def home():
if request.method == 'GET':
session['csrf_token'] = str(uuid.uuid4())
# print(session['csrf_token'])
if request.method == 'POST':
# if request.form['csrf_token'] == session['csrf_token']:
# Using the instructor's solution
if request.form.get('csrf_token', None) == session['csrf_token']:
g = Grade(
student=request.form['student'],
assignment=request.form['assignment'],
grade=request.form['grade'],
)
# print("(" + request.form['grade'] + ")")
g.save()
# else:
# print("""test not passed with session['csrf_token'] being {}
# and request.form['csrf_token'] being {}""".format(session['csrf_token'],
# request.form['csrf_token']))
body = """
<html>
<body>
<h1>Enter Grades</h1>
<h2>Enter a Grade</h2>
<form method="POST">
<label for="student">Student</label>
<input type="text" name="student"><br>
<label for="assignment">Assignment</label>
<input type="text" name="assignment"><br>
<label for="grade">Grade</label>
<input type="text" name="grade"><br>
<input type="submit" value="Submit">
<input type="hidden" name="csrf_token" value={}>
</form>
<h2>Existing Grades</h2>
""".format(session['csrf_token'])
for g in Grade.select():
body += """
<div class="grade">
{}, {}: {}
</div>
""".format(g.student, g.assignment, g.grade)
return body
def home():
#Added
if 'csrf_token' not in session:
letters = string.ascii_lowercase
key = ''.join(random.choice(letters) for i in range(10))
session['csrf_token'] = key
if request.method == 'POST':
if request.form.get('csrf_token',
None) == session['csrf_token']: #Added
g = Grade(
student=request.form['student'],
assignment=request.form['assignment'],
grade=request.form['grade'],
)
#print("(" + request.form['grade'] + ")")
g.save()
body = """
<html>
<body>
<h1>Enter Grades</h1>
<h2>Enter a Grade</h2>
<form method="POST">
<label for="student">Student</label>
<input type="text" name="student"><br>
<label for="assignment">Assignment</label>
<input type="text" name="assignment"><br>
<label for="grade">Grade</label>
<input type="text" name="grade"><br>
<input type="hidden" name="csrf_token" value="{}">
<input type="submit" value="Submit">
</form>
<h2>Existing Grades</h2>
""".format(session['csrf_token']) #Added
#SHOWING
for g in Grade.select():
body += """
<div class="grade">
{}, {}: {}
</div>
""".format(g.student, g.assignment, g.grade)
return body
def home():
# If the session does not include a CSRF token, then add one.
if 'csrf_token' not in session:
session['csrf_token'] = str(random.randint(10000000, 99999999))
if request.method == 'POST':
# Only save the grade if the form submission includes a CSRF token,
# and it matches the token in the session.
if request.form.get('csrf_token', None) == session['csrf_token']:
g = Grade(
student=request.form['student'],
assignment=request.form['assignment'],
grade=request.form['grade'],
)
g.save()
body = """
<html>
<body>
<h1>Enter Grades</h1>
<h2>Enter a Grade</h2>
<form method="POST">
<label for="student">Student</label>
<input type="text" name="student"><br>
<label for="assignment">Assignment</label>
<input type="text" name="assignment"><br>
<label for="grade">Grade</label>
<input type="text" name="grade"><br>
<input type="hidden" name="csrf_token" value="{}"> <!-- Include the CSRF token in the form -->
<input type="submit" value="Submit">
</form>
<h2>Existing Grades</h2>
""".format(session['csrf_token']) # <--
for g in Grade.select():
body += """
<div class="grade">
{}, {}: {}
</div>
""".format(g.student, g.assignment, g.grade)
return body
def home():
#Creates the csrf token for the session.
if 'csrf_token' not in session:
session['csrf_token'] = str(random.randint(1000000, 9999999))
if request.method == 'POST':
if request.form.get('csrf_token', None) == session['csrf_token']:
g = Grade(
student=request.form['student'],
assignment=request.form['assignment'],
grade=request.form['grade'],
)
#print("(" + request.form['grade'] + ")")
g.save()
body = """
<html>
<body>
<h1>Enter Grades</h1>
<h2>Enter a Grade</h2>
<form method="POST">
<label for="student">Student</label>
<input type="text" name="student"><br>
<label for="assignment">Assignment</label>
<input type="text" name="assignment"><br>
<label for="grade">Grade</label>
<input type="text" name="grade"><br>
<input type="hidden" name="csrf_token" value="{}">
<input type="submit" value="Submit">
</form>
<h2>Existing Grades</h2>
""".format(session['csrf_token'])
for g in Grade.select():
body += """
<div class="grade">
{}, {}: {}
</div>
""".format(g.student, g.assignment, g.grade)
return body
def home():
if 'csrftoken' not in session:
session['csrftoken'] = app.secret_key
if request.method == 'POST':
if str(request.form.get('_csrf_token', None)) == str(app.secret_key):
g = Grade(
student=request.form['student'],
assignment=request.form['assignment'],
grade=request.form['grade'],
)
g.save()
body = """
<html>
<body>
<h1>Enter Grades</h1>
<h2>Enter a Grade</h2>
<form method="POST">
<input name=_csrf_token type="hidden" value="{}">
<label for="student">Student</label>
<input type="text" name="student"><br>
<label for="assignment">Assignment</label>
<input type="text" name="assignment"><br>
<label for="grade">Grade</label>
<input type="text" name="grade"><br>
<input type="submit" value="Submit">
</form>
<h2>Existing Grades</h2>
""".format(session['csrftoken'])
for g in Grade.select():
body += """
<div class="grade">
{}, {}: {}
</div>
""".format(g.student, g.assignment, g.grade)
return body
def home():
if request.method == 'POST':
g = Grade(
student=request.form['student'],
assignment=request.form['assignment'],
grade=request.form['grade'],
)
#print("(" + request.form['grade'] + ")")
g.save()
body = """
<html>
<body>
<h1>Enter Grades</h1>
<h2>Enter a Grade</h2>
<form method="POST">
<label for="student">Student</label>
<input type="text" name="student"><br>
<label for="assignment">Assignment</label>
<input type="text" name="assignment"><br>
<label for="grade">Grade</label>
<input type="text" name="grade"><br>
<input type="submit" value="Submit">
</form>
<h2>Existing Grades</h2>
"""
for g in Grade.select():
body += """
<div class="grade">
{}, {}: {}
</div>
""".format(g.student, g.assignment, g.grade)
return body