def download_file(filename):
if session['log_in']==True:
_id = session['uuid']
if User.is_admin(_id):
return send_from_directory('uprep1',filename, as_attachment=True)
else:
User.update(_id,'banned',True)
return redirect(url_for('index'))
def delete_report_redirect():
if session['log_in']==True:
_id= session['uuid']
if User.is_admin(_id):
deletereport=request.args['id']
Report.delete(deletereport)
return redirect(url_for('administration'))
else:
User.update(_id,'banned',True)
return redirect(url_for('index'))
def unban_redirect():
if session['log_in']==True:
_id= session['uuid']
if User.is_admin(_id):
banned_user=request.args['id']
User.update(banned_user,'banned',False)
return redirect(url_for('administration'))
else:
User.update(_id,'banned',True)
return redirect(url_for('index'))
def unlock_report():
if session['log_in'] == True:
_id = session['uuid']
if User.is_admin(_id):
unlock_report=request.args['id']
unlocked_report=Report.get_report(unlock_report)
if unlocked_report['locked'] == True:
Report.update(unlocked_report['reportId'],'locked',False)
return redirect(url_for('administration'))
else:
User.update(_id,'banned',True)
return redirect(url_for('index'))
def settings():
if session['log_in']==True:
_id = session['uuid']
user = User.get_by_id(_id)
currentpassword =request.form['currentpassword']
basePassword = user['password']
Newpassword = request.form['Newpassword']
ConfirmNewpassword = request.form['ConfirmNewpassword']
if general_check(Newpassword,7,20) and general_check(ConfirmNewpassword,7,20)and compare_strings(Newpassword,ConfirmNewpassword) and general_check(currentpassword,7,20) and password_check(currentpassword,basePassword):
User.update(_id,"password",hashpass(Newpassword))
return jsonify ({'success' : 'password successfully changed !'})
else:
return jsonify({'error' : 'Ops, Something wrong happened!'})
def login():
if request.method == 'POST':
error = None
email= request.form['email']
password = request.form['password']
if general_check(password,7,20) and check_email(email):
if User.valid_login(email,password):
uuid = User.get_id_by_email(email)
User.login(uuid)
return redirect(url_for('index'))
else:
error ='Wrong credentials please verify your informations'
error='Invalid email or password format!'
return view.render_template(view='auth.html',error=error)
def reports():
if session['log_in'] == True:
_id = session['uuid']
reports = User.get_reports(_id)
length = len(reports)
return view.render_template(view='reports.html',reports=reports,length=length)
else:
return redirect(url_for('index'))
def evaluate_report():
error=None
if session['log_in']==True:
_id= session['uuid']
if User.is_admin(_id):
edit_report=request.args['id']
report=Report.get_report(edit_report)
if report['locked']== False:
usernames = get_username(report)
Report.update(report['reportId'],'locked',True)
return view.render_template(view='admin_report.html',report=report,usernames=usernames)
else:
flash("Another admin is currently evaluating!")
return redirect(url_for('administration'))
else:
User.update(_id,'banned',True)
return redirect(url_for('index'))
def get_username_from_messages(data): names = [] if data is not None: for x in range(len(data)): messageOwners = data[x]['messageOwner'] name = User.get_username(messageOwners) names.append(name) return names
def administration():
if session['log_in']==True:
_id = session['uuid']
if User.is_admin(_id):
# counting reports and users
countReports = Report.get_all_reports_count()
countUsers = User.count_users()
# count waiting submissions
pendingReportsCount = Report.get_pending_reports_count()
acceptedReportsCount = Report.get_accepted_reports_count()
rejectedReportsCount = Report.get_rejected_reports_count()
# this line is an anti protection against division by zero
if countReports==0:
acceptedReportsRatio = 0
else:
acceptedReportsRatio = round(acceptedReportsCount * 100 / countReports)
currentDate=datetime.datetime.now()
# this section gonna deal with the users management view in the admin dashboard
allUsers=User.get_all_users()
#handles the message display
messages = Chat.get_unviewed_messages()
usernames = get_username_from_messages(messages)
len2 = len(usernames)
# this section gonna deal with the reports management view in the admin dashboard
allReports = Report.get_all_reports()
allPending = Report.get_all_pending_reports()
allAccepted = Report.get_all_accepted_reports()
allRejected = Report.get_all_rejected_reports()
# this section gonna handle the mini leaderboard in the admin panel
Ranking=[]
for user in allUsers:
if user['admin'] == True:
pass
else:
Ranking.append(calculate_score_for_user(user))
Ranking=sorted(Ranking,key=lambda l:l[1],reverse=True)
length=len(Ranking)
# to avoid the bug of displaying rank in leaderboard
if length is None:
length = 0
return view.render_template(view='admin/admin.html',countReports=countReports,countUsers=countUsers,pendingReportsCount=pendingReportsCount,acceptedReportsCount=acceptedReportsCount,rejectedReportsCount=rejectedReportsCount,ratio=acceptedReportsRatio,
allReports=allReports,allUsers=allUsers,allPending=allPending,allAccepted=allAccepted,allRejected=allRejected,currenttime=currentDate
,length=length,ranking=Ranking,messages=messages,usernames=usernames,len2=len2)
return redirect(url_for('index'))
def instantmessages():
if session['log_in'] == True:
_id = session['uuid']
if User.is_admin(_id):
reply = request.args['id']
message = Chat.get_message(reply)
user = get_username_from_message(message)
return view.render_template(view="response.html",message=message,user=user)
return redirect(url_for('index'))
def score_report():
if session['log_in']==True:
_id= session['uuid']
if User.is_admin(_id):
edit_report=request.form['id']
score=request.form['score']
if int(score)!=0:
Report.update(edit_report,'reportScore',int(score))
Report.update(edit_report,'locked',False)
Report.update(edit_report,'status',1)
return redirect(url_for('administration'))
else:
Report.update(edit_report,'reportScore',int(score))
Report.update(edit_report,'status',-1)
Report.update(edit_report,'locked',False)
return redirect(url_for('administration'))
else:
User.update(_id,'banned',True)
return redirect(url_for('index'))
def leaderboard():
# add lock here from admin settings
allUsers=User.get_all_users()
Ranking=[]
for user in allUsers:
if user['admin']== True or user['banned'] == True:
pass
else:
Ranking.append(calculate_score_for_user(user))
Ranking=sorted(Ranking,key=lambda l:l[1],reverse=True)
length=len(Ranking)
return view.render_template(view='leaderboard.html',ranking=Ranking,length=length)
def reply():
if session['log_in'] == True:
_id =session['uuid']
if User.is_admin(_id):
messageOwner = _id
messageContent = request.form['reply']
reply = request.form['id']
Chat.update(reply,'viewed',1)
replymessageId = reply
instantMessage = 1
viewed = -1
Adminreply = Chat.register_message(messageOwner,messageContent,replymessageId,instantMessage,viewed)
return redirect(url_for('administration'))
return redirect(url_for('index'))
def contactus():
if session['log_in'] == True:
_id = session['uuid']
user = User.get_by_id(_id)
if user['admin'] == False:
messageOwner = user['_id']
messageContent = request.form['messageContent']
replymessageId = None
instantMessage = 0
viewed = 0
if messageContent:
newmessage = Chat.register_message(messageOwner,messageContent,replymessageId,instantMessage,viewed)
return jsonify({'success' : 'message has been sent'})
else:
return jsonify({'error': 'field must not be empty on Submit!'})
def new_report():
if session['log_in'] == True:
error=None
_id = session['uuid']
if request.method == 'POST':
if check_form_empty(request.form,ignore='reportContent'):
error='Please fill all the form before submiting!'
return view.render_template(view='add.html',error=error)
else:
reportOwner =_id
reportName =request.form['reportName']
reportType =request.form['reportType']
reportLevel =request.form['reportLevel']
AttackVector =request.form['AttackVector']
reportDescription =request.form['reportDescription']
getprivilege =request.form['getprivilege']
AttackComplexity =request.form['AttackComplexity']
# handle file upload section
if 'reportContent' in request.files:
file =request.files['reportContent']
else:
file = False
reportFile = None
if Report.get_reports_queue(_id)<=conf.REPORT_LIMIT:
if file:
reportFile = file.filename
if allowed_file(reportFile):
reportFile = secure_file_name(file.filename)
file.save(os.path.join(os.getcwd()+conf.UPLOAD_FOLDER,reportFile))
else:
error="File not allowed, INC ban"
return view.render_template(view='add.html',error=error)
report = Report.register_report(reportOwner,reportName,reportType,reportDescription,reportLevel,AttackComplexity,AttackVector,getprivilege,reportFile)
# this has being changed before
success = 'Reported submitted successfully!'
return view.render_template(view='add.html',success=success)
else:
error='Due to flooding threat every user is limited to only '+str(conf.REPORT_LIMIT)+' reports in pending queue, Sorry for the inconvenience.'
return view.render_template(view='add.html',error=error)
elif request.method == 'GET':
user = User.get_by_id(_id)
error = None
if user['banned'] == True:
error = "You are not allowed to add a report because you are banned!"
return view.render_template(view='banned.html',error=error)
return view.render_template(view='add.html',error=error)
return redirect(url_for('index'))
def register():
error=None
if request.method == 'POST':
email = request.form['email']
password = request.form['password']
username = request.form['name']
if check_email(email) == True and general_check(password,7,20) and general_check(username,4,20):
user = User.register(username,email,password)
if user:
return redirect(url_for('index'))
error= 'Account already exists!'
return view.render_template(view='register.html',error=error)
else:
error = 'Invalid input, please verify again'
if session.get('log_in') != None :
if session['log_in'] == True and request.method== 'GET':
return redirect(url_for('index'))
return view.render_template(view='register.html',error=error)
def get_username(report): user = report['reportOwner'] if user is not None: username = User.get_by_id(user) return username['username']
def logout():
User.logout()
return redirect(url_for('index'))
def get_username_from_message(message): user = message['messageOwner'] if user is not None: username = User.get_by_id(user) return username['username']