|
|
@@ -2,13 +2,16 @@
|
|
|
from bottle.ext import beaker
|
|
|
from urllib import parse
|
|
|
import json
|
|
|
-import pymysql
|
|
|
+import sqlite3
|
|
|
import time
|
|
|
import re
|
|
|
import hashlib
|
|
|
|
|
|
json_data = open('set.json').read()
|
|
|
set_data = json.loads(json_data)
|
|
|
+
|
|
|
+conn = sqlite3.connect(set_data['db'] + '.db')
|
|
|
+curs = conn.cursor()
|
|
|
|
|
|
session_opts = {
|
|
|
'session.type': 'file',
|
|
|
@@ -37,94 +40,68 @@ def diff(seqm):
|
|
|
return(''.join(output))
|
|
|
|
|
|
def admin_check(num):
|
|
|
- conn = pymysql.connect(
|
|
|
- user = set_data['user'],
|
|
|
- password = set_data['pw'],
|
|
|
- charset = 'utf8mb4',
|
|
|
- db = set_data['db']
|
|
|
- )
|
|
|
- curs = conn.cursor(pymysql.cursors.DictCursor)
|
|
|
-
|
|
|
ip = ip_check()
|
|
|
- curs.execute("select acl from user where id = '" + pymysql.escape_string(ip) + "'")
|
|
|
+ curs.execute("select acl from user where id = '" + escape(ip) + "'")
|
|
|
user = curs.fetchall()
|
|
|
if(user):
|
|
|
reset = 0
|
|
|
while(1):
|
|
|
if(num == 1 and reset == 0):
|
|
|
- curs.execute('select name from alist where name = "' + pymysql.escape_string(user[0]["acl"]) + '" and acl = "ban"')
|
|
|
+ curs.execute('select name from alist where name = "' + escape(user[0][0]) + '" and acl = "ban"')
|
|
|
acl_data = curs.fetchall()
|
|
|
if(acl_data):
|
|
|
- conn.close()
|
|
|
return(1)
|
|
|
else:
|
|
|
reset = 1
|
|
|
elif(num == 2 and reset == 0):
|
|
|
- curs.execute('select name from alist where name = "' + pymysql.escape_string(user[0]["acl"]) + '" and acl = "mdel"')
|
|
|
+ curs.execute('select name from alist where name = "' + escape(user[0][0]) + '" and acl = "mdel"')
|
|
|
acl_data = curs.fetchall()
|
|
|
if(acl_data):
|
|
|
- conn.close()
|
|
|
return(1)
|
|
|
else:
|
|
|
reset = 1
|
|
|
elif(num == 3 and reset == 0):
|
|
|
- curs.execute('select name from alist where name = "' + pymysql.escape_string(user[0]["acl"]) + '" and acl = "toron"')
|
|
|
+ curs.execute('select name from alist where name = "' + escape(user[0][0]) + '" and acl = "toron"')
|
|
|
acl_data = curs.fetchall()
|
|
|
if(acl_data):
|
|
|
- conn.close()
|
|
|
return(1)
|
|
|
else:
|
|
|
reset = 1
|
|
|
elif(num == 4 and reset == 0):
|
|
|
- curs.execute('select name from alist where name = "' + pymysql.escape_string(user[0]["acl"]) + '" and acl = "check"')
|
|
|
+ curs.execute('select name from alist where name = "' + escape(user[0][0]) + '" and acl = "check"')
|
|
|
acl_data = curs.fetchall()
|
|
|
if(acl_data):
|
|
|
- conn.close()
|
|
|
return(1)
|
|
|
else:
|
|
|
reset = 1
|
|
|
elif(num == 5 and reset == 0):
|
|
|
- curs.execute('select name from alist where name = "' + pymysql.escape_string(user[0]["acl"]) + '" and acl = "acl"')
|
|
|
+ curs.execute('select name from alist where name = "' + escape(user[0][0]) + '" and acl = "acl"')
