#!/usr/bin/python3 import Helpers.db as db import Helpers.myparser as parser import os, sys import Helpers.validator as validator import Helpers.structure as structure import Helpers.nav as nav db.connectDB() cookie = parser.parseCookie(os.getenv("HTTP_COOKIE")) autenticate = db.checkSession(parser.parseCookie(os.getenv("HTTP_COOKIE"))) if validator.validateSession(cookie) else None if autenticate != None : referer = os.getenv("HTTP_REFERER") cartItem = parser.parseData(sys.stdin.read()) result = db.addToCart(cartItem['itemID'], autenticate) if result == None : #Error agregando el item print("Content-Type: text/html\r\n\r\n") structure.printStartSection() nav.printNav(autenticate, db.cartCount(autenticate)) print("Error agregando al carrito. Intentelo de nuevo (refresque el sitio) </br> ") print('<a href="' + referer + '" > Regresar a la página anterior.') else : #Redirect a la pagina anterior print("Location: " + referer) print() else : #Redirect a LOGIN #print("Location: http://localhost/cgi-bin/MA-Shop/security_ec_shop/login.py")
<label for="name">Item Name*: </label> <input id="name" name="name" maxlength="50" /><br /> <label for="description">Description*: </label> <input id="description" name="description" maxlength="100" /><br /> <label for="price">Price*: </label> <input id="price" name="price" maxlength="25" type="number" /><br /> <button id="submit">Submit</button> </form></div>""" print(form) # Post method if os.getenv("REQUEST_METHOD") == 'POST': post_params = sys.stdin.read() item = parser.parseData(post_params) result = validator.validateItem(item) if result == True : db.connectDB() # Insert into DB Items db.insertItem("id", item['name'], item['price'], item['description'], autenticate) print ("""\<div> <h2>Item added succesfully! <a href="index.py">Go back to Home</a></h2>""") elif result == 2 : print ("""\ <div> <p>Please, write only numbers and letters.</p></div> """) elif result == 3 : print ("""\
<br /> <button>Submit</button> </form> </div> </div>""" if os.getenv("REQUEST_METHOD") == 'GET': print("Content-Type: text/html") print() structure.printStartSection() nav.printNav(None) print(form) if os.getenv("REQUEST_METHOD") == 'POST': post_params = sys.stdin.read() user = parser.parseData(post_params) print("Content-Type: text/html") print() structure.printStartSection() nav.printNav(None) result = validator.validateUser(user) if result == True: db.connectDB() db.insertUser("id", user['firstname'], user['lastname'], user['email'], user['password'], user['username'], user['telephone'], user['address']) print("""\ <div> <h2>User added succesfully: <a href="login.py">Clic to login</a></h2></div> """) elif result == 2:
import Helpers.myparser as parser import Helpers.db as db import Helpers.structure as structure import Helpers.nav as nav import Helpers.validator as validator import os, sys print("Content-Type: text/html\r\n\r\n") #print(os.getenv("QUERY_STRING")) #print(os.getenv("REQUEST_METHOD")) if os.getenv("REQUEST_METHOD") == 'GET': db.connectDB() cookie = parser.parseCookie(os.getenv("HTTP_COOKIE")) autenticate = db.checkSession(parser.parseCookie(os.getenv( "HTTP_COOKIE"))) if validator.validateSession(cookie) else None structure.printStartSection() nav.printNav(autenticate, db.cartCount(autenticate)) structure.printSearchForm() item = parser.parseData(os.getenv("QUERY_STRING")) if validator.validateEntryLenght( item['search'], 1, 50) and validator.validateAplhaNumericEntry( item['search']) != None: data = db.search(item['search']) structure.printItemContents(data, 1) else: print(""" <div> <p> The search string recieved unexpected characters. Please enter only alphabetic characters </p> </div> """)
<input id="email" name="email" maxlength="50" type="text" /><br /> <label for="firstname">Name*: </label> <input id="firstname" name="firstname" maxlength="25" type="text" /><br /> <label for="lastname">Lastname*: </label> <input id="lastname" name="lastname" maxlength="25" type="text" /><br /> <br/> <label for="comment">Your comment/doubt/feedback*: </label> <br/><br/> <textarea name="comment" form="commentForm">Enter text here...</textarea> <br/> <button id="submit">Submit</button> </form> <br> </div>""") # Post method if os.getenv("REQUEST_METHOD") == 'POST': print("Content-Type: text/html\r\n\r\n") post_params = sys.stdin.read() feed = parser.parseData(post_params) send_email(feed['email'], feed['firstname'], feed['lastname'], feed['comment']) print ("""\<div> <h2>Your comment was sent succesfully! <a href="index.py">Go back to Home</a></h2>""")
<br /> <label for="password">Password: </label> <input id="password" name="password" maxlength="25" type="password" /> <br /> <button>Login</button> </form></div>""" if os.getenv("REQUEST_METHOD") == 'GET': print("Content-Type: text/html;\r\n\r\n") structure.printStartSection() nav.printNav(None) print(login_form) if os.getenv("REQUEST_METHOD") == 'POST': post_params = sys.stdin.read() login_intent = parser.parseData(post_params) validation = validator.validateLogin(login_intent) if validation == False : print("Content-Type: text/html;\r\n\r\n") structure.printStartSection() nav.printNav(None) print(login_form) print("""\<p style="color:red">Authentication error, try again</p>""") else : db.connectDB() res = db.login(login_intent['username'],login_intent['password']) if res != None : if res != -1 : print("Set-Cookie: SessionID=" + res['sessionID'] + ";") print("Set-Cookie: Expires=" + res['expiration'] + ";") #print("Location: http://localhost/cgi-bin/MA-Shop/security_ec_shop/index.py")
<div> <form method="POST"> <label for="address">Enter the addres to deliver your items: </label> <input id="address" name="address" maxlength="100" type="text" /> <button>Submit</button> </form> <p> Your items to be delivered: </p> </div> """ if os.getenv("REQUEST_METHOD") == 'GET': print(form) items = db.getCartItems(autenticate) if os.getenv("REQUEST_METHOD") == 'POST': deliveryAddress = parser.parseData(sys.stdin.read()) result = validator.validateAddress(deliveryAddress) if result == True: items = db.getCartItems(autenticate) db.clearCart(autenticate) print("""\ <div> <p> Your items will be delivered at: """ + deliveryAddress['address'] + """\ <br />List of items to be delivered: </p> </div> """) else: items = db.getCartItems(autenticate) print("""<div> <p> The address should contain only letters, numbers, dots or commas, anything else, we think is suspicious</p>