def feedback(self, parametri):
response = {}
if db.validateTextSqlInjection(
parametri['name']) == True and db.validateTextSqlInjection(
parametri['email']
) == True and db.validateTextSqlInjection(
parametri['message']) == True:
if db.validateTextXss(
parametri['name']) == True and db.validateTextXss(
parametri['email']) == True and db.validateTextXss(
parametri['message']) == True:
db.insertFeedback(parametri)
response["code"] = 200
response["message"] = "All is well"
response["type"] = "Success"
else:
response["code"] = 409
response["message"] = "You tried xss! Got ya'!"
response["type"] = "Error"
else:
response["code"] = 409
response["message"] = "You tried sql injection! Got ya'!"
response["type"] = "Error"
return response
def register(self, parametri):
response = {}
if db.validateTextSqlInjection(
parametri["email"]) == True and db.validateTextSqlInjection(
parametri["password"]
) == True and db.validateTextSqlInjection(
parametri["sex"]) == True:
if db.validateTextXss(
parametri["email"]) == True and db.validateTextXss(
parametri["password"]) == True and db.validateTextXss(
parametri["sex"]) == True:
if db.checkIfUserExists(parametri["email"]):
response["code"] = 409
response["message"] = "Email already in use"
response["type"] = "Error"
else:
db.insertUser(parametri["username"], parametri["password"],
parametri["email"], parametri["sex"])
response["code"] = 200
response["message"] = "All is well"
response["type"] = "Success"
else:
response["code"] = 409
response["message"] = "You tried xss! Got ya'!"
response["type"] = "Error"
else:
response["code"] = 409
response["message"] = "You tried sql injection! Got ya'!"
response["type"] = "Error"
return response
def login(self, parametri):
response = {}
if db.validateTextSqlInjection(
parametri["email"]) == True and db.validateTextSqlInjection(
parametri["password"]) == True:
if db.validateTextXss(
parametri["email"]) == True and db.validateTextXss(
parametri["password"]) == True:
if db.checkIfUserExists(parametri["email"]):
if db.checkUserPassword(
parametri["email"])[0][0] == parametri["password"]:
data = db.selectAllFromUser(parametri["email"])
dataJson = {}
response["code"] = 200
response["type"] = "Success"
response["message"] = "Login succesfull"
dataJson["username"] = data[0][1]
dataJson["id"] = data[0][0]
dataJson["notificare1"] = data[0][5]
dataJson["notificare2"] = data[0][6]
dataJson["notificare3"] = data[0][7]
response["data"] = dataJson
else:
response["code"] = 401
response["type"] = "Error"
response[
"message"] = "Username, password combination is wrong"
else:
response["code"] = 401
response["type"] = "Error"
response[
"message"] = "Username, password combination is wrong"
else:
response["code"] = 409
response["message"] = "You tried xss! Got ya'!"
response["type"] = "Error"
else:
response["code"] = 409
response["message"] = "You tried sql injection! Got ya'!"
response["type"] = "Error"
return response
def comment(self, parametri):
response = {}
if db.validateTextSqlInjection(parametri['comment']) == True:
if db.validateTextXss(parametri['comment']) == True:
db.insertComment(parametri)
response["code"] = 200
response["message"] = "All is well"
response["type"] = "Success"
else:
response["code"] = 409
response["message"] = "You tried xss! Got ya'!"
response["type"] = "Error"
else:
response["code"] = 409
response["message"] = "You tried sql injection! Got ya'!"
response["type"] = "Error"
return response
def add_allergy(self, parametri):
response = {}
if db.validateTextSqlInjection(
parametri['name']) == True and db.validateTextSqlInjection(
parametri['description']
) == True and db.validateTextSqlInjection(
parametri['symptoms']
) == True and db.validateTextSqlInjection(
parametri['prevention']
) == True and db.validateTextSqlInjection(
parametri['treatment']
) == True and db.validateTextSqlInjection(
parametri['medication']) == True:
if db.validateTextXss(
parametri['name']) == True and db.validateTextXss(
parametri['description']
) == True and db.validateTextXss(
parametri['symptoms']) == True and db.validateTextXss(
parametri['prevention']
) == True and db.validateTextXss(
parametri['treatment']
) == True and db.validateTextXss(
parametri['medication']) == True:
db.insertSuggestion(
parametri['name'], parametri['allergy_type'],
parametri['description'], parametri['symptoms'],
parametri['prevention'], parametri['treatment'],
parametri['medication'], parametri['id'])
response["code"] = 200
response["message"] = "All is well"
response["type"] = "Success"
else:
response["code"] = 409
response["message"] = "You tried xss! Got ya'!"
response["type"] = "Error"
else:
response["code"] = 409
response["message"] = "You tried sql injection! Got ya'!"
response["type"] = "Error"
return response