temp

app.py

@@ -621,18 +621,20 @@ def watch_list_name(tool = 'star_doc', name = 'Test'):
 # login -> login/2fa -> login/2fa/email with login_id
 # register -> register/email -> regiter/email/check with reg_id
 # pass_find -> passfind/email with find_id
+
 @app.route('/login', methods = ['POST', 'GET'])
 def login_login():
     return login_login_2(conn)
 
 @app.route('/login/2fa', methods = ['POST', 'GET'])
-def login_2fa():
+def login_login_2fa():
     return login_login_2fa_2(conn)
 
 '''
 @app.route('/login/2fa/email', methods = ['POST', 'GET'])
 def login_2fa_email():
     return login_login_2fa_email_2(conn)
+'''
 
 @app.route('/register', methods = ['POST', 'GET'])
 def login_register():
@@ -645,7 +647,6 @@ def login_register_email():
 @app.route('/register/email/check', methods = ['POST', 'GET'])
 def login_register_email_check():
     return login_register_email_check_2(conn)
-'''
 
 @app.route('/<regex("need_email"):tool>', methods = ['POST', 'GET'])
 @app.route('/<regex("pass_find"):tool>', methods = ['POST', 'GET'])

route/login.py → route/login_login.py

@@ -1,6 +1,6 @@
 from .tool.func import *
 
-def login_2(conn):
+def login_login_2(conn):
     curs = conn.cursor()
 
     ip = ip_check()
@@ -21,7 +21,7 @@ def login_2(conn):
         user_data = {}
 
         curs.execute(db_change(
-            'select name, data from user_set where id = ? and name = "pw"'
+            'select name, data from user_set where id = ? and name = "pw" or name = "encode"'
         ), [user_id])
         sql_data = curs.fetchall()
         if not sql_data:

route/login_login_2fa.py

@@ -0,0 +1,70 @@
+from .tool.func import *
+
+def login_login_2fa_2(conn):
+    curs = conn.cursor()
+
+    # email 2fa
+    # pw 2fa
+    # q_a 2fa
+    if not (flask.session and 'login_id' in flask.session):
+        return redirect('/user')
+
+    ip = ip_check()
+    if ip_or_user(ip) == 0:
+        return redirect('/user')
+
+    if ban_check(None, 'login') == 1:
+        return re_error('/ban')
+
+    if flask.request.method == 'POST':
+        if captcha_post(flask.request.form.get('g-recaptcha-response', flask.request.form.get('g-recaptcha', ''))) == 1:
+            return re_error('/error/13')
+        else:
+            captcha_post('', 0)
+
+        user_agent = flask.request.headers.get('User-Agent', '')
+        user_id = flask.session['login_id']
+
+        curs.execute(db_change('select data from user_set where name = "2fa_pw" and id = ?'), [user_id])
+        user_1 = curs.fetchall()
+        if user_1:
+            curs.execute(db_change('select data from user_set where name = "2fa_pw_encode" and id = ?'), [user_id])
+            user_1 = user_1[0][0]
+            user_2 = curs.fetchall()[0][0]
+
+            pw_check_d = pw_check(
+                flask.request.form.get('pw', ''),
+                user_1,
+                user_2,
+                user_id
+            )
+            if pw_check_d != 1:
+                return re_error('/error/10')
+
+        flask.session['id'] = user_id
+
+        ua_plus(
+            user_id, 
+            ip, 
+            user_agent, 
+            get_time()
+        )
+        conn.commit()
+
+        flask.session.pop('b_id', None)
+
+        return redirect('/user')
+    else:
+        return easy_minify(flask.render_template(skin_check(),
+            imp = [load_lang('login'), wiki_set(), wiki_custom(), wiki_css([0, 0])],
+            data =  '''
+                    <form method="post">
+                        <input placeholder="''' + load_lang('2fa_password') + '''" name="pw" type="password">
+                        <hr class=\"main_hr\">
+                        ''' + captcha_get() + '''
+                        <button type="submit">''' + load_lang('login') + '''</button>
+                        ''' + http_warning() + '''
+                    </form>
+                    ''',
+            menu = [['user', load_lang('return')]]
+        ))

route/login_2fa.py → route/login_login_2fa_email.py

@@ -1,6 +1,6 @@
 from .tool.func import *
 
-def login_2fa_2(conn):
+def login_login_2fa_email_2(conn):
     curs = conn.cursor()
 
