def register():
form = RegisterForm(request.form)
error = None
if request.method == "POST":
if 'name' in request.form and 'password' in request.form:
User.query.all()
user = User.query.filter_by(user_name=request.form['name']).first()
if user is None:
uid = uuid4()
# Create User
new_user = User(request.form['name'], request.form['password'], 'Alice', 'Anonymous', 'iDont Facegood, literally iDont Even. lol! #6443_EXAM_MEME', str(uid) )
User.register_user(new_user)
# Create User Mailbox
mailbox_name = b64encode(bytes(str(uid), 'utf-8')).decode('utf-8')
filepath = os.path.join(current_app.config.get("APP_BASE_DIR"), mailbox_name + ".txt")
fp = open(filepath, "wb")
fp.close()
greeting = "Welcome to Facegood, {}. I am Noone.".format(new_user.user_name)
greet_msg = Message(current_app.config.get("GREETER"), str(uid), greeting)
greet_msg.send_msg()
flash('Registration Successful')
return redirect('/login')
# Create Pubkey File Name
# Create Privkey File Name
# Generate Keypair
else:
error = "User already exists."
return render_template('forms/register.html', form=form, err=error)
def message(id):
if not UserConnect.is_friend(id):
return redirect(url_for('app.home'))
form = MessageForm(request.form)
# 自分と相手のやり取りのメッセージを取得
messages = Message.get_friend_messages(current_user.get_id(), id)
user = User.select_user_by_id(id)
# まだ読まれていないが、新たに読まれるメッセージ
read_message_ids = [message.id for message in messages if (not message.is_read) and (message.from_user_id == int(id))]
# すでに読まれていて、かつまだチェックしていない自分のメッセージをチェック
not_checked_message_ids = [message.id for message in messages if message.is_read and (not message.is_checked) and (message.from_user_id == int(current_user.get_id()))]
if not_checked_message_ids:
with db.session.begin(subtransactions=True):
Message.update_is_checked_by_ids(not_checked_message_ids)
db.session.commit()
# read_message_idsのis_readをTrueに変更
if read_message_ids:
with db.session.begin(subtransactions=True):
Message.update_is_read_by_ids(read_message_ids)
db.session.commit()
if request.method == 'POST' and form.validate():
new_message = Message(current_user.get_id(), id, form.message.data)
with db.session.begin(subtransactions=True):
new_message.create_message()
db.session.commit()
return redirect(url_for('app.message', id=id))
return render_template(
'message.html', form=form,
messages=messages, to_user_id=id,
user=user
)
def message(id):
if not UserConnect.is_friend(id):
return redirect(url_for('app.home'))
form = MessageForm(request.form)
messages = Message.get_friend_messages(current_user.get_id(), id)
if request.method == 'POST' and form.validate():
new_message = Message(current_user.get_id(), id, form.message.data)
with db.session.begin(subtransactions=True):
new_message.create_message()
db.session.commit()
return redirect(url_for('app.message', id=id))
return render_template('message.html',
form=form,
messages=messages,
to_user_id=id)
def load_old_messages():
user_id = request.args.get('user_id', -1, type=int)
offset_value = request.args.get('offset_value', -1, type=int)
if user_id == -1 or offset_value == -1:
return
messages = Message.get_friend_messages(current_user.get_id(), user_id, offset_value * 100)
user = User.select_user_by_id(user_id)
return jsonify(data=make_old_message_format(user, messages))
def send_message():
# Kickout Scrubs
if not session.get('logged_in'):
return redirect('/')
name = session['user_name']
User.query.all()
src_user = User.query.filter_by(id=int(request.form['src'])).first()
if src_user is None:
flash("User mailbox not found")
return redirect('/')
src_mailbox = src_user.user_mailbox
mailkey = b64encode(bytes(str(src_mailbox), 'utf-8')).decode('utf-8')
# Check target is valid
target = request.form['mailbox']
dst_user = User.query.filter_by(user_mailbox=target).first()
if dst_user is None:
flash("User mailbox not found")
return redirect('/message/history?v=' + mailkey)
dst_mailbox = dst_user.user_mailbox
message = request.form.get("message", '')
if src_user.id == 9447:
message = 'flag{f0reVa_Al0ne}'
src_mailbox = dst_mailbox
# Craft the message and send it.
new_msg = Message(src_mailbox, dst_mailbox, message)
success = new_msg.send_msg()
if not success:
flash("Message failed to send")
return redirect('/message/history?v=' + mailkey)
else:
# Success
return redirect('/message/history?v=' + mailkey)
def message_ajax():
user_id = request.args.get('user_id', -1, type=int)
# まだ読んでいない相手からのメッセージを取得
user = User.select_user_by_id(user_id)
not_read_messages = Message.select_not_read_messages(user_id, current_user.get_id())
not_read_message_ids = [message.id for message in not_read_messages]
if not_read_message_ids:
with db.session.begin(subtransactions=True):
Message.update_is_read_by_ids(not_read_message_ids)
db.session.commit()
# すでに読まれた自分のメッセージでまだチェックしていないものを取得
not_checked_messages = Message.select_not_checked_messages(current_user.get_id(), user_id)
not_checked_message_ids = [not_checked_message.id for not_checked_message in not_checked_messages]
if not_checked_message_ids:
with db.session.begin(subtransactions=True):
Message.update_is_checked_by_ids(not_checked_message_ids)
db.session.commit()
return jsonify(data=make_message_format(user, not_read_messages), checked_message_ids = not_checked_message_ids)
def show_messages():
# Kickout Scrubs
if not session.get('logged_in'):
return redirect('/')
mailbox = None
error = None
User.query.all()
name = session['user_name']
sess_user = User.query.filter_by(user_name=name).first()
if sess_user is None:
return '403 Permission Denied', 403
# Bail out on non standard requests.
if 'v' in request.args:
try:
mailbox = request.args['v']
mailbox_dec = b64decode(mailbox).decode('utf-8')
print("Mailbox Decoded: {}".format(mailbox_dec))
mailbox_owner = User.query.filter_by(user_mailbox=mailbox_dec).first()
if mailbox_owner is None:
return '400 Bad Request', 400
if mailbox_owner.user_name != sess_user.user_name:
return '403 Permission Denied', 403
except:
error = "Cannot base64 decrypt value."
return render_template('lists/history.html', err=error)
else:
error = "No mailkey provided."
return render_template('lists/history.html', err=error)
filepath = os.path.join(current_app.config.get("APP_BASE_DIR"), mailbox + ".txt")
fp = open(filepath, "r")
MSG_REC_SIZE = current_app.config.get("MSG_REC_SIZE")
msg_block = fp.read(MSG_REC_SIZE)
msg_obj = Message()
msgs = []
while len(msg_block) == MSG_REC_SIZE:
msg_obj.reload(msg_block)
msg_str = msg_obj.as_padded_string()
src = msg_str[0:36]
dst = msg_str[36:72]
msg = msg_str[72:MSG_REC_SIZE]
src_user = User.query.filter_by(user_mailbox=src).first()
dst_user = User.query.filter_by(user_mailbox=dst).first()
tmp = {}
if src_user is not None:
tmp.update({'src':src_user.user_name})
tmp.update({'srcbox':src})
else:
tmp.update({'src':src})
if dst_user is not None:
tmp.update({'dst':dst_user.user_name})
tmp.update({'dstbox':dst})
else:
tmp.update({'dst':dst})
tmp.update({'msg':msg.rstrip(' ')})
msgs.append(tmp)
msg_block = fp.read(MSG_REC_SIZE)
fp.close()
# Generate Message Form
form = SendMsgForm(request.form)
return render_template('lists/history.html', msgs=msgs[::-1], form=form)
def populate_db(app):
with app.app_context():
if len(User.query.all()) > 0:
return
users = [
('noone', 'noone_can_know', 'noone', 'dodgy',
'Im not who you are looking for',
'4badd00d-d11d-4bad-1dea-c001fac3db01', 1),
('admin', 'noone_can_know', 'noone', 'dodgy',
'Im not who you are looking for',
'4badd01d-d11d-4bad-1dea-c001fac3db01', 2),
('Sketch', 'temporary', 'Someone', 'Sketchy',
'Salutations, friend.', 'defec7ed-c001-face-d00d-313333333337',
1337),
# removed flag beyond spec
# ('ENUMFLAG{f1nD1nG_bUrIeD_tReAsUrE}', 'temporary', 'Ooops!', 'My', "u R hired. grats Worth nothing.", '64436443-6443-6443-6443-644364436443', 6443),
('4dm1ni5trator', 'temporary', 'Damo', 'Daz',
app.config.get("FLAG1"), '94476441-6443-9242-6445-c001fac3d00d',
9447),
('Carey', 'temporary', 'Carey', 'Spice', '*crickets*',
'01010101-0101-0101-0101-010101010101', 13337),
]
for user in users:
new_user = User(*user)
db.session.add(new_user)
db.session.commit()
ADMIN = current_app.config.get("ADMIN")
GREETER = current_app.config.get("GREETER")
a = User.query.filter_by(user_name='4dm1ni5trator').first()
n = User.query.filter_by(user_name='noone').first()
if a is not None:
# Set and touch admin mailbox.
a.change_password('administrator')
mailbox_name = b64encode(bytes(ADMIN, 'utf-8')).decode('utf-8')
mailbox_path = os.path.join(current_app.config.get("APP_BASE_DIR"),
'mailbox', mailbox_name + '.txt')
fp = open(mailbox_path, "wb")
fp.close()
else:
print("shit")
raise (NameError("Failed"))
new_msg = Message(ADMIN, GREETER,
'Greeter, can you give me the flag?.')
success = new_msg.send_msg()
new_msg = Message(GREETER, ADMIN, 'Noone is the boss of me.')
success = new_msg.send_msg()
new_msg = Message(ADMIN, GREETER, "Fine, I'll send it to myself then!")
success = new_msg.send_msg()
new_msg = Message(ADMIN, ADMIN, 'flag{411_53e1ng_eYe}')
success = new_msg.send_msg()
