modify register

route/login_check_key.py

@@ -4,149 +4,138 @@ def login_check_key_2(conn, tool):
     curs = conn.cursor()
 
     # 난잡한 코드 정리 필요
-    if flask.request.method == 'POST':
-        if tool == 'check_pass_key':
-            if 'c_id' in flask.session and flask.session['c_key'] == flask.request.form.get('key', None):
-                hashed = pw_encode(flask.session['c_key'])
-
-                curs.execute(db_change("update user set pw = ? where id = ?"), [hashed, flask.session['c_id']])
-                conn.commit()
-
-                d_id = flask.session['c_id']
-                pw = flask.session['c_key']
-
-                flask.session.pop('c_id', None)
-                flask.session.pop('c_key', None)
-
-                curs.execute(db_change('select data from other where name = "reset_user_text"'))
-                sql_d = curs.fetchall()
-                if sql_d and sql_d[0][0] != '':
-                    b_text = sql_d[0][0] + '<hr class="main_hr">'
-                else:
-                    b_text = ''
-
-                curs.execute(db_change('select data from user_set where name = "2fa" and id = ?'), [d_id])
+    if  flask.request.method == 'POST' or
+        ('c_key' in flask.session and flask.session['c_key'] == 'email_pass'):
+        re_set_list = ['c_id', 'c_pw', 'c_ans', 'c_que', 'c_key', 'c_type', 'c_email']
+        ip = ip_check()
+        input_key = flask.request.form.get('key', '')
+        user_agent = flask.request.headers.get('User-Agent', '')
+
+
+        if  'c_type' in flask.session and 
+            flask.session['c_type'] == 'pass_find' and
+            flask.session['c_key'] == input_key:
+            curs.execute(db_change("update user set pw = ? where id = ?"), [pw_encode(flask.session['c_key']), flask.session['c_id']])
+            conn.commit()
+
+            user_id = flask.session['c_id']
+            user_pw = flask.session['c_key']
+
+            for i in re_set_list:
+                flask.session.pop(i, None)
+
+            curs.execute(db_change('select data from other where name = "reset_user_text"'))
+            sql_d = curs.fetchall()
+            b_text = (sql_d[0][0] + '<hr class="main_hr">') if sql_d and sql_d[0][0] != '' else ''
+
+            curs.execute(db_change('select data from user_set where name = "2fa" and id = ?'), [user_id])
+            if curs.fetchall():
+                curs.execute(db_change("update user_set set data = '' where name = '2fa' and id = ?"), [user_id])
+
+            return easy_minify(flask.render_template(skin_check(),
+                imp = [load_lang('reset_user_ok'), wiki_set(), custom(), other2([0, 0])],
+                data = b_text + load_lang('id') + ' : ' + user_id + '<br>' + load_lang('password') + ' : ' + user_pw,
+                menu = [['user', load_lang('return')]]
+            ))
+        elif    'c_type' in flask.session and 
+                (flask.session['c_key'] == input_key or flask.session['c_key'] == 'email_pass'):
+            curs.execute(db_change('select data from other where name = "encode"'))
+            db_data = curs.fetchall()
+
+            if flask.session['c_type'] == 'register':
+                curs.execute(db_change("select id from user limit 1"))
+                first = 1 if not curs.fetchall() else 0
+            
+                curs.execute(db_change("select id from user where id = ?"), [flask.session['c_id']])
                 if curs.fetchall():
-                    curs.execute(db_change("update user_set set data = '' where name = '2fa' and id = ?"), [d_id])
+                    for i in re_set_lire:
+                        flask.session.pop(i, None)
 
-                return easy_minify(flask.render_template(skin_check(),
-                    imp = [load_lang('reset_user_ok'), wiki_set(), custom(), other2([0, 0])],
-                    data = b_text + load_lang('id') + ' : ' + d_id + '<br>' + load_lang('password') + ' : ' + pw,
-                    menu = [['user', load_lang('return')]]
-                ))
-            else:
-                return redirect('/pass_find')
-        else:
-            ip = ip_check()
-
-            if 'c_id' in flask.session and flask.session['c_key'] == flask.request.form.get('key', None):
-                curs.execute(db_change('select data from other where name = "encode"'))
-                db_data = curs.fetchall()
-
-                if tool == 'check_key':
-                    curs.execute(db_change("select id from user limit 1"))
-                    if not curs.fetchall():
-                        curs.execute(db_change("insert into user (id, pw, acl, date, encode) values (?, ?, 'owner', ?, ?)"), [
-                            flask.session['c_id'],
-                            flask.session['c_pw'],
-                            get_time(),
-                            db_data[0][0]
-                        ])
-
-                        first = 1
-                    else:
-                        curs.execute(db_change('select data from other where name = "requires_approval"'))
-                        requires_approval = curs.fetchall()
-                        if requires_approval and requires_approval[0][0] == 'on':
-                            application_token = ''.join(random.choice("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") for i in range(60))
-                            curs.execute(db_change(
-                                "insert into user_application (id, pw, date, encode, question, answer, token, ip, ua, email) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
-                            ), [
-                                flask.session['c_id'],
-                                flask.session['c_pw'],
-                                get_time(),
-                                db_data[0][0],
-                                flask.session['c_question'],
-                                flask.session['c_ans'],
-                                application_token,
-                                ip,
-                                flask.request.headers.get('User-Agent'),
-                                flask.session['c_email']
-                            ])
-                            conn.commit()
-
-                            flask.session.pop('c_id', None)
-                            flask.session.pop('c_pw', None)
-                            flask.session.pop('c_key', None)
-                            flask.session.pop('c_email', None)
-                            flask.session.pop('c_question', None)
-                            flask.session.pop('c_ans', None)
-
-                            return redirect('/application_submitted')
-                        else:
-                            curs.execute(db_change("insert into user (id, pw, acl, date, encode) values (?, ?, 'user', ?, ?)"), [
-                                flask.session['c_id'],
-                                flask.session['c_pw'],
-                                get_time(),
-                                db_data[0][0]
-                            ])
-
-                        first = 0
-
-                    agent = flask.request.headers.get('User-Agent')
-
-                    curs.execute(db_change("insert into user_set (name, id, data) values ('email', ?, ?)"), [
+                    return re_error('/error/6')
+            
+                curs.execute(db_change("select id from user_application where id = ?"), [flask.session['c_id']])
+                if curs.fetchall():
+                    for i in re_set_lire:
+                        flask.session.pop(i, None)
+
+                    return re_error('/error/6')
+
+                curs.execute(db_change('select data from other where name = "requires_approval"'))
+                requires_approval = curs.fetchall()
+                if requires_approval and requires_approval[0][0] == 'on':
+                    application_token = load_random_key(32)
+                    curs.execute(db_change(
+                        "insert into user_application (id, pw, date, encode, question, answer, token, ip, ua, email) " + \
+                        "values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
+                    ), [
                         flask.session['c_id'],
+                        flask.session['c_pw'],
+                        get_time(),
+                        db_data[0][0],
+                        flask.session['c_que'],
+                        flask.session['c_ans'],
+                        application_token,
+                        ip,
+                        user_agent,
                         flask.session['c_email']
                     ])
-                    curs.execute(db_change("insert into ua_d (name, ip, ua, today, sub) values (?, ?, ?, ?, '')"), [
+                    conn.commit()
+    
+                    for i in re_set_list:
+                        flask.session.pop(i, None)
+
+                    return redirect('/application_submitted')
+                else:
+                    curs.execute(db_change("insert into user (id, pw, acl, date, encode) values (?, ?, ?, ?, ?)"), [
                         flask.session['c_id'],
-                        ip,
-                        agent,
-                        get_time()
+                        flask.session['c_pw'],
+                        get_time(),
+                        'user' if first == 0 else 'owner'
+                        db_data[0][0]
                     ])
 
