under attack

2022-01-09 17:15:02 +02:00 · 2022-01-09 17:15:02 +02:00 · 1bea9edf79
commit 1bea9edf79
parent 93ce52b766
32 changed files with 106 additions and 185 deletions
--- a/.gitignore
+++ b/.gitignore
@ -3,7 +3,8 @@ video.mp4
 video.webm
 cache/
 __pycache__/
-disablesignups
+disable_signups
+under_attack
 .idea/
 **/.pytest_cache/
 venv/
--- a/1
+++ b/1
@ -1 +0,0 @@
-no
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -43,6 +43,8 @@ services:
      - MAIL_USERNAME=blahblahblah@gmail.com
      - MAIL_PASSWORD=3435tdfsdudebussylmaoxxt43
      - DESCRIPTION=rdrama.net caters to drama in all forms such as Real life, videos, photos, gossip, rumors, news sites, Reddit, and Beyond™. There isn't drama we won't touch, and we want it all!
+      - CF_KEY=3435tdfsdudebussylmaoxxt43
+      - CF_ZONE=3435tdfsdudebussylmaoxxt43
    links:
      - "redis"
      - "postgres"
--- a/4
+++ b/4
@ -31,4 +31,6 @@ export DEFAULT_THEME="midnight"
 export DEFAULT_COLOR="ff66ac" # YOU HAVE TO PICK ONE OF THOSE COLORS OR SHIT WILL BREAK: ff66ac, 805ad5, 62ca56, 38a169, 80ffff, 2a96f3, eb4963, ff0000, f39731, 30409f, 3e98a7, e4432d, 7b9ae4, ec72de, 7f8fa6, f8db58
 export MAIL_USERNAME="blahblahblah@gmail.com"
 export MAIL_PASSWORD="3435tdfsdudebussylmaoxxt43"
-export DESCRIPTION="rdrama.net caters to drama in all forms such as: Real life, videos, photos, gossip, rumors, news sites, Reddit, and Beyond™. There isn't drama we won't touch, and we want it all!"
+export DESCRIPTION="rdrama.net caters to drama in all forms such as: Real life, videos, photos, gossip, rumors, news sites, Reddit, and Beyond™. There isn't drama we won't touch, and we want it all!"
+export CF_KEY="3435tdfsdudebussylmaoxxt43"
+export CF_ZONE="3435tdfsdudebussylmaoxxt43"
--- a/files/assets/css/main.css
+++ b/files/assets/css/main.css
--- a/files/classes/mod_logs.py
+++ b/files/classes/mod_logs.py
@ -174,6 +174,16 @@ ACTIONTYPES={
 		"icon": "fa-user",
 		"color": "bg-success",
 	},
+	"disable_under_attack": {
+		"str": "disabled under attack mode",
+		"icon": "fa-shield",
+		"color": "bg-success",
+	},
+	"enable_under_attack": {
+		"str": "enabled under attack mode",
+		"icon": "fa-shield",
+		"color": "bg-danger",
+	},
 	"ban_user":{
 		"str":'banned user {self.target_link}',
 		"icon":"fa-user-slash",
--- a/files/helpers/wrappers.py
+++ b/files/helpers/wrappers.py
@ -23,8 +23,13 @@ def get_logged_in_user():
 		v = g.db.query(User).filter_by(id=lo_user).one_or_none()

 		if not v or nonce < v.login_nonce: return None
-
 		v.client = None
+
+		if request.method != "GET":
+			submitted_key = request.values.get("formkey")
+			if not submitted_key: abort(401)
+			elif not v.validate_formkey(submitted_key): abort(401)
+
 		return v

 def check_ban_evade(v):
@ -110,21 +115,4 @@ def admin_level_required(x):
 		wrapper.__name__ = f.__name__
 		return wrapper

-	return wrapper_maker
-
-
-def validate_formkey(f):
-	def wrapper(*args, v, **kwargs):
-
-		if not request.headers.get("Authorization"):
-
-			submitted_key = request.values.get("formkey", None)
-
-			if not submitted_key: abort(401)
-
-			elif not v.validate_formkey(submitted_key): abort(401)
-
-		return f(*args, v=v, **kwargs)
-
-	wrapper.__name__ = f.__name__
-	return wrapper
+	return wrapper_maker
--- a/files/mail/init.py
+++ b/files/mail/init.py
@ -43,7 +43,6 @@ def send_verification_email(user, email=None):
@app.post("/verify_email")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def api_verify_email(v):

 	send_verification_email(v)
--- a/files/routes/admin.py
+++ b/files/routes/admin.py
@ -23,14 +23,18 @@ SITE_NAME = environ.get("SITE_NAME", "").strip()
 GUMROAD_ID = environ.get("GUMROAD_ID", "tfcvri").strip()
 GUMROAD_TOKEN = environ.get("GUMROAD_TOKEN", "").strip()

+CF_KEY = environ.get("CF_KEY", "").strip()
+CF_ZONE = environ.get("CF_ZONE", "").strip()
+CF_HEADERS = {"Authorization": f"Bearer {CF_KEY}", "Content-Type": "application/json"}
+
 if SITE_NAME == 'PCM': cc = "splash mountain"
 else: cc = "country club"
 month = datetime.now().strftime('%B')

