Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from flask import Flask, render_template, request, render_template_string
- import MySQLdb
- app = Flask(__name__)
- def filter(inStr):
- filters = ['\'','"']
- for i in filters:
- inStr = inStr.replace(i,'\\' + i)
- return inStr
- @app.route('/')
- def main():
- return render_template('index.html')
- @app.route('/login', methods=['GET'])
- def login():
- return render_template('login.html')
- @app.route('/login', methods=['POST'])
- def login_submit():
- _user = filter(request.form['user'])
- _pw = filter(request.form['pass'])
- if _user and _pw:
- db = MySQLdb.connect("localhost", "****", "****","****")
- cur = db.cursor()
- query = "SELECT * FROM users WHERE user='%s' and pass='%s'" % (_user, _pw)
- cur.execute(query)
- data = cur.fetchall()
- if len(data):
- return render_template_string("HI %s" % _user)
- else:
- return render_template_string("Invalid Credentials<br><a href=\"/\">Return</a>")
- else:
- return render_template('login.html')
- @app.route('/register', methods=['GET'])
- def register():
- return render_template('register.html')
- @app.route('/register', methods=['POST'])
- def register_submit():
- _user = filter(request.form['user'])
- _pw = filter(request.form['pass'])
- if _user and _pw:
- db = MySQLdb.connect("localhost", "****", "****","****")
- cur = db.cursor()
- query = "SELECT * FROM users WHERE user='%s'" % (_user)
- cur.execute(query)
- data = cur.fetchall()
- if len(data):
- return render_template_string("User Exists!!!<br><a href=\"/\">Return</a>")
- else:
- query = "INSERT INTO users (user, pass) VALUES ('%s', '%s')" % (_user, _pw)
- cur.execute(query)
- db.commit()
- return render_template_string("Users Added!!!<br><a href=\"/\">Return</a>")
- if __name__ == '__main__':
- app.run(host='0.0.0.0', threaded=True)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
