def log_in(): if current_user.is_authenticated: return redirect(url_for('index')) form = LoginForm() if form.validate_on_submit(): username = request.form.get('username') password = request.form.get('password') db.valid_username(username) username_count = db.fetch_one() user = User() if not username_count[0]: flash('Login Unsuccessful. Username does not exist.', 'danger') return render_template('log_in.html', title='Login', form=form) db.get_password_from_username(username) check_password = db.fetch_one() if request.form.get('password') == check_password[0]: user.id = username login_user(user) flash('You have been logged in!', 'success') next_page = request.args.get('next') return redirect(next_page) if next_page else redirect( url_for('index')) else: flash('Login Unsuccessful. Please check username and password', 'danger') return render_template('log_in.html', title='Login', form=form)
def assign_employee_to_property(): try: if (current_user.title == "Branch Manager"): assign_map = {} form = AssignEmployeeToProperty() if form.validate_on_submit(): assign_map['employeeusername'] = request.form.get( 'employeeusername') assign_map['propertyname'] = request.form.get('propertyname') #ensure employee and property are from this branch manager's branch (country) db.get_property_country(assign_map['propertyname']) property_country = db.fetch_one() db.get_employee_country(assign_map['employeeusername']) employee_country = db.fetch_one() if employee_country == None: raise Exception("This user is not an employee!") if property_country == None: raise Exception("This property is not part of your branch") property_country = property_country[0] employee_country = employee_country[0] if (current_user.country != property_country): raise Exception( "This property is not part of your branch!") if (current_user.country != employee_country): raise Exception( "This employee is not part of your branch!") db.assign_employee_to_property(assign_map['employeeusername'], assign_map['propertyname']) db.commit() flash( 'Success! ' + assign_map['employeeusername'] + ' has been assigned to the property ' + assign_map['propertyname'], 'success') return render_template('assign_employee_to_property.html', form=form) else: abort(404) except Exception as e: db.close() db.new_connection() print(e) flash('Error: ' + str(e), 'danger') return render_template('assign_employee_to_property.html', form=form) return render_template('assign_employee_to_property.html', form=form)
def inject_stats(): db.get_total_users() total_users = db.fetch_one()[0] db.get_total_properties() total_properties = db.fetch_one()[0] db.get_total_completed_stays() total_completed_stays = db.fetch_one()[0] db.get_total_countrys() total_countrys = db.fetch_one()[0] return dict(total_users=total_users, total_properties=total_properties, total_completed_stays=total_completed_stays, total_countrys=total_countrys)
def user_properties(username): property_columns = [ 'propertyname', 'street_number', 'street_name', 'apt_number', 'province', 'postal_code', 'rent_rate', 'type', 'max_guests', 'number_beds', 'number_baths', 'accesible', 'pets_allowed', 'country', 'hostusername', 'picture' ] properties = [] db.get_users_properties(username) property_rows = db.fetch_all() for row in property_rows: property_map = {} for k in range(len(property_columns)): property_map[property_columns[k]] = row[k] properties.append(property_map) db.get_picture(username) host_picture = db.fetch_one()[0] return render_template('user_properties.html', properties=properties, host_picture=host_picture, username=username)
def validate_employeeusername(self, employeeusername): db.valid_username(employeeusername.data) employeeusername_count = db.fetch_one() if not employeeusername_count[0]: raise ValidationError("That employeeusername does not exist.") if " " in list(employeeusername.data): raise ValidationError("No whitespace in employeeusernames.")