+
@app.post("/@<username>/make_admin")
@limiter.limit("1/second")
@admin_level_required(3)
-@validate_formkey
 def make_admin(v, username):
 	if request.host == 'rdrama.net': abort(403)
 	user = get_user(username)
@ -44,7 +48,6 @@ def make_admin(v, username):
@app.post("/@<username>/remove_admin")
@limiter.limit("1/second")
@admin_level_required(3)
-@validate_formkey
 def remove_admin(v, username):
 	user = get_user(username)
 	if not user: abort(404)
@ -91,7 +94,6 @@ def distribute(v, comment):
@app.post("/@<username>/revert_actions")
@limiter.limit("1/second")
@admin_level_required(3)
-@validate_formkey
 def revert_actions(v, username):
 	user = get_user(username)
 	if not user: abort(404)
@ -130,7 +132,6 @@ def revert_actions(v, username):
@app.post("/@<username>/club_allow")
@limiter.limit("1/second")
@admin_level_required(2)
-@validate_formkey
 def club_allow(v, username):

 	u = get_user(username, v=v)
@ -152,7 +153,6 @@ def club_allow(v, username):
@app.post("/@<username>/club_ban")
@limiter.limit("1/second")
@admin_level_required(2)
-@validate_formkey
 def club_ban(v, username):

 	u = get_user(username, v=v)
@ -174,7 +174,6 @@ def club_ban(v, username):
@app.post("/@<username>/make_meme_admin")
@limiter.limit("1/second")
@admin_level_required(2)
-@validate_formkey
 def make_meme_admin(v, username):
 	if request.host == 'pcmemes.net' or (SITE_NAME == 'Drama' and v.admin_level > 2) or (request.host != 'rdrama.net' and request.host != 'pcmemes.net'):
 		user = get_user(username)
@ -188,7 +187,6 @@ def make_meme_admin(v, username):
@app.post("/@<username>/remove_meme_admin")
@limiter.limit("1/second")
@admin_level_required(2)
-@validate_formkey
 def remove_meme_admin(v, username):
 	if request.host == 'pcmemes.net' or (SITE_NAME == 'Drama' and v.admin_level > 2) or (request.host != 'rdrama.net' and request.host != 'pcmemes.net'):
 		user = get_user(username)
@ -202,7 +200,6 @@ def remove_meme_admin(v, username):
@app.post("/admin/monthly")
@limiter.limit("1/day")
@admin_level_required(3)
-@validate_formkey
 def monthly(v):
 	if request.host == 'rdrama.net' and v.id != AEVANN_ID: abort (403)

@ -247,7 +244,6 @@ def get_sidebar(v):
@app.post('/admin/sidebar')
@limiter.limit("1/second")
@admin_level_required(3)
-@validate_formkey
 def post_sidebar(v):

 	text = request.values.get('sidebar', '').strip()
@ -351,21 +347,21 @@ def reported_comments(v):
@admin_level_required(2)
 def admin_home(v):

-	with open('disablesignups', 'r') as f: x = f.read()
+	with open('disable_signups', 'r') as f: x = f.read()
+	with open('under_attack', 'r') as f: x2 = f.read()

-	if not v or v.oldsite: return render_template("admin/admin_home.html", v=v, x=x)
+	if not v or v.oldsite: return render_template("admin/admin_home.html", v=v, x=x, x2=x2)

 	actions = g.db.query(ModAction).order_by(ModAction.id.desc()).limit(10).all()

-	return render_template("CHRISTMAS/admin/admin_home.html", actions=actions, v=v, x=x)
+	return render_template("CHRISTMAS/admin/admin_home.html", actions=actions, v=v, x=x, x2=x2)

-@app.post("/admin/disablesignups")
+@app.post("/admin/disable_signups")
@admin_level_required(3)
-@validate_formkey
-def disablesignups(v):
-	with open('disablesignups', 'r') as f: content = f.read()
+def disable_signups(v):
+	with open('disable_signups', 'r') as f: content = f.read()

-	with open('disablesignups', 'w') as f:
+	with open('disable_signups', 'w') as f:
 		if content == "yes":
 			f.write("no")
 			ma = ModAction(
@ -385,6 +381,35 @@ def disablesignups(v):
 			g.db.commit()
 			return {"message": "Signups disabled!"}

+
+@app.post("/admin/under_attack")
+@admin_level_required(2)
+def under_attack(v):
+	with open('under_attack', 'r') as f: content = f.read()
+
+	with open('under_attack', 'w') as f:
+		if content == "yes":
+			f.write("no")
+			ma = ModAction(
+				kind="disable_under_attack",
+				user_id=v.id,
+			)
+			g.db.add(ma)
+			g.db.commit()
+			data='{"value":"high"}'
+		else:
+			f.write("yes")
+			ma = ModAction(
+				kind="enable_under_attack",
+				user_id=v.id,
+			)
+			g.db.add(ma)
+			g.db.commit()
+			data='{"value":"under_attack"}'
+
+	response = requests.patch(f'https://api.cloudflare.com/client/v4/zones/{CF_ZONE}/settings/security_level', headers=CF_HEADERS, data=data)
+	return {"message": response.text}
+
@app.get("/admin/badge_grant")
@admin_level_required(2)
 def badge_grant_get(v):
@ -397,7 +422,6 @@ def badge_grant_get(v):
@app.post("/admin/badge_grant")
@limiter.limit("1/second")
@admin_level_required(2)
-@validate_formkey
 def badge_grant_post(v):
 	if not v or v.oldsite: template = ''
 	else: template = 'CHRISTMAS/'
@ -571,7 +595,6 @@ def alt_votes_get(v):
@app.post("/admin/link_accounts")
@limiter.limit("1/second")
@admin_level_required(2)
-@validate_formkey
 def admin_link_accounts(v):

 	u1 = int(request.values.get("u1"))
@ -643,7 +666,6 @@ def admin_removed_comments(v):

