API tools faq
paste
Advertisement
Guest User

Routes

a guest
May 30th, 2022
142
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 6.36 KB | None | 0 0
raw download clone embed print report
  1. from flask import Flask, render_template, redirect, url_for, request, session
  2. from flask_mysqldb import MySQL
  3. import MySQLdb.cursors
  4. from app import app
  5. import time
  6. import subprocess
  7. import random
  8. import re
  9.  
  10.  
  11. app.config['MYSQL_HOST'] = '10.5.0.10'
  12. app.config['MYSQL_USER'] = 'dbpad'
  13. app.config['MYSQL_PASSWORD'] = 'padteamc03'
  14. app.config['MYSQL_DB'] = 'team_c'
  15. SERVER_NAME = 'docker.net:443'
  16.  
  17. app.secret_key = '123'
  18. mysql = MySQL(app)
  19.  
  20.  
  21.  
  22. @app.route('/', methods= ['GET', 'POST'])
  23. def index():
  24.     # Output message if something goes wrong...
  25.     msg = ''
  26.     # Check if "username", "password" and "email" POST requests exist (user submitted form)
  27.     if request.method == 'POST' and 'username' in request.form and 'password' in request.form:
  28.         # Create variables for easy access
  29.         username = request.form['username']
  30.         password = request.form['password']
  31.     elif request.method == 'POST':
  32.         # Form is empty... (no POST data)
  33.         msg = 'Please fill out the form!'
  34.     # Show registration form with message (if any)
  35.         return render_template('register.html', msg=msg)
  36.      # Check if account exists using MySQL
  37.     if request.method == 'POST':
  38.         cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor)
  39.         cursor.execute('SELECT * FROM user WHERE username = %s', (username,))
  40.         account = cursor.fetchone()
  41.     # If account exists show error and validation checks
  42.         if account:
  43.             msg = 'Account already exists!'
  44.         elif not re.match(r'[A-Za-z0-9]+', username):
  45.             msg = 'Username must contain only characters and numbers!'
  46.         elif not username or not password:
  47.             msg = 'Please fill out the form!'
  48.         else:
  49.             # Account doesnt exists and the form data is valid, now insert new account into accounts table
  50.             cursor.execute('INSERT INTO user VALUES (%s, %s)', (username, password,))
  51.             mysql.connection.commit()
  52.             msg = 'You have successfully registered!'
  53.             return redirect(url_for('login'))
  54.     return render_template('register.html', msg=msg)
  55. @app.route('/login', methods= ['GET', 'POST'])
  56. def login():
  57.     # Output message if something goes wrong...
  58.     msg = ''
  59.     # Check if "username" and "password" POST requests exist (user submitted form)
  60.     if request.method == 'POST' and 'username' in request.form and 'password' in request.form:
  61.         # Create variables for easy access
  62.         username = request.form['username']
  63.         password = request.form['password']
  64.         # Check if account exists using MySQL
  65.         cursor = mysql.connection.cursor(MySQLdb.cursors.DictCursor)
  66.         cursor.execute('SELECT * FROM user WHERE username = %s AND password = %s', (username, password,))
  67.         # Fetch one record and return result
  68.         account = cursor.fetchone()
  69.         # If account exists in user table in out database
  70.         if account:
  71.             # Create session data, we can access this data in other routes
  72.             session['loggedin'] = True
  73.             session['username'] = account['username']
  74.             # Redirect to home page
  75.             return redirect(url_for('welcome'))
  76.         else:
  77.             # Account doesnt exist or username/password incorrect
  78.             msg = 'Incorrect username/password!'
  79.     # Show the login form with message (if any)
  80.     return render_template('login.html', msg=msg)
  81.  
  82.  
  83. @app.route('/welcome', methods= ['GET', 'POST'])
  84. def welcome():
  85.     print(session.keys())
  86.     if session['loggedin'] == True:
  87.         # User is loggedin show them the home page
  88.         return render_template('welcome.html', htmlvar=session['username'])
  89.     # User is not loggedin redirect to login page
  90.     return redirect(url_for('login'))
  91.  
  92.  
  93. @app.route('/challenges')
  94. def challenges():
  95.     if session['loggedin'] == True:
  96.         return render_template('challenges.html')
  97.  
  98.  
  99. @app.route('/challenge1')
  100. def challenge1():
  101.     while True:
  102.         eport = str(random.choice(range(50500, 51000))) #zelf range bepalen
  103.         proc = subprocess.Popen(['python3', '/var/www/apache-flask/scripts/challenge1.py', eport])
  104.         returncode = proc.wait()
  105.         if returncode == 0:
  106.             break
  107.         #print(stdout)
  108.     time.sleep(3)
  109.     return redirect(f'http://localhost:{eport}')
  110.  
  111. @app.route('/challenge2')
  112. def challenge2():
  113.     while True:
  114.         eport = str(random.choice(range(51000, 51500))) #zelf range bepalen
  115.         proc = subprocess.Popen(['python3', '/var/www/apache-flask/scripts/challenge2.py', eport])
  116.         returncode = proc.wait()
  117.         if returncode == 0:
  118.             break
  119.     time.sleep(3)
  120.     return redirect(f'http://localhost:{eport}')
  121.  
  122. @app.route('/challenge3')
  123. def challenge3():
  124.     while True:
  125.         eport = str(random.choice(range(51500, 52000))) #zelf range bepalen
  126.         proc = subprocess.Popen(['python3', '/var/www/apache-flask/scripts/challenge3.py', eport])
  127.         returncode = proc.wait()
  128.         if returncode == 0:
  129.             break
  130.     time.sleep(3)
  131.     return redirect(f'http://localhost:{eport}')
  132. @app.route('/challenge4')
  133. def challenge4():
  134.     while True:
  135.         eport = str(random.choice(range(52000, 52500))) #zelf range bepalen
  136.         proc = subprocess.Popen(['python3', '/var/www/apache-flask/scripts/challenge4.py', eport])
  137.         returncode = proc.wait()
  138.         if returncode == 0:
  139.             break
  140.     time.sleep(3)
  141.     return redirect(f'http://localhost:{eport}')
  142.  
  143. @app.route('/challenge5')
  144. def challenge5():
  145.     while True:
  146.         eport = str(random.choice(range(52500, 53000))) #zelf range bepalen
  147.         proc = subprocess.Popen(['python3', '/var/www/apache-flask/scripts/challenge5.py', eport])
  148.         returncode = proc.wait()
  149.         if returncode == 0:
  150.             break
  151.     time.sleep(3)
  152.     return redirect(f'http://localhost:{eport}')
  153.  
  154. @app.route('/challenge6')
  155. def challenge6():
  156.     while True:
  157.         eport = str(random.choice(range(50500, 51000))) #zelf range bepalen
  158.         proc = subprocess.Popen(['python3', '/var/www/apache-flask/scripts/challenge6.py', eport])
  159.         returncode = proc.wait()
  160.         if returncode == 0:
  161.             break
  162.     time.sleep(3)
  163.     return redirect(f'http://localhost:{eport}')
  164. @app.route('/nonoflag')
  165. def flag():
  166.     return render_template('flag_page.html')
  167.  
  168. if __name__ == "__main__":
  169.     app.run(ssl_context=('certificate.pem', 'key.pem'))
  170.  
  171.  
  172.  
  173.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!