-                    flask.session['id'] = flask.session['c_id']
-                    flask.session['head'] = ''
+                curs.execute(db_change("insert into user_set (name, id, data) values ('email', ?, ?)"), [
+                    flask.session['c_id'],
+                    flask.session['c_email']
+                ])
+                curs.execute(db_change("insert into ua_d (name, ip, ua, today, sub) values (?, ?, ?, ?, '')"), [
+                    flask.session['c_id'],
+                    ip,
+                    user_agent,
+                    get_time()
+                ])
 
-                    conn.commit()
-                else:
-                    curs.execute(db_change('delete from user_set where name = "email" and id = ?'), [ip])
-                    curs.execute(db_change('insert into user_set (name, id, data) values ("email", ?, ?)'), [ip, flask.session['c_email']])
+                flask.session['id'] = flask.session['c_id']
+                flask.session['head'] = ''
+
+                conn.commit()
+            else:
+                curs.execute(db_change('delete from user_set where name = "email" and id = ?'), [ip])
+                curs.execute(db_change('insert into user_set (name, id, data) values ("email", ?, ?)'), [ip, flask.session['c_email']])
 
-                    first = 0
+                first = 0
 
-                flask.session.pop('c_id', None)
-                flask.session.pop('c_pw', None)
-                flask.session.pop('c_key', None)
-                flask.session.pop('c_email', None)
+            for i in re_set_list:
+                flask.session.pop(i, None)
 
-                if first == 0:
-                    return redirect('/change')
-                else:
-                    return redirect('/setting')
-            else:
-                flask.session.pop('c_id', None)
-                flask.session.pop('c_pw', None)
-                flask.session.pop('c_key', None)
-                flask.session.pop('c_email', None)
+            return redirect('/change') if first == 0 else redirect('/setting') 
+        else:
+            for i in re_set_list:
+                flask.session.pop(i, None)
 
-                return redirect('/user')
+            return redirect('/user')
     else:
         curs.execute(db_change('select data from other where name = "check_key_text"'))
         sql_d = curs.fetchall()
-        if sql_d and sql_d[0][0] != '':
-            b_text = sql_d[0][0] + '<hr class=\"main_hr\">'
-        else:
-            b_text = ''
+        b_text = (sql_d[0][0] + '<hr class="main_hr">') if sql_d and sql_d[0][0] != '' else ''
 
         return easy_minify(flask.render_template(skin_check(),
             imp = [load_lang('check_key'), wiki_set(), custom(), other2([0, 0])],
-            data =  '''
+            data = '''
                 <form method="post">
                     ''' + b_text + '''
                     <input placeholder="''' + load_lang('key') + '''" name="key" type="text">
-                    <hr class=\"main_hr\">
+                    <hr class="main_hr">
                     <button type="submit">''' + load_lang('save') + '''</button>
                 </form>
             ''',

