API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 3rd, 2019
122
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Ruby 2.54 KB | None | 0 0
raw download clone embed print report
  1.  
  2. require 'sinatra/base'
  3. require 'active_record'
  4. require 'digest/md5'
  5. require 'rack-session-sequel'
  6.  
  7.  
  8. class MassAssignExample3 < PBase
  9.  
  10.   def self.db
  11.     "massassign_example3"
  12.   end
  13.  
  14.   ActiveRecord::Base.configurations[db] = {
  15.       :adapter  => "mysql2",
  16.       :host     => "localhost",
  17.       :username => "pentesterlab",
  18.       :password => "pentesterlab",
  19.       :database => MassAssignExample3.db
  20.   }
  21.  
  22.   use Rack::Session::Sequel
  23.   SEED = "MagicS33d_MassAssignExample3"
  24.  
  25.   class User < ActiveRecord::Base
  26.     establish_connection  MassAssignExample3.db
  27.     belongs_to :company
  28.   end
  29.  
  30.   class Company < ActiveRecord::Base
  31.     establish_connection  MassAssignExample3.db
  32.     has_many :users
  33.   end
  34.  
  35.   configure {
  36.     recreate() if $dev
  37.     ActiveRecord::Base.establish_connection MassAssignExample3.db
  38.  
  39.     unless ActiveRecord::Base.connection.table_exists?("#{db}.users")
  40.       ActiveRecord::Migration.class_eval do
  41.         create_table "#{MassAssignExample3.db}.users" do |t|
  42.           t.string  :username
  43.           t.string  :password
  44.           t.string  :company_id
  45.         end
  46.       end
  47.     end
  48.  
  49.     unless ActiveRecord::Base.connection.table_exists?("#{db}.companies")
  50.       ActiveRecord::Migration.class_eval do
  51.         create_table "#{MassAssignExample3.db}.companies" do |t|
  52.           t.string  :name
  53.           t.text    :secret
  54.         end
  55.       end
  56.     end
  57.     company1 = Company.create(:name => "Company 1", :secret => "Company 1 secret")
  58.     company2 = Company.create(:name => "Company 2", :secret => "Company 2's secret, access not authorized for Company 1's users!!!")
  59.      
  60.     company1.users << User.create(:username => 'user1', :password => Digest::MD5.hexdigest(SEED+"pentesterlab"+SEED))
  61.   }
  62.  
  63.  
  64.   def self.path
  65.     "/massassign/example3/"
  66.   end
  67.  
  68.   set :views, File.join(File.dirname(__FILE__), 'example3', 'views')
  69.  
  70.   get '/' do
  71.     if params['username'] && params['password']
  72.       @user = User.where(:username => params['username'].to_s,
  73.           :password =>Digest::MD5.hexdigest(SEED+params['password'].to_s+SEED)).first
  74.       if @user
  75.         session[:user] = @user.id
  76.         return erb :index
  77.       end
  78.     elsif session[:user]
  79.       @user = User.find(session[:user])
  80.       return erb :index
  81.     end
  82.     erb :login
  83.   end
  84.  
  85.   get "/edit_profile" do
  86.     @user = User.find(session[:user].to_s)
  87.     erb :profile
  88.   end
  89.  
  90.   get "/update_profile" do
  91.     @user = User.find(session[:user].to_s)
  92.     @user.update_attributes(params[:user])
  93.     @user.save
  94.     erb :index
  95.   end
  96.  
  97.  
  98.  
  99. end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!