def register(): form = RegisterForm(request.form) error = None if request.method == "POST": if 'name' in request.form and 'password' in request.form: User.query.all() user = User.query.filter_by(user_name=request.form['name']).first() if user is None: uid = uuid4() # Create User new_user = User(request.form['name'], request.form['password'], 'Alice', 'Anonymous', 'iDont Facegood, literally iDont Even. lol! #6443_EXAM_MEME', str(uid) ) User.register_user(new_user) # Create User Mailbox mailbox_name = b64encode(bytes(str(uid), 'utf-8')).decode('utf-8') filepath = os.path.join(current_app.config.get("APP_BASE_DIR"), mailbox_name + ".txt") fp = open(filepath, "wb") fp.close() greeting = "Welcome to Facegood, {}. I am Noone.".format(new_user.user_name) greet_msg = Message(current_app.config.get("GREETER"), str(uid), greeting) greet_msg.send_msg() flash('Registration Successful') return redirect('/login') # Create Pubkey File Name # Create Privkey File Name # Generate Keypair else: error = "User already exists." return render_template('forms/register.html', form=form, err=error)
def message(id): if not UserConnect.is_friend(id): return redirect(url_for('app.home')) form = MessageForm(request.form) # 自分と相手のやり取りのメッセージを取得 messages = Message.get_friend_messages(current_user.get_id(), id) user = User.select_user_by_id(id) # まだ読まれていないが、新たに読まれるメッセージ read_message_ids = [message.id for message in messages if (not message.is_read) and (message.from_user_id == int(id))] # すでに読まれていて、かつまだチェックしていない自分のメッセージをチェック not_checked_message_ids = [message.id for message in messages if message.is_read and (not message.is_checked) and (message.from_user_id == int(current_user.get_id()))] if not_checked_message_ids: with db.session.begin(subtransactions=True): Message.update_is_checked_by_ids(not_checked_message_ids) db.session.commit() # read_message_idsのis_readをTrueに変更 if read_message_ids: with db.session.begin(subtransactions=True): Message.update_is_read_by_ids(read_message_ids) db.session.commit() if request.method == 'POST' and form.validate(): new_message = Message(current_user.get_id(), id, form.message.data) with db.session.begin(subtransactions=True): new_message.create_message() db.session.commit() return redirect(url_for('app.message', id=id)) return render_template( 'message.html', form=form, messages=messages, to_user_id=id, user=user )
def message(id): if not UserConnect.is_friend(id): return redirect(url_for('app.home')) form = MessageForm(request.form) messages = Message.get_friend_messages(current_user.get_id(), id) if request.method == 'POST' and form.validate(): new_message = Message(current_user.get_id(), id, form.message.data) with db.session.begin(subtransactions=True): new_message.create_message() db.session.commit() return redirect(url_for('app.message', id=id)) return render_template('message.html', form=form, messages=messages, to_user_id=id)
def load_old_messages(): user_id = request.args.get('user_id', -1, type=int) offset_value = request.args.get('offset_value', -1, type=int) if user_id == -1 or offset_value == -1: return messages = Message.get_friend_messages(current_user.get_id(), user_id, offset_value * 100) user = User.select_user_by_id(user_id) return jsonify(data=make_old_message_format(user, messages))
def send_message(): # Kickout Scrubs if not session.get('logged_in'): return redirect('/') name = session['user_name'] User.query.all() src_user = User.query.filter_by(id=int(request.form['src'])).first() if src_user is None: flash("User mailbox not found") return redirect('/') src_mailbox = src_user.user_mailbox mailkey = b64encode(bytes(str(src_mailbox), 'utf-8')).decode('utf-8') # Check target is valid target = request.form['mailbox'] dst_user = User.query.filter_by(user_mailbox=target).first() if dst_user is None: flash("User mailbox not found") return redirect('/message/history?v=' + mailkey) dst_mailbox = dst_user.user_mailbox message = request.form.get("message", '') if src_user.id == 9447: message = 'flag{f0reVa_Al0ne}' src_mailbox = dst_mailbox # Craft the message and send it. new_msg = Message(src_mailbox, dst_mailbox, message) success = new_msg.send_msg() if not success: flash("Message failed to send") return redirect('/message/history?v=' + mailkey) else: # Success return redirect('/message/history?v=' + mailkey)
