def index(req):
# check if cookie is set for respondent who already participated
client_cookie = Cookie.get_cookie(req, 'rm-group-a')
if client_cookie is None:
Cookie.add_cookie(req,
'rm-group-a',
'true',
expires=time.time() +
31 * 24 * 3600) # expires after 1 month
else:
return 'You already participated.'
# load current respondent conditions
with open(PATH, 'r') as f:
respondents = yaml.load(f)
if respondents is None:
respondents = []
no_avatar_count = count_str_in_seq(NO_AVATAR, respondents)
avatar_count = count_str_in_seq(AVATAR, respondents)
if no_avatar_count <= MIN_RESPONDENTS and avatar_count >= MIN_RESPONDENTS:
condition = NO_AVATAR
elif no_avatar_count >= MIN_RESPONDENTS and avatar_count <= MIN_RESPONDENTS:
condition = AVATAR
else:
condition = random.choice([NO_AVATAR, AVATAR])
# write new condition entry
with open(PATH, 'w') as f:
respondents.append(condition)
yaml.dump(respondents, f)
util.redirect(req, 'welcome' + '-' + condition + '.html')
def index(req): # check if cookie is set for respondent who already participated client_cookie = Cookie.get_cookie(req, 'rm-group-a') if client_cookie is None: Cookie.add_cookie(req, 'rm-group-a', 'true', expires=time.time()+31*24*3600) # expires after 1 month else: return 'You already participated.' # load current respondent conditions with open(PATH, 'r') as f: respondents = yaml.load(f) if respondents is None: respondents = [] no_avatar_count = count_str_in_seq(NO_AVATAR, respondents) avatar_count = count_str_in_seq(AVATAR, respondents) if no_avatar_count <= MIN_RESPONDENTS and avatar_count >= MIN_RESPONDENTS: condition = NO_AVATAR elif no_avatar_count >= MIN_RESPONDENTS and avatar_count <= MIN_RESPONDENTS: condition = AVATAR else: condition = random.choice([NO_AVATAR, AVATAR]) # write new condition entry with open(PATH, 'w') as f: respondents.append(condition) yaml.dump(respondents, f) util.redirect(req, 'welcome' + '-' + condition + '.html')
def index(req):
# get the network address of the client
address = req.get_remote_host(apache.REMOTE_NOLOOKUP, None)
# use the path from the request filename to locate the correct template
name = req.filename[:req.filename.rindex('/')] + "/exitpage.html"
file = open(name, "r")
page = file.read()
file.close()
# load the app settings
captureSettings = load_capture_settings(req)
# setup the uvm and app objects so we can make the RPC call
captureList = load_rpc_manager_list()
# track the number of successful calls to userLogout
exitCount = 0
# call the logout function for each app instance
cookie_key = "__ngfwcp"
for app in captureList:
exitResult = app.userLogout(address)
cookies = Cookie.get_cookie(req, cookie_key)
if cookies != None:
value = {}
cookie = Cookie.MarshalCookie(cookie_key,
value,
secret=str(
captureSettings["secretKey"]))
cookie.path = "/"
cookie.expires = 0
Cookie.add_cookie(req, cookie)
if (exitResult == 0):
exitCount = exitCount + 1
if (exitCount == 0):
page = replace_marker(page, '$.ExitMessage.$',
_('You were already logged out'))
page = replace_marker(page, '$.ExitStyle.$', 'styleProblem')
else:
page = replace_marker(page, '$.ExitMessage.$',
_('You have successfully logged out'))
page = replace_marker(page, '$.ExitStyle.$', 'styleNormal')
page = replace_marker(page, '$.CompanyName.$',
captureSettings['companyName'])
page = replace_marker(page, '$.PageTitle.$',
captureSettings['basicLoginPageTitle'])
# return the logout page we just created
return (page)
def index(req):
req.content_type = "text/html"
html = open("/var/www/html/templates/admin.html").read()
t = Template(html)
cookie = Cookie.get_cookie(req, "admin")
if cookie:
if str(cookie.value) == "True, VHJ1ZQ==":
req.write(t.render(text=open("/opt/flag.txt").read()))
else:
req.write(t.render(text="LOL get out you are not the admin!"))
else:
req.write(t.render(text="LOL get out you are not the admin!"))
