def signup():
if not session.get('logged_in'):
form = forms.LoginForm(request.form)
if request.method == 'POST':
username = request.form['username'].lower()
password = helpers.hash_password(request.form['password'])
email = request.form['email']
if form.validate():
if not helpers.username_taken(username):
helpers.add_user(username, password, email)
session['logged_in'] = True
session['username'] = username
session['password'] = password
return json.dumps({'status': 'Signup successful'})
return json.dumps({'status': 'Username taken'})
return json.dumps({'status': 'User/Pass required'})
return render_template('login.html', form=form)
return redirect(url_for('login'))
def authorized():
resp = google.authorized_response()
if resp is None:
return 'Access denied: reason=%s error=%s' % (
request.args['error_reason'], request.args['error_description'])
session['google_token'] = (resp['access_token'], '')
me = google.get('userinfo')
data = me.data
email = data['email']
session['logged_in'] = True
session['username'] = email
if helpers.is_registered(email) == 0:
password = helpers.hash_password(email)
helpers.add_user(email, password, email)
user = helpers.get_user_by_email(email)
id = user.id
session['userid'] = id
return redirect(url_for('showcatalogs'))
def register():
if not session.get('logged_in'):
form = forms.LoginForm(request.form)
if request.method == 'POST':
username = request.form['username'].lower()
password = helpers.hash_password(request.form['password'])
if form.validate():
if request.form['password'] == request.form['cpassword']:
if not helpers.username_taken(username):
helpers.add_user(username, password)
session['logged_in'] = True
session['username'] = username
return redirect(url_for('homepage'))
return render_template('register.html', error="Username Taken")
return render_template('register.html', error="Passwords do not match")
return render_template('register.html', error="User/Pass Required")
return render_template('register.html', form=form)
return redirect(url_for('homepage'))
def signup():
if session.get('logged_in'):
return redirect(url_for('home'))
else:
form = forms.SignupForm(request.form)
if request.method == 'POST':
username = request.form['username'].lower()
password = helpers.hash_password(request.form['password'])
email = request.form['email']
if form.validate():
if not helpers.username_taken(username):
helpers.add_user(username, password, email)
session['logged_in'] = True
session['username'] = username
return redirect(url_for('home'))
flash('Username taken', 'error')
return render_template("out_facing/signup.html"), 401
flash("Missing a required field", 'error')
return render_template("out_facing/signup.html"), 400
return render_template("out_facing/signup.html")
def settings():
if session.get('logged_in'):
if request.method == 'POST':
password = request.form['password']
if password != "":
password = helpers.hash_password(password)
email = request.form['email']
helpers.change_user(password=password, email=email)
return json.dumps({'status': 'Saved'})
user = helpers.get_user()
eng = create_engine(SQLALCHEMY_DATABASE_URI)
# vulnerable sqli
with eng.connect() as con:
query = "SELECT * FROM logs WHERE ip = '{0}'".format(
request.headers.get('X-Forwarded-For'))
print(query)
res = con.execute(query)
return render_template('settings.html', user=user, logs=res)
return redirect(url_for('login'))
def settings():
if session.get('logged_in'):
if request.method == 'POST':
password = request.form['password']
if password != "":
password = helpers.hash_password(password)
email = request.form['email']
helpers.change_user(password=password, email=email)
return json.dumps({'status': 'Saved'})
user = helpers.get_user()
return render_template('settings.html', user=user)
return redirect(url_for('login'))