@app.post("/agendaposter/<user_id>")
@admin_level_required(2)
-@validate_formkey
 def agendaposter(user_id, v):
 	user = g.db.query(User).filter_by(id=user_id).one_or_none()

@ -700,7 +722,6 @@ def agendaposter(user_id, v):
@app.post("/shadowban/<user_id>")
@limiter.limit("1/second")
@admin_level_required(2)
-@validate_formkey
 def shadowban(user_id, v):
 	user = g.db.query(User).filter_by(id=user_id).one_or_none()
 	if user.admin_level != 0: abort(403)
@ -726,7 +747,6 @@ def shadowban(user_id, v):
@app.post("/unshadowban/<user_id>")
@limiter.limit("1/second")
@admin_level_required(2)
-@validate_formkey
 def unshadowban(user_id, v):
 	user = g.db.query(User).filter_by(id=user_id).one_or_none()
 	if user.admin_level != 0: abort(403)
@ -753,7 +773,6 @@ def unshadowban(user_id, v):
@app.post("/admin/verify/<user_id>")
@limiter.limit("1/second")
@admin_level_required(2)
-@validate_formkey
 def verify(user_id, v):
 	user = g.db.query(User).filter_by(id=user_id).one_or_none()
 	user.verified = "Verified"
@ -772,7 +791,6 @@ def verify(user_id, v):
@app.post("/admin/unverify/<user_id>")
@limiter.limit("1/second")
@admin_level_required(2)
-@validate_formkey
 def unverify(user_id, v):
 	user = g.db.query(User).filter_by(id=user_id).one_or_none()
 	user.verified = None
@ -792,7 +810,6 @@ def unverify(user_id, v):
@app.post("/admin/title_change/<user_id>")
@limiter.limit("1/second")
@admin_level_required(2)
-@validate_formkey
 def admin_title_change(user_id, v):

 	user = g.db.query(User).filter_by(id=user_id).one_or_none()
@ -826,7 +843,6 @@ def admin_title_change(user_id, v):
@app.post("/ban_user/<user_id>")
@limiter.limit("1/second")
@admin_level_required(2)
-@validate_formkey
 def ban_user(user_id, v):
 	
 	user = g.db.query(User).filter_by(id=user_id).one_or_none()
@ -886,7 +902,6 @@ def ban_user(user_id, v):
@app.post("/unban_user/<user_id>")
@limiter.limit("1/second")
@admin_level_required(2)
-@validate_formkey
 def unban_user(user_id, v):

 	user = g.db.query(User).filter_by(id=user_id).one_or_none()
@ -926,7 +941,6 @@ def unban_user(user_id, v):
@app.post("/ban_post/<post_id>")
@limiter.limit("1/second")
@admin_level_required(2)
-@validate_formkey
 def ban_post(post_id, v):

 	post = g.db.query(Submission).filter_by(id=post_id).one_or_none()
@ -963,7 +977,6 @@ def ban_post(post_id, v):
@app.post("/unban_post/<post_id>")
@limiter.limit("1/second")
@admin_level_required(2)
-@validate_formkey
 def unban_post(post_id, v):

 	post = g.db.query(Submission).filter_by(id=post_id).one_or_none()
@ -996,7 +1009,6 @@ def unban_post(post_id, v):

@app.post("/distinguish/<post_id>")
@admin_level_required(1)
-@validate_formkey
 def api_distinguish_post(post_id, v):

 	post = g.db.query(Submission).filter_by(id=post_id).one_or_none()
@ -1022,7 +1034,6 @@ def api_distinguish_post(post_id, v):

@app.post("/sticky/<post_id>")
@admin_level_required(2)
-@validate_formkey
 def sticky_post(post_id, v):

 	post = g.db.query(Submission).filter_by(id=post_id).one_or_none()
@ -1045,7 +1056,6 @@ def sticky_post(post_id, v):

@app.post("/unsticky/<post_id>")
@admin_level_required(2)
-@validate_formkey
 def unsticky_post(post_id, v):

 	post = g.db.query(Submission).filter_by(id=post_id).one_or_none()
@ -1072,7 +1082,6 @@ def unsticky_post(post_id, v):

@app.post("/sticky_comment/<cid>")
@admin_level_required(2)
-@validate_formkey
 def sticky_comment(cid, v):
 	
 	comment = get_comment(cid, v=v)
@ -1089,7 +1098,6 @@ def sticky_comment(cid, v):

@app.post("/unsticky_comment/<cid>")
@admin_level_required(2)
-@validate_formkey
 def unsticky_comment(cid, v):
 	
 	comment = get_comment(cid, v=v)
@ -1117,7 +1125,6 @@ def unsticky_comment(cid, v):
@app.post("/ban_comment/<c_id>")
@limiter.limit("1/second")
@admin_level_required(2)
-@validate_formkey
 def api_ban_comment(c_id, v):

 	comment = g.db.query(Comment).filter_by(id=c_id).one_or_none()
@ -1141,7 +1148,6 @@ def api_ban_comment(c_id, v):
@app.post("/unban_comment/<c_id>")
@limiter.limit("1/second")
@admin_level_required(2)
-@validate_formkey
 def api_unban_comment(c_id, v):

 	comment = g.db.query(Comment).filter_by(id=c_id).one_or_none()
@ -1170,7 +1176,6 @@ def api_unban_comment(c_id, v):

@app.post("/distinguish_comment/<c_id>")
@admin_level_required(1)
-@validate_formkey
 def admin_distinguish_comment(c_id, v):
 	
 	
@ -1205,7 +1210,6 @@ def admin_banned_domains(v):
@app.post("/admin/banned_domains")
@limiter.limit("1/second")
@admin_level_required(2)
-@validate_formkey
 def admin_toggle_ban_domain(v):

 	domain=request.values.get("domain", "").strip()
@ -1241,7 +1245,6 @@ def admin_toggle_ban_domain(v):
@app.post("/admin/nuke_user")
@limiter.limit("1/second")
@admin_level_required(2)
-@validate_formkey
 def admin_nuke_user(v):

 	user=get_user(request.values.get("user"))
@ -1275,7 +1278,6 @@ def admin_nuke_user(v):
@app.post("/admin/unnuke_user")
@limiter.limit("1/second")
@admin_level_required(2)
-@validate_formkey
 def admin_nunuke_user(v):

 	user=get_user(request.values.get("user"))
--- a/files/routes/awards.py
+++ b/files/routes/awards.py
@ -84,7 +84,6 @@ def shop(v):

@app.post("/buy/<award>")
@auth_required
-@validate_formkey
 def buy(v, award):
 	AWARDS = deepcopy(AWARDS2)

@ -181,7 +180,6 @@ def buy(v, award):
@app.post("/post/<pid>/awards")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def award_post(pid, v):

 	if v.shadowbanned: return render_template('errors/500.html', error=True, v=v), 500
@ -365,7 +363,6 @@ def award_post(pid, v):
@app.post("/comment/<cid>/awards")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def award_comment(cid, v):

 	if v.shadowbanned: return render_template('errors/500.html', error=True, v=v), 500
@ -556,7 +553,6 @@ def admin_userawards_get(v):
@app.post("/admin/awards")
@limiter.limit("1/second")
@admin_level_required(2)
-@validate_formkey
 def admin_userawards_post(v):
 	if not v or v.oldsite: template = ''
 	else: template = 'CHRISTMAS/'
--- a/files/routes/comments.py
+++ b/files/routes/comments.py
@ -136,7 +136,6 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None):
@limiter.limit("1/second")
@limiter.limit("6/minute")
@auth_required
-@validate_formkey
 def api_comment(v):
 	if v.is_suspended: return {"error": "You can't perform this action while banned."}, 403

@ -549,7 +548,6 @@ def api_comment(v):
@app.post("/edit_comment/<cid>")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def edit_comment(cid, v):
 	if v and v.patron:
 		if request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB."}, 413
@ -739,7 +737,6 @@ def edit_comment(cid, v):
@app.post("/delete/comment/<cid>")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def delete_comment(cid, v):

 	c = g.db.query(Comment).filter_by(id=cid).one_or_none()
@ -761,7 +758,6 @@ def delete_comment(cid, v):
@app.post("/undelete/comment/<cid>")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def undelete_comment(cid, v):

 	c = g.db.query(Comment).filter_by(id=cid).one_or_none()
@ -785,7 +781,6 @@ def undelete_comment(cid, v):

@app.post("/pin_comment/<cid>")
@auth_required
-@validate_formkey
 def pin_comment(cid, v):
 	
 	comment = get_comment(cid, v=v)
@ -806,7 +801,6 @@ def pin_comment(cid, v):

@app.post("/unpin_comment/<cid>")
@auth_required
-@validate_formkey
 def unpin_comment(cid, v):
 	
 	comment = get_comment(cid, v=v)
@ -828,7 +822,6 @@ def unpin_comment(cid, v):
@app.post("/save_comment/<cid>")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def save_comment(cid, v):

 	comment=get_comment(cid)
@ -847,7 +840,6 @@ def save_comment(cid, v):
@app.post("/unsave_comment/<cid>")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def unsave_comment(cid, v):

 	comment=get_comment(cid)
--- a/files/routes/errors.py
+++ b/files/routes/errors.py
@ -1,5 +1,3 @@
-import jinja2.exceptions
-
 from files.helpers.wrappers import *
 from flask import *
 from urllib.parse import quote, urlencode
@ -8,10 +6,9 @@ from files.__main__ import app, limiter


@app.errorhandler(400)
-@auth_desired
-def error_400(e, v):
+def error_400(e):
 	if request.headers.get("Authorization"): return {"error": "400 Bad Request"}, 400
-	else: return render_template('errors/400.html', error=True, v=v), 400
+	else: return render_template('errors/400.html', error=True), 400

@app.errorhandler(401)
 def error_401(e):
@ -26,40 +23,35 @@ def error_401(e):


@app.errorhandler(403)
-@auth_desired
-def error_403(e, v):
+def error_403(e):
 	if request.headers.get("Authorization"): return {"error": "403 Forbidden"}, 403
-	else: return render_template('errors/403.html', error=True, v=v), 403
+	else: return render_template('errors/403.html', error=True), 403


@app.errorhandler(404)
-@auth_desired
-def error_404(e, v):
+def error_404(e):
 	if request.headers.get("Authorization"): return {"error": "404 Not Found"}, 404
-	else: return render_template('errors/404.html', error=True, v=v), 404
+	else: return render_template('errors/404.html', error=True), 404


@app.errorhandler(405)
-@auth_desired
-def error_405(e, v):
+def error_405(e):
 	if request.headers.get("Authorization"): return {"error": "405 Method Not Allowed"}, 405
-	else: return render_template('errors/405.html', error=True, v=v), 405
+	else: return render_template('errors/405.html', error=True), 405


@app.errorhandler(429)
-@auth_desired
-def error_429(e, v):
+def error_429(e):
 	if request.headers.get("Authorization"): return {"error": "429 Too Many Requests"}, 429
-	else: return render_template('errors/429.html', error=True, v=v), 429
+	else: return render_template('errors/429.html', error=True), 429


