forked from rDrama/rDrama
sfddfs
parent
4702f65abe
commit
71515bdeb9
|
|
@ -429,7 +429,7 @@ def edit_post(pid, v):
|
||||||
|
|
||||||
title_html = filter_emojis_only(title)
|
title_html = filter_emojis_only(title)
|
||||||
if v.marseyawarded and len(list(re.finditer('>[^<\s+]|[^>\s+]<', title_html))) > 0: return {"error":"You can only type marseys!"}, 403
|
if v.marseyawarded and len(list(re.finditer('>[^<\s+]|[^>\s+]<', title_html))) > 0: return {"error":"You can only type marseys!"}, 403
|
||||||
p.title = title
|
p.title = title[:500]
|
||||||
p.title_html = title_html
|
p.title_html = title_html
|
||||||
|
|
||||||
if request.files.get("file") and request.headers.get("cf-ipcountry") != "T1":
|
if request.files.get("file") and request.headers.get("cf-ipcountry") != "T1":
|
||||||
|
|
|
||||||
|
|
@ -633,19 +633,16 @@ def verifiedcolor(v):
|
||||||
@validate_formkey
|
@validate_formkey
|
||||||
def settings_security_post(v):
|
def settings_security_post(v):
|
||||||
if request.values.get("new_password"):
|
if request.values.get("new_password"):
|
||||||
if v.id in (PW1_ID,PW2_ID): return redirect("/settings/security?error=" + escape("This account is protected from password changes."))
|
if v.id in (PW1_ID,PW2_ID): return render_template("settings_security.html", v=v, error="This account is protected from password changes.")
|
||||||
if request.values.get(
|
|
||||||
"new_password") != request.values.get("cnf_password"):
|
if request.values.get("new_password") != request.values.get("cnf_password"):
|
||||||
return redirect("/settings/security?error=" +
|
return render_template("settings_security.html", v=v, error="Passwords do not match.")
|
||||||
escape("Passwords do not match."))
|
|
||||||
|
|
||||||
if not re.match(valid_password_regex, request.values.get("new_password")):
|
if not re.match(valid_password_regex, request.values.get("new_password")):
|
||||||
return redirect("/settings/security?error=" +
|
return render_template("settings_security.html", v=v, error="Password must be between 8 and 100 characters.")
|
||||||
escape("Password must be between 8 and 100 characters."))
|
|
||||||
|
|
||||||
if not v.verifyPass(request.values.get("old_password")):
|
if not v.verifyPass(request.values.get("old_password")):
|
||||||
return render_template(
|
return render_template("settings_security.html", v=v, error="Incorrect password")
|
||||||
"settings_security.html", v=v, error="Incorrect password")
|
|
||||||
|
|
||||||
v.passhash = v.hash_password(request.values.get("new_password"))
|
v.passhash = v.hash_password(request.values.get("new_password"))
|
||||||
|
|
||||||
|
|
@ -653,14 +650,12 @@ def settings_security_post(v):
|
||||||
|
|
||||||
g.db.commit()
|
g.db.commit()
|
||||||
|
|
||||||
return redirect("/settings/security?msg=" +
|
return render_template("settings_security.html", v=v, error="Your password has been changed.")
|
||||||
escape("Your password has been changed."))
|
|
||||||
|
|
||||||
if request.values.get("new_email"):
|
if request.values.get("new_email"):
|
||||||
|
|
||||||
if not v.verifyPass(request.values.get('password')):
|
if not v.verifyPass(request.values.get('password')):
|
||||||
return redirect("/settings/security?error=" +
|
return render_template("settings_security.html", v=v, error="Invalid password.")
|
||||||
escape("Invalid password."))
|
|
||||||
|
|
||||||
new_email = request.values.get("new_email","").strip().lower()
|
new_email = request.values.get("new_email","").strip().lower()
|
||||||
|
|
||||||
|
|
@ -671,13 +666,12 @@ def settings_security_post(v):
|
||||||
new_email=f"{new_email}@gmail.com"
|
new_email=f"{new_email}@gmail.com"
|
||||||
|
|
||||||
if new_email == v.email:
|
if new_email == v.email:
|
||||||
return redirect("/settings/security?error=That email is already yours!")
|
return render_template("settings_security.html", v=v, error="That email is already yours!")
|
||||||
|
|
||||||
existing = g.db.query(User.id).filter(User.id != v.id,
|
existing = g.db.query(User.id).filter(User.id != v.id,
|
||||||
func.lower(User.email) == new_email.lower()).first()
|
func.lower(User.email) == new_email.lower()).first()
|
||||||
if existing:
|
if existing:
|
||||||
return redirect("/settings/security?error=" +
|
return render_template("settings_security.html", v=v, error="That email address is already in use.")
|
||||||
escape("That email address is already in use."))
|
|
||||||
|
|
||||||
url = f"https://{app.config['SERVER_NAME']}/activate"
|
url = f"https://{app.config['SERVER_NAME']}/activate"
|
||||||
|
|
||||||
|
|
@ -695,48 +689,41 @@ def settings_security_post(v):
|
||||||
v=v)
|
v=v)
|
||||||
)
|
)
|
||||||
|
|
||||||
return redirect("/settings/security?msg=" + escape(
|
return render_template("settings_security.html", v=v, error="Check your email and click the verification link to complete the email change."))
