From 96ea758ed9769ef0bd4fa163dd94b2ab8aa61ec5 Mon Sep 17 00:00:00 2001
From: Aevann1 <randomname42029@gmail.com>
Date: Tue, 3 May 2022 03:37:51 +0200
Subject: [PATCH 1/7] sfd

---
 files/routes/comments.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/files/routes/comments.py b/files/routes/comments.py
index 145a6af0f..8e36c7567 100644
--- a/files/routes/comments.py
+++ b/files/routes/comments.py
@@ -159,7 +159,8 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None):
 		return render_template(template, v=v, p=post, sort=sort, comment_info=comment_info, render_replies=True, sub=post.subr)
 
 @app.post("/comment")
-@limiter.limit("1/second;20/minute;200/hour;1000/day")
+@limiter.limit("1/day")
+@limiter.limit("1/day", key_func=lambda:f'{request.host}-{egg}')
 @auth_required
 def api_comment(v):
 	if v.is_suspended: return {"error": "You can't perform this action while banned."}, 403

From 4abc9a749765d432e948519eac8512157fb653b1 Mon Sep 17 00:00:00 2001
From: Aevann1 <randomname42029@gmail.com>
Date: Tue, 3 May 2022 03:38:13 +0200
Subject: [PATCH 2/7] gfd

---
 push.sh      | 3 +--
 pushforce.sh | 3 +--
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/push.sh b/push.sh
index e5639e0a7..edce13413 100644
--- a/push.sh
+++ b/push.sh
@@ -1,5 +1,4 @@
 git pull
 git add .
 git commit -m "sneed"
-git push
-. 'D:\1.sh'
\ No newline at end of file
+git push
\ No newline at end of file
diff --git a/pushforce.sh b/pushforce.sh
index 0f8016366..1181e0ef2 100644
--- a/pushforce.sh
+++ b/pushforce.sh
@@ -1,4 +1,3 @@
 git add .
 git commit -m "force push"
-git push --force
-. 'D:\1.sh'
\ No newline at end of file
+git push --force
\ No newline at end of file

From 65b3a5d37599bbfc6f5678f3fb12795c1a3bce34 Mon Sep 17 00:00:00 2001
From: Aevann1 <randomname42029@gmail.com>
Date: Tue, 3 May 2022 03:39:20 +0200
Subject: [PATCH 3/7] fsd

---
 files/routes/comments.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/files/routes/comments.py b/files/routes/comments.py
index 8e36c7567..56aadfb5b 100644
--- a/files/routes/comments.py
+++ b/files/routes/comments.py
@@ -160,7 +160,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None):
 
 @app.post("/comment")
 @limiter.limit("1/day")
-@limiter.limit("1/day", key_func=lambda:f'{request.host}-{egg}')
+@limiter.limit("1/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def api_comment(v):
 	if v.is_suspended: return {"error": "You can't perform this action while banned."}, 403

From 47d01ed00bc7dcc3d6389795be7aea077d84a11c Mon Sep 17 00:00:00 2001
From: Aevann1 <randomname42029@gmail.com>
Date: Tue, 3 May 2022 04:15:35 +0200
Subject: [PATCH 4/7] vb

---
 files/mail/__init__.py    |  1 +
 files/routes/awards.py    |  2 ++
 files/routes/chat.py      |  1 +
 files/routes/comments.py  | 11 +++++++++--
 files/routes/login.py     |  1 +
 files/routes/oauth.py     |  5 +++++
 files/routes/posts.py     |  8 ++++++++
 files/routes/reporting.py |  2 ++
 files/routes/settings.py  | 19 +++++++++++++++++++
 files/routes/static.py    |  1 +
 files/routes/subs.py      |  5 +++++
 files/routes/users.py     | 10 ++++++++++
 files/routes/votes.py     |  4 +++-
 13 files changed, 67 insertions(+), 3 deletions(-)

diff --git a/files/mail/__init__.py b/files/mail/__init__.py
index e73326418..fba1477ed 100644
--- a/files/mail/__init__.py
+++ b/files/mail/__init__.py
@@ -41,6 +41,7 @@ def send_verification_email(user, email=None):
 
 @app.post("/verify_email")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def api_verify_email(v):
 
diff --git a/files/routes/awards.py b/files/routes/awards.py
index 449f850ee..ff900ea10 100644
--- a/files/routes/awards.py
+++ b/files/routes/awards.py
@@ -121,6 +121,7 @@ def buy(v, award):
 
 @app.post("/award_post/<pid>")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @is_not_permabanned
 def award_post(pid, v):
 	if v.shadowbanned: return render_template('errors/500.html', err=True, v=v), 500
@@ -360,6 +361,7 @@ def award_post(pid, v):
 
 @app.post("/award_comment/<cid>")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @is_not_permabanned
 def award_comment(cid, v):
 	if v.shadowbanned: return render_template('errors/500.html', err=True, v=v), 500
diff --git a/files/routes/chat.py b/files/routes/chat.py
index d33886e6f..c74fbc904 100644
--- a/files/routes/chat.py
+++ b/files/routes/chat.py
@@ -35,6 +35,7 @@ def chatjs():
 
 @socketio.on('speak')
 @limiter.limit("3/second;10/minute")
+@limiter.limit("3/second;10/minute", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def speak(data, v):
 	if v.is_banned: return '', 403
diff --git a/files/routes/comments.py b/files/routes/comments.py
index 56aadfb5b..8a726566b 100644
--- a/files/routes/comments.py
+++ b/files/routes/comments.py
@@ -159,8 +159,8 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None):
 		return render_template(template, v=v, p=post, sort=sort, comment_info=comment_info, render_replies=True, sub=post.subr)
 
 @app.post("/comment")
-@limiter.limit("1/day")
-@limiter.limit("1/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
+@limiter.limit("1/second;20/minute;200/hour;1000/day")
+@limiter.limit("1/second;20/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def api_comment(v):
 	if v.is_suspended: return {"error": "You can't perform this action while banned."}, 403
@@ -668,6 +668,7 @@ def api_comment(v):
 
 @app.post("/edit_comment/<cid>")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def edit_comment(cid, v):
 
@@ -843,6 +844,7 @@ def edit_comment(cid, v):
 
 @app.post("/delete/comment/<cid>")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def delete_comment(cid, v):
 
@@ -864,6 +866,7 @@ def delete_comment(cid, v):
 
 @app.post("/undelete/comment/<cid>")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def undelete_comment(cid, v):
 
@@ -970,6 +973,7 @@ def mod_unpin(cid, v):
 
 @app.post("/save_comment/<cid>")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def save_comment(cid, v):
 
@@ -987,6 +991,7 @@ def save_comment(cid, v):
 
 @app.post("/unsave_comment/<cid>")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def unsave_comment(cid, v):
 
@@ -1002,6 +1007,7 @@ def unsave_comment(cid, v):
 
 @app.post("/blackjack/<cid>")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def handle_blackjack_action(cid, v):
 	comment = get_comment(cid)
@@ -1042,6 +1048,7 @@ def diff_words(answer, guess):
 
 @app.post("/wordle/<cid>")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def handle_wordle_action(cid, v):
 
diff --git a/files/routes/login.py b/files/routes/login.py
index 1c3d298c6..a89da564e 100644
--- a/files/routes/login.py
+++ b/files/routes/login.py
@@ -169,6 +169,7 @@ def me(v):
 
 @app.post("/logout")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def logout(v):
 
diff --git a/files/routes/oauth.py b/files/routes/oauth.py
index 028ba8c6f..0a5d811e0 100644
--- a/files/routes/oauth.py
+++ b/files/routes/oauth.py
@@ -18,6 +18,7 @@ def authorize_prompt(v):
 
 @app.post("/authorize")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def authorize(v):
 
@@ -40,6 +41,7 @@ def authorize(v):
 
 @app.post("/api_keys")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @is_not_permabanned
 def request_api_keys(v):
 
@@ -81,6 +83,7 @@ def request_api_keys(v):
 
 @app.post("/delete_app/<aid>")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def delete_oauth_app(v, aid):
 
@@ -101,6 +104,7 @@ def delete_oauth_app(v, aid):
 
 @app.post("/edit_app/<aid>")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @is_not_permabanned
 def edit_oauth_app(v, aid):
 
@@ -264,6 +268,7 @@ def admin_apps_list(v):
 
 @app.post("/oauth/reroll/<aid>")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def reroll_oauth_tokens(aid, v):
 
diff --git a/files/routes/posts.py b/files/routes/posts.py
index ae8e681d7..f0bb44947 100644
--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@@ -56,6 +56,7 @@ def toggle_club(pid, v):
 
 @app.post("/publish/<pid>")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def publish(pid, v):
 	post = get_post(pid)
@@ -419,6 +420,7 @@ def morecomments(v, cid):
 
 @app.post("/edit_post/<pid>")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def edit_post(pid, v):
 	p = get_post(pid)
@@ -856,6 +858,7 @@ def api_is_repost():
 @app.post("/submit")
 @app.post("/h/<sub>/submit")
 @limiter.limit("1/second;2/minute;10/hour;50/day")
+@limiter.limit("1/second;2/minute;10/hour;50/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def submit_post(v, sub=None):
 
@@ -1395,6 +1398,7 @@ def submit_post(v, sub=None):
 
 @app.post("/delete_post/<pid>")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def delete_post_pid(pid, v):
 
@@ -1416,6 +1420,7 @@ def delete_post_pid(pid, v):
 
 @app.post("/undelete_post/<pid>")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def undelete_post_pid(pid, v):
 	post = get_post(pid)
@@ -1471,6 +1476,7 @@ def toggle_post_nsfw(pid, v):
 
 @app.post("/save_post/<pid>")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def save_post(pid, v):
 
@@ -1487,6 +1493,7 @@ def save_post(pid, v):
 
 @app.post("/unsave_post/<pid>")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def unsave_post(pid, v):
 
@@ -1520,6 +1527,7 @@ def api_pin_post(post_id, v):
 
 @app.get("/submit/title")
 @limiter.limit("6/minute")
+@limiter.limit("6/minute", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def get_post_title(v):
 
diff --git a/files/routes/reporting.py b/files/routes/reporting.py
index f4a1cbbc3..889ebeef6 100644
--- a/files/routes/reporting.py
+++ b/files/routes/reporting.py
@@ -7,6 +7,7 @@ from files.helpers.sanitize import filter_emojis_only
 
 @app.post("/report/post/<pid>")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def api_flag_post(pid, v):
 
@@ -58,6 +59,7 @@ def api_flag_post(pid, v):
 
 @app.post("/report/comment/<cid>")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def api_flag_comment(cid, v):
 
diff --git a/files/routes/settings.py b/files/routes/settings.py
index 185533e8b..ecc7d76da 100644
--- a/files/routes/settings.py
+++ b/files/routes/settings.py
@@ -29,6 +29,7 @@ tiers={
 
 @app.post("/settings/removebackground")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def removebackground(v):
 	v.background = None
@@ -38,6 +39,7 @@ def removebackground(v):
 
 @app.post("/settings/profile")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def settings_profile_post(v):
 	updated = False
@@ -340,6 +342,7 @@ def changelogsub(v):
 
 @app.post("/settings/namecolor")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def namecolor(v):
 
@@ -353,6 +356,7 @@ def namecolor(v):
 	
 @app.post("/settings/themecolor")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def themecolor(v):
 
@@ -366,6 +370,7 @@ def themecolor(v):
 
 @app.post("/settings/gumroad")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def gumroad(v):
 	if not (v.email and v.is_activated):
@@ -408,6 +413,7 @@ def gumroad(v):
 
 @app.post("/settings/titlecolor")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def titlecolor(v):
 
@@ -421,6 +427,7 @@ def titlecolor(v):
 
 @app.post("/settings/verifiedcolor")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def verifiedcolor(v):
 	verifiedcolor = str(request.values.get("verifiedcolor", "")).strip()
@@ -433,6 +440,7 @@ def verifiedcolor(v):
 
 @app.post("/settings/security")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def settings_security_post(v):
 	if request.values.get("new_password"):
@@ -516,6 +524,7 @@ def settings_security_post(v):
 
 @app.post("/settings/log_out_all_others")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def settings_log_out_others(v):
 
@@ -537,6 +546,7 @@ def settings_log_out_others(v):
 
 @app.post("/settings/images/profile")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def settings_images_profile(v):
 	if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403
@@ -572,6 +582,7 @@ def settings_images_profile(v):
 
 @app.post("/settings/images/banner")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def settings_images_banner(v):
 	if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403
@@ -607,6 +618,7 @@ def settings_css_get(v):
 
 @app.post("/settings/css")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def settings_css(v):
 	if v.agendaposter: return {"error": "Agendapostered users can't edit css!"}
@@ -625,6 +637,7 @@ def settings_profilecss_get(v):
 