@app.errorhandler(500)
-@auth_desired
-def error_500(e, v):
+def error_500(e):
 	g.db.rollback()

 	if request.headers.get("Authorization"): return {"error": "500 Internal Server Error"}, 500
-	else: return render_template('errors/500.html', error=True, v=v), 500
+	else: return render_template('errors/500.html', error=True), 500


@app.post("/allow_nsfw")
@ -69,11 +61,7 @@ def allow_nsfw():


@app.get("/error/<error>")
-@auth_desired
-def error_all_preview(error, v):
-
-	try:
-		return render_template(f"errors/{error}.html", error=True, v=v)
-	except jinja2.exceptions.TemplateNotFound:
-		abort(400)
+def error_all_preview(error):

+	try: return render_template(f"errors/{error}.html", error=True)
+	except: abort(400)
--- a/files/routes/front.py
+++ b/files/routes/front.py
@ -12,7 +12,6 @@ def slash_post():

@app.post("/clear")
@auth_required
-@validate_formkey
 def clear(v):
 	for n in v.notifications.filter_by(read=False).all():
 		n.read = True
--- a/files/routes/login.py
+++ b/files/routes/login.py
@ -158,7 +158,6 @@ def me(v):
@app.post("/logout")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def logout(v):

 	session.pop("session_id", None)
@ -170,7 +169,7 @@ def logout(v):
@app.get("/signup")
@auth_desired
 def sign_up_get(v):
-	with open('disablesignups', 'r') as f:
+	with open('disable_signups', 'r') as f:
 		if f.read() == "yes": return {"error": "New account registration is currently closed. Please come back later."}, 403

 	if v: return redirect("/")
@ -215,7 +214,7 @@ def sign_up_get(v):
@limiter.limit("5/day")
@auth_desired
 def sign_up_post(v):
-	with open('disablesignups', 'r') as f:
+	with open('disable_signups', 'r') as f:
 		if f.read() == "yes": return {"error": "New account registration is currently closed. Please come back later."}, 403

 	if v: abort(403)
--- a/files/routes/oauth.py
+++ b/files/routes/oauth.py
@ -21,7 +21,6 @@ def authorize_prompt(v):
@app.post("/authorize")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def authorize(v):

 	client_id = request.values.get("client_id")
@ -40,7 +39,6 @@ def authorize(v):
@app.post("/api_keys")
@limiter.limit("1/second")
@is_not_permabanned
-@validate_formkey
 def request_api_keys(v):

 	new_app = OauthApp(
@ -62,7 +60,6 @@ def request_api_keys(v):
@app.post("/delete_app/<aid>")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def delete_oauth_app(v, aid):

 	aid = int(aid)
@ -83,7 +80,6 @@ def delete_oauth_app(v, aid):
@app.post("/edit_app/<aid>")
@limiter.limit("1/second")
@is_not_permabanned
-@validate_formkey
 def edit_oauth_app(v, aid):

 	aid = int(aid)
@ -105,7 +101,6 @@ def edit_oauth_app(v, aid):
@app.post("/admin/app/approve/<aid>")
@limiter.limit("1/second")
@admin_level_required(2)
-@validate_formkey
 def admin_app_approve(v, aid):

 	app = g.db.query(OauthApp).filter_by(id=aid).one_or_none()
@ -140,7 +135,6 @@ def admin_app_approve(v, aid):
@app.post("/admin/app/revoke/<aid>")
@limiter.limit("1/second")
@admin_level_required(2)
-@validate_formkey
 def admin_app_revoke(v, aid):

 	app = g.db.query(OauthApp).filter_by(id=aid).one_or_none()
@ -166,7 +160,6 @@ def admin_app_revoke(v, aid):
@app.post("/admin/app/reject/<aid>")
@limiter.limit("1/second")
@admin_level_required(2)
-@validate_formkey
 def admin_app_reject(v, aid):

 	app = g.db.query(OauthApp).filter_by(id=aid).one_or_none()
@ -262,7 +255,6 @@ def admin_apps_list(v):
@app.post("/oauth/reroll/<aid>")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def reroll_oauth_tokens(aid, v):

 	aid = aid
--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@ -49,7 +49,6 @@ def toggle_club(pid, v):
@app.post("/publish/<pid>")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def publish(pid, v):
 	post = get_post(pid)
 	if not post.author_id == v.id: abort(403)
@ -393,7 +392,6 @@ def morecomments(v, cid):
@app.post("/edit_post/<pid>")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def edit_post(pid, v):
 	if v and v.patron:
 		if request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB."}, 413
@ -683,7 +681,6 @@ def thumbnail_thread(pid):
@limiter.limit("1/second")
@limiter.limit("6/minute")
@auth_required
-@validate_formkey
 def submit_post(v):
 	if v.is_suspended: return {"error": "You can't perform this action while banned."}, 403
 	
@ -1144,7 +1141,6 @@ def submit_post(v):
@app.post("/delete_post/<pid>")
@limiter.limit("2/second")
@auth_required
-@validate_formkey
 def delete_post_pid(pid, v):

 	post = get_post(pid)
@ -1166,7 +1162,6 @@ def delete_post_pid(pid, v):
@app.post("/undelete_post/<pid>")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def undelete_post_pid(pid, v):
 	post = get_post(pid)
 	if not post.author_id == v.id: abort(403)
@ -1182,7 +1177,6 @@ def undelete_post_pid(pid, v):

