Human_Interface_Computing_Project/product.py at main · BCuthbert/Human_Interface_Computing_Project · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
from flask import Flask, jsonify
from flask_cors import CORS
from flask import request
import json
import csv
import hashlib
import re


app = Flask(__name__)
CORS(app)


def readCSV():
    pairs = []
    with open("authenticate.csv", newline='') as file:
        spam = csv.reader(file, delimiter=',')
        for line in spam:
            pairs.append(line)
        return pairs


def writeCSV(pairs):
    with open("authenticate.csv", "w", newline='') as file:
        for pair in pairs:
            file.write(pair[0] + "," + pair[1])
            file.write("\n")


def encrypt(password):
    encoded = password.encode()
    hashed = hashlib.sha256(encoded).hexdigest()
    encoded2 = hashed.encode()
    hashed2 = hashlib.sha256(encoded2).hexdigest()
    return hashed2


# default: admin, password
@app.route('/auth')
def authenticate():
    username = request.args.get("username")
    password = request.args.get("password")
    print(encrypt(password))
    encrypted = encrypt(password)
    data = readCSV()
    flag = False
    for pairs in data:
        if pairs[0] == username:
            if pairs[1] == encrypted:
                print("FOUND USER____________")
                loginMess = "Logged in, " + pairs[0]
                flag = True
            else:
                print("INCORRECT PASSWORD_____________")
    if not flag:
        print("USER NOT FOUND__________")
        loginMess = "Incorrect username or password."
        return jsonify({"found": False, "username": username, "loginmsg": loginMess})
    else:
        return jsonify({"found": True, "username": username, "loginmsg": loginMess})

@app.route('/new')
def newAcc():
    username = request.args.get("username")
    password = request.args.get("password");
    regex = re.compile("[@_!#$%^&*()<>?/|}{~:]")
    if (regex.search(password) == None): # if no special characters
        return jsonify({"special": False})
    data = readCSV()
    for pair in data:
        print(pair[0])
        if pair[0] == username:
            print("FLAG:" + pair[0])
            return jsonify({"success": False})
    data.append([username,encrypt(password)])
    writeCSV(data)
    return jsonify({"success": True, "special": True})


if __name__ == "__main__":
    app.run(host='0.0.0.0', port=5000)