cache.delete_memoized(syndbb.models.activity.get_activity)
syndbb.cache.delete_memoized(syndbb.views.xml_feed.feed_posts_xml)
syndbb.cache.delete_memoized(syndbb.models.channels.replies_to_post)
syndbb.cache.delete_memoized(syndbb.models.channels.get_channel_list)
return syndbb.redirect("/"+channelcheck.short_name+"/"+str(postvars.id))
else:
return "Trying to delete a post which isn't yours."
else:
return "Trying to delete a post which doesnt exist."
def do_edit():
uniqid = syndbb.request.form['uniqid']
editing = syndbb.request.form['editing']
tpost = syndbb.request.form['post_content']
if tpost and editing and uniqid:
userid = check_session_by_id(uniqid)
if userid:
editcheck = d2_activity.query.filter_by(id=editing).first()
if editcheck.title:
postvars = editcheck
else:
postvars = d2_activity.query.filter_by(id=editcheck.replyto).first()
channelcheck = d2_channels.query.filter_by(id=postvars.category).first()
if not check_channel_auth(channelcheck): return "Insufficient permission"
editor = d2_user.query.filter_by(user_id=userid).first()
if (editor.rank >= 100) or (int(editcheck.user_id) == int(userid)):
if editcheck:
editcheck.content = tpost
syndbb.db.session.commit()
syndbb.cache.delete_memoized(syndbb.models.channels.get_thread_contents)
return "/"+channelcheck.short_name+"/"+str(postvars.id)+"#"+editing
else:
return 'Trying to edit a post which doesn\'t exist.'
else:
return "Trying to edit a post which isn't yours."
else:
return "Invalid Session"
else:
return "Invalid Request"
def do_unban_user():
banuser = syndbb.request.form['user_id']
uniqid = syndbb.request.form['uniqid']
if banuser and uniqid:
userid = check_session_by_id(uniqid)
if userid:
user = d2_user.query.filter_by(user_id=userid).first()
if user.rank >= 500:
ban = d2_bans.query.filter_by(banned_id=banuser).order_by(d2_bans.time.desc()).first()
if ban.length == 0:
ban.length = "-1"
ban.expires = unix_time_current()
syndbb.db.session.commit()
syndbb.cache.delete_memoized(syndbb.models.users.get_title_by_id)
syndbb.cache.delete_memoized(syndbb.models.users.get_group_style_by_id)
syndbb.cache.delete_memoized(syndbb.models.activity.ban_list)
syndbb.flash('User unbanned successfully.', 'success')
return syndbb.redirect(syndbb.url_for('siteadmin_ban'))
else:
return syndbb.render_template('error_insufficient_permissions.html', title="Insufficient permission")
else:
return "Invalid Session"
else:
return "Invalid Request"
def upload_file():
if syndbb.request.method == 'POST':
image_types = [".jpg", ".jpeg", ".jpe"]
if 'logged_in' in syndbb.session:
userid = check_session_by_id(str(syndbb.session['logged_in']))
uploader = syndbb.request.form['uploader']
if 'anonymous' in syndbb.request.form:
anonymous = 1
else:
anonymous = 0
if 'timedelete' in syndbb.request.form:
timedelete = 1
else:
timedelete = 0
if userid:
user = d2_user.query.filter_by(user_id=userid).first()
if anonymous:
uploadfolder = syndbb.app.static_folder + "/data/uploads/" + d2_hash(
user.username + user.password)[:10] + "/"
else:
uploadfolder = syndbb.app.static_folder + "/data/uploads/" + user.username + "/"
if not syndbb.os.path.exists(uploadfolder):
syndbb.os.makedirs(uploadfolder)
if 'file' not in syndbb.request.files:
syndbb.flash('No file selected.', 'danger')
return syndbb.redirect(syndbb.url_for(uploader))
file = syndbb.request.files['file']
if file.filename == '':
syndbb.flash('No file selected.', 'danger')