@app.post("/toggle_comment_nsfw/<cid>")
@auth_required
-@validate_formkey
 def toggle_comment_nsfw(cid, v):

 	comment = g.db.query(Comment).filter_by(id=cid).one_or_none()
@ -1197,7 +1191,6 @@ def toggle_comment_nsfw(cid, v):
 	
@app.post("/toggle_post_nsfw/<pid>")
@auth_required
-@validate_formkey
 def toggle_post_nsfw(pid, v):

 	post = get_post(pid)
@ -1224,7 +1217,6 @@ def toggle_post_nsfw(pid, v):
@app.post("/save_post/<pid>")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def save_post(pid, v):

 	post=get_post(pid)
@ -1241,7 +1233,6 @@ def save_post(pid, v):
@app.post("/unsave_post/<pid>")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def unsave_post(pid, v):

 	post=get_post(pid)
--- a/files/routes/reporting.py
+++ b/files/routes/reporting.py
@ -8,7 +8,6 @@ from files.helpers.sanitize import filter_emojis_only
@app.post("/report/post/<pid>")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def api_flag_post(pid, v):

 	post = get_post(pid)
@ -39,7 +38,6 @@ def api_flag_post(pid, v):
@app.post("/report/comment/<cid>")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def api_flag_comment(cid, v):

 	comment = get_comment(cid)
@ -64,7 +62,6 @@ def api_flag_comment(cid, v):
@app.post('/del_report/<report_fn>')
@limiter.limit("1/second")
@admin_level_required(2)
-@validate_formkey
 def remove_report(report_fn, v):

 	if report_fn.startswith('c'):
--- a/files/routes/settings.py
+++ b/files/routes/settings.py
@ -37,7 +37,6 @@ tiers={
@app.post("/settings/removebackground")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def removebackground(v):
 	v.background = None
 	g.db.add(v)
@ -47,7 +46,6 @@ def removebackground(v):
@app.post("/settings/profile")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def settings_profile_post(v):
 	if v and v.patron:
 		if request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB."}, 413
@ -431,7 +429,6 @@ def settings_profile_post(v):

@app.post("/settings/filters")
@auth_required
-@validate_formkey
 def filters(v):
 	filters=request.values.get("filters")[:1000].strip()

@ -449,7 +446,6 @@ def filters(v):

@app.post("/changelogsub")
@auth_required
-@validate_formkey
 def changelogsub(v):
 	v.changelogsub = not v.changelogsub
 	g.db.add(v)
@ -463,7 +459,6 @@ def changelogsub(v):
@app.post("/settings/namecolor")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def namecolor(v):
 	if not v or v.oldsite: template = ''
 	else: template = 'CHRISTMAS/'
@ -479,7 +474,6 @@ def namecolor(v):
@app.post("/settings/themecolor")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def themecolor(v):
 	if not v or v.oldsite: template = ''
 	else: template = 'CHRISTMAS/'
@ -495,7 +489,6 @@ def themecolor(v):
@app.post("/settings/gumroad")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def gumroad(v):
 	if SITE_NAME == 'Drama': patron = 'Paypig'
 	else: patron = 'Patron'
@ -548,7 +541,6 @@ def gumroad(v):
@app.post("/settings/titlecolor")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def titlecolor(v):
 	if not v or v.oldsite: template = ''
 	else: template = 'CHRISTMAS/'
@ -564,7 +556,6 @@ def titlecolor(v):
@app.post("/settings/verifiedcolor")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def verifiedcolor(v):
 	if not v or v.oldsite: template = ''
 	else: template = 'CHRISTMAS/'
@ -580,7 +571,6 @@ def verifiedcolor(v):
@app.post("/settings/security")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def settings_security_post(v):
 	if request.values.get("new_password"):
 		if request.values.get("new_password") != request.values.get("cnf_password"):
@ -664,7 +654,6 @@ def settings_security_post(v):
@app.post("/settings/log_out_all_others")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def settings_log_out_others(v):

 	submitted_password = request.values.get("password", "").strip()
@ -690,7 +679,6 @@ def settings_log_out_others(v):
@app.post("/settings/images/profile")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def settings_images_profile(v):
 	if v and v.patron:
 		if request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB."}, 413
@ -728,7 +716,6 @@ def settings_images_profile(v):
@app.post("/settings/images/banner")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def settings_images_banner(v):
 	if v and v.patron:
 		if request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB."}, 413
@ -756,7 +743,6 @@ def settings_images_banner(v):
@app.post("/settings/delete/profile")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def settings_delete_profile(v):

 	if v.profileurl or v.highres:
@ -772,7 +758,6 @@ def settings_delete_profile(v):
@app.post("/settings/delete/banner")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def settings_delete_banner(v):

 	if v.bannerurl:
@ -804,7 +789,6 @@ def settings_css_get(v):
@app.post("/settings/css")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def settings_css(v):
 	if v.agendaposter: return {"error": "Agendapostered users can't edit css!"}

@ -829,7 +813,6 @@ def settings_profilecss_get(v):
@app.post("/settings/profilecss")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def settings_profilecss(v):
 	if v.truecoins < 1000 and not v.patron: return f"You must have +1000 {COINS_NAME} or be a paypig to set profile css."
 	profilecss = request.values.get("profilecss").strip().replace('\\', '').strip()[:4000]
@ -844,7 +827,6 @@ def settings_profilecss(v):
@app.post("/settings/block")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def settings_block_user(v):

 	user = get_user(request.values.get("username"), graceful=True)
@ -879,7 +861,6 @@ def settings_block_user(v):
@app.post("/settings/unblock")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def settings_unblock_user(v):

 	user = get_user(request.values.get("username"))
@ -911,7 +892,6 @@ def settings_apps(v):
@app.post("/settings/remove_discord")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def settings_remove_discord(v):

 	remove_user(v)
@ -934,7 +914,6 @@ def settings_content_get(v):
@app.post("/settings/name_change")
@limiter.limit("1/second")
@is_not_permabanned
-@validate_formkey
 def settings_name_change(v):

 	new_name=request.values.get("name").strip()
@ -985,7 +964,6 @@ def settings_name_change(v):
@app.post("/settings/song_change")
@limiter.limit("5/day;1/second")
@auth_required
-@validate_formkey
 def settings_song_change(v):
 	song=request.values.get("song").strip()

