9 years ago · c7be2aee7c
--- a/app.py
+++ b/app.py
@@ -2027,7 +2027,7 @@ def change_password():
 
				                 curs.execute("select * from user where id = '" + db_pas(request.forms.id) + "'")
			
 
				                 user = curs.fetchall()
			
 
				                 if(user):
			
 
				-                    if(not re.search('\.', ip)):
			
 
				+                    if(not re.search('(\.|:)', ip)):
			
 
				                         conn.close()
			
 
				                         return(redirect('/logout'))
			
 
				                     elif(bcrypt.checkpw(bytes(request.forms.pw, 'utf-8'), bytes(user[0]['pw'], 'utf-8'))):
			
@@ -2052,7 +2052,7 @@ def change_password():
 
				             conn.close()
			
 
				             return(redirect('/ban'))
			
 
				         else:
			
 
				-            if(not re.search('\.', ip)):
			
 
				+            if(not re.search('(\.|:)', ip)):
			
 
				                 conn.close()
			
 
				                 return(redirect('/logout'))
			
 
				             else:
			
@@ -2655,7 +2655,7 @@ def custom_css():
 
				     session = request.environ.get('beaker.session')
			
 
				     ip = ip_check()
			
 
				     if(request.method == 'POST'):
			
 
				-        if(not re.search('\.', ip)):
			
 
				+        if(not re.search('(\.|:)', ip)):
			
 
				             curs.execute("select * from custom where user = '" + db_pas(ip) + "'")
			
 
				             css_data = curs.fetchall()
			
 
				             if(css_data):
			
@@ -2669,7 +2669,7 @@ def custom_css():
 
				         conn.close()
			
 
				         return(redirect('/user'))
			
 
				     else:
			
 
				-        if(not re.search('\.', ip)):
			
 
				+        if(not re.search('(\.|:)', ip)):
			
 
				             start = ''
			
 
				             curs.execute("select * from custom where user = '" + db_pas(ip) + "'")
			
 
				             css_data = curs.fetchall()
			
--- a/func.py
+++ b/func.py
@@ -135,7 +135,7 @@ def ip_pas(raw_ip, num):
 
				     conn = pymysql.connect(user = set_data['user'], password = set_data['pw'], charset = 'utf8mb4', db = set_data['db'])
			
 
				     curs = conn.cursor(pymysql.cursors.DictCursor)
			
 
				     
			
 
				-    if(re.search("\.", raw_ip)):
			
 
				+    if(re.search("(\.|:)", raw_ip)):
			
 
				         ip = raw_ip
			
 
				     else:
			
 
				         curs.execute("select title from data where title = '사용자:" + db_pas(raw_ip) + "'")
			
@@ -186,7 +186,7 @@ def acl_check(ip, name):
 
				     if(m):
			
 
				         g = m.groups()
			
 
				         if(ip == g[0]):
			
 
				-            if(re.search("\.", g[0])):
			
 
				+            if(re.search("(\.|:)", g[0])):
			
 
				                 conn.close()
			
 
				                 return(1)
			
 
				             else: