More ban enhancements

[CrystalVulpine]

IP bans

Now there are 4 levels of IP ban:

1. New accounts registered from the IP are banned
2. All accounts accessed from the IP are banned
3. Level 2, and accounts previously accessed from the IP are banned retroactively
4. Completely blocks access to the site (what it has now)

Note: In order to get this working the database logs with set_account_ip() for every single request while the user is logged in. I think this is how it's normally done, but it seems like a huge use of resources to me. Reddit deletes them after 90 days, but I don't know how to do that (maybe @libertysoft3 can figure it out). You could log them only when the user logs into their account, but then if they change IPs while logged in it won't be recorded. The old way of getting IP history, by searching through every single post, comment, sub, and message and grabbing their IPs if their author matches the one we want, has been removed. Users also now have a link on their overview page to view their own IP history.

Super admins

Some admin tools are usually disabled on saidit to prevent abuse. Now u/magnora7 can set his permission level to superadmin in the ini file instead of admin, so that he and possibly those he finds extremely trustworthy can access the dangerous tools without exposing them to the rest of the admins.

This update also includes a new admin_enable_password_locking flag.

"Spiderbans"

This was prepared for in #121. It makes saidit download a cookie when logging into a banned account, which then causes other accessed accounts to be banned as well. If the source account is passlocked it will cause the same to happen to others, if it's shadowbanned or suspended they will be shadowbanned. If there's no ban, it doesn't do anything. It spreads like a virus until the user figures out that they need to clear their browsing data.

The names of the cookies (perhaps obfuscated) must be set in the ini file as spiderban_shadowban_cookie and spiderban_passlock_cookie.

Other

There were also a few minor patches to #121.

Warnings

• Unlike #121 there are a few minor changes to the database in this one. However they should not cause any problems.
• Because an entire .py file was removed, this will probably require deleting all .pyc files to force python to recompile them. Python doesn't do so when a file is deleted, which causes import problems.
• Set the spiderban cookie names in the ini file.
• As always, test the changes before merging them.

[CrystalVulpine]

I believe reddit does log all the requests, considering that it purposely omits duplicate IPs from the account activity page. But it somehow deletes them after 90 days, and I have no idea how that could be done. It's not like an account deletion cleanup where it only has to schedule one thing, there are way too many requests to do it that way.