Inicio Explorar Axuda
Iniciar sesión
wiki
/
openNAMU__openNAMU
réplica de https://github.com/openNAMU/openNAMU.git
2
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

추가

2DU %!s(int64=9) %!d(string=hai) anos
pai
723444065d
achega
e852bb3eaf
Modificáronse 1 ficheiros con 36 adicións e 31 borrados
Unificar vista Mostrar estatísticas de Diff
  1. 36 31
      app.py

+ 36 - 31
app.py
Ver ficheiro 

@@ -1405,40 +1405,45 @@ def logout():
 
 
 
 @app.route('/ban/<name>', methods=['POST', 'GET'])
 
 @app.route('/ban/<name>', methods=['POST', 'GET'])
 
 def ban(name = None):
 
 def ban(name = None):
 
-    if(request.method == 'POST'):
 
-        if(admincheck() == 1):
 
-            curs.execute("select * from ban where block = '" + pymysql.escape_string(name) + "'")
 
-            row = curs.fetchall()
 
-            if(row):
 
-                block(name, '해제', getnow(), ip, '')
 
-                curs.execute("delete from ban where block = '" + pymysql.escape_string(name) + "'")
 
-            else:
 
-                b = re.search("^([0-9](?:[0-9][0-9])?\.[0-9](?:[0-9][0-9])?)$", name)
 
-                if(b):
 
-                    block(name, request.form["end"], getnow(), ip, request.form["why"])
 
-                    curs.execute("insert into ban (block, end, why, band) value ('" + pymysql.escape_string(name) + "', '" + pymysql.escape_string(request.form["end"]) + "', '" + pymysql.escape_string(request.form["why"]) + "', 'O')")
 
-                else:
 
-                    block(name, request.form["end"], getnow(), ip, request.form["why"])
 
-                    curs.execute("insert into ban (block, end, why, band) value ('" + pymysql.escape_string(name) + "', '" + pymysql.escape_string(request.form["end"]) + "', '" + pymysql.escape_string(request.form["why"]) + "', '')")
 
-            conn.commit()
 
-            return '<meta http-equiv="refresh" content="0;url=/w/' + parse.quote(data['frontpage']) + '" />'
 
-        else:
 
-            return render_template('index.html', title = '권한 오류', logo = data['name'], data = '권한이 모자랍니다.')
 
+    curs.execute("select * from user where name = '" + pymysql.escape_string(name) + "'")
 
+    rows = curs.fetchall()
 
+    if(rows[0]['acl'] == 'owner' or rows[0]['acl'] == 'admin'):
 
+        return render_template('index.html', title = '차단 오류', logo = data['name'], data = '관리자는 차단 할 수 없습니다.')
 
     else:
 
     else:
 
-        if(admincheck() == 1):
 
-            curs.execute("select * from ban where block = '" + pymysql.escape_string(name) + "'")
 
-            row = curs.fetchall()
 
-            if(row):
 
-                now = '차단 해제'
 
-            else:
 
-                b = re.search("^([0-9](?:[0-9][0-9])?\.[0-9](?:[0-9][0-9])?)$", name)
 
-                if(b):
 
-                    now = '대역 차단'
 
+        if(request.method == 'POST'):
 
+            if(admincheck() == 1):
 
+                curs.execute("select * from ban where block = '" + pymysql.escape_string(name) + "'")
 
+                row = curs.fetchall()
 
+                if(row):
 
+                    block(name, '해제', getnow(), ip, '')
 
+                    curs.execute("delete from ban where block = '" + pymysql.escape_string(name) + "'")
 
                 else:
 
                 else:
 
-                    now = '차단'
 
-            return render_template('index.html', title = name, page = parse.quote(name), logo = data['name'], tn = 16, now = now, today = getnow())
 
+                    b = re.search("^([0-9](?:[0-9][0-9])?\.[0-9](?:[0-9][0-9])?)$", name)
 
+                    if(b):
 
+                        block(name, request.form["end"], getnow(), ip, request.form["why"])
 
+                        curs.execute("insert into ban (block, end, why, band) value ('" + pymysql.escape_string(name) + "', '" + pymysql.escape_string(request.form["end"]) + "', '" + pymysql.escape_string(request.form["why"]) + "', 'O')")
 
+                    else:
 
+                        block(name, request.form["end"], getnow(), ip, request.form["why"])
 
+                        curs.execute("insert into ban (block, end, why, band) value ('" + pymysql.escape_string(name) + "', '" + pymysql.escape_string(request.form["end"]) + "', '" + pymysql.escape_string(request.form["why"]) + "', '')")
 
+                conn.commit()
 
+                return '<meta http-equiv="refresh" content="0;url=/w/' + parse.quote(data['frontpage']) + '" />'
 
+            else:
 
+                return render_template('index.html', title = '권한 오류', logo = data['name'], data = '권한이 모자랍니다.')
 
         else:
 
         else:
 
-            return render_template('index.html', title = '권한 오류', logo = data['name'], data = '권한이 모자랍니다.')
 
+            if(admincheck() == 1):
 
+                curs.execute("select * from ban where block = '" + pymysql.escape_string(name) + "'")
 
+                row = curs.fetchall()
 
+                if(row):
 
+                    now = '차단 해제'
 
+                else:
 
+                    b = re.search("^([0-9](?:[0-9][0-9])?\.[0-9](?:[0-9][0-9])?)$", name)
 
+                    if(b):
 
+                        now = '대역 차단'
 
+                    else:
 
+                        now = '차단'
 
+                return render_template('index.html', title = name, page = parse.quote(name), logo = data['name'], tn = 16, now = now, today = getnow())
 
+            else:
 
+                return render_template('index.html', title = '권한 오류', logo = data['name'], data = '권한이 모자랍니다.')
 
 
 
 @app.route('/acl/<name>', methods=['POST', 'GET'])
 
 @app.route('/acl/<name>', methods=['POST', 'GET'])
 
 def acl(name = None):
 
 def acl(name = None):