Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- require 'sinatra/base'
- require 'active_record'
- require 'digest/md5'
- require 'rack-session-sequel'
- class MassAssignExample3 < PBase
- def self.db
- "massassign_example3"
- end
- ActiveRecord::Base.configurations[db] = {
- :adapter => "mysql2",
- :host => "localhost",
- :username => "pentesterlab",
- :password => "pentesterlab",
- :database => MassAssignExample3.db
- }
- use Rack::Session::Sequel
- SEED = "MagicS33d_MassAssignExample3"
- class User < ActiveRecord::Base
- establish_connection MassAssignExample3.db
- belongs_to :company
- end
- class Company < ActiveRecord::Base
- establish_connection MassAssignExample3.db
- has_many :users
- end
- configure {
- recreate() if $dev
- ActiveRecord::Base.establish_connection MassAssignExample3.db
- unless ActiveRecord::Base.connection.table_exists?("#{db}.users")
- ActiveRecord::Migration.class_eval do
- create_table "#{MassAssignExample3.db}.users" do |t|
- t.string :username
- t.string :password
- t.string :company_id
- end
- end
- end
- unless ActiveRecord::Base.connection.table_exists?("#{db}.companies")
- ActiveRecord::Migration.class_eval do
- create_table "#{MassAssignExample3.db}.companies" do |t|
- t.string :name
- t.text :secret
- end
- end
- end
- company1 = Company.create(:name => "Company 1", :secret => "Company 1 secret")
- company2 = Company.create(:name => "Company 2", :secret => "Company 2's secret, access not authorized for Company 1's users!!!")
- company1.users << User.create(:username => 'user1', :password => Digest::MD5.hexdigest(SEED+"pentesterlab"+SEED))
- }
- def self.path
- "/massassign/example3/"
- end
- set :views, File.join(File.dirname(__FILE__), 'example3', 'views')
- get '/' do
- if params['username'] && params['password']
- @user = User.where(:username => params['username'].to_s,
- :password =>Digest::MD5.hexdigest(SEED+params['password'].to_s+SEED)).first
- if @user
- session[:user] = @user.id
- return erb :index
- end
- elsif session[:user]
- @user = User.find(session[:user])
- return erb :index
- end
- erb :login
- end
- get "/edit_profile" do
- @user = User.find(session[:user].to_s)
- erb :profile
- end
- get "/update_profile" do
- @user = User.find(session[:user].to_s)
- @user.update_attributes(params[:user])
- @user.save
- erb :index
- end
- end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement