forked from MarseyWorld/MarseyWorld
sfddfs
parent
4702f65abe
commit
71515bdeb9
|
@ -429,7 +429,7 @@ def edit_post(pid, v):
|
|||
|
||||
title_html = filter_emojis_only(title)
|
||||
if v.marseyawarded and len(list(re.finditer('>[^<\s+]|[^>\s+]<', title_html))) > 0: return {"error":"You can only type marseys!"}, 403
|
||||
p.title = title
|
||||
p.title = title[:500]
|
||||
p.title_html = title_html
|
||||
|
||||
if request.files.get("file") and request.headers.get("cf-ipcountry") != "T1":
|
||||
|
|
|
@ -633,19 +633,16 @@ def verifiedcolor(v):
|
|||
@validate_formkey
|
||||
def settings_security_post(v):
|
||||
if request.values.get("new_password"):
|
||||
if v.id in (PW1_ID,PW2_ID): return redirect("/settings/security?error=" + escape("This account is protected from password changes."))
|
||||
if request.values.get(
|
||||
"new_password") != request.values.get("cnf_password"):
|
||||
return redirect("/settings/security?error=" +
|
||||
escape("Passwords do not match."))
|
||||
if v.id in (PW1_ID,PW2_ID): return render_template("settings_security.html", v=v, error="This account is protected from password changes.")
|
||||
|
||||
if request.values.get("new_password") != request.values.get("cnf_password"):
|
||||
return render_template("settings_security.html", v=v, error="Passwords do not match.")
|
||||
|
||||
if not re.match(valid_password_regex, request.values.get("new_password")):
|
||||
return redirect("/settings/security?error=" +
|
||||
escape("Password must be between 8 and 100 characters."))
|
||||
return render_template("settings_security.html", v=v, error="Password must be between 8 and 100 characters.")
|
||||
|
||||
if not v.verifyPass(request.values.get("old_password")):
|
||||
return render_template(
|
||||
"settings_security.html", v=v, error="Incorrect password")
|
||||
return render_template("settings_security.html", v=v, error="Incorrect password")
|
||||
|
||||
v.passhash = v.hash_password(request.values.get("new_password"))
|
||||
|
||||
|
@ -653,14 +650,12 @@ def settings_security_post(v):
|
|||
|
||||
g.db.commit()
|
||||
|
||||
return redirect("/settings/security?msg=" +
|
||||
escape("Your password has been changed."))
|
||||
return render_template("settings_security.html", v=v, error="Your password has been changed.")
|
||||
|
||||
if request.values.get("new_email"):
|
||||
|
||||
if not v.verifyPass(request.values.get('password')):
|
||||
return redirect("/settings/security?error=" +
|
||||
escape("Invalid password."))
|
||||
return render_template("settings_security.html", v=v, error="Invalid password.")
|
||||
|
||||
new_email = request.values.get("new_email","").strip().lower()
|
||||
|
||||
|
@ -671,13 +666,12 @@ def settings_security_post(v):
|
|||
new_email=f"{new_email}@gmail.com"
|
||||
|
||||
if new_email == v.email:
|
||||
return redirect("/settings/security?error=That email is already yours!")
|
||||
return render_template("settings_security.html", v=v, error="That email is already yours!")
|
||||
|
||||
existing = g.db.query(User.id).filter(User.id != v.id,
|
||||
func.lower(User.email) == new_email.lower()).first()
|
||||
if existing:
|
||||
return redirect("/settings/security?error=" +
|
||||
escape("That email address is already in use."))
|
||||
return render_template("settings_security.html", v=v, error="That email address is already in use.")
|
||||
|
||||
url = f"https://{app.config['SERVER_NAME']}/activate"
|
||||
|
||||
|
@ -695,48 +689,41 @@ def settings_security_post(v):
|
|||
v=v)
|
||||
)
|
||||
|
||||
return redirect("/settings/security?msg=" + escape(
|
||||
"Check your email and click the verification link to complete the email change."))
|
||||
return render_template("settings_security.html", v=v, error="Check your email and click the verification link to complete the email change."))
|
||||
|
||||
if request.values.get("2fa_token", ""):
|
||||
|
||||
if not v.verifyPass(request.values.get('password')):
|
||||
return redirect("/settings/security?error=" +
|
||||
escape("Invalid password or token."))
|
||||
return render_template("settings_security.html", v=v, error="Invalid password or token.")
|
||||
|
||||
secret = request.values.get("2fa_secret")
|
||||
x = pyotp.TOTP(secret)
|
||||
if not x.verify(request.values.get("2fa_token"), valid_window=1):
|
||||
return redirect("/settings/security?error=" +
|
||||
escape("Invalid password or token."))
|
||||
return render_template("settings_security.html", v=v, error="Invalid password or token.")
|
||||
|
||||
v.mfa_secret = secret
|
||||
g.db.add(v)
|
||||
|
||||
g.db.commit()
|
||||
|
||||
return redirect("/settings/security?msg=" +
|
||||
escape("Two-factor authentication enabled."))
|
||||
return render_template("settings_security.html", v=v, error="Two-factor authentication enabled.")
|
||||
|
||||
if request.values.get("2fa_remove", ""):
|
||||
|
||||
if not v.verifyPass(request.values.get('password')):
|
||||
return redirect("/settings/security?error=" +
|
||||
escape("Invalid password or token."))
|
||||
return render_template("settings_security.html", v=v, error="Invalid password or token.")
|
||||
|
||||
token = request.values.get("2fa_remove")
|
||||
|
||||
if not v.validate_2fa(token):
|
||||
return redirect("/settings/security?error=" +
|
||||
escape("Invalid password or token."))
|
||||
return render_template("settings_security.html", v=v, error="Invalid password or token.")
|
||||
|
||||
v.mfa_secret = None
|
||||
g.db.add(v)
|
||||
|
||||
g.db.commit()
|
||||
|
||||
return redirect("/settings/security?msg=" +
|
||||
escape("Two-factor authentication disabled."))
|
||||
return render_template("settings_security.html", v=v, error="Two-factor authentication disabled.")
|
||||
|
||||
@app.post("/settings/log_out_all_others")
|
||||
@limiter.limit("1/second")
|
||||
|
|
|
@ -454,7 +454,7 @@
|
|||
<div class="d-flex flex-column">
|
||||
<input type="hidden" name="formkey" value="{{v.formkey}}">
|
||||
<input type="hidden" name="current_page" value="{{request.path}}">
|
||||
<input name="title" class="edit-title" required placeholder="title" value="{{p.title}}" >
|
||||
<input max-length="500" name="title" class="edit-title" required placeholder="title" value="{{p.title}}" >
|
||||
<textarea name="body" {% if v.longpost %}minlength="280"{% endif %} maxlength="{% if v.bird %}140{% else %}10000{% endif %}" oninput="markdown('post-edit-box-{{p.id}}', 'post-edit-{{p.id}}');charLimit('post-edit-box-{{p.id}}','charcount-post-edit')" id="post-edit-box-{{p.id}}" form="post-edit-form-{{p.id}}" class="comment-box form-control rounded" aria-label="With textarea" placeholder="Add text to your post..." rows="10" data-id="{{p.id}}">{{p.body}}</textarea>
|
||||
|
||||
<div class="text-small font-weight-bold mt-1" id="charcount-post-edit" style="right: 1rem; bottom: 0.5rem; z-index: 3;"></div>
|
||||
|
|
Loading…
Reference in New Issue