|
|
|
acl_data = curs.fetchall()
|
|
|
if(acl_data):
|
|
|
- conn.close()
|
|
|
return(1)
|
|
|
else:
|
|
|
reset = 1
|
|
|
elif(num == 6 and reset == 0):
|
|
|
- curs.execute('select name from alist where name = "' + pymysql.escape_string(user[0]["acl"]) + '" and acl = "hidel"')
|
|
|
+ curs.execute('select name from alist where name = "' + escape(user[0][0]) + '" and acl = "hidel"')
|
|
|
acl_data = curs.fetchall()
|
|
|
if(acl_data):
|
|
|
- conn.close()
|
|
|
return(1)
|
|
|
else:
|
|
|
reset = 1
|
|
|
else:
|
|
|
- curs.execute('select name from alist where name = "' + pymysql.escape_string(user[0]["acl"]) + '" and acl = "owner"')
|
|
|
+ curs.execute('select name from alist where name = "' + escape(user[0][0]) + '" and acl = "owner"')
|
|
|
acl_data = curs.fetchall()
|
|
|
if(acl_data):
|
|
|
- conn.close()
|
|
|
return(1)
|
|
|
else:
|
|
|
break
|
|
|
- conn.close()
|
|
|
|
|
|
def include_check(name, data):
|
|
|
- conn = pymysql.connect(
|
|
|
- user = set_data['user'],
|
|
|
- password = set_data['pw'],
|
|
|
- charset = 'utf8mb4',
|
|
|
- db = set_data['db']
|
|
|
- )
|
|
|
- curs = conn.cursor(pymysql.cursors.DictCursor)
|
|
|
-
|
|
|
if(re.search('^틀:', name)):
|
|
|
- curs.execute("select link from back where title = '" + pymysql.escape_string(name) + "' and type = 'include'")
|
|
|
+ curs.execute("select link from back where title = '" + escape(name) + "' and type = 'include'")
|
|
|
back = curs.fetchall()
|
|
|
for backp in back:
|
|
|
- namumark(backp['link'], data, 1)
|
|
|
-
|
|
|
- conn.close()
|
|
|
+ namumark(backp[0], data, 1)
|
|
|
|
|
|
def login_check():
|
|
|
session = request.environ.get('beaker.session')
|
|
|
@@ -134,18 +111,10 @@ def login_check():
|
|
|
return(0)
|
|
|
|
|
|
def ip_pas(raw_ip, num):
|
|
|
- conn = pymysql.connect(
|
|
|
- user = set_data['user'],
|
|
|
- password = set_data['pw'],
|
|
|
- charset = 'utf8mb4',
|
|
|
- db = set_data['db']
|
|
|
- )
|
|
|
- curs = conn.cursor(pymysql.cursors.DictCursor)
|
|
|
-
|
|
|
if(re.search("(\.|:)", raw_ip)):
|
|
|
ip = raw_ip
|
|
|
else:
|
|
|
- curs.execute("select title from data where title = '사용자:" + pymysql.escape_string(raw_ip) + "'")
|
|
|
+ curs.execute("select title from data where title = '사용자:" + escape(raw_ip) + "'")
|
|
|
row = curs.fetchall()
|
|
|
if(row):
|
|
|
ip = '<a href="/w/' + url_pas('사용자:' + raw_ip) + '">' + raw_ip + '</a>'
|
|
|
@@ -158,9 +127,7 @@ def ip_pas(raw_ip, num):
|
|
|
ip += ' <a href="/record/' + url_pas(raw_ip) + '">(기록)</a> <a href="/user/' + url_pas(raw_ip) + '/topic">(토론 기록)</a>'
|
|
|
else:
|
|
|
ip += ' <a href="/record/' + url_pas(raw_ip) + '">(기록)</a>'
|
|
|
-
|
|
|
- conn.close()
|
|
|
-
|
|
|
+
|
|
|
return(ip)
|
|
|
|
|
|
def custom_css_user():
|
|
|
@@ -173,259 +140,117 @@ def custom_css_user():
|
