def login(): if request.method == 'GET': return render_template("login.html") else: username = request.form.get("username") password = request.form.get("password") # ensure input was entered if not username or not password: return apology("You must enter a username and password") # query database for username user = Users.query.filter_by(username=username).first() # ensure username exists if not user: return apology("You must enter a valid username") # ensure password is correct inputHash = md5(password.encode()).hexdigest() if inputHash != user.password: return apology("You must enter a valid password") # create user session to remember user session["user_id"] = user.id return redirect("/")
def upload(): if request.method == "GET": return render_template("upload.html") else: # check if the post request has the file part if 'file' not in request.files: flash('No file part') return redirect(request.url) file = request.files['file'] # if user does not select file, browser also # submit an empty part without filename if file.filename == '': flash('No selected file') return redirect(request.url) # not securing filename if not request.form.get("name"): filename = file.filename check = allowed_file(filename) else: filename = request.form.get("name") check = True if file and check: path = os.path.join(app.config['UPLOAD_FOLDER'], filename) file.save(path) return redirect(url_for('uploaded', filename=filename)) else: return apology("Bad file upload request. Try again.")
def secret_page(): if request.method == "GET": return render_template("secret.html") else: userInput = request.form.get("query") # ensure user has input something if not userInput: return apology("You must enter a username") # check for username in database result = db.engine.execute( f"SELECT * FROM users WHERE username='******'") # in order to use the data it must be fetched from the ResultProxy object rows = result.fetchall() if not rows: return apology("0 results found") return render_template("result.html", rows=rows[0])
def flag_check(): if request.method == "GET": return render_template("flag.html") else: # hashed flag to prevent cheating flagHash = 'pbkdf2:sha256:50000$lZnnfd9Y$22a7c6d699b1021aa862b8fa6712d9608044dd2c036c64053efea48c8b321cf8' if not check_password_hash(flagHash, request.form.get("flag")): return apology( "The flag you entered is not correct. You can't guess it.") else: return render_template("game_over.html")
def errorhandler(e): """Handle error""" if not isinstance(e, HTTPException): e = InternalServerError() return apology(e.name, e.code)