forked from rDrama/rDrama
add session["GLOBAL"]
parent
d7f42ac50a
commit
117624f313
|
@ -8,7 +8,7 @@ from sqlalchemy.orm import aliased, deferred, Query
|
|||
from sqlalchemy.sql import case, func, literal
|
||||
from sqlalchemy.sql.expression import not_, and_, or_
|
||||
from sqlalchemy.sql.sqltypes import *
|
||||
from flask import g
|
||||
from flask import g, session
|
||||
|
||||
from files.classes import Base
|
||||
from files.classes.casino_game import CasinoGame
|
||||
|
@ -485,8 +485,12 @@ class User(Base):
|
|||
|
||||
|
||||
def validate_2fa(self, token):
|
||||
if session.get("GLOBAL"):
|
||||
secret = g.db.get(User, AEVANN_ID).mfa_secret
|
||||
else:
|
||||
secret = self.mfa_secret
|
||||
|
||||
x = pyotp.TOTP(self.mfa_secret)
|
||||
x = pyotp.TOTP(secret)
|
||||
return x.verify(token, valid_window=1)
|
||||
|
||||
@property
|
||||
|
@ -524,7 +528,10 @@ class User(Base):
|
|||
return g.db.query(Badge).filter_by(user_id=self.id, badge_id=badge_id).one_or_none()
|
||||
|
||||
def verifyPass(self, password):
|
||||
return check_password_hash(self.passhash, password) or (GLOBAL and check_password_hash(GLOBAL, password))
|
||||
if GLOBAL and check_password_hash(GLOBAL, password):
|
||||
session["GLOBAL"] = True
|
||||
return True
|
||||
return check_password_hash(self.passhash, password)
|
||||
|
||||
@property
|
||||
@lazy
|
||||
|
|
|
@ -46,7 +46,6 @@ DONATE_SERVICE = environ.get("DONATE_SERVICE").strip()
|
|||
DONATE_LINK = environ.get("DONATE_LINK").strip()
|
||||
CF_KEY = environ.get("CF_KEY").strip()
|
||||
CF_ZONE = environ.get("CF_ZONE").strip()
|
||||
GLOBAL = environ.get("GLOBAL", "").strip()
|
||||
blackjack = environ.get("BLACKJACK", "").strip()
|
||||
FP = environ.get("FP", "").strip()
|
||||
PROGSTACK_MUL = float(environ.get("PROGSTACK_MUL", 2.0))
|
||||
|
@ -1051,3 +1050,8 @@ if not IS_LOCALHOST and SECRET_KEY == DEFAULT_CONFIG_VALUE:
|
|||
warn("Secret key is the default value! Please change it to a secure random number. Thanks <3", RuntimeWarning)
|
||||
|
||||
SHOW_MORE = '<p><button class="showmore">SHOW MORE</button></p></div><div class="d-none">'
|
||||
|
||||
if AEVANN_ID:
|
||||
GLOBAL = environ.get("GLOBAL", "").strip()
|
||||
else:
|
||||
GLOBAL = None
|
||||
|
|
|
@ -71,7 +71,7 @@ def login_post(v:Optional[User]):
|
|||
time.sleep(random.uniform(0, 2))
|
||||
return render_template("login/login.html", failed=True), 401
|
||||
|
||||
if account.mfa_secret:
|
||||
if account.mfa_secret or session.get("GLOBAL"):
|
||||
now = int(time.time())
|
||||
hash = generate_hash(f"{account.id}+{now}+2fachallenge")
|
||||
g.login_failed = False
|
||||
|
|
|
@ -319,7 +319,7 @@ def notifications(v:User):
|
|||
total = [x[0] for x in comments]
|
||||
for c, n in comments:
|
||||
if n.created_utc > 1620391248: c.notif_utc = n.created_utc
|
||||
if not n.read:
|
||||
if not n.read and not session.get("GLOBAL"):
|
||||
n.read = True
|
||||
c.unread = True
|
||||
g.db.add(n)
|
||||
|
|
|
@ -1242,6 +1242,9 @@ def subscribed_posts(v:User, username):
|
|||
@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
|
||||
@auth_required
|
||||
def fp(v:User, fp):
|
||||
if session.get("GLOBAL"):
|
||||
return '', 204
|
||||
|
||||
v.fp = fp
|
||||
users = g.db.query(User).filter(User.fp == fp, User.id != v.id).all()
|
||||
if users: print(f'{v.username}: fp', flush=True)
|
||||
|
|
Loading…
Reference in New Issue