def register(): cnx = database.connect_sql() username = request.form.get('register_user') password = request.form.get('register_pass') register_status = database.register_user(cnx, username=username, password=password) cnx.close() return register_status
def change_pass(): cnx = database.connect_sql() user_id = session.get('id') old_pass = request.form.get('old_pass') new_pass = request.form.get('new_pass') change_pass_status = database.update_pass(cnx, user_id=user_id, old_pass=old_pass, new_pass=new_pass) cnx.close() return change_pass_status
def login(): """ There is a security vulnerability here due to login check with a simple boolean value dont use it on real life applications. Request can be simply intercepted and response can be manipulated as true instead of false :) """ cnx = database.connect_sql() username = request.form.get('username') print(username) password = request.form.get('password') print(password) login_status = json.loads( database.login_check(cnx, username=username, password=password)) if login_status['info'] == "access denied": return login_status cnx.close() else: session['id'] = login_status['info']['user_id'] print(session.get('id')) return jsonify({"login": login_status})
from flask import Flask, jsonify, request, session import pprint from binance.client import Client from binance.enums import * import asyncio from binance import AsyncClient, BinanceSocketManager import database import json import config testnet_key = config.testnet_key testnet_secret_key = config.testnet_secret_key client = Client(testnet_key, testnet_secret_key, testnet=True) connection = database.connect_sql() app = Flask(__name__) app.secret_key = 'thisisournonsecretkey' @app.route('/openLimitOrder', methods=['POST']) def open_limit_order(): try: user_id = request.form.get("user_id") wallet_amount = json.loads( database.get_wallet_amount(connection=connection, user_id=user_id)) print('Wallet: ', wallet_amount) symbol = request.form.get("symbol") print('symbol: ', symbol)