@ -1074,7 +1052,6 @@ def settings_song_change(v):
@app.post("/settings/title_change")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def settings_title_change(v):
 	if not v or v.oldsite: template = ''
 	else: template = 'CHRISTMAS/'
--- a/files/routes/static.py
+++ b/files/routes/static.py
@ -269,7 +269,6 @@ def contact(v):
@app.post("/send_admin")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def submit_contact(v):
 	message = f'This message has been sent automatically to all admins via [/contact](/contact), user email is "{v.email}"\n\nMessage:\n\n' + request.values.get("message", "")
 	send_admin(v.id, message)
--- a/files/routes/users.py
+++ b/files/routes/users.py
@ -124,7 +124,6 @@ def downvoting(v, username):
@app.post("/pay_rent")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def pay_rent(v):
 	if v.coins < 500: return {"error":"You must have more than 500 coins."}
 	v.coins -= 500
@ -141,7 +140,6 @@ def pay_rent(v):
@app.post("/steal")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def steal(v):
 	if int(time.time()) - v.created_utc < 604800:
 		return {"error":"You must have an account older than 1 week in order to attempt stealing."}
@ -200,7 +198,6 @@ def thiefs(v):
@app.post("/@<username>/suicide")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def suicide(v, username):
 	t = int(time.time())
 	if v.admin_level == 0 and t - v.suicide_utc < 86400: return {"message": "You're on 1-day cooldown!"}
@ -223,7 +220,6 @@ def get_coins(v, username):
@app.post("/@<username>/transfer_coins")
@limiter.limit("1/second")
@is_not_permabanned
-@validate_formkey
 def transfer_coins(v, username):
 	receiver = g.db.query(User).filter_by(username=username).one_or_none()

@ -261,7 +257,6 @@ def transfer_coins(v, username):
@app.post("/@<username>/transfer_bux")
@limiter.limit("1/second")
@is_not_permabanned
-@validate_formkey
 def transfer_bux(v, username):
 	receiver = g.db.query(User).filter_by(username=username).one_or_none()

@ -367,7 +362,6 @@ def song(song):
@app.post("/subscribe/<post_id>")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def subscribe(v, post_id):
 	new_sub = Subscription(user_id=v.id, submission_id=post_id)
 	g.db.add(new_sub)
@ -377,7 +371,6 @@ def subscribe(v, post_id):
@app.post("/unsubscribe/<post_id>")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def unsubscribe(v, post_id):
 	sub=g.db.query(Subscription).filter_by(user_id=v.id, submission_id=post_id).one_or_none()
 	if sub:
@ -394,7 +387,6 @@ def reportbugs(v):
@limiter.limit("1/second")
@limiter.limit("10/hour")
@is_not_permabanned
-@validate_formkey
 def message2(v, username):

 	user = get_user(username, v=v)
@ -464,7 +456,6 @@ def message2(v, username):
@limiter.limit("1/second")
@limiter.limit("6/minute")
@auth_required
-@validate_formkey
 def messagereply(v):

 	message = request.values.get("body", "").strip()[:1000].strip()
@ -832,7 +823,6 @@ def u_username_info(username, v=None):
@app.post("/follow/<username>")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def follow_user(username, v):

 	target = get_user(username)
@ -857,7 +847,6 @@ def follow_user(username, v):
@app.post("/unfollow/<username>")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def unfollow_user(username, v):

 	target = get_user(username)
@ -882,7 +871,6 @@ def unfollow_user(username, v):
@app.post("/remove_follow/<username>")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def remove_follow(username, v):
 	target = get_user(username)

@ -977,7 +965,6 @@ def saved_comments(v, username):

@app.post("/fp/<fp>")
@auth_required
-@validate_formkey
 def fp(v, fp):
 	if v.username != fp:
 		v.fp = fp
--- a/files/routes/votes.py
+++ b/files/routes/votes.py
@ -73,7 +73,6 @@ def admin_vote_info_get(v):
@app.post("/vote/post/<post_id>/<new>")
@limiter.limit("5/second;60/minute;600/hour")
@auth_required
-@validate_formkey
 def api_vote_post(post_id, new, v):

 	if new == "-1" and environ.get('DISABLE_DOWNVOTES') == '1': return {"error": "forbidden."}, 403
@ -132,7 +131,6 @@ def api_vote_post(post_id, new, v):
@app.post("/vote/comment/<comment_id>/<new>")
@limiter.limit("5/second;60/minute;600/hour")
@auth_required
-@validate_formkey
 def api_vote_comment(comment_id, new, v):

 	if new == "-1" and environ.get('DISABLE_DOWNVOTES') == '1': return {"error": "forbidden."}, 403
@ -199,7 +197,6 @@ def api_vote_comment(comment_id, new, v):

@app.post("/vote/poll/<comment_id>")
@auth_required
-@validate_formkey
 def api_vote_poll(comment_id, v):
 	
 	vote = request.values.get("vote")
@ -235,7 +232,6 @@ def api_vote_poll(comment_id, v):
@app.post("/bet/<comment_id>")
@limiter.limit("1/second")
@auth_required
-@validate_formkey
 def bet(comment_id, v):
 	
 	if v.coins < 200: return {"error": "You don't have 200 coins!"}
--- a/files/templates/admin/admin_home.html
+++ b/files/templates/admin/admin_home.html
@ -58,9 +58,14 @@

 {% if v.admin_level > 2 %}
 	<div class="custom-control custom-switch">
-		<input autocomplete="off" type="checkbox" class="custom-control-input" id="disablesignups" name="disablesignups" {% if x == "yes" %}checked{% endif %} onchange="post_toast('/admin/disablesignups');">
-		<label class="custom-control-label" for="disablesignups">Disable signups</label>
+		<input autocomplete="off" type="checkbox" class="custom-control-input" id="disable_signups" name="disable_signups" {% if x == "yes" %}checked{% endif %} onchange="post_toast('/admin/disable_signups');">
+		<label class="custom-control-label" for="disable_signups">Disable signups</label>
 	</div>
 {% endif %}

+<div class="custom-control custom-switch">
+	<input autocomplete="off" type="checkbox" class="custom-control-input" id="under_attack" name="under_attack" {% if x2 == "yes" %}checked{% endif %} onchange="post_toast('/admin/under_attack');">
+	<label class="custom-control-label" for="under_attack">Under attack mode</label>
+</div>
+
 {% endblock %}
--- a/files/templates/authforms.html
+++ b/files/templates/authforms.html
@ -15,7 +15,7 @@

 		{% if v %}
 			<style>:root{--primary:#{{v.themecolor}}}</style>
-			<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
+			<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
 			{% if v.agendaposter %}
 				<style>
 					html {
@ -39,7 +39,7 @@
 			{% endif %}
 		{% else %}
 			<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-			<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
+			<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
 		{% endif %}

 </head>
--- a/files/templates/default.html
+++ b/files/templates/default.html
@ -7,7 +7,7 @@
 	<script src="/static/assets/js/bootstrap.js?a=3"></script>
 	{% if v %}
 		<style>:root{--primary:#{{v.themecolor}}}</style>
-		<link rel="stylesheet" href="/static/assets/css/main.css?a=67">
+		<link rel="stylesheet" href="/static/assets/css/main.css?a=68">
 		<link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
 		{% if v.agendaposter %}
 			<style>
@ -32,7 +32,7 @@
 		{% endif %}
 	{% else %}
 		<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-		<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
+		<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
 	{% endif %}

 	<meta charset="utf-8">
--- a/files/templates/log.html
+++ b/files/templates/log.html
@ -6,7 +6,7 @@
 {% block content %}
 {% if v %}
 	<style>:root{--primary:#{{v.themecolor}}}</style>
-	<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
+	<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
 	{% if v.agendaposter %}
 		<style>
 			html {
@ -30,7 +30,7 @@
 	{% endif %}
 {% else %}
 	<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-	<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
+	<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
 {% endif %}

 <div class="row justify-content-around">
--- a/files/templates/login.html
+++ b/files/templates/login.html
@ -18,7 +18,7 @@
 	{% endblock %}
 	
 	<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-	<link rel="stylesheet" href="/static/assets/css/main.css?a=67">
+	<link rel="stylesheet" href="/static/assets/css/main.css?a=68">
 	<link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">

 </head>
--- a/files/templates/login_2fa.html
+++ b/files/templates/login_2fa.html
@ -14,7 +14,7 @@
 		<title>2-Step Login - {{'SITE_NAME' | app_config}}</title>

 		<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-		<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
+		<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">

 </head>

--- a/files/templates/settings.html
+++ b/files/templates/settings.html
@ -34,7 +34,7 @@


 	<style>:root{--primary:#{{v.themecolor}}}</style>
-	<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
+	<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
 	{% if v.agendaposter %}
 		<style>
 			html {
--- a/files/templates/settings2.html
+++ b/files/templates/settings2.html
@ -39,10 +39,10 @@
 	
 	{% if v %}
 		<style>:root{--primary:#{{v.themecolor}}}</style>
-		<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
+		<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
 	{% else %}
 		<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-		<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
+		<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
 	{% endif %}
 </head>

--- a/files/templates/sign_up.html
+++ b/files/templates/sign_up.html
@ -31,7 +31,7 @@
 		<title>{% if ref_user %}{{ref_user.username}} invites you to {{'SITE_NAME' | app_config}}{% else %}Sign up - {{'SITE_NAME' | app_config}}{% endif %}</title>

 		<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-		<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
+		<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">

 </head>

--- a/files/templates/sign_up_failed_ref.html
+++ b/files/templates/sign_up_failed_ref.html
@ -32,7 +32,7 @@
 		<title>{% if ref_user %}{{ref_user.username}} invites you to {{'SITE_NAME' | app_config}}{% else %}{{'SITE_NAME' | app_config}}{% endif %}</title>

 		<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-		<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
+		<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">

 </head>

--- a/files/templates/submit.html
+++ b/files/templates/submit.html
@ -26,7 +26,7 @@
 		{% block stylesheets %}
 		{% if v %}
 			<style>:root{--primary:#{{v.themecolor}}}</style>
-			<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
+			<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
 			{% if v.agendaposter %}
 				<style>
 					html {
@ -50,7 +50,7 @@
 			{% endif %}
 		{% else %}
 			<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-			<link rel="stylesheet" href="/static/assets/css/main.css?a=67">
+			<link rel="stylesheet" href="/static/assets/css/main.css?a=68">
 			<link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
 		{% endif %}
 		{% endblock %}