-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathindex.py
More file actions
118 lines (94 loc) · 2.96 KB
/
index.py
File metadata and controls
118 lines (94 loc) · 2.96 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
from flask import Flask, jsonify
from flask_cors import CORS
from flask import request
import json
import csv
import hashlib
import re
app = Flask(__name__)
CORS(app)
user = {
"name": None,
"isLoggedIn": None,
}
def readCSV(fileRead):
pairs = []
with open(fileRead, newline='') as file:
spam = csv.reader(file, delimiter=',')
for line in spam:
pairs.append(line)
return pairs
def writeCSV(pairs):
with open("authenticate.csv", "w", newline='') as file:
for pair in pairs:
file.write(pair[0] + "," + pair[1])
file.write("\n")
def encrypt(password):
encoded = password.encode()
hashed = hashlib.sha256(encoded).hexdigest()
encoded2 = hashed.encode()
hashed2 = hashlib.sha256(encoded2).hexdigest()
return hashed2
# default: admin, password
@app.route('/auth')
def authenticate():
username = request.args.get("username")
password = request.args.get("password")
print(encrypt(password))
encrypted = encrypt(password)
data = readCSV('authenticate.csv')
flag = False
for pairs in data:
if pairs[0] == username:
if pairs[1] == encrypted:
print("FOUND USER____________")
loginMess = "Logged in, " + pairs[0]
flag = True
else:
print("INCORRECT PASSWORD_____________")
if not flag:
print("USER NOT FOUND__________")
loginMess = "Incorrect username or password."
user["isLoggedIn"] = False
return jsonify({"found": False, "username": username, "loginmsg": loginMess})
else:
user["name"] = username
user["isLoggedIn"] = True
return jsonify({"found": True, "username": username, "loginmsg": loginMess})
@app.route('/new')
def newAcc():
username = request.args.get("username")
password = request.args.get("password");
regex = re.compile("[@_!#$%^&*()<>?/|}{~:]")
if (regex.search(password) == None): # if no special characters
return jsonify({"special": False})
data = readCSV('authenticate.csv')
for pair in data:
print(pair[0])
if pair[0] == username:
print("FLAG:" + pair[0])
return jsonify({"success": False})
data.append([username,encrypt(password)])
writeCSV(data)
user["name"] = username
user["isLoggedIn"] = True
return jsonify({"success": True, "special": True})
@app.route('/isLoggedIn')
def checkLoggedIn():
if user["isLoggedIn"]:
return jsonify({"username": user["name"]});
return jsonify({"username": None})
@app.route('/logout')
def logout():
if user["isLoggedIn"]:
user["isLoggedIn"] = False
user["name"] = None
return jsonify({"success": True})
else:
return jsonify({"success": False})
@app.route('/blogposts')
def getBlogs():
data = readCSV('blogs.csv')
return jsonify({"data": data})
if __name__ == "__main__":
app.run(host='0.0.0.0', port=5000)