Home Esplora Aiuto
Accedi
wiki
/
openNAMU__openNAMU
mirror da https://github.com/openNAMU/openNAMU.git
2
0
Forka 0
File Problemi 0 Wiki
Sfoglia il codice sorgente

https://github.com/openNAMU/openNAMU/issues/1988

의심되는 곳 수정
잉여개발기 (SPDV) 2 anni fa
parent
e09531ce76
commit
01ed1e1f44
4 ha cambiato i file con 21 aggiunte e 42 eliminazioni
Visualizzazione unificata Mostra Diff Stats
  1. 13 17
      route/login_login.py
  2. 2 6
      route/login_login_2fa.py
  3. 2 6
      route/login_login_2fa_email.py
  4. 4 13
      route/tool/func.py

+ 13 - 17
route/login_login.py
Vedi File 

@@ -22,27 +22,23 @@ def login_login_2():
 
 
 
             user_agent = flask.request.headers.get('User-Agent', '')
 
             user_agent = flask.request.headers.get('User-Agent', '')
 
             user_id = flask.request.form.get('id', '')
 
             user_id = flask.request.form.get('id', '')
 
-            user_data = {}
 
+            user_pw = flask.request.form.get('pw', '')
 
 
 
-            curs.execute(db_change(
 
-                'select name, data from user_set where id = ? and (name = "pw" or name = "encode")'
 
-            ), [user_id])
 
-            sql_data = curs.fetchall()
 
-            if not sql_data:
 
+            curs.execute(db_change("select data from user_set where id = ? and name = 'pw'"), [user_id])
 
+            db_data = curs.fetchall()
 
+            if not db_data:
 
                 return re_error('/error/2')
 
                 return re_error('/error/2')
 
-
 
-            for i in sql_data:
 
-                user_data[i[0]] = i[1]
 
-
 
-            if len(user_data) < 2:
 
+            else:
 
+                db_user_pw = db_data[0][0]
 
+                
+            curs.execute(db_change("select data from user_set where id = ? and name = 'encode'"), [user_id])
 
+            db_data = curs.fetchall()
 
+            if not db_data:
 
                 return re_error('/error/2')
 
                 return re_error('/error/2')
 
+            else:
 
+                db_user_encode = db_data[0][0]
 
 
 
-            if pw_check(
 
-                flask.request.form.get('pw', ''),
 
-                user_data['pw'],
 
-                user_data['encode'],
 
-                user_id
 
-            ) != 1:
 
+            if pw_check(user_pw, db_user_pw, db_user_encode, user_id) != 1:
 
                 if not 'login_count' in flask.session:
 
                 if not 'login_count' in flask.session:
 
                     flask.session['login_count'] = 1
 
                     flask.session['login_count'] = 1
 
                 else:
 
                 else:

+ 2 - 6
route/login_login_2fa.py
Vedi File 

@@ -25,6 +25,7 @@ def login_login_2fa_2():
 
 
 
             user_agent = flask.request.headers.get('User-Agent', '')
 
             user_agent = flask.request.headers.get('User-Agent', '')
 
             user_id = flask.session['login_id']
 
             user_id = flask.session['login_id']
 
+            user_pw = flask.request.form.get('pw', '')
 
 
 
             curs.execute(db_change('select data from user_set where name = "2fa_pw" and id = ?'), [user_id])
 
             curs.execute(db_change('select data from user_set where name = "2fa_pw" and id = ?'), [user_id])
 
             user_1 = curs.fetchall()
 
             user_1 = curs.fetchall()
 
@@ -33,12 +34,7 @@ def login_login_2fa_2():
 
                 user_1 = user_1[0][0]
 
                 user_1 = user_1[0][0]
 
                 user_2 = curs.fetchall()[0][0]
 
                 user_2 = curs.fetchall()[0][0]
 
 
 
-                pw_check_d = pw_check(
 
-                    flask.request.form.get('pw', ''),
 
-                    user_1,
 
-                    user_2,
 
-                    user_id
 
-                )
 
+                pw_check_d = pw_check(user_pw, user_1, user_2, user_id)
 
                 if pw_check_d != 1:
 
                 if pw_check_d != 1:
 
                     return re_error('/error/10')
 
                     return re_error('/error/10')

+ 2 - 6
route/login_login_2fa_email.py
Vedi File 

@@ -25,6 +25,7 @@ def login_login_2fa_email_2():
 
 
 
             user_agent = flask.request.headers.get('User-Agent', '')
 
             user_agent = flask.request.headers.get('User-Agent', '')
 
             user_id = flask.session['b_id']
 
             user_id = flask.session['b_id']
 
+            user_pw = flask.request.form.get('pw', '')
 
 
 
             curs.execute(db_change('select data from user_set where name = "2fa_pw" and id = ?'), [user_id])
 
             curs.execute(db_change('select data from user_set where name = "2fa_pw" and id = ?'), [user_id])
 
             user_1 = curs.fetchall()
 
             user_1 = curs.fetchall()
 
@@ -33,12 +34,7 @@ def login_login_2fa_email_2():
 
                 user_1 = user_1[0][0]
 
                 user_1 = user_1[0][0]
 
                 user_2 = curs.fetchall()[0][0]
 
                 user_2 = curs.fetchall()[0][0]
 
 
 
-                pw_check_d = pw_check(
 
-                    flask.request.form.get('pw', ''),
 
-                    user_1,
 
-                    user_2,
 
-                    user_id
 
-                )
 
+                pw_check_d = pw_check(user_pw, user_1, user_2, user_id)
 
                 if pw_check_d != 1:
 
                 if pw_check_d != 1:
 
                     return re_error('/error/10')
 
                     return re_error('/error/10')

+ 4 - 13
route/tool/func.py
Vedi File 

@@ -899,24 +899,15 @@ def pw_check(data, data2, type_d = 'no', id_d = ''):
 
         curs.execute(db_change('select data from other where name = "encode"'))
 
         curs.execute(db_change('select data from other where name = "encode"'))
 
         db_data = curs.fetchall()
 
         db_data = curs.fetchall()
 
         load_set_data = db_data[0][0] if db_data and db_data[0][0] != '' else 'sha3'
 
         load_set_data = db_data[0][0] if db_data and db_data[0][0] != '' else 'sha3'
 
-        set_data = db_data[0][0] if db_data and db_data[0][0] != '' else 'sha3'
 
         
         
+        set_data = load_set_data
 
         if type_d != 'no':
 
         if type_d != 'no':
 
-            if type_d == '':
 
-                set_data = 'sha3'
 
-            else:
 
-                set_data = type_d
 
+            set_data = 'sha3' if type_d == '' else type_d
 
 
 
         re_data = 1 if pw_encode(data, set_data) == data2 else 0
 
         re_data = 1 if pw_encode(data, set_data) == data2 else 0
 
         if load_set_data != set_data and re_data == 1 and id_d != '':
 
         if load_set_data != set_data and re_data == 1 and id_d != '':
 
-            curs.execute(db_change("update user_set set data = ? where id = ? and name = 'pw'"), [
 
-                pw_encode(data), 
-                id_d
 
-            ])
 
-            curs.execute(db_change("update user_set set data = ? where id = ? and name = 'encode'"), [
 
-                load_set_data, 
-                id_d
 
-            ])
 
+            curs.execute(db_change("update user_set set data = ? where id = ? and name = 'pw'"), [pw_encode(data), id_d])
 
+            curs.execute(db_change("update user_set set data = ? where id = ? and name = 'encode'"), [load_set_data, id_d])
 
 
 
         return re_data
 
         return re_data