forked from rDrama/rDrama
fsd
parent
d4f7f5497b
commit
758a30e166
|
@ -85,9 +85,10 @@ mail = Mail(app)
|
||||||
@app.before_request
|
@app.before_request
|
||||||
def before_request():
|
def before_request():
|
||||||
|
|
||||||
ua = request.headers.get("User-Agent")
|
g.agent = request.headers.get("User-Agent")
|
||||||
if not ua: abort(403)
|
if not g.agent: abort(403)
|
||||||
ua = ua.lower()
|
|
||||||
|
ua = g.agent.lower()
|
||||||
|
|
||||||
with open('site_settings.json', 'r') as f:
|
with open('site_settings.json', 'r') as f:
|
||||||
app.config['SETTINGS'] = json.load(f)
|
app.config['SETTINGS'] = json.load(f)
|
||||||
|
|
|
@ -54,7 +54,7 @@ def get_logged_in_user():
|
||||||
if session["session_id"] in loggedout: del loggedout[session["session_id"]]
|
if session["session_id"] in loggedout: del loggedout[session["session_id"]]
|
||||||
loggedin[v.id] = timestamp
|
loggedin[v.id] = timestamp
|
||||||
else:
|
else:
|
||||||
ua = str(user_agents.parse(request.headers.get("User-Agent")))
|
ua = str(user_agents.parse(g.agent))
|
||||||
if not ua.startswith('Spider'):
|
if not ua.startswith('Spider'):
|
||||||
loggedout[session["session_id"]] = (timestamp, ua)
|
loggedout[session["session_id"]] = (timestamp, ua)
|
||||||
|
|
||||||
|
|
|
@ -204,7 +204,7 @@ def sign_up_get(v):
|
||||||
token = token_hex(16)
|
token = token_hex(16)
|
||||||
session["signup_token"] = token
|
session["signup_token"] = token
|
||||||
|
|
||||||
formkey_hashstr = str(now) + token + agent
|
formkey_hashstr = str(now) + token + g.agent
|
||||||
|
|
||||||
formkey = hmac.new(key=bytes(environ.get("MASTER_KEY"), "utf-16"),
|
formkey = hmac.new(key=bytes(environ.get("MASTER_KEY"), "utf-16"),
|
||||||
msg=bytes(formkey_hashstr, "utf-16"),
|
msg=bytes(formkey_hashstr, "utf-16"),
|
||||||
|
@ -237,7 +237,7 @@ def sign_up_post(v):
|
||||||
submitted_token = session.get("signup_token", "")
|
submitted_token = session.get("signup_token", "")
|
||||||
if not submitted_token: abort(400)
|
if not submitted_token: abort(400)
|
||||||
|
|
||||||
correct_formkey_hashstr = form_timestamp + submitted_token + agent
|
correct_formkey_hashstr = form_timestamp + submitted_token + g.agent
|
||||||
|
|
||||||
correct_formkey = hmac.new(key=bytes(environ.get("MASTER_KEY"), "utf-16"),
|
correct_formkey = hmac.new(key=bytes(environ.get("MASTER_KEY"), "utf-16"),
|
||||||
msg=bytes(correct_formkey_hashstr, "utf-16"),
|
msg=bytes(correct_formkey_hashstr, "utf-16"),
|
||||||
|
|
Loading…
Reference in New Issue