def register(): if current_user.is_authenticated: return redirect(url_for('index')) account_details = {} form = RegistrationForm() try: user = User() if form.validate_on_submit(): account_details['first_name'] = request.form.get('first_name') account_details['middle_name'] = request.form.get('middle_name', default='NULL') account_details['last_name'] = request.form.get('last_name') account_details['username'] = request.form.get('username') account_details['password'] = request.form.get('password') account_details['street_number'] = request.form.get( 'street_number') account_details['street_name'] = request.form.get('street_name') account_details['apt_number'] = request.form.get('apt_number', default='NaN') account_details['postal_code'] = request.form.get('postal_code') account_details['date_of_birth'] = request.form.get( 'date_of_birth') account_details['country'] = request.form.get('country') account_details['province'] = request.form.get('province') account_details['email'] = request.form.get('email') account_details['phone_number'] = request.form.get('phone_number') #deal with weird cases for optional (can be null) arguments db.valid_country(account_details['country']) country_count = db.fetch_one() if not country_count[0]: raise Exception( 'Sorry, we are not operating in that country yet!') if account_details['middle_name'] == "": account_details['middle_name'] = "NULL" if account_details['apt_number'] == "": account_details['apt_number'] = "NaN" if account_details['country'] == "-1" or len( account_details['province']) == 0: raise Exception('Please enter a country or province') db.create_user( account_details['first_name'], account_details['middle_name'], account_details['last_name'], account_details['username'], account_details['password'], account_details['street_number'], account_details['street_name'], account_details['apt_number'], account_details['postal_code'], account_details['date_of_birth'], account_details['country'], account_details['province'], account_details['email'], account_details['phone_number']) flash(f'Account created for {form.username.data}!', 'success') db.commit() return redirect(url_for('index')) except Exception as e: db.close() db.new_connection() print(e) flash('Error: ' + str(e), 'danger') return render_template('register.html', title='Register', form=form) return render_template('register.html', title='Register', form=form)
def validate_branch_propertyname(self, propertyname): db.valid_propertyname(propertyname.data) propertyname_count = db.fetch_one() if not propertyname_count[0]: raise ValidationError( "That property does not exist, please choose another.") if " " in list(property_name.data): raise ValidationError("No whitespace in property names.")
def validate_username(self, username): db.valid_username(username.data) username_count = db.fetch_one() if username_count[0]: raise ValidationError( "That username is taken. Please choose another username.") if " " in list(username.data): raise ValidationError("No whitespace in usernames.")
def validate_property_name(self, property_name): db.valid_propertyname(property_name.data) propertyname_count = db.fetch_one() if propertyname_count[0]: raise ValidationError( "That property name is taken. Please choose another propertyname." ) if " " in list(property_name.data): raise ValidationError("No whitespace in property names.")
def analyze(self, callback): for pattern in self.list_patterns: try: db.query("SELECT DISTINCT ip FROM %s JOIN %s WHERE %s.id = %s.visitor_id AND REGEXP(?, HEX(%s)) == 1" %(tbl_visitor, tbl_request, tbl_visitor, tbl_request, pattern.field), [pattern.pattern]) while 1: data = db.fetch_one() if data: callback(data[0], self.action, "Shell_shock attack detected") else: break except: raise
def analyze(self, callback): for pattern in self.list_patterns: try: db.query("SELECT ip, count(*) FROM %s JOIN %s WHERE %s.id = %s.visitor_id AND REGEXP(?, HEX(%s)) == 1 GROUP BY %s.ip" %(tbl_visitor, tbl_request, tbl_visitor, tbl_request, pattern.field, tbl_visitor), [pattern.pattern]) while 1: data = db.fetch_one() if data: callback(data[0], self.action, pattern.description) else: break except: raise
def user_profile(username): user_columns = [ 'username', 'join_date', 'verified', 'about', 'languages', 'work', 'profile_picture' ] db.get_user(username) user_rows = db.fetch_one() if user_rows == None: abort(404) return user_map = {} for i, column in enumerate(user_rows, 0): user_map[user_columns[i]] = column return render_template('user_profile.html', user_map=user_map)
def analyze(self, callback): for pattern in self.list_patterns: try: db.query("SELECT ip, path FROM %s JOIN %s WHERE %s.id = %s.visitor_id AND REGEXP(?, HEX(%s)) == 1" %(tbl_visitor, tbl_request, tbl_visitor, tbl_request, pattern.field), [pattern.pattern]) while 1: data = db.fetch_one() if data: if pattern.pattern == "\.\./": lfi_file = re.search("[^&=]*\.\./[^&]*", data[1]).group(0) description = "LFI attack detected: Trying to read '%s'"%lfi_file else: description = "LFI attack detected: Using php filter" callback(data[0], self.action, description) else: break except: raise
def analyze(self, callback): """ Default analyze method for ATTACK modules It just search pattern in the field This method should be overwriten by modules, if need """ for pattern in self.list_patterns: try: db.query("SELECT ip, count(*) FROM %s JOIN %s WHERE %s.id = %s.visitor_id AND REGEXP(?, HEX(%s)) == 1 GROUP BY %s.ip" %(tbl_visitor, tbl_request, tbl_visitor, tbl_request, pattern.field, tbl_visitor), [pattern.pattern]) while 1: data = db.fetch_one() if data: callback(data[0], self.action, pattern.description) else: break except: raise
def _init_filter(self): # Get start time and stop time of log file start_time = QtCore.QDateTime() stop_time = QtCore.QDateTime() try: db.query("SELECT MIN(timestamp), MAX(timestamp) FROM %s;"%tbl_request) log_start_time, log_stop_time = db.fetch_one() except: raise DBError else: if log_start_time != None: start_time.setTime_t(log_start_time) self.filter_start_time.setDateTime(start_time) if log_stop_time != None: stop_time.setTime_t(log_stop_time) self.filter_stop_time.setDateTime(stop_time) self.update_filter(start=log_start_time, stop=log_stop_time) self.filter_ip.setText("") self.filter_path.setText("")
def index(): property_columns = [ 'propertyname', 'street_number', 'street_name', 'apt_number', 'province', 'postal_code', 'rent_rate', 'type', 'max_guests', 'number_beds', 'number_baths', 'accesible', 'pets_allowed', 'country', 'hostusername', 'picture' ] properties = [] db.get_homepage_properties() property_rows = db.fetch_all() for row in property_rows: property_map = {} for k in range(len(property_columns)): property_map[property_columns[k]] = row[k] properties.append(property_map) for prop in properties: db.get_picture(prop['hostusername']) picture = db.fetch_one()[0] prop['profile_picture'] = picture return render_template("homepage.html", properties=properties)
def user_loader(username): db.valid_username(username) username_count = db.fetch_one() user = User() if username_count[0]: user.id = username #do a bunch of initializations???? #peron table db.select_from_person(username, 'first_name') user.first_name = db.fetch_one()[0] db.select_from_person(username, 'middle_name') user.middle_name = db.fetch_one()[0] db.select_from_person(username, 'last_name') user.last_name = db.fetch_one()[0] db.select_from_person(username, 'password') user.password = db.fetch_one()[0] db.select_from_person(username, 'street_number') user.street_number = db.fetch_one()[0] db.select_from_person(username, 'street_name') user.street_name = db.fetch_one()[0] db.select_from_person(username, 'apt_number') user.apt_number = db.fetch_one()[0] db.select_from_person(username, 'postal_code') user.postal_code = db.fetch_one()[0] db.select_from_person(username, 'date_of_birth') user.date_of_birth = db.fetch_one()[0] db.select_from_person(username, 'country') user.country = db.fetch_one()[0] db.select_from_person(username, 'province') user.province = db.fetch_one()[0] db.select_from_person_email(username) user.email = db.fetch_all() db.select_from_person_phone(username) user.phone_number = db.fetch_all() #users table db.get_join_date(username) user.join_date = db.fetch_one()[0] db.get_verified(username) user.verified = db.fetch_one()[0] db.get_about(username) user.about = db.fetch_one()[0] db.get_languages(username) user.languages = db.fetch_one()[0] db.get_work(username) user.work = db.fetch_one()[0] db.get_picture(username) user.picture = db.fetch_one()[0] #check if admin db.check_admin(username) admin_count = db.fetch_one() if admin_count[0]: user.admin = True else: user.admin = False #check employee db.check_employee(username) employee_count = db.fetch_one() if employee_count[0]: user.employee = True #check what kind of employee db.get_title(username) user.title = db.fetch_one()[0] #get manager db.get_manager(username) user.manager = db.fetch_one()[0] else: user.employee = False return user return
def search(): property_columns = [ 'propertyname', 'street_number', 'street_name', 'apt_number', 'province', 'postal_code', 'rent_rate', 'type', 'max_guests', 'number_beds', 'number_baths', 'accesible', 'pets_allowed', 'country', 'hostusername', 'picture' ] form = SearchProperty() property_details = {} if form.validate_on_submit(): try: property_details['hostusername'] = request.form.get('hostusername', default='null') property_details['propertyname'] = request.form.get('propertyname', default='null') property_details['rent_rate'] = request.form.get('rent_rate', default='-1') property_details['country'] = request.form.get('country', default='null') property_details['province'] = request.form.get('province', default='null') property_details['property_type'] = request.form.get( 'property_type', default='null').lower() property_details['max_guests'] = request.form.get('max_guests', default='-1') property_details['number_beds'] = request.form.get('number_beds', default='-1') property_details['number_baths'] = request.form.get('number_baths', default='-1') property_details['accessible'] = request.form.get('accessible', default='null') property_details['pets_allowed'] = request.form.get('pets_allowed', default='null') #deal with weird cases for optional (can be null) arguments for key in property_details: if property_details[key] in ['null', '-1', 'None', ""]: property_details[key] = key else: property_details[key] = "'" + str( property_details[key]) + "'" properties = [] db.get_search_properties(property_details['hostusername'], property_details['propertyname'], property_details['rent_rate'], property_details['country'], property_details['province'], property_details['property_type'], property_details['max_guests'], property_details['number_beds'], property_details['number_baths'], property_details['accessible'], property_details['pets_allowed']) property_rows = db.fetch_all() for row in property_rows: property_map = {} for k in range(len(property_columns)): property_map[property_columns[k]] = row[k] properties.append(property_map) for prop in properties: db.get_picture(prop['hostusername']) picture = db.fetch_one()[0] prop['profile_picture'] = picture flash('Successful search. Here are your results:', 'success') return render_template("search_results.html", properties=properties) except Exception as e: db.close() db.new_connection() print(e) flash('Opps, something went wrong. Try again.', 'danger') return render_template("search.html", form=form)
def individual_property(propertyname): property_columns = [ 'propertyname', 'street_number', 'street_name', 'apt_number', 'province', 'postal_code', 'rent_rate', 'type', 'max_guests', 'number_beds', 'number_baths', 'accesible', 'pets_allowed', 'country', 'hostusername', 'picture' ] db.get_property(propertyname) property_rows = db.fetch_one() if property_rows == None: abort(404) return property_map = {} for i, column in enumerate(property_rows, 0): property_map[property_columns[i]] = column host_username = property_map['hostusername'] db.get_picture(host_username) host_picture = db.fetch_one()[0] form = AvailableDates() if request.method == 'POST': try: available_dates = {} available_dates['start_date'] = request.form.get('start_date') available_dates['end_date'] = request.form.get('end_date') if available_dates['start_date'] in [None, ""]: raise Exception("Please choose a Start Date") if available_dates['end_date'] in [None, ""]: raise Exception("Please choose an End Date") start_month, start_day, start_year = [ int(x) for x in str(available_dates['start_date']).split('/') ] end_month, end_day, end_year = [ int(x) for x in str(available_dates['end_date']).split('/') ] start_date = datetime.date(start_year, start_month, start_day) end_date = datetime.date(end_year, end_month, end_day) if start_date > end_date: raise Exception("Start date cannot be greater than end date!") date_difference = end_date - start_date if date_difference.days > 13: raise Exception( "You can only stay at one property for a maximum of 14 days!" ) delta = datetime.timedelta(days=1) dates = [] while start_date <= end_date: dates.append(start_date) start_date += delta taken_dates = db.check_dates(property_map['propertyname'], dates) if len(taken_dates) == 0: flash('The property is available during those dates!', 'success') else: error_message = "" for date in taken_dates: error_message += date.strftime('%Y-%m-%d') + ", " flash( 'Sorry, the property is not available on the following dates: ' + error_message, 'danger') except Exception as e: db.close() db.new_connection() flash('Error: ' + str(e), 'danger') return render_template('property.html', property_map=property_map, host_picture=host_picture, form=form)