     # email 2fa

route/login_register_email.py

@@ -0,0 +1,114 @@
+from .tool.func import *
+
+def login_need_email_2(conn, tool):
+    curs = conn.cursor()
+    
+    if flask.request.method == 'POST':
+        re_set_list = ['c_id', 'c_pw', 'c_ans', 'c_que', 'c_key', 'c_type']
+    
+        if tool == 'email_change':
+            flask.session['c_key'] = load_random_key(32)
+            flask.session['c_id'] = ip_check()
+            flask.session['c_type'] = 'email_change'
+        elif tool == 'pass_find':
+            user_id = flask.request.form.get('id', '')
+            user_email = flask.request.form.get('email', '')
+
+            flask.session['c_key'] = load_random_key(32)
+            flask.session['c_id'] = user_id
+            flask.session['c_type'] = 'pass_find'
+        else:
+            if not 'c_type' in flask.session:
+                return redirect('/register')
+
+        if tool != 'pass_find':
+            user_email = flask.request.form.get('email', '')
+            email_data = re.search(r'@([^@]+)$', user_email)
+            if email_data:
+                curs.execute(db_change("select html from html_filter where html = ? and kind = 'email'"), [email_data.group(1)])
+                if not curs.fetchall():
+                    for i in re_set_list:
+                        flask.session.pop(i, None)
+                    
+                    return redirect('/email_filter')
+            else:
+                for i in re_set_list:
+                    flask.session.pop(i, None)
+                
+                return re_error('/error/36')
+
+        curs.execute(db_change('select data from other where name = "email_title"'))
+        sql_d = curs.fetchall()
+        t_text = html.escape(sql_d[0][0]) if sql_d and sql_d[0][0] != '' else (wiki_set()[0] + ' key')
+
+        curs.execute(db_change('select data from other where name = "email_text"'))
+        sql_d = curs.fetchall()
+        i_text = (html.escape(sql_d[0][0]) + '\n\nKey : ' + flask.session['c_key']) if sql_d and sql_d[0][0] != '' else ('Key : ' + flask.session['c_key'])
+        
+        if tool == 'pass_find':
+            curs.execute(db_change("select id from user_set where id = ? and name = 'email' and data = ?"), [user_id, user_email])
+            if not curs.fetchall():
+                return re_error('/error/12')
+                
+            if send_email(user_email, t_text, i_text) == 0:
+                return re_error('/error/18')
+
+            return redirect('/check_key')
+        else:
+            curs.execute(db_change('select id from user_set where name = "email" and data = ?'), [user_email])
+            if curs.fetchall():
+                for i in re_set_list:
+                    flask.session.pop(i, None)
+
+                return re_error('/error/35')
+            
+            if send_email(user_email, t_text, i_text) == 0:
+                for i in re_set_list:
+                    flask.session.pop(i, None)
+
+                return re_error('/error/18')
+
+            flask.session['c_email'] = user_email
+
+            return redirect('/check_key')
+    else:
+        if tool == 'pass_find':
+            curs.execute(db_change('select data from other where name = "password_search_text"'))
+            sql_d = curs.fetchall()
+            b_text = (sql_d[0][0] + '<hr class="main_hr">') if sql_d and sql_d[0][0] != '' else ''
+
+            return easy_minify(flask.render_template(skin_check(),
+                imp = [load_lang('password_search'), wiki_set(), wiki_custom(), wiki_css([0, 0])],
+                data = b_text + '''
+                    <form method="post">
+                        <input placeholder="''' + load_lang('id') + '''" name="id" type="text">
+                        <hr class="main_hr">
+                        <input placeholder="''' + load_lang('email') + '''" name="email" type="text">
+                        <hr class="main_hr">
+                        <button type="submit">''' + load_lang('save') + '''</button>
+                    </form>
+                ''',
+                menu = [['user', load_lang('return')]]
+            ))
+        else:
+            if tool == 'need_email' and not 'c_type' in flask.session:
+                return redirect('/register')
+
+            curs.execute(db_change('select data from other where name = "email_insert_text"'))
+            sql_d = curs.fetchall()
+            b_text = (sql_d[0][0] + '<hr class="main_hr">') if sql_d and sql_d[0][0] != '' else ''
+
+            return easy_minify(flask.render_template(skin_check(),
+                imp = [load_lang('email'), wiki_set(), wiki_custom(), wiki_css([0, 0])],
+                data = '''
+                    <a href="/email_filter">(''' + load_lang('email_filter_list') + ''')</a>
+                    <hr class="main_hr">
+                    ''' + b_text + '''
+                    <form method="post">
+                        <input placeholder="''' + load_lang('email') + '''" name="email" type="text">
+                        <hr class="main_hr">
+                        <button type="submit">''' + load_lang('save') + '''</button>
+                    </form>
+                ''',
+                menu = [['user', load_lang('return')]]
+            ))