return syndbb.redirect(syndbb.url_for(uploader))
if file:
filename = secure_filename(file.filename)
extension = syndbb.os.path.splitext(filename)[1]
newname = ''.join(
random.sample(
"-_" + string.ascii_uppercase +
string.ascii_lowercase + string.digits,
20)) + extension
file.save(syndbb.os.path.join(uploadfolder, newname))
if extension in image_types:
piexif.remove(uploadfolder + newname)
if uploader == 'upload_simple':
return "/upload/simple/?file=" + newname
else:
syndbb.flash('File uploaded successfully.', 'success')
syndbb.cache.delete_memoized(
syndbb.views.upload.get_user_files)
if anonymous:
fpath = d2_hash(user.username +
user.password)[:10] + "/" + newname
else:
fpath = user.username + "/" + newname
return syndbb.redirect('/upload/view?file=' + fpath)
def do_ban_user():
banuser = syndbb.request.form['user_id']
bantime = syndbb.request.form['time']
if 'reason' in syndbb.request.form:
banreason = syndbb.request.form['reason']
else:
banreason = ""
if 'post_id' in syndbb.request.form and syndbb.request.form['post_id'] != "":
banpost = syndbb.request.form['post_id']
else:
banpost = 0
if 'display' in syndbb.request.form:
display = 1
else:
display = 0
uniqid = syndbb.request.form['uniqid']
if banuser and bantime and uniqid:
userid = check_session_by_id(uniqid)
if userid:
user = d2_user.query.filter_by(user_id=userid).first()
if user.rank >= 500:
if banreason != "":
banmessage = "\n\n[ban](User was banned for this post. Reason: " + banreason + ")[/ban]"
else:
banmessage = "\n\n[ban](User was banned for this post.)[/ban]"
if bantime == 0:
banexpire = 0
else:
banexpire = int(bantime) + unix_time_current()
if banpost and banpost != 0:
post = d2_activity.query.filter_by(id=banpost).first()
post.content += banmessage
syndbb.db.session.commit()
new_ban = d2_bans(banned_id=banuser, reason=banreason, length=bantime, time=unix_time_current(), expires=banexpire, post=banpost, banner=userid, display=display)
syndbb.db.session.add(new_ban)
syndbb.db.session.commit()
syndbb.cache.delete_memoized(syndbb.models.users.get_title_by_id)
syndbb.cache.delete_memoized(syndbb.models.users.get_group_style_by_id)
syndbb.cache.delete_memoized(syndbb.models.activity.ban_list)
syndbb.flash('User banned successfully.', 'success')
return syndbb.redirect(syndbb.url_for('siteadmin_ban'))
else:
return syndbb.render_template('error_insufficient_permissions.html', title="Insufficient permission")
else:
return "Invalid Session"
else:
return "Invalid Request"
def upload_avatar():
if syndbb.request.method == 'POST':
uploaded_avatar = syndbb.request.form['avatar']
uploaded_avatar = uploaded_avatar[uploaded_avatar.find(",")+1:]
userid = check_session_by_id(str(syndbb.session['logged_in']))
if userid:
user = d2_user.query.filter_by(user_id=userid).first()
avatar_original_folder = syndbb.app.static_folder + "/data/avatars/"+str(userid)+"-src.png"
avatar_original_history = syndbb.app.static_folder + "/data/avatars/"+str(userid)+"/"+str(unix_time_current())+"-src.png"
avatar_folder = syndbb.app.static_folder + "/data/avatars/"+str(userid)+".png"
avatar_history = syndbb.app.static_folder + "/data/avatars/"+str(userid)+"/"+str(unix_time_current())+".png"
if 'avatar_source' not in syndbb.request.files:
return "No avatar selected."
avatar_source = syndbb.request.files['avatar_source']
if avatar_source.filename == '':
return "No avatar selected."
