def Profile():
try:
current_user.get_username()
except:
abort(404)
user = current_user
conn = sqlite3.connect(os.path.join(file_directory, "storage.db"))
c = conn.cursor()
c.execute("SELECT * FROM paymentdetails WHERE user_id=? ", (user.id, ))
# self define paymentinformation and fetch one and return into payment information variable.
paymentinformation = c.fetchone()
if paymentinformation:
payment_details = PaymentInfo(paymentinformation[1],
paymentinformation[2],
paymentinformation[3],
int(paymentinformation[4]))
else:
payment_details = PaymentInfo("", "", "", "")
payment_form = PaymentOptions(request.form)
if request.method == "POST" and payment_form.validate():
conn = sqlite3.connect(os.path.join(file_directory, "storage.db"))
c = conn.cursor()
c.execute("SELECT * FROM paymentdetails WHERE user_id=? ", (user.id, ))
result = c.fetchone()
if not result:
e1 = pyffx.Integer(
b'12376987ca98sbdacsbjkdwd898216jasdnsd98213912', length=16)
e2 = pyffx.Integer(
b'12376987ca98sbdacsbjkdwd898216jasdnsd98213912',
length=len(str(payment_form.SecretNumber.data)))
encrypted_card_no = e1.encrypt(payment_form.CreditCardno.data)
encrypted_card_CVV = e2.encrypt(payment_form.SecretNumber.data)
c.execute("INSERT INTO paymentdetails VALUES (?, ?, ?, ?, ?)",
(user.id, payment_form.Name.data, encrypted_card_no,
payment_form.ExpiryDate.data, encrypted_card_CVV))
conn.commit()
conn.close()
return redirect(url_for('user.Profile'))
else:
flash('Only can store 1 card detail')
if payment_details.get_full_name() != '':
cn = payment_details.get_credit_card_number()
e1 = pyffx.Integer(b'12376987ca98sbdacsbjkdwd898216jasdnsd98213912',
length=16)
cn = e1.decrypt(cn)
return render_template("user/Profile.html",
user=user,
payment_details=payment_details,
form=payment_form,
cn=str(cn))
return render_template("user/Profile.html",
user=user,
payment_details=payment_details,
form=payment_form)
def generate_lookup(self, password="******"):
password = str.encode(password)
fpe = pyffx.Integer(password, length=3)
f = lambda x: fpe.encrypt(x)
g = lambda x: fpe.decrypt(x)
f = np.vectorize(f)
g = np.vectorize(g)
lookup = f(np.arange(256))
relookup = g(np.arange(1000))
lookup = torch.from_numpy(lookup)
relookup = torch.from_numpy(relookup)
return lookup, relookup
# Format-preserving, Feistel-based encryption (FFX)
import pyffx
e = pyffx.Integer(b'secret-rsa_key', length=4)
x = e.encrypt(1001)
print(x)
y = e.decrypt(x)
print(y)
e = pyffx.String(b'secret-rsa_key', alphabet='abcdefghij', length=6)
x = e.encrypt('jibabc')
print(x)
y = e.decrypt(x)
print(y)
def encrypt(self, val, addition: int = sys.maxsize):
""" Encrypt a value with FFX library. Negative values are currently not supported as integers.
:param val: Value to encrypt
:type val: Either an integer, a string or a floating point number (represented as a string)
:param addition: Value added to an integer number, which will be subtracted first, defaults to sys.maxsize
:param addition: int, optional
:return: Encrypted number fitting same format as input
:rtype: Either an int or a string depending on what was passed in
"""
n_val = 0
# If the value is none or if its numpy and nan then just return it
if val == None or (isinstance(val, np.float64) and np.isnan(val)):
return val
try:
logger.debug(type(val))
# Strings that are integers should just be int
if isinstance(val, str) and val.isdigit():
val = int(val)
if np.issubdtype(type(val),
np.int64) and val > 0: # If val is Integer
# If there's an addition do the new calculation
n_val = val - addition
logger.debug(
f"n_val = {n_val} val = {val} addition = {addition}")
if n_val > 0:
val = n_val
e = pyffx.Integer(self.ffx_secret, length=len(str(val)))
enc = e.encrypt(val)
else: # Either String or Decimal
val = str(val)
enc = ""
elems = re.split('(\W+|\d+)', val)
for elem in elems:
if len(elem) == 0:
continue
vlen = len(elem)
if elem.isdigit():
# encrypt integer part
e = pyffx.Integer(self.ffx_secret, length=vlen)
temp = str(e.encrypt(elem))
elif elem.isalpha():
# encrypt alphabet characters
if elem.islower():
e = pyffx.String(self.ffx_secret,
alphabet=string.ascii_lowercase,
length=vlen)
elif elem.isupper():
e = pyffx.String(self.ffx_secret,
alphabet=string.ascii_uppercase,
length=vlen)
else:
e = pyffx.String(self.ffx_secret,
alphabet=string.ascii_letters,
length=vlen)
temp = e.encrypt(elem)
else: # Escape special characters
temp = elem
enc += str(temp)
logger.debug(f"Out val {enc}")
# Return it as a string
if np.issubdtype(type(val), np.int64) and n_val > 0:
enc += addition
return enc
except Exception as e:
logger.exception(f"Cannot encrypt {val} {type(val)}")
return val
df_2 = pandas.read_csv(
'C:\\Users\\mansi\\OneDrive\\Documents\\ADM\\enc_data.csv')
#reading all columns into data frame
col = df_2.iloc[:, 10]
col1 = df_2.iloc[:, 1]
col2 = df_2.iloc[:, 2]
col3 = df_2.iloc[:, 3]
col4 = df_2.iloc[:, 4]
col5 = df_2.iloc[:, 5]
