intro_hacking_ctf/web/app.py

39 lines
1.2 KiB
Python
Raw Normal View History

2024-02-20 15:28:12 +01:00
import sqlite3
import random
from flask import Flask, g, request, render_template, make_response
app = Flask(__name__)
def get_db():
db = getattr(g, '_database', None)
if db is None:
db = g._database = sqlite3.connect("./web.db")
return db
@app.route("/", methods = ['GET', 'POST'])
def root():
db = get_db()
2024-02-20 15:28:12 +01:00
user_cookie = request.cookies.get("userid")
if user_cookie is None:
user_cookie = str(random.randint(100000, 999999))
print(f"Userid was None, nieuw UID: {user_cookie}")
2024-02-20 15:28:12 +01:00
if request.method == "POST":
new_submission = request.form.get("text")
print(f"insert into posts values ({user_cookie},'{new_submission}');")
db.cursor().execute(f"insert into posts values ({user_cookie},'{new_submission}');")
db.commit()
2024-02-20 15:28:12 +01:00
posts = db.cursor().execute(f"select * from posts where userid = {user_cookie};").fetchall()
resp = make_response(render_template('./index.html', posts=posts))
resp.set_cookie("userid",str(user_cookie))
return resp
2024-02-20 15:28:12 +01:00
@app.teardown_appcontext
def close_connection(exception):
db = getattr(g, '_database', None)
if db is not None:
db.close()