route/login_register_email_check.py

@@ -0,0 +1,164 @@
+from .tool.func import *
+
+def login_check_key_2(conn, tool):
+    curs = conn.cursor()
+
+    if  flask.request.method == 'POST' or \
+        ('c_key' in flask.session and flask.session['c_key'] == 'email_pass'):
+        re_set_list = ['c_id', 'c_pw', 'c_ans', 'c_que', 'c_key', 'c_type', 'c_email']
+        ip = ip_check()
+        input_key = flask.request.form.get('key', '')
+        user_agent = flask.request.headers.get('User-Agent', '')
+
+        if  'c_type' in flask.session and \
+            flask.session['c_type'] == 'pass_find' and \
+            flask.session['c_key'] == input_key:
+            curs.execute(db_change("update user_set set data = ? where name = 'pw' and id = ?"), [
+                pw_encode(flask.session['c_key']), 
+                flask.session['c_id']
+            ])
+            conn.commit()
+
+            user_id = flask.session['c_id']
+            user_pw = flask.session['c_key']
+
+            for i in re_set_list:
+                flask.session.pop(i, None)
+
+            curs.execute(db_change('select data from other where name = "reset_user_text"'))
+            sql_d = curs.fetchall()
+            b_text = (sql_d[0][0] + '<hr class="main_hr">') if sql_d and sql_d[0][0] != '' else ''
+
+            curs.execute(db_change('select data from user_set where name = "2fa" and id = ?'), [user_id])
+            if curs.fetchall():
+                curs.execute(db_change("update user_set set data = '' where name = '2fa' and id = ?"), [user_id])
+
+            return easy_minify(flask.render_template(skin_check(),
+                imp = [load_lang('reset_user_ok'), wiki_set(), wiki_custom(), wiki_css([0, 0])],
+                data = b_text + load_lang('id') + ' : ' + user_id + '<br>' + load_lang('password') + ' : ' + user_pw,
+                menu = [['user', load_lang('return')]]
+            ))
+        elif    'c_type' in flask.session and \
+                (flask.session['c_key'] == input_key or flask.session['c_key'] == 'email_pass'):
+            curs.execute(db_change('select data from other where name = "encode"'))
+            db_data = curs.fetchall()
+
+            if flask.session['c_type'] == 'register':
+                if flask.session['c_key'] == 'email_pass':
+                    flask.session['c_email'] = ''
+
+                curs.execute(db_change("select id from user_set limit 1"))
+                first = 1 if not curs.fetchall() else 0
+
+                curs.execute(db_change("select id from user_set where id = ?"), [
+                    flask.session['c_id']
+                ])
+                if curs.fetchall():
+                    for i in re_set_list:
+                        flask.session.pop(i, None)
+
+                    return re_error('/error/6')
+            
+                curs.execute(db_change("select id from user_set where id = ? and name = 'application'"), [
+                    flask.session['c_id']
+                ])
+                if curs.fetchall():
+                    for i in re_set_list:
+                        flask.session.pop(i, None)
+
+                    return re_error('/error/6')
+
+                curs.execute(db_change(
+                    'select data from other where name = "requires_approval"'
+                ))
+                requires_approval = curs.fetchall()
+                if requires_approval and requires_approval[0][0] == 'on':
+                    user_app_data = {}
+                    user_app_data['id'] = flask.session['c_id']
+                    user_app_data['pw'] = flask.session['c_pw']
+                    user_app_data['date'] = get_time()
+                    user_app_data['encode'] = db_data[0][0]