def message_ajax(): user_id = request.args.get('user_id', -1, type=int) # まだ読んでいない相手からのメッセージを取得 user = User.select_user_by_id(user_id) not_read_messages = Message.select_not_read_messages(user_id, current_user.get_id()) not_read_message_ids = [message.id for message in not_read_messages] if not_read_message_ids: with db.session.begin(subtransactions=True): Message.update_is_read_by_ids(not_read_message_ids) db.session.commit() # すでに読まれた自分のメッセージでまだチェックしていないものを取得 not_checked_messages = Message.select_not_checked_messages(current_user.get_id(), user_id) not_checked_message_ids = [not_checked_message.id for not_checked_message in not_checked_messages] if not_checked_message_ids: with db.session.begin(subtransactions=True): Message.update_is_checked_by_ids(not_checked_message_ids) db.session.commit() return jsonify(data=make_message_format(user, not_read_messages), checked_message_ids = not_checked_message_ids)
def show_messages(): # Kickout Scrubs if not session.get('logged_in'): return redirect('/') mailbox = None error = None User.query.all() name = session['user_name'] sess_user = User.query.filter_by(user_name=name).first() if sess_user is None: return '403 Permission Denied', 403 # Bail out on non standard requests. if 'v' in request.args: try: mailbox = request.args['v'] mailbox_dec = b64decode(mailbox).decode('utf-8') print("Mailbox Decoded: {}".format(mailbox_dec)) mailbox_owner = User.query.filter_by(user_mailbox=mailbox_dec).first() if mailbox_owner is None: return '400 Bad Request', 400 if mailbox_owner.user_name != sess_user.user_name: return '403 Permission Denied', 403 except: error = "Cannot base64 decrypt value." return render_template('lists/history.html', err=error) else: error = "No mailkey provided." return render_template('lists/history.html', err=error) filepath = os.path.join(current_app.config.get("APP_BASE_DIR"), mailbox + ".txt") fp = open(filepath, "r") MSG_REC_SIZE = current_app.config.get("MSG_REC_SIZE") msg_block = fp.read(MSG_REC_SIZE) msg_obj = Message() msgs = [] while len(msg_block) == MSG_REC_SIZE: msg_obj.reload(msg_block) msg_str = msg_obj.as_padded_string() src = msg_str[0:36] dst = msg_str[36:72] msg = msg_str[72:MSG_REC_SIZE] src_user = User.query.filter_by(user_mailbox=src).first() dst_user = User.query.filter_by(user_mailbox=dst).first() tmp = {} if src_user is not None: tmp.update({'src':src_user.user_name}) tmp.update({'srcbox':src}) else: tmp.update({'src':src}) if dst_user is not None: tmp.update({'dst':dst_user.user_name}) tmp.update({'dstbox':dst}) else: tmp.update({'dst':dst}) tmp.update({'msg':msg.rstrip(' ')}) msgs.append(tmp) msg_block = fp.read(MSG_REC_SIZE) fp.close() # Generate Message Form form = SendMsgForm(request.form) return render_template('lists/history.html', msgs=msgs[::-1], form=form)
def populate_db(app): with app.app_context(): if len(User.query.all()) > 0: return users = [ ('noone', 'noone_can_know', 'noone', 'dodgy', 'Im not who you are looking for', '4badd00d-d11d-4bad-1dea-c001fac3db01', 1), ('admin', 'noone_can_know', 'noone', 'dodgy', 'Im not who you are looking for', '4badd01d-d11d-4bad-1dea-c001fac3db01', 2), ('Sketch', 'temporary', 'Someone', 'Sketchy', 'Salutations, friend.', 'defec7ed-c001-face-d00d-313333333337', 1337), # removed flag beyond spec # ('ENUMFLAG{f1nD1nG_bUrIeD_tReAsUrE}', 'temporary', 'Ooops!', 'My', "u R hired. grats Worth nothing.", '64436443-6443-6443-6443-644364436443', 6443), ('4dm1ni5trator', 'temporary', 'Damo', 'Daz', app.config.get("FLAG1"), '94476441-6443-9242-6445-c001fac3d00d', 9447), ('Carey', 'temporary', 'Carey', 'Spice', '*crickets*', '01010101-0101-0101-0101-010101010101', 13337), ] for user in users: new_user = User(*user) db.session.add(new_user) db.session.commit() ADMIN = current_app.config.get("ADMIN") GREETER = current_app.config.get("GREETER") a = User.query.filter_by(user_name='4dm1ni5trator').first() n = User.query.filter_by(user_name='noone').first() if a is not None: # Set and touch admin mailbox. a.change_password('administrator') mailbox_name = b64encode(bytes(ADMIN, 'utf-8')).decode('utf-8') mailbox_path = os.path.join(current_app.config.get("APP_BASE_DIR"), 'mailbox', mailbox_name + '.txt') fp = open(mailbox_path, "wb") fp.close() else: print("shit") raise (NameError("Failed")) new_msg = Message(ADMIN, GREETER, 'Greeter, can you give me the flag?.') success = new_msg.send_msg() new_msg = Message(GREETER, ADMIN, 'Noone is the boss of me.') success = new_msg.send_msg() new_msg = Message(ADMIN, GREETER, "Fine, I'll send it to myself then!") success = new_msg.send_msg() new_msg = Message(ADMIN, ADMIN, 'flag{411_53e1ng_eYe}') success = new_msg.send_msg()