if avatar_source:
filename = secure_filename(avatar_source.filename)
avatar_source.save(avatar_original_folder)
try:
im = Image.open(avatar_original_folder)
im.thumbnail((1024,1024))
im.save(avatar_original_folder, "PNG")
shutil.copy2(avatar_original_folder, avatar_original_history)
except IOError:
syndbb.flash('Problem setting avatar.', 'danger')
return syndbb.redirect(syndbb.url_for('configure_avatar'))
if 'avatar' not in syndbb.request.form:
syndbb.flash('No avatar selected.', 'danger')
return syndbb.redirect(syndbb.url_for('configure_avatar'))
else:
try:
with open(avatar_folder, "wb") as fh:
fh.write(base64.b64decode(uploaded_avatar))
im = Image.open(avatar_folder)
im.thumbnail((256,256))
im.save(avatar_folder, "PNG")
shutil.copy2(avatar_folder, avatar_history)
user.avatar_date = unix_time_current()
syndbb.db.session.commit()
syndbb.flash('Avatar uploaded successfully.', 'success')
except IOError:
syndbb.flash('Problem setting flair.', 'danger')
return syndbb.redirect(syndbb.url_for('configure_flair'))
syndbb.cache.delete_memoized(syndbb.models.users.get_avatar_by_id)
syndbb.cache.delete_memoized(syndbb.models.users.get_avatar_source_by_id)
return syndbb.redirect(syndbb.url_for('configure_avatar'))
def upload_anon():
page = syndbb.request.args.get('page', type=int, default=1)
per_page = syndbb.request.args.get('amount', type=int, default=25)
dynamic_css_header = []
dynamic_js_footer = [
"js/bootstrap-filestyle.min.js", "js/bootbox.min.js", "js/delete.js",
"js/lazyload.transpiled.min.js"
]
if 'logged_in' in syndbb.session:
userid = check_session_by_id(str(syndbb.session['logged_in']))
if userid:
cached_list = get_user_files(userid, anon=1)
file_list = cached_list['file_list']
page_count = math.ceil(len(file_list) / per_page)
pagination = Pagination(page=page,
per_page=per_page,
css_framework='bootstrap3',
total=len(file_list))
amount_options = ["25", "50", "100", "500", "1000", "1500", "2000"]
countselector = ''
for amount in amount_options:
if str(per_page) == amount:
countselector += '<option value="' + amount + '" selected>' + amount + '</option>'
else:
countselector += '<option value="' + amount + '">' + amount + '</option>'
start_index = (page * per_page) - per_page
end_index = start_index + per_page
if end_index > len(file_list):
end_index = len(file_list)
file_list = file_list[start_index:end_index]
return syndbb.render_template(
'upload_anon.html',
uploadurl=cached_list['uploadurl'],
filecount=cached_list['file_count'],
file_list=file_list,
pagination=pagination,
countselector=countselector,
total_size=cached_list['total_size'],
uploader_name=cached_list['user_name'],
dynamic_js_footer=dynamic_js_footer,
dynamic_css_header=dynamic_css_header,
title="Anonymous Upload",
subheading=['<a href="/upload/">Upload</a>'])
else:
return syndbb.render_template(
'error_not_logged_in.html',
title="Anonymous Upload",
subheading=['<a href="/upload/">Upload</a>'])
else:
return syndbb.render_template('error_not_logged_in.html',
title="Upload",
subheading=[""])
def login():
if 'logged_in' in syndbb.session:
userid = check_session_by_id(str(syndbb.session['logged_in']))
if userid:
return syndbb.render_template('error_already_logged_in.html', title="Log In")
dynamic_js_footer = ["js/crypt.js", "js/bootbox.min.js"]
if syndbb.core_config['ldap']['enabled'] :
dynamic_js_footer.append("js/auth_plain/auth_login.js")
else:
dynamic_js_footer.append("js/auth_hash/auth_login.js")
return syndbb.render_template('login.html', dynamic_js_footer=dynamic_js_footer, title="Log In")
def check_channel_auth(channel):
rank_access = 1
username_access = 0
if ('logged_in' in syndbb.session) and (get_rank_by_id(check_session_by_id(syndbb.session['logged_in'])) < channel.auth):
rank_access = 0
if not ('logged_in' in syndbb.session) and channel.auth >= 1:
rank_access = 0
if channel.user_list and channel.user_list != "":
access_list = channel.user_list.split(" ")
if len(access_list) >= 1 and ('logged_in' in syndbb.session and check_session_by_id(str(syndbb.session['logged_in']))):
user = d2_user.query.filter_by(user_id=check_session_by_id(str(syndbb.session['logged_in']))).first()
if user.username in access_list:
username_access = 1
else:
username_access = 0
else:
username_access = 0
