예제 #1
0
def home():

    if request.method == 'GET':
        session['csrf_token'] = str(uuid.uuid4())
        # print(session['csrf_token'])

    if request.method == 'POST':
        # if request.form['csrf_token'] == session['csrf_token']:
        # Using the instructor's solution
        if request.form.get('csrf_token', None) == session['csrf_token']:
            g = Grade(
                student=request.form['student'],
                assignment=request.form['assignment'],
                grade=request.form['grade'],
            )
            # print("(" + request.form['grade'] + ")")
            g.save()
        # else:
        #     print("""test not passed with session['csrf_token'] being {}
        #     and request.form['csrf_token'] being {}""".format(session['csrf_token'],
        #     request.form['csrf_token']))

    body = """
<html>
<body>
<h1>Enter Grades</h1>
<h2>Enter a Grade</h2>
<form method="POST">
    <label for="student">Student</label>
    <input type="text" name="student"><br>


    <label for="assignment">Assignment</label>
    <input type="text" name="assignment"><br>

    <label for="grade">Grade</label>
    <input type="text" name="grade"><br>

    <input type="submit" value="Submit">

    <input type="hidden" name="csrf_token" value={}>
</form>

<h2>Existing Grades</h2>
""".format(session['csrf_token'])

    for g in Grade.select():
        body += """
<div class="grade">
{}, {}: {}
</div>
""".format(g.student, g.assignment, g.grade)

    return body
예제 #2
0
def home():
    #Added

    if 'csrf_token' not in session:
        letters = string.ascii_lowercase
        key = ''.join(random.choice(letters) for i in range(10))
        session['csrf_token'] = key

    if request.method == 'POST':
        if request.form.get('csrf_token',
                            None) == session['csrf_token']:  #Added
            g = Grade(
                student=request.form['student'],
                assignment=request.form['assignment'],
                grade=request.form['grade'],
            )
            #print("(" + request.form['grade'] + ")")
            g.save()

    body = """
<html>
<body>
<h1>Enter Grades</h1>
<h2>Enter a Grade</h2>
<form method="POST">
    <label for="student">Student</label>
    <input type="text" name="student"><br>


    <label for="assignment">Assignment</label>
    <input type="text" name="assignment"><br>

    <label for="grade">Grade</label>
    <input type="text" name="grade"><br>
    
    <input type="hidden" name="csrf_token" value="{}"> 

    <input type="submit" value="Submit">
</form>

<h2>Existing Grades</h2>
""".format(session['csrf_token'])  #Added

    #SHOWING

    for g in Grade.select():
        body += """
<div class="grade">
{}, {}: {}
</div>
""".format(g.student, g.assignment, g.grade)

    return body
예제 #3
0
def home():

    # If the session does not include a CSRF token, then add one.
    if 'csrf_token' not in session:
        session['csrf_token'] = str(random.randint(10000000, 99999999))

    if request.method == 'POST':
        # Only save the grade if the form submission includes a CSRF token,
        # and it matches the token in the session.
        if request.form.get('csrf_token', None) == session['csrf_token']:
            g = Grade(
                student=request.form['student'],
                assignment=request.form['assignment'],
                grade=request.form['grade'],
            )
            g.save()

    body = """
<html>
<body>
<h1>Enter Grades</h1>
<h2>Enter a Grade</h2>
<form method="POST">
    <label for="student">Student</label>
    <input type="text" name="student"><br>


    <label for="assignment">Assignment</label>
    <input type="text" name="assignment"><br>

    <label for="grade">Grade</label>
    <input type="text" name="grade"><br>

    <input type="hidden" name="csrf_token" value="{}">   <!-- Include the CSRF token in the form -->

    <input type="submit" value="Submit">
</form>

<h2>Existing Grades</h2>
""".format(session['csrf_token'])  # <--

    for g in Grade.select():
        body += """
<div class="grade">
{}, {}: {}
</div>
""".format(g.student, g.assignment, g.grade)

    return body
예제 #4
0
def home():

    #Creates the csrf token for the session.
    if 'csrf_token' not in session:
        session['csrf_token'] = str(random.randint(1000000, 9999999))

    if request.method == 'POST':
        if request.form.get('csrf_token', None) == session['csrf_token']:
            g = Grade(
                student=request.form['student'],
                assignment=request.form['assignment'],
                grade=request.form['grade'],
            )
            #print("(" + request.form['grade'] + ")")
            g.save()

    body = """
<html>
<body>
<h1>Enter Grades</h1>
<h2>Enter a Grade</h2>
<form method="POST">
    <label for="student">Student</label>
    <input type="text" name="student"><br>


    <label for="assignment">Assignment</label>
    <input type="text" name="assignment"><br>

    <label for="grade">Grade</label>
    <input type="text" name="grade"><br>
    
    <input type="hidden" name="csrf_token" value="{}">


    <input type="submit" value="Submit">
</form>

<h2>Existing Grades</h2>
""".format(session['csrf_token'])

    for g in Grade.select():
        body += """
<div class="grade">
{}, {}: {}
</div>
""".format(g.student, g.assignment, g.grade)

    return body
예제 #5
0
def home():

    if 'csrftoken' not in session:
        session['csrftoken'] = app.secret_key

    if request.method == 'POST':

        if str(request.form.get('_csrf_token', None)) == str(app.secret_key):
            g = Grade(
                student=request.form['student'],
                assignment=request.form['assignment'],
                grade=request.form['grade'],
            )
            g.save()

    body = """
<html>
<body>
<h1>Enter Grades</h1>
<h2>Enter a Grade</h2>
<form method="POST">
    <input name=_csrf_token type="hidden" value="{}">

    <label for="student">Student</label>
    <input type="text" name="student"><br>


    <label for="assignment">Assignment</label>
    <input type="text" name="assignment"><br>

    <label for="grade">Grade</label>
    <input type="text" name="grade"><br>

    <input type="submit" value="Submit">
</form>

<h2>Existing Grades</h2>
""".format(session['csrftoken'])

    for g in Grade.select():
        body += """
<div class="grade">
{}, {}: {}
</div>
""".format(g.student, g.assignment, g.grade)

    return body
예제 #6
0
def home():

    if request.method == 'POST':
        g = Grade(
            student=request.form['student'],
            assignment=request.form['assignment'],
            grade=request.form['grade'],
        )
        #print("(" + request.form['grade'] + ")")
        g.save()

    body = """
<html>
<body>
<h1>Enter Grades</h1>
<h2>Enter a Grade</h2>
<form method="POST">
    <label for="student">Student</label>
    <input type="text" name="student"><br>


    <label for="assignment">Assignment</label>
    <input type="text" name="assignment"><br>

    <label for="grade">Grade</label>
    <input type="text" name="grade"><br>

    <input type="submit" value="Submit">
</form>

<h2>Existing Grades</h2>
"""
    
    for g in Grade.select():
        body += """
<div class="grade">
{}, {}: {}
</div>
""".format(g.student, g.assignment, g.grade)

    return body