Accueil Explorer Aide
Connexion
wiki
/
openNAMU__openNAMU
miroir de https://github.com/openNAMU/openNAMU.git
2
0
Fork 0
Fichiers Tickets 0 Wiki
Parcourir la source

암호화 선택 기능

Surplus_Up (2DU) il y a 7 ans
Parent
7d0316414c
commit
a51642a794
2 fichiers modifiés avec 90 ajouts et 40 suppressions
Vue séparée Afficher les stats Diff
  1. 43 34
      app.py
  2. 47 6
      func.py

+ 43 - 34
app.py
Voir le fichier 

@@ -7,7 +7,6 @@ import tornado.wsgi
 
 import urllib.request
 
 import platform
 
 import zipfile
 
-import bcrypt
 
 import difflib
 
 import shutil
 
 import threading
 
@@ -17,7 +16,7 @@ import sys
 
 
 from func import *
 
 
-r_ver = 'v3.0.8-master-03'
 
+r_ver = 'v3.0.8-master-04'
 
 c_ver = ''.join(re.findall('[0-9]', r_ver))
 
 
 print('version : ' + r_ver)
 
@@ -137,7 +136,7 @@ if setup_tool != 0:
 
     create_data['cache_data'] = ['title', 'data']
 
     create_data['history'] = ['id', 'title', 'data', 'date', 'ip', 'send', 'leng', 'hide']
 
     create_data['rd'] = ['title', 'sub', 'date', 'band']
 
-    create_data['user'] = ['id', 'pw', 'acl', 'date']
 
+    create_data['user'] = ['id', 'pw', 'acl', 'date', 'encode']
 
     create_data['user_set'] = ['name', 'id', 'data']
 
     create_data['ban'] = ['block', 'end', 'why', 'band', 'login']
 
     create_data['topic'] = ['id', 'title', 'sub', 'data', 'date', 'ip', 'block', 'top']
 
@@ -164,7 +163,7 @@ if setup_tool != 0:
 
             except:
 
                 curs.execute("alter table " + create_table + " add " + create + " text default ''")
 
 
-        update()
 
+    update()
 
 
 curs.execute('select name from alist where acl = "owner"')
 
 if not curs.fetchall():
 
@@ -252,25 +251,25 @@ else:
 
     
     print('language : ' + str(rep_language))
 
 
-support_mark = ['namumark']
 
-	
-curs.execute('select data from other where name = "markup"')
 
-rep_data = curs.fetchall()
 
-if not rep_data:
 
-	while 1:
 
-		print('markup [' + ', '.join(support_mark) + '] : ', end = '')
 
-	
-		rep_mark = str(input())
 
-		if rep_mark:
 
-			curs.execute('insert into other (name, data) values ("markup", ?)', [rep_mark])
 
-
 
-			break
 
-		else:
 
-			pass
 
-else:
 
-	rep_mark = rep_data[0][0]
 
+ask_this = [[['markup', 'markup'], ['namumark']], [['encryption method', 'encode'], ['sha256', 'bcrypt']]]
 
+for ask_data in ask_this:
 
+    curs.execute('select data from other where name = ?', [ask_data[0][1]])
 
+    rep_data = curs.fetchall()
 
+    if not rep_data:
 
+        while 1:
 
+            print(ask_data[0][0] + ' [' + ', '.join(ask_data[1]) + '] : ', end = '')
 
+        
+            rep_mark = str(input())
 
+            if rep_mark and rep_mark in ask_data[1]:
 
+                curs.execute('insert into other (name, data) values (?, ?)', [ask_data[0][1], rep_mark])
 
 
-	print('markup : ' + str(rep_mark))
 
+                break
 
+            else:
 
+                pass
 
+    else:
 
+        rep_mark = rep_data[0][0]
 
+
 
+        print(ask_data[0][1] + ' : ' + str(rep_mark))
 
 
 curs.execute('delete from other where name = "ver"')
 
 curs.execute('insert into other (name, data) values ("ver", ?)', [c_ver])
 
@@ -335,7 +334,7 @@ def alarm():
 
         menu = [['user', load_lang('user')]]
 
     ))
 
 
-@app.route('/<regex("inter_wiki|(?:edit|email)_filter"):tools>')
 
+@app.route('/<regex("inter_wiki|(?:edit|email|name)_filter"):tools>')
 
 def inter_wiki(tools = None):
 
     div = ''
 
     admin = admin_check(None, None)
 
@@ -400,7 +399,7 @@ def inter_wiki(tools = None):
 
         menu = [['other', load_lang('other')]]
 
     ))
 
 
-@app.route('/<regex("del_(?:inter_wiki|(?:edit|email)_filter)"):tools>/<name>')
 
+@app.route('/<regex("del_(?:inter_wiki|(?:edit|email|name)_filter)"):tools>/<name>')
 
 def del_inter(tools = None, name = None):
 
     if admin_check(None, tools) == 1:
 
         if tools == 'del_inter_wiki':
 
@@ -416,7 +415,7 @@ def del_inter(tools = None, name = None):
 
     else:
 
         return re_error('/error/3')
 
 
-@app.route('/<regex("plus_(?:inter_wiki|(?:edit|email)_filter)"):tools>', methods=['POST', 'GET'])
 
+@app.route('/<regex("plus_(?:inter_wiki|(?:edit|email|name)_filter)"):tools>', methods=['POST', 'GET'])
 
 @app.route('/<regex("plus_edit_filter"):tools>/<name>', methods=['POST', 'GET'])
 
 def plus_inter(tools = None, name = None):
 
     if flask.request.method == 'POST':
 
