From c7dda63391e87d93bdb46da0148a2b23617bf3fd Mon Sep 17 00:00:00 2001
From: lverherb <laurenz.verherbrugghen@ugent.be>
Date: Wed, 21 Feb 2024 16:52:20 +0100
Subject: [PATCH] submissions werken nu. bonus feature: sql injection mogelijk

---
 web/app.py               |  24 ++++++++++++++----------
 web/templates/index.html |   5 +++--
 web/web.db               | Bin 8192 -> 8192 bytes
 3 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/web/app.py b/web/app.py
index ed2bbaa..8269377 100644
--- a/web/app.py
+++ b/web/app.py
@@ -12,23 +12,27 @@ def get_db():
 
 @app.route("/", methods = ['GET', 'POST'])
 def root():
-    request
+    db = get_db()
     user_cookie = request.cookies.get("userid")
+    if user_cookie is None:
+        user_cookie = str(random.randint(100000, 999999))
+        print(f"Userid was None, nieuw UID: {user_cookie}")
+
     if request.method == "POST":
-        print(str(request.form))
-    if request.method == "GET":
-        posts = get_db().cursor().execute(f"select * from posts").fetchall()
+        new_submission = request.form.get("text")
+        print(f"insert into posts values ({user_cookie},'{new_submission}');")
+        db.cursor().execute(f"insert into posts values ({user_cookie},'{new_submission}');")
+        db.commit()
 
-        resp = make_response(render_template('./index.html', posts=posts))
-        if user_cookie is None:
-            resp.set_cookie("userid", str(random.randint(100000, 999999)))
-        return resp
 
-    return "YES"
+    posts = db.cursor().execute(f"select * from posts where userid = {user_cookie};").fetchall()
+    resp = make_response(render_template('./index.html', posts=posts))
+    resp.set_cookie("userid",str(user_cookie))
+    return resp
+
 
 @app.teardown_appcontext
 def close_connection(exception):
     db = getattr(g, '_database', None)
     if db is not None:
         db.close()
-
diff --git a/web/templates/index.html b/web/templates/index.html
index cb850e1..e902aa7 100644
--- a/web/templates/index.html
+++ b/web/templates/index.html
@@ -9,7 +9,8 @@
 </head>
 <body>
     <form method="POST">
-        <input type="text"/>
+        <label for="text">Enter new submission:</label>
+        <input type="text" name="text" />
         <input type="submit"/>
         
     </form>
@@ -18,4 +19,4 @@
         {% endfor %}
 </body>
 </html>
-{% endautoescape %}
\ No newline at end of file
+{% endautoescape %}
diff --git a/web/web.db b/web/web.db
index cefae12bdc9ac95a2d075ff0768f9adbbaec513d..9159e5e4e1f84e5278d586c0b4228c97d80ed846 100644
GIT binary patch
delta 91
zcmZp0XmFSy&B!@X#+jd!L9eWnmw|zSk$)Eh|E|q~0zUkcckz1(u<_4l;Qz$`oc|90
qZvM6W^MNwm{4zXj%*>K(a}5%cl2cOCcvvC4tkm4Z+{DSd<y`?g^%%VX

delta 61
zcmZp0XmFSy&B#7c#+jd;K`&m0mw|zSk$)Eh|E|r70zUkcckz4iu<-9@;Qz$`oc|90
QZlGu#|HKB}$-CuU0n+dhPXGV_