|
|
return(data)
|
|
|
|
|
|
def acl_check(ip, name):
|
|
|
- conn = pymysql.connect(
|
|
|
- user = set_data['user'],
|
|
|
- password = set_data['pw'],
|
|
|
- charset = 'utf8mb4',
|
|
|
- db = set_data['db']
|
|
|
- )
|
|
|
- curs = conn.cursor(pymysql.cursors.DictCursor)
|
|
|
-
|
|
|
m = re.search("^사용자:([^/]*)", name)
|
|
|
n = re.search("^파일:(.*)", name)
|
|
|
if(m):
|
|
|
g = m.groups()
|
|
|
if(ip == g[0]):
|
|
|
if(re.search("(\.|:)", g[0])):
|
|
|
- conn.close()
|
|
|
return(1)
|
|
|
else:
|
|
|
- curs.execute("select * from ban where block = '" + pymysql.escape_string(ip) + "'")
|
|
|
+ curs.execute("select block from ban where block = '" + escape(ip) + "'")
|
|
|
rows = curs.fetchall()
|
|
|
if(rows):
|
|
|
- conn.close()
|
|
|
return(1)
|
|
|
else:
|
|
|
- conn.close()
|
|
|
return(0)
|
|
|
else:
|
|
|
- conn.close()
|
|
|
- return(1)
|
|
|
- elif(n):
|
|
|
- if(admin_check(None) != 1):
|
|
|
- conn.close()
|
|
|
return(1)
|
|
|
+ elif(n and admin_check(5) != 1):
|
|
|
+ return(1)
|
|
|
else:
|
|
|
b = re.search("^([0-9](?:[0-9]?[0-9]?)\.[0-9](?:[0-9]?[0-9]?))", ip)
|
|
|
if(b):
|
|
|
results = b.groups()
|
|
|
- curs.execute("select * from ban where block = '" + pymysql.escape_string(results[0]) + "' and band = 'O'")
|
|
|
+ curs.execute("select block from ban where block = '" + escape(results[0]) + "' and band = 'O'")
|
|
|
rowss = curs.fetchall()
|
|
|
if(rowss):
|
|
|
- conn.close()
|
|
|
return(1)
|
|
|
- else:
|
|
|
- curs.execute("select * from ban where block = '" + pymysql.escape_string(ip) + "'")
|
|
|
+
|
|
|
+ curs.execute("select block from ban where block = '" + escape(ip) + "'")
|
|
|
+ rows = curs.fetchall()
|
|
|
+ if(rows):
|
|
|
+ return(1)
|
|
|
+ else:
|
|
|
+ curs.execute("select acl from data where title = '" + escape(name) + "'")
|
|
|
+ row = curs.fetchall()
|
|
|
+ if(row):
|
|
|
+ curs.execute("select acl from user where id = '" + escape(ip) + "'")
|
|
|
rows = curs.fetchall()
|
|
|
- if(rows):
|
|
|
- conn.close()
|
|
|
- return(1)
|
|
|
- else:
|
|
|
- curs.execute("select acl from data where title = '" + pymysql.escape_string(name) + "'")
|
|
|
- row = curs.fetchall()
|
|
|
- if(row):
|
|
|
- curs.execute("select * from user where id = '" + pymysql.escape_string(ip) + "'")
|
|
|
- rows = curs.fetchall()
|
|
|
- if(row[0]['acl'] == 'user'):
|
|
|
- if(rows):
|
|
|
- conn.close()
|
|
|
- return(0)
|
|
|
- else:
|
|
|
- conn.close()
|
|
|
- return(1)
|
|
|
- elif(row[0]['acl'] == 'admin'):
|
|
|
- if(rows):
|
|
|
- if(rows[0]['acl'] == 'admin' or rows[0]['acl'] == 'owner'):
|
|
|
- conn.close()
|
|
|
- return(0)
|
|
|
- else:
|
|
|
- conn.close()
|
|
|
- return(1)
|
|
|
- else:
|
|
|
- conn.close()
|
|
|
- return(1)
|
|
|
- else:
|
|
|
- conn.close()
|
|
|
- return(0)
|
|
|
- else:
|
|
|
- conn.close()
|
|
|
+ if(row[0][0] == 'user'):
|
|
|
+ if(rows):
|
|
|
return(0)
|
|
|
- else:
|
|
|
- curs.execute("select * from ban where block = '" + pymysql.escape_string(ip) + "'")
|
|
|
- rows = curs.fetchall()
|
|
|
- if(rows):
|
|
|
- conn.close()
|
|
|
- return(1)
|
|
|
- else:
|
|
|
- curs.execute("select acl from data where title = '" + pymysql.escape_string(name) + "'")
|
|
|
- row = curs.fetchall()
|
|
|
- if(row):
|
|
|
- curs.execute("select * from user where id = '" + pymysql.escape_string(ip) + "'")
|
|
|
- rows = curs.fetchall()
|
|
|
- if(row[0]['acl'] == 'user'):
|
|
|
- if(rows):
|
|
|
- conn.close()
|
|
|
- return(0)
|
|
|
- else:
|
|
|
- conn.close()
|
|
|
- return(1)
|
|
|
- elif(row[0]['acl'] == 'admin'):
|
|
|
- if(rows):
|
|
|
- if(rows[0]['acl'] == 'admin' or rows[0]['acl'] == 'owner'):
|
|
|
- conn.close()
|
|
|
- return(0)
|
|
|
- else:
|
|
|
- conn.close()
|
|
|
- return(1)
|
|
|
- else:
|
|
|
- conn.close()
|
|
|
- return(1)
|
|
|
else:
|
|
|
- conn.close()
|
|
|
+ return(1)
|
|
|
+ elif(row[0][0] == 'admin'):
|
|
|
+ if(rows and admin_check(5) == 1):
|
|
|
return(0)
|
|
|
+ else:
|
|
|
+ return(1)
|
|
|
else:
|
|
|
- conn.close()
|
|
|
return(0)
|
|
|
- conn.close()
|
|
|
+ else:
|
|
|
+ return(0)
|
|
|
|
|
|
def ban_check(ip):
|
|
|
- conn = pymysql.connect(
|
|
|
- user = set_data['user'],
|
|
|
- password = set_data['pw'],
|
|
|
- charset = 'utf8mb4',
|
|
|
- db = set_data['db']
|
|
|
- )
|
|
|
- curs = conn.cursor(pymysql.cursors.DictCursor)
|
|
|
-
|
|
|
b = re.search("^([0-9](?:[0-9]?[0-9]?)\.[0-9](?:[0-9]?[0-9]?))", ip)
|
|
|
if(b):
|
|
|
results = b.groups()
|
|
|
- curs.execute("select * from ban where block = '" + pymysql.escape_string(results[0]) + "' and band = 'O'")
|
|
|
+ curs.execute("select block from ban where block = '" + escape(results[0]) + "' and band = 'O'")
|
|
|
rowss = curs.fetchall()
|
|
|
if(rowss):
|
|
|
- conn.close()
|
|
|
return(1)
|
|
|
- else:
|
|
|
- curs.execute("select * from ban where block = '" + pymysql.escape_string(ip) + "'")
|
|
|
- rows = curs.fetchall()
|
|
|
- if(rows):
|
|
|
- conn.close()
|
|
|
- return(1)
|
|
|
- else:
|
|
|
- conn.close()
|
|
|
- return(0)
|
|
|
+
|
|
|
+ curs.execute("select block from ban where block = '" + escape(ip) + "'")
|
|
|
+ rows = curs.fetchall()
|
|
|
+ if(rows):
|
|
|
+ return(1)
|
|
|
else:
|
|
|
- curs.execute("select * from ban where block = '" + pymysql.escape_string(ip) + "'")
|
|
|
- rows = curs.fetchall()
|
|
|
- if(rows):
|
|
|
- conn.close()
|
|
|
- return(1)
|
|
|
- else:
|
|
|
- conn.close()
|
|
|
- return(0)
|
|
|
- conn.close()
|
|
|
+ return(0)
|
|
|
|
|
|
def topic_check(ip, name, sub):
|
|
|
- conn = pymysql.connect(
|
|
|
- user = set_data['user'],
|
|
|
- password = set_data['pw'],
|
|
|
- charset = 'utf8mb4',
|
|
|
- db = set_data['db']
|
|
|
- )
|
|
|
- curs = conn.cursor(pymysql.cursors.DictCursor)
|
|
|
-
|
|
|
b = re.search("^([0-9](?:[0-9]?[0-9]?)\.[0-9](?:[0-9]?[0-9]?))", ip)
|
|
|
if(b):
|
|
|
results = b.groups()
|
|
|
- curs.execute("select * from ban where block = '" + pymysql.escape_string(results[0]) + "' and band = 'O'")
|
|
|
+ curs.execute("select block from ban where block = '" + escape(results[0]) + "' and band = 'O'")
|
|
|
rowss = curs.fetchall()
|
|
|
if(rowss):
|
|
|
- conn.close()
|
|
|
return(1)
|
|
|
- else:
|
|
|
- curs.execute("select * from ban where block = '" + pymysql.escape_string(ip) + "'")
|
|
|
- rows = curs.fetchall()
|
|
|
- if(rows):
|
|
|
- conn.close()
|
|
|
- return(1)
|
|
|
- else:
|
|
|
- curs.execute("select * from stop where title = '" + pymysql.escape_string(name) + "' and sub = '" + pymysql.escape_string(sub) + "'")
|
|
|
- rows = curs.fetchall()
|
|
|
- if(rows):
|
|
|
- conn.close()
|
|
|
- return(1)
|
|
|
- else:
|
|
|
- conn.close()
|
|
|
- return(0)
|
|
|
+
|
|
|
+ curs.execute("select block from ban where block = '" + escape(ip) + "'")
|
|
|
+ rows = curs.fetchall()
|
|
|
+ if(rows):
|
|
|
+ return(1)
|
|
|
else:
|
|
|
- curs.execute("select * from ban where block = '" + pymysql.escape_string(ip) + "'")
|
|
|
+ curs.execute("select title from stop where title = '" + escape(name) + "' and sub = '" + escape(sub) + "'")
|
|
|
rows = curs.fetchall()
|
|
|
if(rows):
|
|
|
- conn.close()
|
|
|
return(1)
|
|
|
else:
|
|
|
- curs.execute("select * from stop where title = '" + pymysql.escape_string(name) + "' and sub = '" + pymysql.escape_string(sub) + "'")
|
|
|
- rows = curs.fetchall()
|
|
|
- if(rows):
|
|
|
- conn.close()
|
|
|
- return(1)
|
|
|
- else:
|
|
|
- conn.close()
|
|
|
- return(0)
|
|
|
- conn.close()
|
|
|
+ return(0)
|
|
|
|
|
|
def rd_plus(title, sub, date):
|
|
|
- conn = pymysql.connect(
|
|
|
- user = set_data['user'],
|
|
|
- password = set_data['pw'],
|
|
|
- charset = 'utf8mb4',
|
|
|
- db = set_data['db']
|
|
|
- )
|
|
|
- curs = conn.cursor(pymysql.cursors.DictCursor)
|
|
|
-
|
|
|
- curs.execute("select * from rd where title = '" + pymysql.escape_string(title) + "' and sub = '" + pymysql.escape_string(sub) + "'")
|
|
|
+ curs.execute("select title from rd where title = '" + escape(title) + "' and sub = '" + escape(sub) + "'")
|
|
|
rd = curs.fetchall()
|
|
|
if(rd):
|
|
|
- curs.execute("update rd set date = '" + pymysql.escape_string(date) + "' where title = '" + pymysql.escape_string(title) + "' and sub = '" + pymysql.escape_string(sub) + "'")
|
|
|
+ curs.execute("update rd set date = '" + escape(date) + "' where title = '" + escape(title) + "' and sub = '" + escape(sub) + "'")
|
|
|
else:
|
|
|
- curs.execute("insert into rd (title, sub, date) value ('" + pymysql.escape_string(title) + "', '" + pymysql.escape_string(sub) + "', '" + pymysql.escape_string(date) + "')")
|