@@ -2584,13 +2583,18 @@ def login():
 
         ip = ip_check()
 
         agent = flask.request.headers.get('User-Agent')
 
 
-        curs.execute("select pw from user where id = ?", [flask.request.form.get('id', None)])
 
+        curs.execute("select pw, encode from user where id = ?", [flask.request.form.get('id', None)])
 
         user = curs.fetchall()
 
         if not user:
 
             return re_error('/error/2')
 
 
-        hashed = bytes(user[0][0], 'utf-8')
 
-        if not bcrypt.hashpw(bytes(flask.request.form.get('pw', ''), 'utf-8'), hashed) == hashed:
 
+        pw_check_d = pw_check(
 
+            flask.request.form.get('pw', ''), 
+            user[0][0],
 
+            user[0][1],
 
+            flask.request.form.get('id', None)
 
+        )
 
+        if pw_check_d != 1:
 
             return re_error('/error/10')
 
 
         flask.session['state'] = 1
 
@@ -2645,16 +2649,21 @@ def change_password():
 
                 if flask.request.form.get('pw2', None) != flask.request.form.get('pw3', None):
 
                     return re_error('/error/20')
 
 
-                curs.execute("select pw from user where id = ?", [flask.session['id']])
 
+                curs.execute("select pw, encode from user where id = ?", [flask.session['id']])
 
                 user = curs.fetchall()
 
                 if not user:
 
                     return re_error('/error/2')
 
                 
-                hashed = bytes(user[0][0], 'utf-8')
 
-                if not bcrypt.hashpw(bytes(flask.request.form.get('pw4', ''), 'utf-8'), hashed) == hashed:
 
+                pw_check_d = pw_check(
 
+                    flask.request.form.get('pw4', ''), 
+                    user[0][0],
 
+                    user[0][1],
 
+                    flask.request.form.get('id', None)
 
+                )
 
+                if pw_check_d != 1:
 
                     return re_error('/error/10')
 
 
-                hashed = bcrypt.hashpw(bytes(flask.request.form.get('pw2', None), 'utf-8'), bcrypt.gensalt()).decode()
 
+                hashed = pw_encode(flask.request.form.get('pw2', None))
 
                 
                 curs.execute("update user set pw = ? where id = ?", [hashed, flask.session['id']])
 
 
@@ -2833,7 +2842,7 @@ def register():
 
         if curs.fetchall():
 
             return re_error('/error/6')
 
 
-        hashed = bcrypt.hashpw(bytes(flask.request.form.get('pw', None), 'utf-8'), bcrypt.gensalt()).decode()
 
+        hashed = pw_encode(flask.request.form.get('pw', None))
 
         
         curs.execute('select data from other where name = "email_have"')
 
         sql_data = curs.fetchall()
 
@@ -3007,7 +3016,7 @@ def check_key(tool = 'check_pass_key'):
 
                 return redirect('/register')
 
         else:
 
             if 'c_id' in flask.session and flask.session['c_key'] == flask.request.form.get('key', None):
 
-                hashed = bcrypt.hashpw(bytes(flask.session['c_key'], 'utf-8'), bcrypt.gensalt()).decode()
 
+                hashed = pw_encode(flask.session['c_key'])
 
                 curs.execute("update user set pw = ? where id = ?", [hashed, flask.session['c_id']])
 
 
                 d_id = flask.session['c_id']

+ 47 - 6
func.py
Voir le fichier 

@@ -5,6 +5,7 @@ import sqlite3
 
 import hashlib
 
 import urllib.request
 
 import smtplib
 
+import bcrypt
 
 import re
 
 import html
 
 import os
 
@@ -114,12 +115,52 @@ def update():
 
     except:
 
         pass
 
 
-    # v3.0.6 사용자 설정 분리
 
-    try:
 
-        curs.execute("alter table user drop email")
 
-        curs.execute("alter table user drop skin")
 
-    except:
 
-       pass
 
+def pw_encode(data, data2 = '', type_d = ''):
 
+    if type_d == '':
 
+        curs.execute('select data from other where name = "encode"')
 
+        set_data = curs.fetchall()
 
+
 
+        type_d = set_data[0][0]
 
+
 
+    if type_d == 'sha256':
 
+        return hashlib.sha256(bytes(data, 'utf-8')).hexdigest()
 
+    else:
 
+        if data2 != '':
 
+            salt_data = bytes(data2, 'utf-8')
 
+        else:
 
+            salt_data = bcrypt.gensalt()
 
+            
+        return bcrypt.hashpw(bytes(data, 'utf-8'), salt_data).decode()
 
+
 
+def pw_check(data, data2, type_d = 'no', id_d = ''):
 
+    curs.execute('select data from other where name = "encode"')
 
+    db_data = curs.fetchall()
 
+
 
+    if type_d != 'no':
 
+        if type_d == '':
 
+            set_data = 'bcrypt'
 
+        else:
 
+            set_data = type_d
 
+    else:
 
+        set_data = db_data[0][0]
 
+    
+    if set_data == 'sha256':
 
+        data = pw_encode(data)
 
+
 
+        if data == data2:
 
+            re_data = 1
 
+        else:
 
+            re_data = 0
 
+    else:
 
+        if pw_encode(data, data2, 'bcrypt') == data2:
 
+            re_data = 1
 
+        else:
 
+            re_data = 0
 
+
 
+    if db_data[0][0] != set_data and re_data == 1 and id_d != '':
 
+        curs.execute("update user set pw = ?, encode = ? where id = ?", [pw_encode(data), db_data[0][0], id_d])
 
+
 
+    return re_data
 
 
 def captcha_post(re_data, num = 1):
 
     if num == 1: