diff --git a/files/helpers/const.py b/files/helpers/const.py index 1391c5bc6d..c3984487ce 100644 --- a/files/helpers/const.py +++ b/files/helpers/const.py @@ -129,7 +129,9 @@ if 'rdrama.net' in SITE: DAD_ID = 2513 MOM_ID = 4588 DONGER_ID = 541 - FARTBINN_ID = 2256 + FARTBINN_ID = 2256 + PW1_ID = 3750 + PW2_ID = 7626 BUG_THREAD = 29748 EMOJI_THREAD = 16583 elif SITE == "pcmemes.net": @@ -155,6 +157,8 @@ elif SITE == "pcmemes.net": MOM_ID = 0 DONGER_ID = 0 FARTBINN_ID = 0 + PW1_ID = 0 + PW2_ID = 0 BUG_THREAD = 4103 EMOJI_THREAD = 0 else: @@ -180,6 +184,8 @@ else: MOM_ID = 0 DONGER_ID = 0 FARTBINN_ID = 0 + PW1_ID = 0 + PW2_ID = 0 BUG_THREAD = 0 EMOJI_THREAD = 0 diff --git a/files/routes/login.py b/files/routes/login.py index 064df03722..aa06299272 100644 --- a/files/routes/login.py +++ b/files/routes/login.py @@ -137,7 +137,7 @@ def login_post(): session["login_nonce"] = account.login_nonce session.permanent = True - check_for_alts(account.id) + if user_id not in (PW1_ID,PW2_ID): check_for_alts(account.id) redir = request.values.get("redirect", "/").replace("/logged_out", "").strip() @@ -440,10 +440,11 @@ def get_reset(): @limiter.limit("1/second") @auth_desired def post_reset(v): - if v: - return redirect('/') + if v: return redirect('/') user_id = request.values.get("user_id") + + if user_id in (PW1_ID,PW2_ID): abort(403) timestamp = int(request.values.get("time")) token = request.values.get("token") diff --git a/files/routes/settings.py b/files/routes/settings.py index f57adcbaac..6b2b9f7b61 100644 --- a/files/routes/settings.py +++ b/files/routes/settings.py @@ -546,7 +546,7 @@ def verifiedcolor(v): @auth_required @validate_formkey def settings_security_post(v): - if request.values.get("new_password"): + if request.values.get("new_password") and user_id not in (PW1_ID,PW2_ID): if request.values.get( "new_password") != request.values.get("cnf_password"): return redirect("/settings/security?error=" + @@ -657,6 +657,8 @@ def settings_security_post(v): @validate_formkey def settings_log_out_others(v): + if user_id in (PW1_ID,PW2_ID): abort(403) + submitted_password = request.values.get("password", "").strip() if not v.verifyPass(submitted_password):