def login(req, **params):
""" New login attempt. Clean out old session if present, and create new one. """
sess = Session(req)
if not sess.is_new():
sess.delete()
sess = Session(req)
if not sess.is_new():
req.status = apache.HTTP_BAD_REQUEST
return 'failed to create new session'
if 'u' not in params or 'p' not in params:
req.status = apache.HTTP_BAD_REQUEST
return 'some parameters were not provided'
ret = dict()
if params['u'] != 'einstein' or params['p'] != 'fuckbin':
ret['success'] = False
ret['error'] = 'bad username or password'
# note: session is not saved!
else:
ret['success'] = True
# keep some stuff in session...
sess['username'] = params['u']
sess['user_id'] = 1
sess.set_timeout(60 * 60 * 24 * 365 * 10) # 10 year
sess.save()
# grab the user's cookie, and save the seen leaks into the database
seen_ranges = urllib.unquote(Cookie.get_cookie(req, '__CJ_seen').value)
seen_ranges = json.loads(seen_ranges)
values = [[sess['user_id'], i] for seen_range in seen_ranges
for i in range(seen_range['start'], seen_range['end'] + 1)]
db = Database.get()
c = db.cursor()
c.executemany(
""" replace into user_seen (user_id, leak_id) values (%s, %s) """,
values)
db.commit()
c.close()
req.content_type = 'application/json'
return json.dumps(ret, ensure_ascii=False)
def index(req):
# get the network address of the client
address = req.get_remote_host(apache.REMOTE_NOLOOKUP,None)
# use the path from the request filename to locate the correct template
name = req.filename[:req.filename.rindex('/')] + "/exitpage.html"
file = open(name, "r")
page = file.read();
file.close()
# load the app settings
captureSettings = load_capture_settings(req)
# setup the uvm and app objects so we can make the RPC call
captureList = load_rpc_manager_list()
# track the number of successful calls to userLogout
exitCount = 0
# call the logout function for each app instance
cookie_key = "__ngfwcp"
for app in captureList:
exitResult = app.userLogout(address)
cookies = Cookie.get_cookie(req, cookie_key)
if cookies != None:
value = {}
cookie = Cookie.MarshalCookie(cookie_key, value, secret=str(captureSettings["secretKey"]))
cookie.path = "/"
cookie.expires = 0
Cookie.add_cookie(req, cookie)
if (exitResult == 0):
exitCount = exitCount + 1
if (exitCount == 0):
page = replace_marker(page,'$.ExitMessage.$', _('You were already logged out') )
page = replace_marker(page,'$.ExitStyle.$', 'styleProblem')
else:
page = replace_marker(page,'$.ExitMessage.$', _('You have successfully logged out') )
page = replace_marker(page,'$.ExitStyle.$', 'styleNormal')
page = replace_marker(page,'$.CompanyName.$', captureSettings['companyName'])
page = replace_marker(page,'$.PageTitle.$', captureSettings['basicLoginPageTitle'])
# return the logout page we just created
return(page)
def login(req, **params):
""" New login attempt. Clean out old session if present, and create new one. """
sess = Session(req)
if not sess.is_new():
sess.delete()
sess = Session(req)
if not sess.is_new():
req.status = apache.HTTP_BAD_REQUEST
return 'failed to create new session'
if 'u' not in params or 'p' not in params:
req.status = apache.HTTP_BAD_REQUEST
return 'some parameters were not provided'
ret = dict()
if params['u'] != 'einstein' or params['p'] != 'fuckbin':
ret['success'] = False
ret['error'] = 'bad username or password'
# note: session is not saved!
else:
ret['success'] = True
# keep some stuff in session...
sess['username'] = params['u']
sess['user_id'] = 1
sess.set_timeout(60 * 60 * 24 * 365 * 10) # 10 year
sess.save()
# grab the user's cookie, and save the seen leaks into the database
seen_ranges = urllib.unquote(Cookie.get_cookie(req, '__CJ_seen').value)
seen_ranges = json.loads(seen_ranges)
values = [[sess['user_id'], i] for seen_range in seen_ranges for i in
range(seen_range['start'], seen_range['end'] + 1)]
db = Database.get()
c = db.cursor()
c.executemany(""" replace into user_seen (user_id, leak_id) values (%s, %s) """, values)
db.commit()
c.close()
req.content_type = 'application/json'
return json.dumps(ret, ensure_ascii=False)
