justcool393
7d80483f67
alts: only change session data if new include_current_session flag is set
2022-11-01 16:58:42 -05:00
Aevann1
58912b124a
display "@" before account name in failed login attempt
2022-10-28 22:25:35 +02:00
Aevann1
449c8b51cb
Revert "add another ratelimit by username"
...
This reverts commit 4385bafa85
.
2022-10-28 20:25:14 +02:00
Aevann1
4385bafa85
add another ratelimit by username
2022-10-28 20:22:51 +02:00
Aevann1
e1dc790165
tighten from 15/day to 10/day
2022-10-28 20:13:37 +02:00
Aevann1
e41ee21f2b
remove redundant ratelimits in /login
2022-10-28 20:13:23 +02:00
Snakes
1f27b0fb2f
Rate limit failed logins.
2022-10-28 14:07:24 -04:00
Aevann1
ad358650e1
remove retarded bullshit I wasn't consulted about
2022-10-27 19:53:08 +02:00
justcool393
50482c9b0e
T to t
2022-10-26 18:41:29 -05:00
justcool393
e6f735b8ca
security: be slightly more generous with login ratelimits
2022-10-26 14:18:21 -05:00
justcool393
782a4494da
login: create invalid file if doesn't exist
2022-10-26 14:11:30 -05:00
justcool393
03cf8038f3
security: log invalid password attempts for admins
...
security: reduce login ratelimits from 1/second ->1/10 seconds
security: reduce login ratelimits from 200/hr -> 100/hr
security: reduce login ratelimits from 1000/day -> 500/day
2022-10-26 13:31:17 -05:00
gooseman
8b98eabbb9
simultaneous hosts
2022-10-24 15:28:43 -07:00
justcool393
f4af073253
fix 17 potential 500s
2022-10-16 02:51:42 -07:00
justcool393
6138c94a10
unduplicated alt adding code
...
* should probably be part of the Alt or User class at some point but this is for a diff day
2022-10-15 11:52:10 -07:00
justcool393
39aa59a37a
add g.is_api_or_xhr so we can use it where we want to give API output
...
* also use v.client for strict API clients
2022-10-15 02:11:36 -07:00
Aevann1
89a0ff4a4b
remove username reservation system
2022-10-14 14:01:06 +02:00
Aevann1
30813fc719
Merge branch 'frost' of https://github.com/Aevann1/rDrama into frost
2022-10-10 11:06:32 +02:00
Aevann1
00b045c464
tweak env again
2022-10-10 11:06:27 +02:00
justcool393
f872f734ec
constantify a bunch of things
...
* sign up follow id is now a thing (if not specified will just msg carp instead)
* notification thread id is also a constant now
* blackjackbtz id is a constant, used for i think special PM handling
2022-10-09 23:37:42 -07:00
Aevann1
aa8e7055fb
rework env vars a bit
2022-10-08 02:43:04 +02:00
Aevann1
f5f0f7d528
give carp notifs for new users on rdrama again + make new users follow kippy on PCM
2022-10-06 00:22:57 +02:00
Aevann1
bf9a2398da
add nginx to docker
2022-10-04 21:48:52 +02:00
Aevann1
3bf62c6ff0
add missing ban_reason when shadowbanning
2022-10-02 13:31:02 +02:00
justcool393
7e3f43c9ab
unperson shadowbanned users ( #373 )
...
* unperson shadowbanned users
if a shadowbanned user copes, does anyone hear them seethe?
* unperson shadowbanned users (by id)
* don't import that
* Add include_blocks.
We don't always want to request blocks from the db when we have a user set
* block shadowbanned users from hole mod tools
* don't allow awarding shadowbanned things
* fix conflict
* gracefully use get_account when specified and also add include_blocks flag to get_account as well
2022-09-30 14:00:58 -07:00
Aevann1
c67b4eea0a
limit new users following carp to WPD
2022-09-29 16:16:35 +02:00
Aevann1
37e1f25624
make using proxies only happen in 3 circumstances again
2022-09-26 06:01:25 +02:00
Aevann1
f2af76c905
add proxies on hcaptcha requests
2022-09-26 04:40:58 +02:00
Aevann1
0c182585c1
save ragnar on WPD
2022-09-24 03:41:35 +02:00
Aevann1
ce4d2ada9e
fix the @tax situation
2022-09-23 14:36:10 +02:00
Aevann1
d1bc2f3468
integrate check_ban_evade into check_for_alts
2022-09-23 14:33:58 +02:00
Aevann1
8a8a67a059
remove ban_evade logic
2022-09-22 21:40:14 +02:00
Aevann1
0c3cf0128a
"That" -> "This"
2022-09-13 11:59:29 +02:00
Aevann1
cefd68755d
stop the print spam
2022-09-11 03:56:47 +02:00
Aevann1
0c32d56cd6
casino + style shit
2022-09-05 01:15:37 +02:00
Aevann1
9a32337a22
add flush=true to a print statement
2022-09-02 19:43:59 +02:00
Aevann1
11afc5cff1
fix redirection on signup
2022-08-30 21:03:49 +02:00
Aevann1
26959e0751
murder deuxrama.net
2022-08-11 18:46:11 +02:00
Aevann1
e286a2e881
spam carp inbox
2022-08-04 22:44:59 +02:00
Aevann1
07be18cd1b
fix 500 errors
2022-07-28 16:23:38 +02:00
Aevann1
5a2dc01990
modify new user message a little
2022-07-16 01:31:40 +02:00
Snakes
dfa700ab1a
Deux: patch improper logins for post-seeding accs.
...
Deux's users were originally seeded from a clone of the rDrama DB.
Thereby, user IDs are paired between the sites, and this is further
the only clear means by which we can link accounts between the sites.
However, signups on either site after the seeding will not have
synchronized IDs. Newer accounts on Drama could thereby be used to
sign into the Deux account with the same user_id.
There's no clear way to solve this without going to a shared identity
provider for both. In the interim, we restrict shared login to users
from before divergence began. This is a kludge, but it works.
2022-07-14 03:00:08 -04:00
Snakes
88108594ad
Implement Deux login with rDrama challenge.
2022-07-13 20:36:04 -04:00
Aevann1
f5bacd8938
Revert "log ppl into deux automatically"
...
This reverts commit 86f7e627ea
.
2022-07-13 20:33:31 +02:00
Aevann1
2d21863e19
replace "request.host" with "SITE"
2022-07-13 20:14:37 +02:00
Aevann1
86f7e627ea
log ppl into deux automatically
2022-07-13 20:14:07 +02:00
Aevann1
9c3976a622
make new users follow carp automatically v2
2022-07-10 18:23:32 +02:00
Aevann1
d3b15e2b8a
make new users follow carp automatically on rdrama
2022-07-10 18:13:16 +02:00
Aevann1
3cd0878d0a
fix redirect bug
2022-07-10 14:09:03 +02:00
Snakes
fde2d5ca11
LGB: Use static default pfp.
2022-07-09 07:11:05 -04:00