 @app.post("/settings/profilecss")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def settings_profilecss(v):
 	profilecss = request.values.get("profilecss").strip().replace('\\', '').strip()[:4000]
@@ -635,6 +648,7 @@ def settings_profilecss(v):
 
 @app.post("/settings/block")
 @limiter.limit("1/second;10/day")
+@limiter.limit("1/second;10/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def settings_block_user(v):
 
@@ -672,6 +686,7 @@ def settings_block_user(v):
 
 @app.post("/settings/unblock")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def settings_unblock_user(v):
 
@@ -701,6 +716,7 @@ def settings_apps(v):
 
 @app.post("/settings/remove_discord")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def settings_remove_discord(v):
 
@@ -721,6 +737,7 @@ def settings_content_get(v):
 
 @app.post("/settings/name_change")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @is_not_permabanned
 def settings_name_change(v):
 
@@ -765,6 +782,7 @@ def settings_name_change(v):
 
 @app.post("/settings/song_change")
 @limiter.limit("2/second;10/day")
+@limiter.limit("2/second;10/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def settings_song_change(v):
 	song=request.values.get("song").strip()
@@ -844,6 +862,7 @@ def settings_song_change(v):
 
 @app.post("/settings/title_change")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def settings_title_change(v):
 
diff --git a/files/routes/static.py b/files/routes/static.py
index 00d2d763a..cd4e3b9c4 100644
--- a/files/routes/static.py
+++ b/files/routes/static.py
@@ -385,6 +385,7 @@ def contact(v):
 
 @app.post("/send_admin")
 @limiter.limit("1/second;2/minute;6/hour;10/day")
+@limiter.limit("1/second;2/minute;6/hour;10/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def submit_contact(v):
 	body = request.values.get("message")
diff --git a/files/routes/subs.py b/files/routes/subs.py
index 98a0e3dea..c657aa17b 100644
--- a/files/routes/subs.py
+++ b/files/routes/subs.py
@@ -158,6 +158,7 @@ def blockers(v, sub):
 
 @app.post("/h/<sub>/add_mod")
 @limiter.limit("1/second;5/day")
+@limiter.limit("1/second;5/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @is_not_permabanned
 def add_mod(v, sub):
 	sub = g.db.query(Sub).filter_by(name=sub.strip().lower()).one_or_none()
@@ -306,6 +307,7 @@ def sub_settings(v, sub):
 
 @app.post('/h/<sub>/sidebar')
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @is_not_permabanned
 def post_sub_sidebar(v, sub):
 	sub = g.db.query(Sub).filter_by(name=sub.strip().lower()).one_or_none()
@@ -326,6 +328,7 @@ def post_sub_sidebar(v, sub):
 
 @app.post('/h/<sub>/css')
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @is_not_permabanned
 def post_sub_css(v, sub):
 	sub = g.db.query(Sub).filter_by(name=sub.strip().lower()).one_or_none()
@@ -352,6 +355,7 @@ def get_sub_css(sub):
 
 @app.post("/h/<sub>/banner")
 @limiter.limit("1/second;10/day")
+@limiter.limit("1/second;10/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @is_not_permabanned
 def sub_banner(v, sub):
 	if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403
@@ -379,6 +383,7 @@ def sub_banner(v, sub):
 
 @app.post("/h/<sub>/sidebar_image")
 @limiter.limit("1/second;10/day")
+@limiter.limit("1/second;10/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @is_not_permabanned
 def sub_sidebar(v, sub):
 	if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403
diff --git a/files/routes/users.py b/files/routes/users.py
index 8e2d1336e..aff504b71 100644
--- a/files/routes/users.py
+++ b/files/routes/users.py
@@ -371,6 +371,7 @@ def downvoting(v, username):
 
 @app.post("/@<username>/suicide")
 @limiter.limit("1/second;5/day")
+@limiter.limit("1/second;5/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def suicide(v, username):
 	user = get_user(username)
@@ -389,6 +390,7 @@ def get_coins(v, username):
 
 @app.post("/@<username>/transfer_coins")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @is_not_permabanned
 def transfer_coins(v, username):
 	receiver = g.db.query(User).filter_by(username=username).one_or_none()
@@ -423,6 +425,7 @@ def transfer_coins(v, username):
 
