def buy_help(help_id): # get cost for achievement cursor = get_admin_cursor() cursor.execute('SELECT cost FROM tips WHERE id = ?', [help_id]) result = cursor.fetchone() if result is None: return jsonify('Cant fetch Price'), 500 price = result[0] # get points of player cursor.execute('SELECT points FROM tester_stats ORDER BY id DESC LIMIT 1') result = cursor.fetchone() if result is None: return jsonify('Cant fetch Points'), 500 oldpoints = result[0] # get current player id cursor.execute('SELECT MAX(id) FROM tester_stats') result = cursor.fetchone() if result is None: return jsonify('Cant fetch PlayerID'), 500 player_id = result[0] # buy help for points (save the transaction in database) new_points = oldpoints - price cursor.execute('UPDATE tester_stats SET points = ? WHERE id = ?', [new_points, player_id]) cursor.execute('UPDATE tips SET bought = true WHERE id = ?', [help_id]) return jsonify(True), 200
def get_tips(): cursor = get_admin_cursor() cursor.execute( 'SELECT tips.id, scoreboard.name, tips.cost, tips.text, bought ' 'FROM tips, scoreboard ' 'WHERE tips.achievement_id = scoreboard.id') return cursor.fetchall()
def get_resets(): cursor = get_admin_cursor() cursor.execute('SELECT count(*) FROM tester_stats') result = cursor.fetchone() if result is not None: return result[0] - 1 return "ERROR"
def award_points(points): cursor = get_admin_cursor() cursor.execute('SELECT points FROM tester_stats ORDER BY id DESC LIMIT 1') oldpoints = cursor.fetchone()[0] newpoints = oldpoints + points cursor.execute( 'UPDATE tester_stats SET points = ? WHERE id = (SELECT id FROM (SELECT MAX(id) FROM tester_stats))', [newpoints])
def check_if_points_are_valid(flag_id): scoreboard_id = get_scoreboard_id_for_flag(flag_id) cursor = get_admin_cursor() cursor.execute('SELECT status FROM scoreboard WHERE id = ?', [scoreboard_id]) status = cursor.fetchone()[0] if status == 0: return True return False
def hide_email_template_flag(): """ Verstecke Flagge in app.config damit emailtemplate mit {{ config }} darauf zugreifen kann :return: None """ admincursor = get_admin_cursor() admincursor.execute('SELECT flag FROM flag WHERE id = 5') hideflag = admincursor.fetchall()[0][0] app.config['EMAIL_TEMPLATE_FLAG'] = hideflag
def hide_secret_key_flag(): """ Verstecke flagge in active_flags damit admin über shopadmin darauf zugreifen kann :return: None """ admincursor = get_admin_cursor() admincursor.execute('SELECT flag FROM flag WHERE id = 6') hideflag = admincursor.fetchall()[0][0] active_flags['secret_key_flag'] = hideflag
def hide_cart_negative_quantity_flag(): """ Speichere Flag in app.config damit das checkout Template diese auslesen kann :return: None """ admincursor = get_admin_cursor() admincursor.execute('SELECT flag FROM flag WHERE id = 2') hideflag = admincursor.fetchall()[0][0] app.config['cart_flag'] = hideflag
def hide_sqli_flag(): """ Speichere Flag in active_flags damit das shopadmin panel diese auslesen kann :return: None """ admincursor = get_admin_cursor() admincursor.execute('SELECT flag FROM flag WHERE id = 4') hideflag = admincursor.fetchall()[0][0] active_flags['sqli_flag'] = hideflag
def remove_itemtype_flag(): """ Entferne Versteckte Flagge aus shoptabelle :return: None """ admincursor = get_admin_cursor() admincursor.execute('SELECT flag FROM flag WHERE id = 1') hideflag = admincursor.fetchall()[0][0] cursor = get_cursor() cursor.execute('DELETE FROM flag WHERE flag = ?', [hideflag])
def hide_itemtype_flag(): """ Verstecke Flagge in shoptabelle um sie für UNION SELECT sichtbar zu machen :return: None """ admincursor = get_admin_cursor() admincursor.execute('SELECT flag FROM flag WHERE id = 1') hideflag = admincursor.fetchall()[0][0] cursor = get_cursor() cursor.execute('INSERT INTO flag (flag) VALUES (?)', [hideflag])
def start_everything(): import datetime timestamp = datetime.datetime.now() cursor = get_admin_cursor() cursor.execute( "INSERT INTO tester_stats (points, timestamp) VALUES (?, ?)", [0, timestamp]) make_everything_insecure() undo_all_achievements() app.config["scoreboard_visible"] = "invisible" return redirect(url_for('index'))
def check_flag(flag): """ überprüfe gegebene Flagge mit datenbank und antworte mit json (da ajax aufruf) :param flag: :return: True || False """ cursor = get_admin_cursor() cursor.execute('SELECT id FROM main.flag where flag = ?', [flag]) result = cursor.fetchone() if result is not None: update_points(result[0]) scoreboard_id = get_scoreboard_id_for_flag(result[0]) set_achievement_done_for(scoreboard_id) disable_risk_for_flag(result[0]) return jsonify(True) return jsonify(False)
def get_tester_data(): cursor = get_admin_cursor() cursor.execute( "SELECT id, points, timestamp FROM tester_stats ORDER BY id DESC LIMIT 1" ) return cursor.fetchone()
def set_achievement_done_for(id): cursor = get_admin_cursor() cursor.execute('UPDATE scoreboard SET status = true WHERE id = ?', [id])
def get_scoreboard_id_for_flag(id): cursor = get_admin_cursor() cursor.execute( 'SELECT id_scoreboard FROM map_scoreboard_flag WHERE id_flag = ?', [id]) return cursor.fetchone()[0]
def get_flag(id): cursor = get_admin_cursor() cursor.execute('SELECT flag FROM main.flag WHERE id = ?', [id]) return cursor.fetchone()
def undo_all_achievements(): cursor = get_admin_cursor() cursor.execute('UPDATE scoreboard SET status = false')
def get_points_for_flag(id): cursor = get_admin_cursor() cursor.execute('SELECT points FROM flag where id = ?', [id]) return cursor.fetchone()[0]
def get_scoreboard(): cursor = get_admin_cursor() cursor.execute('SELECT id, name, description, status FROM scoreboard') return cursor.fetchall()
def show_old_stats(): cursor = get_admin_cursor() cursor.execute('SELECT id, points, timestamp FROM tester_stats') result = cursor.fetchall() return render_template('admin/oldstats.html', oldstats=result)