col6 = df_2.iloc[:, 6]
col7 = df_2.iloc[:, 7]
col8 = df_2.iloc[:, 8]
col9 = df_2.iloc[:, 9]
e = pyffx.Integer(b'secret-key', length=5)
#using key encryption(format preserving)
encrypted_number_list1 = [e.encrypt(x) for x in col1]
encrypted_number_list2 = [e.encrypt(x) for x in col2]
encrypted_number_list3 = [e.encrypt(x) for x in col3]
encrypted_number_list4 = [e.encrypt(x) for x in col4]
encrypted_number_list5 = [e.encrypt(x) for x in col5]
encrypted_number_list6 = [e.encrypt(x) for x in col6]
encrypted_number_list7 = [e.encrypt(x) for x in col7]
encrypted_number_list8 = [e.encrypt(x) for x in col8]
encrypted_number_list9 = [e.encrypt(x) for x in col9]
from phe import paillier
public_key, private_key = paillier.generate_paillier_keypair(n_length=58)
import pyffx
from django.conf import settings
encrypter = pyffx.Integer(settings.SECRET_KEY.encode('UTF-8'),
length=settings.POST_ID_SECRET_LENGTH)
def encrypt_id(id):
return encrypter.encrypt(id)
def decrypt_id(enc_id):
return encrypter.decrypt(enc_id)
def checkout():
try:
username = current_user.get_username()
user = current_user
user_id = session["_user_id"]
except:
user = None
user_id = None
error = ""
# Check if cart is in session or empty
if 'cart' in session:
cart = session['cart']
if not cart:
return redirect(url_for('main.home'))
else:
return redirect(url_for('main.home'))
# if user is not signin, will redirect to ask to signin
if not user:
return redirect(url_for('user.signin'))
else:
# getting card from existing user
conn = sqlite3.connect(os.path.join(file_directory, "storage.db"))
c = conn.cursor()
c.execute(
"SELECT credit_card_number from paymentdetails where user_id=?",
(user_id, ))
result = c.fetchone()
if result:
e1 = pyffx.Integer(
b'12376987ca98sbdacsbjkdwd898216jasdnsd98213912', length=16)
credit_card_number = str(e1.decrypt(result[0]))
sliced_credit_card_number = "XXXX-" * 3 + credit_card_number[-4:]
else:
return redirect(url_for('user.Profile'))
# payment
if request.method == "POST" and user is not None:
month = request.form.get('Expiry_DateM')
year = request.form.get('Expiry_DateY')
cvv = request.form.get('CVV')
# validate credit card details
conn = sqlite3.connect(os.path.join(file_directory, "storage.db"))
c = conn.cursor()
c.execute(
"SELECT expiry, cvv, credit_card_number from paymentdetails where user_id=?",
(user_id, ))
result = c.fetchone()
valid_year, valid_month, valid_day = result[0].split('-')
e2 = pyffx.Integer(b'12376987ca98sbdacsbjkdwd898216jasdnsd98213912',
length=len(str(result[1])))
valid_cvv = e2.decrypt(result[1])
if int(year) == int(valid_year[2:]) and int(month) == int(
valid_month) and str(cvv) == str(valid_cvv):
# successful payment
c.execute("select max(order_id) from orders")
try:
order_id = c.fetchone()[0] + 1
except TypeError:
order_id = 1
user_id = session["_user_id"]
voucher_code = session["voucher"]
date_of_purchase = datetime.now()
total_cost = session["amount"]
c.execute("INSERT into orders values (?, ?, ?, ?, ?)",
(order_id, user_id, voucher_code, date_of_purchase,
total_cost))
for item in session['cart']:
c.execute("INSERT into order_details values (?,?)",
(order_id, item[0]))
conn.commit()
conn.close()
# uses the voucher (should only use it after payment is successful)
if '_user_id' in session and 'voucher' in session and session[
'voucher'] != '':
cookie = request.headers['cookie']
csrf_token = request.form.get('csrf_token')
headers = {'cookie': cookie, 'X-CSRF-Token': csrf_token}
url = "http://localhost:5000/api/userVoucher/" + session[
"_user_id"]
response = requests.put(url,
json={"code": session["voucher"]},
headers=headers)
data = response.json()["data"]
if data == "This is a general voucher":
data = ""
else:
data = ""
# deletes voucher and cart session
del session['cart']
if 'voucher' in session:
del session['voucher']
return render_template("shopping/Thankyou.html",
data=data,
user=user)
else:
# unsuccessful payment
details = f"Failed transaction with the username of {username}."
Loggingtype = "Transaction"
Logging(Loggingtype, details)
error = "Invalid Payment Details"
# checkout details
cart = session['cart']
voucher = session['voucher']
conn = sqlite3.connect(os.path.join(file_directory, "storage.db"))
c = conn.cursor()
c.execute("SELECT amount from vouchers where code = ?", (voucher, ))
try:
voucher_cost = c.fetchone()[0]
except TypeError:
voucher_cost = 0
subtotal = session['subtotal']
amount = session['amount']
order_details = {
'cart': cart,
'voucher': voucher,
'voucher_cost': voucher_cost,
'subtotal': subtotal,
'total': amount
}
return render_template("shopping/Checkout.html",
user=user,
credit_card_number=sliced_credit_card_number,
error_message=error,
order_details=order_details)
import pyffx e = pyffx.Integer(b'12376987ca98sbdacsbjkdwd898216jasdnsd98213912', length=16) creditcardno = '2654859379613343' print(e.decrypt(creditcardno))