 @app.post("/@<username>/transfer_bux")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @is_not_permabanned
 def transfer_bux(v, username):
 	receiver = g.db.query(User).filter_by(username=username).one_or_none()
@@ -567,6 +570,7 @@ def song(song):
 
 @app.post("/subscribe/<post_id>")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def subscribe(v, post_id):
 	new_sub = Subscription(user_id=v.id, submission_id=post_id)
@@ -576,6 +580,7 @@ def subscribe(v, post_id):
 	
 @app.post("/unsubscribe/<post_id>")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def unsubscribe(v, post_id):
 	sub=g.db.query(Subscription).filter_by(user_id=v.id, submission_id=post_id).one_or_none()
@@ -591,6 +596,7 @@ def reportbugs(v):
 
 @app.post("/@<username>/message")
 @limiter.limit("1/second;10/minute;20/hour;50/day")
+@limiter.limit("1/second;10/minute;20/hour;50/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @is_not_permabanned
 def message2(v, username):
 
@@ -655,6 +661,7 @@ def message2(v, username):
 
 @app.post("/reply")
 @limiter.limit("1/second;6/minute;50/hour;200/day")
+@limiter.limit("1/second;6/minute;50/hour;200/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def messagereply(v):
 
@@ -1041,6 +1048,7 @@ def u_user_id_info(id, v=None):
 
 @app.post("/follow/<username>")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def follow_user(username, v):
 
@@ -1065,6 +1073,7 @@ def follow_user(username, v):
 
 @app.post("/unfollow/<username>")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def unfollow_user(username, v):
 
@@ -1092,6 +1101,7 @@ def unfollow_user(username, v):
 
 @app.post("/remove_follow/<username>")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @auth_required
 def remove_follow(username, v):
 	target = get_user(username)
diff --git a/files/routes/votes.py b/files/routes/votes.py
index 44e351a63..84aee852d 100644
--- a/files/routes/votes.py
+++ b/files/routes/votes.py
@@ -7,7 +7,6 @@ from files.__main__ import app, limiter, cache
 from os import environ
 
 @app.get("/votes")
-@limiter.limit("5/second;60/minute;200/hour;1000/day")
 @auth_required
 def admin_vote_info_get(v):
 	link = request.values.get("link")
@@ -53,6 +52,7 @@ def admin_vote_info_get(v):
 
 @app.post("/vote/post/<post_id>/<new>")
 @limiter.limit("5/second;60/minute;600/hour;1000/day")
+@limiter.limit("5/second;60/minute;600/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @is_not_permabanned
 def api_vote_post(post_id, new, v):
 
@@ -116,6 +116,7 @@ def api_vote_post(post_id, new, v):
 
 @app.post("/vote/comment/<comment_id>/<new>")
 @limiter.limit("5/second;60/minute;600/hour;1000/day")
+@limiter.limit("5/second;60/minute;600/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @is_not_permabanned
 def api_vote_comment(comment_id, new, v):
 
@@ -218,6 +219,7 @@ def api_vote_poll(comment_id, v):
 
 @app.post("/bet/<comment_id>")
 @limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
 @is_not_permabanned
 def bet(comment_id, v):
 	

From db82fdda6e97c5105513de05a006cd8ee31a5a95 Mon Sep 17 00:00:00 2001
From: Aevann1 <randomname42029@gmail.com>
Date: Tue, 3 May 2022 06:03:19 +0200
Subject: [PATCH 5/7] fds

---
 files/__main__.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/files/__main__.py b/files/__main__.py
index 09e06c488..b47aaac77 100644
--- a/files/__main__.py
+++ b/files/__main__.py
@@ -87,7 +87,9 @@ def before_request():
 	with open('site_settings.json', 'r') as f:
 		app.config['SETTINGS'] = json.load(f)
 
-	if request.host != app.config["SERVER_NAME"]: return {"error":"Unauthorized host provided."}, 401
+	if request.host != app.config["SERVER_NAME"]:
+		print(request.host, flush=True)
+		return {"error":"Unauthorized host provided."}, 401
 	if request.headers.get("CF-Worker"): return {"error":"Cloudflare workers are not allowed to access this website."}, 401
 
 	if not app.config['SETTINGS']['Bots'] and request.headers.get("Authorization"): abort(503)

From 394244a4cd1241cb9f841f3e61cc5ce346277b40 Mon Sep 17 00:00:00 2001
From: Aevann1 <randomname42029@gmail.com>
Date: Tue, 3 May 2022 06:09:02 +0200
Subject: [PATCH 6/7] sfd