|
|
+ curs.execute("insert into rd (title, sub, date) values ('" + escape(title) + "', '" + escape(sub) + "', '" + escape(date) + "')")
|
|
|
conn.commit()
|
|
|
|
|
|
- conn.close()
|
|
|
-
|
|
|
def rb_plus(block, end, today, blocker, why):
|
|
|
- conn = pymysql.connect(
|
|
|
- user = set_data['user'],
|
|
|
- password = set_data['pw'],
|
|
|
- charset = 'utf8mb4',
|
|
|
- db = set_data['db']
|
|
|
- )
|
|
|
- curs = conn.cursor(pymysql.cursors.DictCursor)
|
|
|
-
|
|
|
- curs.execute("insert into rb (block, end, today, blocker, why) value ('" + pymysql.escape_string(block) + "', '" + pymysql.escape_string(end) + "', '" + today + "', '" + pymysql.escape_string(blocker) + "', '" + pymysql.escape_string(why) + "')")
|
|
|
+ curs.execute("insert into rb (block, end, today, blocker, why) values ('" + escape(block) + "', '" + escape(end) + "', '" + today + "', '" + escape(blocker) + "', '" + escape(why) + "')")
|
|
|
conn.commit()
|
|
|
-
|
|
|
- conn.close()
|
|
|
|
|
|
def history_plus(title, data, date, ip, send, leng):
|
|
|
- conn = pymysql.connect(
|
|
|
- user = set_data['user'],
|
|
|
- password = set_data['pw'],
|
|
|
- charset = 'utf8mb4',
|
|
|
- db = set_data['db']
|
|
|
- )
|
|
|
- curs = conn.cursor(pymysql.cursors.DictCursor)
|
|
|
-
|
|
|
- curs.execute("select * from history where title = '" + pymysql.escape_string(title) + "' order by id+0 desc limit 1")
|
|
|
+ curs.execute("select id from history where title = '" + escape(title) + "' order by id+0 desc limit 1")
|
|
|
rows = curs.fetchall()
|
|
|
if(rows):
|
|
|
- number = int(rows[0]['id']) + 1
|
|
|
- curs.execute("insert into history (id, title, data, date, ip, send, leng) value ('" + str(number) + "', '" + pymysql.escape_string(title) + "', '" + pymysql.escape_string(data) + "', '" + date + "', '" + pymysql.escape_string(ip) + "', '" + pymysql.escape_string(send) + "', '" + leng + "')")
|
|
|
+ number = int(rows[0][0]) + 1
|
|
|
+ curs.execute("insert into history (id, title, data, date, ip, send, leng) values ('" + str(number) + "', '" + escape(title) + "', '" + escape(data) + "', '" + date + "', '" + escape(ip) + "', '" + escape(send) + "', '" + leng + "')")
|
|
|
else:
|
|
|
- curs.execute("insert into history (id, title, data, date, ip, send, leng) value ('1', '" + pymysql.escape_string(title) + "', '" + pymysql.escape_string(data) + "', '" + date + "', '" + pymysql.escape_string(ip) + "', '" + pymysql.escape_string(send + ' (새 문서)') + "', '" + leng + "')")
|
|
|
+ curs.execute("insert into history (id, title, data, date, ip, send, leng) values ('1', '" + escape(title) + "', '" + escape(data) + "', '" + date + "', '" + escape(ip) + "', '" + escape(send + ' (새 문서)') + "', '" + leng + "')")
|
|
|
conn.commit()
|
|
|
-
|
|
|
- conn.close()
|
|
|
|
|
|
def leng_check(a, b):
|
|
|
if(a < b):
|
2DU