def index(req): # check if cookie is set for respondent who already participated client_cookie = Cookie.get_cookie(req, 'rm-group-a') if client_cookie is None: Cookie.add_cookie(req, 'rm-group-a', 'true', expires=time.time() + 31 * 24 * 3600) # expires after 1 month else: return 'You already participated.' # load current respondent conditions with open(PATH, 'r') as f: respondents = yaml.load(f) if respondents is None: respondents = [] no_avatar_count = count_str_in_seq(NO_AVATAR, respondents) avatar_count = count_str_in_seq(AVATAR, respondents) if no_avatar_count <= MIN_RESPONDENTS and avatar_count >= MIN_RESPONDENTS: condition = NO_AVATAR elif no_avatar_count >= MIN_RESPONDENTS and avatar_count <= MIN_RESPONDENTS: condition = AVATAR else: condition = random.choice([NO_AVATAR, AVATAR]) # write new condition entry with open(PATH, 'w') as f: respondents.append(condition) yaml.dump(respondents, f) util.redirect(req, 'welcome' + '-' + condition + '.html')
def index(req): # check if cookie is set for respondent who already participated client_cookie = Cookie.get_cookie(req, 'rm-group-a') if client_cookie is None: Cookie.add_cookie(req, 'rm-group-a', 'true', expires=time.time()+31*24*3600) # expires after 1 month else: return 'You already participated.' # load current respondent conditions with open(PATH, 'r') as f: respondents = yaml.load(f) if respondents is None: respondents = [] no_avatar_count = count_str_in_seq(NO_AVATAR, respondents) avatar_count = count_str_in_seq(AVATAR, respondents) if no_avatar_count <= MIN_RESPONDENTS and avatar_count >= MIN_RESPONDENTS: condition = NO_AVATAR elif no_avatar_count >= MIN_RESPONDENTS and avatar_count <= MIN_RESPONDENTS: condition = AVATAR else: condition = random.choice([NO_AVATAR, AVATAR]) # write new condition entry with open(PATH, 'w') as f: respondents.append(condition) yaml.dump(respondents, f) util.redirect(req, 'welcome' + '-' + condition + '.html')
def index(req): # get the network address of the client address = req.get_remote_host(apache.REMOTE_NOLOOKUP, None) # use the path from the request filename to locate the correct template name = req.filename[:req.filename.rindex('/')] + "/exitpage.html" file = open(name, "r") page = file.read() file.close() # load the app settings captureSettings = load_capture_settings(req) # setup the uvm and app objects so we can make the RPC call captureList = load_rpc_manager_list() # track the number of successful calls to userLogout exitCount = 0 # call the logout function for each app instance cookie_key = "__ngfwcp" for app in captureList: exitResult = app.userLogout(address) cookies = Cookie.get_cookie(req, cookie_key) if cookies != None: value = {} cookie = Cookie.MarshalCookie(cookie_key, value, secret=str( captureSettings["secretKey"])) cookie.path = "/" cookie.expires = 0 Cookie.add_cookie(req, cookie) if (exitResult == 0): exitCount = exitCount + 1 if (exitCount == 0): page = replace_marker(page, '$.ExitMessage.$', _('You were already logged out')) page = replace_marker(page, '$.ExitStyle.$', 'styleProblem') else: page = replace_marker(page, '$.ExitMessage.$', _('You have successfully logged out')) page = replace_marker(page, '$.ExitStyle.$', 'styleNormal') page = replace_marker(page, '$.CompanyName.$', captureSettings['companyName']) page = replace_marker(page, '$.PageTitle.$', captureSettings['basicLoginPageTitle']) # return the logout page we just created return (page)
def index(req): req.content_type = "text/html" html = open("/var/www/html/templates/admin.html").read() t = Template(html) cookie = Cookie.get_cookie(req, "admin") if cookie: if str(cookie.value) == "True, VHJ1ZQ==": req.write(t.render(text=open("/opt/flag.txt").read())) else: req.write(t.render(text="LOL get out you are not the admin!")) else: req.write(t.render(text="LOL get out you are not the admin!"))
def login(req, **params): """ New login attempt. Clean out old session if present, and create new one. """ sess = Session(req) if not sess.is_new(): sess.delete() sess = Session(req) if not sess.is_new(): req.status = apache.HTTP_BAD_REQUEST return 'failed to create new session' if 'u' not in params or 'p' not in params: req.status = apache.HTTP_BAD_REQUEST return 'some parameters were not provided' ret = dict() if params['u'] != 'einstein' or params['p'] != 'fuckbin': ret['success'] = False ret['error'] = 'bad username or password' # note: session is not saved! else: ret['success'] = True # keep some stuff in session... sess['username'] = params['u'] sess['user_id'] = 1 sess.set_timeout(60 * 60 * 24 * 365 * 10) # 10 year sess.save() # grab the user's cookie, and save the seen leaks into the database seen_ranges = urllib.unquote(Cookie.get_cookie(req, '__CJ_seen').value) seen_ranges = json.loads(seen_ranges) values = [[sess['user_id'], i] for seen_range in seen_ranges for i in range(seen_range['start'], seen_range['end'] + 1)] db = Database.get() c = db.cursor() c.executemany( """ replace into user_seen (user_id, leak_id) values (%s, %s) """, values) db.commit() c.close() req.content_type = 'application/json' return json.dumps(ret, ensure_ascii=False)
def index(req): # get the network address of the client address = req.get_remote_host(apache.REMOTE_NOLOOKUP,None) # use the path from the request filename to locate the correct template name = req.filename[:req.filename.rindex('/')] + "/exitpage.html" file = open(name, "r") page = file.read(); file.close() # load the app settings captureSettings = load_capture_settings(req) # setup the uvm and app objects so we can make the RPC call captureList = load_rpc_manager_list() # track the number of successful calls to userLogout exitCount = 0 # call the logout function for each app instance cookie_key = "__ngfwcp" for app in captureList: exitResult = app.userLogout(address) cookies = Cookie.get_cookie(req, cookie_key) if cookies != None: value = {} cookie = Cookie.MarshalCookie(cookie_key, value, secret=str(captureSettings["secretKey"])) cookie.path = "/" cookie.expires = 0 Cookie.add_cookie(req, cookie) if (exitResult == 0): exitCount = exitCount + 1 if (exitCount == 0): page = replace_marker(page,'$.ExitMessage.$', _('You were already logged out') ) page = replace_marker(page,'$.ExitStyle.$', 'styleProblem') else: page = replace_marker(page,'$.ExitMessage.$', _('You have successfully logged out') ) page = replace_marker(page,'$.ExitStyle.$', 'styleNormal') page = replace_marker(page,'$.CompanyName.$', captureSettings['companyName']) page = replace_marker(page,'$.PageTitle.$', captureSettings['basicLoginPageTitle']) # return the logout page we just created return(page)
def login(req, **params): """ New login attempt. Clean out old session if present, and create new one. """ sess = Session(req) if not sess.is_new(): sess.delete() sess = Session(req) if not sess.is_new(): req.status = apache.HTTP_BAD_REQUEST return 'failed to create new session' if 'u' not in params or 'p' not in params: req.status = apache.HTTP_BAD_REQUEST return 'some parameters were not provided' ret = dict() if params['u'] != 'einstein' or params['p'] != 'fuckbin': ret['success'] = False ret['error'] = 'bad username or password' # note: session is not saved! else: ret['success'] = True # keep some stuff in session... sess['username'] = params['u'] sess['user_id'] = 1 sess.set_timeout(60 * 60 * 24 * 365 * 10) # 10 year sess.save() # grab the user's cookie, and save the seen leaks into the database seen_ranges = urllib.unquote(Cookie.get_cookie(req, '__CJ_seen').value) seen_ranges = json.loads(seen_ranges) values = [[sess['user_id'], i] for seen_range in seen_ranges for i in range(seen_range['start'], seen_range['end'] + 1)] db = Database.get() c = db.cursor() c.executemany(""" replace into user_seen (user_id, leak_id) values (%s, %s) """, values) db.commit() c.close() req.content_type = 'application/json' return json.dumps(ret, ensure_ascii=False)