def index():
# if user is logged in setting up vars to be used in rendering the index template
if session.get('log_in') != None:
if session['log_in'] == True:
_id = session['uuid']
return view.render_template(view='home.html')
return view.render_template(view='home.html')
def reports():
if session['log_in'] == True:
_id = session['uuid']
reports = User.get_reports(_id)
length = len(reports)
return view.render_template(view='reports.html',reports=reports,length=length)
else:
return redirect(url_for('index'))
def instantmessages():
if session['log_in'] == True:
_id = session['uuid']
if User.is_admin(_id):
reply = request.args['id']
message = Chat.get_message(reply)
user = get_username_from_message(message)
return view.render_template(view="response.html",message=message,user=user)
return redirect(url_for('index'))
def register():
error=None
if request.method == 'POST':
email = request.form['email']
password = request.form['password']
username = request.form['name']
if check_email(email) == True and general_check(password,7,20) and general_check(username,4,20):
user = User.register(username,email,password)
if user:
return redirect(url_for('index'))
error= 'Account already exists!'
return view.render_template(view='register.html',error=error)
else:
error = 'Invalid input, please verify again'
if session.get('log_in') != None :
if session['log_in'] == True and request.method== 'GET':
return redirect(url_for('index'))
return view.render_template(view='register.html',error=error)
def userdashboard():
if session['log_in'] == True:
_id = session['uuid']
pending = Report.get_report_status_per_user(_id,0)
accepted = Report.get_report_status_per_user(_id,1)
rejected = Report.get_report_status_per_user(_id,-1)
reportCount = get_reports_per_user_count(_id)
history = get_chat_messages(_id)
usernames = get_username_from_messages(history[0])
length = len(history[0])
return view.render_template(view='userdashboard.html',pending=pending,accepted=accepted,rejected=rejected,reportCount=reportCount,history=history,usernames=usernames,length=length)
return redirect(url_for('index'))
def leaderboard():
# add lock here from admin settings
allUsers=User.get_all_users()
Ranking=[]
for user in allUsers:
if user['admin']== True or user['banned'] == True:
pass
else:
Ranking.append(calculate_score_for_user(user))
Ranking=sorted(Ranking,key=lambda l:l[1],reverse=True)
length=len(Ranking)
return view.render_template(view='leaderboard.html',ranking=Ranking,length=length)
def login():
if request.method == 'POST':
error = None
email= request.form['email']
password = request.form['password']
if general_check(password,7,20) and check_email(email):
if User.valid_login(email,password):
uuid = User.get_id_by_email(email)
User.login(uuid)
return redirect(url_for('index'))
else:
error ='Wrong credentials please verify your informations'
error='Invalid email or password format!'
return view.render_template(view='auth.html',error=error)
def evaluate_report():
error=None
if session['log_in']==True:
_id= session['uuid']
if User.is_admin(_id):
edit_report=request.args['id']
report=Report.get_report(edit_report)
if report['locked']== False:
usernames = get_username(report)
Report.update(report['reportId'],'locked',True)
return view.render_template(view='admin_report.html',report=report,usernames=usernames)
else:
flash("Another admin is currently evaluating!")
return redirect(url_for('administration'))
else:
User.update(_id,'banned',True)
return redirect(url_for('index'))
def administration():
if session['log_in']==True:
_id = session['uuid']
if User.is_admin(_id):
# counting reports and users
countReports = Report.get_all_reports_count()
countUsers = User.count_users()
# count waiting submissions
pendingReportsCount = Report.get_pending_reports_count()
acceptedReportsCount = Report.get_accepted_reports_count()
rejectedReportsCount = Report.get_rejected_reports_count()
# this line is an anti protection against division by zero
if countReports==0:
acceptedReportsRatio = 0
else:
acceptedReportsRatio = round(acceptedReportsCount * 100 / countReports)
currentDate=datetime.datetime.now()
# this section gonna deal with the users management view in the admin dashboard
allUsers=User.get_all_users()
#handles the message display
messages = Chat.get_unviewed_messages()
usernames = get_username_from_messages(messages)
len2 = len(usernames)
# this section gonna deal with the reports management view in the admin dashboard
allReports = Report.get_all_reports()
allPending = Report.get_all_pending_reports()
allAccepted = Report.get_all_accepted_reports()
allRejected = Report.get_all_rejected_reports()
# this section gonna handle the mini leaderboard in the admin panel
Ranking=[]
for user in allUsers:
if user['admin'] == True:
pass
else:
Ranking.append(calculate_score_for_user(user))
Ranking=sorted(Ranking,key=lambda l:l[1],reverse=True)
length=len(Ranking)
# to avoid the bug of displaying rank in leaderboard
if length is None:
length = 0
return view.render_template(view='admin/admin.html',countReports=countReports,countUsers=countUsers,pendingReportsCount=pendingReportsCount,acceptedReportsCount=acceptedReportsCount,rejectedReportsCount=rejectedReportsCount,ratio=acceptedReportsRatio,
allReports=allReports,allUsers=allUsers,allPending=allPending,allAccepted=allAccepted,allRejected=allRejected,currenttime=currentDate
,length=length,ranking=Ranking,messages=messages,usernames=usernames,len2=len2)
return redirect(url_for('index'))
def new_report():
if session['log_in'] == True:
error=None
_id = session['uuid']
if request.method == 'POST':
if check_form_empty(request.form,ignore='reportContent'):
error='Please fill all the form before submiting!'
return view.render_template(view='add.html',error=error)
else:
reportOwner =_id
reportName =request.form['reportName']
reportType =request.form['reportType']
reportLevel =request.form['reportLevel']
AttackVector =request.form['AttackVector']
reportDescription =request.form['reportDescription']
getprivilege =request.form['getprivilege']
AttackComplexity =request.form['AttackComplexity']
# handle file upload section
if 'reportContent' in request.files:
file =request.files['reportContent']
else:
file = False
reportFile = None
if Report.get_reports_queue(_id)<=conf.REPORT_LIMIT:
if file:
reportFile = file.filename
if allowed_file(reportFile):
reportFile = secure_file_name(file.filename)
file.save(os.path.join(os.getcwd()+conf.UPLOAD_FOLDER,reportFile))
else:
error="File not allowed, INC ban"
return view.render_template(view='add.html',error=error)
report = Report.register_report(reportOwner,reportName,reportType,reportDescription,reportLevel,AttackComplexity,AttackVector,getprivilege,reportFile)
# this has being changed before
success = 'Reported submitted successfully!'
return view.render_template(view='add.html',success=success)
else:
error='Due to flooding threat every user is limited to only '+str(conf.REPORT_LIMIT)+' reports in pending queue, Sorry for the inconvenience.'
return view.render_template(view='add.html',error=error)
elif request.method == 'GET':
user = User.get_by_id(_id)
error = None
if user['banned'] == True:
error = "You are not allowed to add a report because you are banned!"
return view.render_template(view='banned.html',error=error)
return view.render_template(view='add.html',error=error)
return redirect(url_for('index'))
def not_found(error):
return view.render_template(view='error.html'), 404
def aboutus():
return view.render_template(view='aboutus.html')
def auth():
return view.render_template(view='auth.html')