if username_access and not rank_access:
return 0
if rank_access or username_access:
return 1
def login_history():
if 'logged_in' in syndbb.session:
userid = check_session_by_id(str(syndbb.session['logged_in']))
if userid:
user = d2_user.query.filter_by(user_id=userid).first()
logins = d2_ip.query.filter_by(user_id=userid).order_by(d2_ip.time.desc()).all()
subheading = []
subheading.append("<a href='/user/" + user.username + "'>" + user.username + "</a>")
return syndbb.render_template('login_info.html', logins=logins, title="Login History", subheading=subheading)
else:
return syndbb.render_template('error_not_logged_in.html', title="Login History")
else:
return syndbb.render_template('error_not_logged_in.html', title="Login History")
def siteadmin_logins():
if 'logged_in' in syndbb.session:
userid = check_session_by_id(str(syndbb.session['logged_in']))
if userid:
user = d2_user.query.filter_by(user_id=userid).first()
if user.rank >= 900:
return syndbb.render_template('admin_logins.html', logins=get_all_logins(), title="Administration • Login History")
else:
return syndbb.render_template('error_insufficient_permissions.html', title="Insufficient permission")
else:
return syndbb.render_template('error_not_logged_in.html', title="Administration")
else:
return syndbb.render_template('error_not_logged_in.html', title="Administration")
def siteadmin_rank():
if 'logged_in' in syndbb.session:
userid = check_session_by_id(str(syndbb.session['logged_in']))
if userid:
user = d2_user.query.filter_by(user_id=userid).first()
if user.rank >= 500:
rankuser = syndbb.request.args.get('user', '')
return syndbb.render_template('admin_rank.html', rankuser=rankuser, title="Administration • Change Rank")
else:
return syndbb.render_template('error_insufficient_permissions.html', title="Insufficient permission")
else:
return syndbb.render_template('error_not_logged_in.html', title="Administration")
else:
return syndbb.render_template('error_not_logged_in.html', title="Administration")
def siteadmin_channels():
if 'logged_in' in syndbb.session:
userid = check_session_by_id(str(syndbb.session['logged_in']))
if userid:
user = d2_user.query.filter_by(user_id=userid).first()
if user.rank >= 100:
unapproved = d2_channels.query.filter(d2_channels.approved == 0).all()
return syndbb.render_template('admin_channels.html', unapproved=unapproved, title="Administration • Unapproved Channels")
else:
return syndbb.render_template('error_insufficient_permissions.html', title="Insufficient permission")
else:
return syndbb.render_template('error_not_logged_in.html', title="Administration")
else:
return syndbb.render_template('error_not_logged_in.html', title="Administration")
def siteadmin_users():
if 'logged_in' in syndbb.session:
userid = check_session_by_id(str(syndbb.session['logged_in']))
if userid:
user = d2_user.query.filter_by(user_id=userid).first()
if user.rank >= 500:
dynamic_js_footer = ["js/bootbox.min.js", "js/delete.js"]
users = d2_user.query.order_by(d2_user.rank.desc()).order_by(d2_user.join_date.asc()).all()
return syndbb.render_template('admin_users.html', dynamic_js_footer=dynamic_js_footer, users=users, title="Administration • User List")
else:
return syndbb.render_template('error_insufficient_permissions.html', title="Insufficient permission")
else:
return syndbb.render_template('error_not_logged_in.html', title="Administration")
else:
return syndbb.render_template('error_not_logged_in.html', title="Administration")
def change_user():
switch_to = syndbb.request.args.get('userid', '')
uniqid = syndbb.request.args.get('uniqid', '')
if uniqid:
userid = check_session_by_id(uniqid)
if userid:
session = d2_ip.query.filter_by(sessionid=uniqid).first()
session.user_id = switch_to
syndbb.db.session.commit()
return syndbb.redirect(syndbb.url_for('home'))
else:
return "Invalid Session"
else:
return "Invalid Request"
def siteadmin_invites():
if 'logged_in' in syndbb.session:
userid = check_session_by_id(str(syndbb.session['logged_in']))
if userid:
user = d2_user.query.filter_by(user_id=userid).first()
if user.rank >= 100:
dynamic_js_footer = ["js/bootbox.min.js", "js/delete.js"]
invites = d2_requests.query.all()