---
 files/__main__.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/files/__main__.py b/files/__main__.py
index b47aaac77..09e06c488 100644
--- a/files/__main__.py
+++ b/files/__main__.py
@@ -87,9 +87,7 @@ def before_request():
 	with open('site_settings.json', 'r') as f:
 		app.config['SETTINGS'] = json.load(f)
 
-	if request.host != app.config["SERVER_NAME"]:
-		print(request.host, flush=True)
-		return {"error":"Unauthorized host provided."}, 401
+	if request.host != app.config["SERVER_NAME"]: return {"error":"Unauthorized host provided."}, 401
 	if request.headers.get("CF-Worker"): return {"error":"Cloudflare workers are not allowed to access this website."}, 401
 
 	if not app.config['SETTINGS']['Bots'] and request.headers.get("Authorization"): abort(503)

From 5e2da5673c3dde1602b0453834bb74bb1cd9773b Mon Sep 17 00:00:00 2001
From: Aevann1 <randomname42029@gmail.com>
Date: Tue, 3 May 2022 06:28:42 +0200
Subject: [PATCH 7/7] fsd

---
 files/classes/user.py       |  1 +
 files/routes/admin.py       | 30 +++++++++++++++++++++++++-----
 files/templates/badges.html |  2 +-
 3 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/files/classes/user.py b/files/classes/user.py
index 7913f0b41..6f252f590 100644
--- a/files/classes/user.py
+++ b/files/classes/user.py
@@ -190,6 +190,7 @@ class User(Base):
 		elif self.patron == 4: discount = 0.75
 		elif self.patron == 5: discount = 0.70
 		elif self.patron == 6: discount = 0.65
+		elif self.patron == 7: discount = 0.60
 		else: discount = 1
 
 		for badge in [69,70,71,72,73]:
diff --git a/files/routes/admin.py b/files/routes/admin.py
index d1c2f5858..79992fcc3 100644
--- a/files/routes/admin.py
+++ b/files/routes/admin.py
@@ -710,11 +710,7 @@ def users_list(v):
 	try: page = int(request.values.get("page", 1))
 	except: page = 1
 
-	users = g.db.query(User).filter_by(is_banned=0
-									   ).order_by(User.created_utc.desc()
-												  ).offset(25 * (page - 1)).limit(26)
-
-	users = [x for x in users]
+	users = g.db.query(User).order_by(User.id.desc()).offset(25 * (page - 1)).limit(26).all()
 
 	next_exists = (len(users) > 25)
 	users = users[:25]
@@ -726,6 +722,30 @@ def users_list(v):
 						   page=page,
 						   )
 
+
+@app.get("/badge_owners/<bid>")
+@auth_required
+def bid_list(v, bid):
+
+	try: bid = int(bid)
+	except: abort(400)
+
+	try: page = int(request.values.get("page", 1))
+	except: page = 1
+
+	users = g.db.query(User).join(Badge, Badge.user_id == User.id).filter(Badge.badge_id==bid).offset(25 * (page - 1)).limit(26).all()
+
+	next_exists = (len(users) > 25)
+	users = users[:25]
+
+	return render_template("admin/new_users.html",
+						   v=v,
+						   users=users,
+						   next_exists=next_exists,
+						   page=page,
+						   )
+
+
 @app.get("/admin/alt_votes")
 @admin_level_required(2)
 def alt_votes_get(v):
diff --git a/files/templates/badges.html b/files/templates/badges.html
index aebeb87b4..8ee3e0365 100644
--- a/files/templates/badges.html
+++ b/files/templates/badges.html
@@ -30,7 +30,7 @@
 		<td><img alt="{{badge.name}}" loading="lazy" src="/assets/images/badges/{{badge.id}}.webp?v=1016" width=45.83 height=50>
 		<td>{{badge.description}}</td>
 		{%- set ct = counts[badge.id] if badge.id in counts else (0, 0) %}
-		<td class="badges-rarity-qty">{{ ct[0] }}</td>
+		<td class="badges-rarity-qty"><a href="/badge_owners/{{badge.id}}">{{ ct[0] }}</a></td>
 		<td class="badges-rarity-ratio">{{ "{:0.3f}".format(ct[1]) }}%</td>
 	</tr>
 {% endfor %}