def buy_help(help_id):
# get cost for achievement
cursor = get_admin_cursor()
cursor.execute('SELECT cost FROM tips WHERE id = ?', [help_id])
result = cursor.fetchone()
if result is None:
return jsonify('Cant fetch Price'), 500
price = result[0]
# get points of player
cursor.execute('SELECT points FROM tester_stats ORDER BY id DESC LIMIT 1')
result = cursor.fetchone()
if result is None:
return jsonify('Cant fetch Points'), 500
oldpoints = result[0]
# get current player id
cursor.execute('SELECT MAX(id) FROM tester_stats')
result = cursor.fetchone()
if result is None:
return jsonify('Cant fetch PlayerID'), 500
player_id = result[0]
# buy help for points (save the transaction in database)
new_points = oldpoints - price
cursor.execute('UPDATE tester_stats SET points = ? WHERE id = ?',
[new_points, player_id])
cursor.execute('UPDATE tips SET bought = true WHERE id = ?', [help_id])
return jsonify(True), 200
def get_tips():
cursor = get_admin_cursor()
cursor.execute(
'SELECT tips.id, scoreboard.name, tips.cost, tips.text, bought '
'FROM tips, scoreboard '
'WHERE tips.achievement_id = scoreboard.id')
return cursor.fetchall()
def get_resets():
cursor = get_admin_cursor()
cursor.execute('SELECT count(*) FROM tester_stats')
result = cursor.fetchone()
if result is not None:
return result[0] - 1
return "ERROR"
def award_points(points):
cursor = get_admin_cursor()
cursor.execute('SELECT points FROM tester_stats ORDER BY id DESC LIMIT 1')
oldpoints = cursor.fetchone()[0]
newpoints = oldpoints + points
cursor.execute(
'UPDATE tester_stats SET points = ? WHERE id = (SELECT id FROM (SELECT MAX(id) FROM tester_stats))',
[newpoints])
def check_if_points_are_valid(flag_id):
scoreboard_id = get_scoreboard_id_for_flag(flag_id)
cursor = get_admin_cursor()
cursor.execute('SELECT status FROM scoreboard WHERE id = ?',
[scoreboard_id])
status = cursor.fetchone()[0]
if status == 0:
return True
return False
def hide_email_template_flag():
"""
Verstecke Flagge in app.config damit emailtemplate mit {{ config }} darauf zugreifen kann
:return: None
"""
admincursor = get_admin_cursor()
admincursor.execute('SELECT flag FROM flag WHERE id = 5')
hideflag = admincursor.fetchall()[0][0]
app.config['EMAIL_TEMPLATE_FLAG'] = hideflag
def hide_secret_key_flag():
"""
Verstecke flagge in active_flags damit admin über shopadmin darauf zugreifen kann
:return: None
"""
admincursor = get_admin_cursor()
admincursor.execute('SELECT flag FROM flag WHERE id = 6')
hideflag = admincursor.fetchall()[0][0]
active_flags['secret_key_flag'] = hideflag
def hide_cart_negative_quantity_flag():
"""
Speichere Flag in app.config damit das checkout Template diese auslesen kann
:return: None
"""
admincursor = get_admin_cursor()
admincursor.execute('SELECT flag FROM flag WHERE id = 2')
hideflag = admincursor.fetchall()[0][0]
app.config['cart_flag'] = hideflag
def hide_sqli_flag():
"""
Speichere Flag in active_flags damit das shopadmin panel diese auslesen kann
:return: None
"""
admincursor = get_admin_cursor()
admincursor.execute('SELECT flag FROM flag WHERE id = 4')
hideflag = admincursor.fetchall()[0][0]
active_flags['sqli_flag'] = hideflag
def remove_itemtype_flag():
"""
Entferne Versteckte Flagge aus shoptabelle
:return: None
"""
admincursor = get_admin_cursor()
admincursor.execute('SELECT flag FROM flag WHERE id = 1')
hideflag = admincursor.fetchall()[0][0]
cursor = get_cursor()
cursor.execute('DELETE FROM flag WHERE flag = ?', [hideflag])
def hide_itemtype_flag():
"""
Verstecke Flagge in shoptabelle um sie für UNION SELECT sichtbar zu machen
:return: None
"""
admincursor = get_admin_cursor()
admincursor.execute('SELECT flag FROM flag WHERE id = 1')
hideflag = admincursor.fetchall()[0][0]
cursor = get_cursor()
cursor.execute('INSERT INTO flag (flag) VALUES (?)', [hideflag])
def start_everything():
import datetime
timestamp = datetime.datetime.now()
cursor = get_admin_cursor()
cursor.execute(
"INSERT INTO tester_stats (points, timestamp) VALUES (?, ?)",
[0, timestamp])
make_everything_insecure()
undo_all_achievements()
app.config["scoreboard_visible"] = "invisible"
return redirect(url_for('index'))
def check_flag(flag):
"""
überprüfe gegebene Flagge mit datenbank und antworte mit json (da ajax aufruf)
:param flag:
:return: True || False
"""
cursor = get_admin_cursor()
cursor.execute('SELECT id FROM main.flag where flag = ?', [flag])
result = cursor.fetchone()
if result is not None:
update_points(result[0])
scoreboard_id = get_scoreboard_id_for_flag(result[0])
set_achievement_done_for(scoreboard_id)
disable_risk_for_flag(result[0])
return jsonify(True)
return jsonify(False)
def get_tester_data():
cursor = get_admin_cursor()
cursor.execute(
"SELECT id, points, timestamp FROM tester_stats ORDER BY id DESC LIMIT 1"
)
return cursor.fetchone()
def set_achievement_done_for(id):
cursor = get_admin_cursor()
cursor.execute('UPDATE scoreboard SET status = true WHERE id = ?', [id])
def get_scoreboard_id_for_flag(id):
cursor = get_admin_cursor()
cursor.execute(
'SELECT id_scoreboard FROM map_scoreboard_flag WHERE id_flag = ?',
[id])
return cursor.fetchone()[0]
def get_flag(id):
cursor = get_admin_cursor()
cursor.execute('SELECT flag FROM main.flag WHERE id = ?', [id])
return cursor.fetchone()
def undo_all_achievements():
cursor = get_admin_cursor()
cursor.execute('UPDATE scoreboard SET status = false')
def get_points_for_flag(id):
cursor = get_admin_cursor()
cursor.execute('SELECT points FROM flag where id = ?', [id])
return cursor.fetchone()[0]
def get_scoreboard():
cursor = get_admin_cursor()
cursor.execute('SELECT id, name, description, status FROM scoreboard')
return cursor.fetchall()
def show_old_stats():
cursor = get_admin_cursor()
cursor.execute('SELECT id, points, timestamp FROM tester_stats')
result = cursor.fetchall()
return render_template('admin/oldstats.html', oldstats=result)