return syndbb.render_template('admin_invites.html', dynamic_js_footer=dynamic_js_footer, invites=invites, title="Administration • Requested Invites")
else:
return syndbb.render_template('error_insufficient_permissions.html', title="Insufficient permission")
else:
return syndbb.render_template('error_not_logged_in.html', title="Administration")
else:
return syndbb.render_template('error_not_logged_in.html', title="Administration")
def register():
if 'logged_in' in syndbb.session:
userid = check_session_by_id(str(syndbb.session['logged_in']))
if userid:
return syndbb.render_template('error_already_logged_in.html', title="Registration")
dynamic_js_footer = ["js/crypt.js", "js/bootbox.min.js", "js/random_name.js"]
if syndbb.core_config['ldap']['enabled'] :
dynamic_js_footer.append("js/auth_plain/auth_regd.js")
else:
dynamic_js_footer.append("js/auth_hash/auth_regd.js")
reg_template = "register_invite.html" if syndbb.core_config['site']['invite_only'] else "register.html"
if not syndbb.core_config['site']['registration'] :
reg_template = "register_disabled.html"
return syndbb.render_template(reg_template, dynamic_js_footer=dynamic_js_footer, invite_code='', title="Registration")
def profiles():
linked_users = []
if 'logged_in' in syndbb.session:
userid = check_session_by_id(str(syndbb.session['logged_in']))
if userid:
user = d2_user.query.filter_by(user_id=userid).first()
if user:
if user.user_auth and user.user_auth != "":
linked_users = d2_user.query.filter_by(user_auth=user.user_auth).all()
subheading = []
subheading.append("<a href='/user/" + user.username + "'>" + user.username + "</a>")
return syndbb.render_template('profiles.html', linked_users=linked_users, title="My Profiles", subheading=subheading)
else:
return syndbb.render_template('error_not_logged_in.html', title="My Profiles")
else:
return syndbb.render_template('error_not_logged_in.html', title="My Profiles")
def siteadmin_ban():
if 'logged_in' in syndbb.session:
userid = check_session_by_id(str(syndbb.session['logged_in']))
if userid:
user = d2_user.query.filter_by(user_id=userid).first()
if user.rank >= 500:
banuser = syndbb.request.args.get('user', '')
banpost = syndbb.request.args.get('post_id', '')
isbanned = check_ban_by_id(banuser)
return syndbb.render_template('admin_ban.html', isbanned=isbanned, banuser=banuser, banpost=banpost, title="Administration • Ban User")
else:
return syndbb.render_template('error_insufficient_permissions.html', title="Insufficient permission")
else:
return syndbb.render_template('error_not_logged_in.html', title="Administration")
else:
return syndbb.render_template('error_not_logged_in.html', title="Administration")
def do_rate_post():
post_id = syndbb.request.args.get('post_id', '')
ratingtype = syndbb.request.args.get('type', '')
uniqid = syndbb.request.args.get('uniqid', '')
if post_id and ratingtype and uniqid:
if 'logged_in' in syndbb.session:
userid = check_session_by_id(str(uniqid))
if userid:
postcheck = d2_activity.query.filter_by(id=post_id).first()
if postcheck:
if postcheck.replyto != 0:
replycheck = d2_activity.query.filter_by(id=postcheck.replyto).first()
channelcheck = d2_channels.query.filter_by(id=replycheck.category).first()
if postcheck.category != 0:
channelcheck = d2_channels.query.filter_by(id=postcheck.category).first()
if channelcheck and not check_channel_auth(channelcheck): return "Insufficient permission!"
ratingcheck = d2_post_ratings.query.filter_by(post_id=post_id).filter_by(user_id=userid).first()
if ratingcheck:
return "You've already rated this post."
post_creator = d2_user.query.filter_by(user_id=postcheck.user_id).first()
if ratingtype == "down":
post_creator.karma_negative = post_creator.karma_negative + 1
syndbb.db.session.commit()
ratingtype = -1
elif ratingtype == "up":
post_creator.karma_positive = post_creator.karma_positive + 1
syndbb.db.session.commit()
ratingtype = 1
postcheck.rating = int(postcheck.rating) + ratingtype
syndbb.db.session.commit()
submit_rating = d2_post_ratings(post_id, userid, ratingtype)
syndbb.db.session.add(submit_rating)
syndbb.db.session.commit()
syndbb.cache.delete_memoized(syndbb.models.channels.get_post_rating)
return str(postcheck.id)
else:
return "Trying to rate a post which doesnt exist."
else:
return "You are not logged in!"
else:
return "Invalid Request"