|
||||||
"Check your email and click the verification link to complete the email change."))
|
|
||||||
|
|
||||||
if request.values.get("2fa_token", ""):
|
if request.values.get("2fa_token", ""):
|
||||||
|
|
||||||
if not v.verifyPass(request.values.get('password')):
|
if not v.verifyPass(request.values.get('password')):
|
||||||
return redirect("/settings/security?error=" +
|
return render_template("settings_security.html", v=v, error="Invalid password or token.")
|
||||||
escape("Invalid password or token."))
|
|
||||||
|
|
||||||
secret = request.values.get("2fa_secret")
|
secret = request.values.get("2fa_secret")
|
||||||
x = pyotp.TOTP(secret)
|
x = pyotp.TOTP(secret)
|
||||||
if not x.verify(request.values.get("2fa_token"), valid_window=1):
|
if not x.verify(request.values.get("2fa_token"), valid_window=1):
|
||||||
return redirect("/settings/security?error=" +
|
return render_template("settings_security.html", v=v, error="Invalid password or token.")
|
||||||
escape("Invalid password or token."))
|
|
||||||
|
|
||||||
v.mfa_secret = secret
|
v.mfa_secret = secret
|
||||||
g.db.add(v)
|
g.db.add(v)
|
||||||
|
|
||||||
g.db.commit()
|
g.db.commit()
|
||||||
|
|
||||||
return redirect("/settings/security?msg=" +
|
return render_template("settings_security.html", v=v, error="Two-factor authentication enabled.")
|
||||||
escape("Two-factor authentication enabled."))
|
|
||||||
|
|
||||||
if request.values.get("2fa_remove", ""):
|
if request.values.get("2fa_remove", ""):
|
||||||
|
|
||||||
if not v.verifyPass(request.values.get('password')):
|
if not v.verifyPass(request.values.get('password')):
|
||||||
return redirect("/settings/security?error=" +
|
return render_template("settings_security.html", v=v, error="Invalid password or token.")
|
||||||
escape("Invalid password or token."))
|
|
||||||
|
|
||||||
token = request.values.get("2fa_remove")
|
token = request.values.get("2fa_remove")
|
||||||
|
|
||||||
if not v.validate_2fa(token):
|
if not v.validate_2fa(token):
|
||||||
return redirect("/settings/security?error=" +
|
return render_template("settings_security.html", v=v, error="Invalid password or token.")
|
||||||
escape("Invalid password or token."))
|
|
||||||
|
|
||||||
v.mfa_secret = None
|
v.mfa_secret = None
|
||||||
g.db.add(v)
|
g.db.add(v)
|
||||||
|
|
||||||
g.db.commit()
|
g.db.commit()
|
||||||
|
|
||||||
return redirect("/settings/security?msg=" +
|
return render_template("settings_security.html", v=v, error="Two-factor authentication disabled.")
|
||||||
escape("Two-factor authentication disabled."))
|
|
||||||
|
|
||||||
@app.post("/settings/log_out_all_others")
|
@app.post("/settings/log_out_all_others")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
|
|
|
||||||
|
|
@ -454,7 +454,7 @@
|
||||||
<div class="d-flex flex-column">
|
<div class="d-flex flex-column">
|
||||||
<input type="hidden" name="formkey" value="{{v.formkey}}">
|
<input type="hidden" name="formkey" value="{{v.formkey}}">
|
||||||
<input type="hidden" name="current_page" value="{{request.path}}">
|
<input type="hidden" name="current_page" value="{{request.path}}">
|
||||||
<input name="title" class="edit-title" required placeholder="title" value="{{p.title}}" >
|
<input max-length="500" name="title" class="edit-title" required placeholder="title" value="{{p.title}}" >
|
||||||
<textarea name="body" {% if v.longpost %}minlength="280"{% endif %} maxlength="{% if v.bird %}140{% else %}10000{% endif %}" oninput="markdown('post-edit-box-{{p.id}}', 'post-edit-{{p.id}}');charLimit('post-edit-box-{{p.id}}','charcount-post-edit')" id="post-edit-box-{{p.id}}" form="post-edit-form-{{p.id}}" class="comment-box form-control rounded" aria-label="With textarea" placeholder="Add text to your post..." rows="10" data-id="{{p.id}}">{{p.body}}</textarea>
|
<textarea name="body" {% if v.longpost %}minlength="280"{% endif %} maxlength="{% if v.bird %}140{% else %}10000{% endif %}" oninput="markdown('post-edit-box-{{p.id}}', 'post-edit-{{p.id}}');charLimit('post-edit-box-{{p.id}}','charcount-post-edit')" id="post-edit-box-{{p.id}}" form="post-edit-form-{{p.id}}" class="comment-box form-control rounded" aria-label="With textarea" placeholder="Add text to your post..." rows="10" data-id="{{p.id}}">{{p.body}}</textarea>
|
||||||
|
|
||||||
<div class="text-small font-weight-bold mt-1" id="charcount-post-edit" style="right: 1rem; bottom: 0.5rem; z-index: 3;"></div>
|
<div class="text-small font-weight-bold mt-1" id="charcount-post-edit" style="right: 1rem; bottom: 0.5rem; z-index: 3;"></div>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue