Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from flask import Flask, request
- import sqlite3
- import json
- # Prepare db
- db = sqlite3.connect('temporary_db.sqlite')
- db.execute("CREATE TABLE IF NOT EXISTS users (username text PRIMARY KEY, password text);")
- db.execute("INSERT OR IGNORE INTO users (username, password) VALUES ('admin', '123456');")
- db.commit()
- db.close()
- # Create server
- app = Flask(__name__)
- @app.route('/')
- def home():
- return '''<!DOCTYPE html>
- <html>
- <head>
- <title>Hack me!</title>
- </head>
- <body>
- <center>
- <form action="/login">
- <input placeholder="Username" type="text" name="user" /><br/><br/>
- <input placeholder="Password" type="text" name="pass" /><br/><br/>
- <input type="submit" value="Login!" /><br/>
- </form>
- </center>
- </body>
- </html
- '''
- @app.route('/login')
- def login():
- db = sqlite3.connect('temporary_db.sqlite') # Open db
- result = []
- username = request.args.get('user')
- password = request.args.get('pass')
- query = "SELECT username FROM users WHERE username='" + username + "' and password='" + password + "';"
- result.append("Running query: " + query + "\n")
- cursor = db.cursor()
- cursor.execute(query)
- query_result = cursor.fetchall()
- result.append(str(len(query_result)) + " results: " + json.dumps(query_result))
- if len(query_result) == 0:
- result.append("Bad user/pass, no session for you >:(")
- else:
- result.append("Welcome " + query_result[0][0] + " ;)")
- return '\n<br/>'.join(result)
- ## Start server
- app.run(port=8888, debug=True)
Add Comment
Please, Sign In to add comment