Deux: patch improper logins for post-seeding accs.

Deux's users were originally seeded from a clone of the rDrama DB.
Thereby, user IDs are paired between the sites, and this is further
the only clear means by which we can link accounts between the sites.
However, signups on either site after the seeding will not have
synchronized IDs. Newer accounts on Drama could thereby be used to
sign into the Deux account with the same user_id.

There's no clear way to solve this without going to a shared identity
provider for both. In the interim, we restrict shared login to users
from before divergence began. This is a kludge, but it works.

files/routes/login.py

@@ -162,6 +162,12 @@ def loginshared_authenticate(v, site_for):
 	if not (SITE == 'rdrama.net' and site_for == 'deuxrama.net'):
 		abort(403)
 
+	# Kludge to prevent accounts created after the DB seeding (on either site)
+	# from being improperly logged into. The only account matching we have is
+	# based on user_id, which isn't guaranteed identical post-seeding.
+	if v.id > 12335:
+		abort(500)
+
 	token = loginshared_secret_token(site_for, v.id)
 
 	# Must be https! Downgrading security leaks secrets in query string.