+                    user_app_data['question'] = flask.session['c_que']
+                    user_app_data['answer'] = flask.session['c_ans']
+                    user_app_data['ip'] = ip
+                    user_app_data['ua'] = user_agent
+                    user_app_data['email'] = flask.session['c_email']
+                    
+                    curs.execute(db_change(
+                        "insert into user_set (id, name, data) values (?, ?, ?)"
+                    ), [
+                        flask.session['c_id'],
+                        'application',
+                        json.dumps(user_app_data)
+                    ])
+                    conn.commit()
+    
+                    for i in re_set_list:
+                        flask.session.pop(i, None)
+
+                    return redirect('/application_submitted')
+                else:
+                    if first == 0:
+                        user_auth = 'user'
+                    else:
+                        user_auth = 'owner'
+                    
+                    curs.execute(db_change("insert into user_set (id, name, data) values (?, 'pw', ?)"), [
+                        flask.session['c_id'],
+                        flask.session['c_pw']
+                    ])
+                    curs.execute(db_change("insert into user_set (id, name, data) values (?, 'acl', ?)"), [
+                        flask.session['c_id'],
+                        user_auth
+                    ])
+                    curs.execute(db_change("insert into user_set (id, name, data) values (?, 'date', ?)"), [
+                        flask.session['c_id'],
+                        get_time()
+                    ])
+                    curs.execute(db_change("insert into user_set (id, name, data) values (?, 'encode', ?)"), [
+                        flask.session['c_id'],
+                        db_data[0][0]
+                    ])
+
+                curs.execute(db_change("insert into user_set (name, id, data) values ('email', ?, ?)"), [
+                    flask.session['c_id'],
+                    flask.session['c_email']
+                ])
+                ua_plus(flask.session['c_id'], ip, user_agent, get_time())
+
+                flask.session['id'] = flask.session['c_id']
+                flask.session['head'] = ''
+
+                conn.commit()
+            else:
+                curs.execute(db_change('delete from user_set where name = "email" and id = ?'), [ip])
+                curs.execute(db_change('insert into user_set (name, id, data) values ("email", ?, ?)'), [ip, flask.session['c_email']])
+
+                first = 0
+
+            for i in re_set_list:
+                flask.session.pop(i, None)
+
+            return redirect('/change') if first == 0 else redirect('/setting') 
+        else:
+            for i in re_set_list:
+                flask.session.pop(i, None)
+
+            return redirect('/user')
+    else:
+        curs.execute(db_change('select data from other where name = "check_key_text"'))
+        sql_d = curs.fetchall()
+        b_text = (sql_d[0][0] + '<hr class="main_hr">') if sql_d and sql_d[0][0] != '' else ''
+
+        return easy_minify(flask.render_template(skin_check(),
+            imp = [load_lang('check_key'), wiki_set(), wiki_custom(), wiki_css([0, 0])],
+            data = '''
+                <form method="post">
+                    ''' + b_text + '''
+                    <input placeholder="''' + load_lang('key') + '''" name="key" type="text">
+                    <hr class="main_hr">
+                    <button type="submit">''' + load_lang('save') + '''</button>
+                </form>
+            ''',
+            menu = [['user', load_lang('return')]]
+        ))