route/login_need_email.py

@@ -2,127 +2,113 @@ from .tool.func import *
 
 def login_need_email_2(conn, tool):
     curs = conn.cursor()
-
+    
     if flask.request.method == 'POST':
-        if tool == 'pass_find':
-            curs.execute(db_change("select id from user_set where id = ? and name = 'email' and data = ?"), [
-                flask.request.form.get('id', ''),
-                flask.request.form.get('email', '')
-            ])
-            if curs.fetchall():
-                flask.session['c_key'] = ''.join(random.choice("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") for i in range(16))
-                flask.session['c_id'] = flask.request.form.get('id', '')
-
-                curs.execute(db_change('select data from other where name = "email_title"'))
-                sql_d = curs.fetchall()
-                if sql_d and sql_d[0][0] != '':
-                    t_text = html.escape(sql_d[0][0])
-                else:
-                    t_text = wiki_set()[0] + ' key'
-
-                curs.execute(db_change('select data from other where name = "email_text"'))
-                sql_d = curs.fetchall()
-                if sql_d and sql_d[0][0] != '':
-                    i_text = html.escape(sql_d[0][0]) + '\n\nKey : ' + flask.session['c_key']
-                else:
-                    i_text = 'Key : ' + flask.session['c_key']
-
-                if send_email(flask.request.form.get('email', ''), t_text, i_text) == 0:
-                    return re_error('/error/18')
-
-                return redirect('/check_pass_key')
+        re_set_list = ['c_id', 'c_pw', 'c_ans', 'c_que', 'c_key', 'c_type']
+    
+        if tool == 'email_change':
+            flask.session['c_key'] = load_random_key(32)
+            flask.session['c_id'] = ip_check()
+            flask.session['c_type'] = 'email_change'
+        elif tool == 'pass_find':
+            user_id = flask.request.form.get('id', '')
+            user_email = flask.request.form.get('email', '')
+
+            flask.session['c_key'] = load_random_key(32)
+            flask.session['c_id'] = user_id
+            flask.session['c_type'] = 'pass_find'
+        else:
+            if not 'c_type' in flask.session:
+                return redirect('/register')
+
+        if tool != 'pass_find':
+            user_email = flask.request.form.get('email', '')
+            email_data = re.search(r'@([^@]+)$', user_email)
+            if email_data:
+                curs.execute(db_change("select html from html_filter where html = ? and kind = 'email'"), [email_data.group(1)])
+                if not curs.fetchall():
+                    for i in re_set_list:
+                        flask.session.pop(i, None)
+                    
+                    return redirect('/email_filter')
             else:
+                for i in re_set_list:
+                    flask.session.pop(i, None)
+                
+                return re_error('/error/36')
+
+        curs.execute(db_change('select data from other where name = "email_title"'))
+        sql_d = curs.fetchall()
+        t_text = html.escape(sql_d[0][0]) if sql_d and sql_d[0][0] != '' else (wiki_set()[0] + ' key')
+
+        curs.execute(db_change('select data from other where name = "email_text"'))
+        sql_d = curs.fetchall()
+        i_text = (html.escape(sql_d[0][0]) + '\n\nKey : ' + flask.session['c_key']) if sql_d and sql_d[0][0] != '' else ('Key : ' + flask.session['c_key'])
+        
+        if tool == 'pass_find':
+            curs.execute(db_change("select id from user_set where id = ? and name = 'email' and data = ?"), [user_id, user_email])
+            if not curs.fetchall():
                 return re_error('/error/12')
-        else:
-            if tool == 'email_change':
-                flask.session['c_key'] = ''.join(random.choice("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") for i in range(16))
-                flask.session['c_id'] = ip_check()
-                flask.session['c_pw'] = ''
-
-            if 'c_id' in flask.session:
-                data = re.search(r'@([^@]+)$', flask.request.form.get('email', ''))
-                if data:
-                    data = data.group(1)
-
-                    curs.execute(db_change("select html from html_filter where html = ? and kind = 'email'"), [data])
-                    if curs.fetchall():
-                        curs.execute(db_change('select id from user_set where name = "email" and data = ?'), [flask.request.form.get('email', '')])
-                        if curs.fetchall():
-                            flask.session.pop('c_id', None)
-                            flask.session.pop('c_pw', None)
-                            flask.session.pop('c_key', None)
+                
+            if send_email(user_email, t_text, i_text) == 0:
+                return re_error('/error/18')
 
-                            # user 대신 오류 화면 보여주게 수정 필요
-                            return redirect('/user')
-                        else:
-                            curs.execute(db_change('select data from other where name = "email_title"'))
-                            sql_d = curs.fetchall()
-                            if sql_d and sql_d[0][0] != '':
-                                t_text = html.escape(sql_d[0][0])
-                            else:
-                                t_text = wiki_set()[0] + ' key'
-
-                            curs.execute(db_change('select data from other where name = "email_text"'))
-                            sql_d = curs.fetchall()
-                            if sql_d and sql_d[0][0] != '':
-                                i_text = html.escape(sql_d[0][0]) + '\n\nKey : ' + flask.session['c_key']
-                            else:
-                                i_text = 'Key : ' + flask.session['c_key']
+            return redirect('/check_key')
+        else:
+            curs.execute(db_change('select id from user_set where name = "email" and data = ?'), [user_email])
+            if curs.fetchall():
+                for i in re_set_list:
+                    flask.session.pop(i, None)
 
-                            if send_email(flask.request.form.get('email', ''), t_text, i_text) == 0:
-                                return re_error('/error/18')
+                return re_error('/error/35')
+            
+            if send_email(user_email, t_text, i_text) == 0:
+                for i in re_set_list:
+                    flask.session.pop(i, None)
 
-                            flask.session['c_email'] = flask.request.form.get('email', '')
+                return re_error('/error/18')
 
-                            if tool == 'email_change':
-                                return redirect('/email_replace')
-                            else:
-                                return redirect('/check_key')
-                    else:
-                        return redirect('/email_filter')
+            flask.session['c_email'] = user_email
 
-            return redirect('/user')
+            return redirect('/check_key')
     else:
         if tool == 'pass_find':
             curs.execute(db_change('select data from other where name = "password_search_text"'))
             sql_d = curs.fetchall()
-            if sql_d and sql_d[0][0] != '':
-                b_text = sql_d[0][0] + '<hr class=\"main_hr\">'
-            else:
-                b_text = ''
+            b_text = (sql_d[0][0] + '<hr class="main_hr">') if sql_d and sql_d[0][0] != '' else ''
 
             return easy_minify(flask.render_template(skin_check(),
                 imp = [load_lang('password_search'), wiki_set(), custom(), other2([0, 0])],
-                data =  b_text + '''
-                        <form method="post">
-                            <input placeholder="''' + load_lang('id') + '''" name="id" type="text">
-                            <hr class=\"main_hr\">
-                            <input placeholder="''' + load_lang('email') + '''" name="email" type="text">
-                            <hr class=\"main_hr\">
-                            <button type="submit">''' + load_lang('save') + '''</button>
-                        </form>
-                        ''',
+                data = b_text + '''
+                    <form method="post">
+                        <input placeholder="''' + load_lang('id') + '''" name="id" type="text">
+                        <hr class="main_hr">
+                        <input placeholder="''' + load_lang('email') + '''" name="email" type="text">
+                        <hr class="main_hr">
+                        <button type="submit">''' + load_lang('save') + '''</button>
+                    </form>
+                ''',
                 menu = [['user', load_lang('return')]]
             ))
         else:
+            if tool == 'need_email' and not 'c_type' in flask.session:
+                return redirect('/register')
+
             curs.execute(db_change('select data from other where name = "email_insert_text"'))
             sql_d = curs.fetchall()
-            if sql_d and sql_d[0][0] != '':
-                b_text = sql_d[0][0] + '<hr class=\"main_hr\">'
-            else:
-                b_text = ''
+            b_text = (sql_d[0][0] + '<hr class="main_hr">') if sql_d and sql_d[0][0] != '' else ''
 
             return easy_minify(flask.render_template(skin_check(),
                 imp = [load_lang('email'), wiki_set(), custom(), other2([0, 0])],
-                data =  '''
-                        <a href="/email_filter">(''' + load_lang('email_filter_list') + ''')</a>
-                        <hr class=\"main_hr\">
-                        ''' + b_text + '''
-                        <form method="post">
-                            <input placeholder="''' + load_lang('email') + '''" name="email" type="text">
-                            <hr class=\"main_hr\">
-                            <button type="submit">''' + load_lang('save') + '''</button>
-                        </form>
-                        ''',
+                data = '''
+                    <a href="/email_filter">(''' + load_lang('email_filter_list') + ''')</a>
+                    <hr class="main_hr">
+                    ''' + b_text + '''
+                    <form method="post">
+                        <input placeholder="''' + load_lang('email') + '''" name="email" type="text">
+                        <hr class="main_hr">
+                        <button type="submit">''' + load_lang('save') + '''</button>
+                    </form>
+                ''',
                 menu = [['user', load_lang('return')]]
             ))

route/login_register.py

@@ -48,6 +48,10 @@ def login_register_2(conn):
         curs.execute(db_change("select id from user where id = ?"), [user_id])
         if curs.fetchall():
             return re_error('/error/6')
+    
+        curs.execute(db_change("select id from user_application where id = ?"), [user_id])
+        if curs.fetchall():
+            return re_error('/error/6')
 
         hashed = pw_encode(user_pw)
         ans_q = flask.request.form.get('approval_question_answer', '')
@@ -63,66 +67,24 @@ def login_register_2(conn):
         else:
             approval_question = ''
 
+        # c_id, c_pw, c_ans, c_que, c_key, c_type
+        flask.session['c_id'] = user_id
+        flask.session['c_pw'] = hashed
+        flask.session['c_type'] = 'register'
+        if requires_approval:
+            flask.session['c_ans'] = flask.request.form.get('approval_question_answer', '')
+            flask.session['c_que'] = approval_question
+        
         curs.execute(db_change('select data from other where name = "email_have"'))
         sql_data = curs.fetchall()
         if sql_data and sql_data[0][0] != '' and admin != 1:
-            flask.session['c_id'] = user_id
-            flask.session['c_pw'] = hashed
-            flask.session['c_key'] = ''.join(random.choice("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") for i in range(64))
-            if requires_approval:
-                flask.session['c_ans'] = flask.request.form.get('approval_question_answer', '')
-                flask.session['c_question'] = approval_question
+            flask.session['c_key'] = load_random_key(32)
 
             return redirect('/need_email')
         else:
-            curs.execute(db_change('select data from other where name = "encode"'))
-            db_data = curs.fetchall()
-
-            curs.execute(db_change("select id from user limit 1"))
-            if not curs.fetchall():
-                curs.execute(db_change("insert into user (id, pw, acl, date, encode) values (?, ?, 'owner', ?, ?)"), [
-                    user_id, 
-                    hashed, 
-                    get_time(), 
-                    db_data[0][0]
-                ])
-
-                first = 1
-            else:
-                if requires_approval:
-                    application_token = ''.join(random.choice("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") for i in range(60))
-                    curs.execute(db_change(
-                        "insert into user_application (id, pw, date, encode, question, answer, token, ip, ua, email) values (?, ?, ?, ?, ?, ?, ?, ?, ?, '')"
-                    ), [
-                        user_id, 
-                        hashed, 
-                        get_time(), 
-                        db_data[0][0], 
-                        approval_question, 
-                        ans_q, 
-                        application_token, 
-                        ip_check(), 
-                        flask.request.headers.get('User-Agent')
-                    ])
-                    conn.commit()
-                    
-                    return redirect('/application_submitted')
-                else:
-                    curs.execute(db_change("insert into user (id, pw, acl, date, encode) values (?, ?, 'user', ?, ?)"), [user_id, hashed, get_time(), db_data[0][0]])
-
-                first = 0
-
-            ip = ip_check()
-            agent = flask.request.headers.get('User-Agent')
-
-            curs.execute(db_change("insert into ua_d (name, ip, ua, today, sub) values (?, ?, ?, ?, '')"), [user_id, ip, agent, get_time()])
-
-            flask.session['id'] = user_id
-            flask.session['head'] = ''
-
-            conn.commit()
-
-            return redirect('/change') if first == 0 else redirect('/setting')
+            flask.session['c_key'] = 'email_pass
+
+            return redirect('/check_key')
     else:
         curs.execute(db_change('select data from other where name = "contract"'))
         data = curs.fetchall()

route/tool/func.py

@@ -144,6 +144,9 @@ def load_domain():
 
     return domain
 
+def load_random_key(long = 64):
+    return ''.join(random.choice("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") for i in range(long))
+
 def last_change(data):
     json_address = re.sub(r"(((?!\.|\/).)+)\.html$", "set.json", skin_check())
     try:
@@ -1314,6 +1317,10 @@ def re_error(data):
             data = load_lang('restart_fail_error')
         elif num == 34:
             data = load_lang("update_error") + ' <a href="https://github.com/2DU/opennamu">(Github)</a>'
+        elif num == 35:
+            data = load_lang('same_email_error')
+        elif num == 36:
+            data = load_lang('input_email_error')
         else:
             data = '???'