시스템 꽤 수정

app.py

@@ -2444,10 +2444,21 @@ def topic(name = None, sub = None):
             if user_write == '':
                 user_write = '<br>'
                          
-            all_data += '<table id="toron"><tbody><tr><td id="toron_color' + color + '">'
-            all_data += '<a href="javascript:void(0);" id="' + str(number) + '">#' + str(number) + '</a> ' + ip + '</span>'
-            all_data += '</td></tr><tr ' + blind_data + '><td>' + user_write + '</td></tr></tbody></table><br>'
-           
+            all_data += '''
+                        <table id="toron">
+                            <tbody>
+                                <tr>
+                                    <td id="toron_color''' + color + '''">
+                                        <a href="javascript:void(0);" id="''' + str(number) + '">#' + str(number) + '</a> ' + ip + '''</span>
+                                    </td>
+                                </tr>
+                                <tr ''' + blind_data + '''>
+                                    <td>''' + user_write + '''</td>
+                                </tr>
+                            </tbody>
+                        </table>
+                        <br>
+                        '''
             number += 1
 
         if ban != 1 or admin == 1:
@@ -2558,19 +2569,13 @@ def login():
         ip = ip_check()
         agent = flask.request.headers.get('User-Agent')
 
-        curs.execute("insert into ua_d (name, ip, ua, today, sub) values (?, ?, ?, ?, '')", [flask.request.form.get('id', None), ip, agent, get_time()])
-
         curs.execute("select pw from user where id = ?", [flask.request.form.get('id', None)])
         user = curs.fetchall()
         if not user:
             return re_error('/error/2')
 
-        salt = bcrypt.gensalt()
-        
         hashed = bytes(user[0][0], 'utf-8')
-        hashed.find(salt)
-
-        if not hashed == bcrypt.hashpw(bytes(flask.request.form.get('pw', None), 'utf-8'), hashed):
+        if not bcrypt.hashpw(bytes(flask.request.form.get('pw', ''), 'utf-8'), hashed) == hashed:
             return re_error('/error/10')
 
         flask.session['state'] = 1
@@ -2583,6 +2588,8 @@ def login():
         else:
             flask.session['head'] = ''
 
+        curs.execute("insert into ua_d (name, ip, ua, today, sub) values (?, ?, ?, ?, '')", [flask.request.form.get('id', None), ip_check(1), agent, get_time()])
+
         conn.commit()
         
         return redirect('/user')  
@@ -2626,15 +2633,11 @@ def change_password():
                 curs.execute("select pw from user where id = ?", [flask.session['id']])
                 user = curs.fetchall()
                 if not user:
-                    return re_error('/error/10')
-
-                salt = bcrypt.gensalt()
+                    return re_error('/error/2')
                 
                 hashed = bytes(user[0][0], 'utf-8')
-                hashed.find(salt)
-
-                if not hashed == bcrypt.hashpw(bytes(flask.request.form.get('pw4', None), 'utf-8'), hashed):
-                    return re_error('/error/2')
+                if not bcrypt.hashpw(bytes(flask.request.form.get('pw4', ''), 'utf-8'), hashed) == hashed:
+                    return re_error('/error/10')
 
                 hashed = bcrypt.hashpw(bytes(flask.request.form.get('pw2', None), 'utf-8'), bcrypt.gensalt()).decode()
                 

func.py

@@ -703,6 +703,8 @@ def redirect(data):
     return flask.redirect(data)
 
 def re_error(data):
+    conn.commit()
+    
     if data == '/ban':
         ip = ip_check()
 

mark.py

@@ -1,5 +1,4 @@
 from set_mark.namu import namu
-from set_mark.html_only import html_only
 
 import re
 import html
@@ -44,8 +43,6 @@ def namumark(title = '', data = '', num = 0, markup = 'namumark'):
     if not data == '':
         if markup == 'namumark':
             data = namu(conn, data, title, num)
-        elif markup == 'html':
-            data = html_only(conn, data, title, num)
         else:
             data = ['', '', []]
 

set_mark/namu.py

@@ -472,8 +472,6 @@ def namu(conn, data, title, main_num):
 
     data = re.sub('&', '&', data)
 
-    data = tool.xss_protect(curs, data)
-
     data = re.sub('\n( +)\|\|', '\n||', data)
     data = re.sub('\|\|( +)\n', '||\n', data)
 

set_mark/tool.py

@@ -7,9 +7,18 @@ import hashlib
 def get_time():
     return str(datetime.datetime.today().strftime("%Y-%m-%d %H:%M:%S"))
     
-def ip_check():
-    if flask.session and ('state' and 'id') in flask.session and flask.session['state'] == 1:
-        ip = flask.session['id']
+def ip_check(d_type = 0):
+    if d_type == 0:
+        if flask.session and ('state' and 'id') in flask.session and flask.session['state'] == 1:
+            ip = flask.session['id']
+        else:
+            try:
+                ip = flask.request.environ.get('HTTP_X_REAL_IP', flask.request.environ.get('HTTP_X_FORWARDED_FOR', flask.request.remote_addr))
+                
+                if ip == ('::1' or '127.0.0.1'):
+                    ip = flask.request.environ.get('HTTP_X_FORWARDED_FOR', flask.request.remote_addr)
+            except:
+                ip = '-'
     else:
         try:
             ip = flask.request.environ.get('HTTP_X_REAL_IP', flask.request.environ.get('HTTP_X_FORWARDED_FOR', flask.request.remote_addr))

views/main_css/topic_reload.js

@@ -7,30 +7,31 @@ function topic_load(name, sub) {
         return i;
     }
 
-    setInterval(
-        function() {
+    setTimeout(function() {
+        var test = setInterval(function() {
             var d = new Date();
             d.setSeconds(d.getSeconds() - 3);
             
-            var date = d.getFullYear() + '-' + addZero(d.getMonth() + 1) + '-' + d.getDate() + ' ' + addZero(d.getHours()) + ':' + addZero(d.getMinutes()) + ':' + addZero(d.getSeconds());
+            var date = d.getFullYear() + '-' + addZero(d.getMonth() + 1) + '-' + addZero(d.getDate());
+            date += ' ' + addZero(d.getHours()) + ':' + addZero(d.getMinutes()) + ':' + addZero(d.getSeconds());
+
             var url = "/api/topic/" + name + "/sub/" + sub + "?time=" + date;
             var xhr = new XMLHttpRequest();
+            var doc_data = document.getElementById("plus");
 
-            doc_data = document.getElementById("plus");
-
-            test = '';
+            xhr.open("GET", url);
+            xhr.send(null);
 
             xhr.onreadystatechange = function() {
-                if(xhr.status == 200) {
-                    if(xhr.responseText != "{}\n" && test != xhr.responseText) {
-                        test = xhr.responseText;
-                        doc_data.innerText += xhr.responseText + '\n';
-                    }
+                if(this.readyState == XMLHttpRequest.DONE && xhr.status == 200 && xhr.responseText != "{}\n") {
+                    console.log(xhr.responseText);
+                    console.log(url);
+
+                    doc_data.innerText += '(new topic)\n\n';
+
+                    clearInterval(test);
                 }
             }
-
-            xhr.open("GET", url);
-            xhr.send();
-        }
-    , 3000);
+        }, 3000)
+    }, 4000);
 }