submissions werken nu.
bonus feature: sql injection mogelijk
This commit is contained in:
parent
5e1d42b7d4
commit
c7dda63391
3 changed files with 17 additions and 12 deletions
24
web/app.py
24
web/app.py
|
@ -12,23 +12,27 @@ def get_db():
|
||||||
|
|
||||||
@app.route("/", methods = ['GET', 'POST'])
|
@app.route("/", methods = ['GET', 'POST'])
|
||||||
def root():
|
def root():
|
||||||
request
|
db = get_db()
|
||||||
user_cookie = request.cookies.get("userid")
|
user_cookie = request.cookies.get("userid")
|
||||||
|
if user_cookie is None:
|
||||||
|
user_cookie = str(random.randint(100000, 999999))
|
||||||
|
print(f"Userid was None, nieuw UID: {user_cookie}")
|
||||||
|
|
||||||
if request.method == "POST":
|
if request.method == "POST":
|
||||||
print(str(request.form))
|
new_submission = request.form.get("text")
|
||||||
if request.method == "GET":
|
print(f"insert into posts values ({user_cookie},'{new_submission}');")
|
||||||
posts = get_db().cursor().execute(f"select * from posts").fetchall()
|
db.cursor().execute(f"insert into posts values ({user_cookie},'{new_submission}');")
|
||||||
|
db.commit()
|
||||||
|
|
||||||
resp = make_response(render_template('./index.html', posts=posts))
|
|
||||||
if user_cookie is None:
|
|
||||||
resp.set_cookie("userid", str(random.randint(100000, 999999)))
|
|
||||||
return resp
|
|
||||||
|
|
||||||
return "YES"
|
posts = db.cursor().execute(f"select * from posts where userid = {user_cookie};").fetchall()
|
||||||
|
resp = make_response(render_template('./index.html', posts=posts))
|
||||||
|
resp.set_cookie("userid",str(user_cookie))
|
||||||
|
return resp
|
||||||
|
|
||||||
|
|
||||||
@app.teardown_appcontext
|
@app.teardown_appcontext
|
||||||
def close_connection(exception):
|
def close_connection(exception):
|
||||||
db = getattr(g, '_database', None)
|
db = getattr(g, '_database', None)
|
||||||
if db is not None:
|
if db is not None:
|
||||||
db.close()
|
db.close()
|
||||||
|
|
||||||
|
|
|
@ -9,7 +9,8 @@
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
<form method="POST">
|
<form method="POST">
|
||||||
<input type="text"/>
|
<label for="text">Enter new submission:</label>
|
||||||
|
<input type="text" name="text" />
|
||||||
<input type="submit"/>
|
<input type="submit"/>
|
||||||
|
|
||||||
</form>
|
</form>
|
||||||
|
@ -18,4 +19,4 @@
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
{% endautoescape %}
|
{% endautoescape %}
|
||||||
|
|
BIN
web/web.db
BIN
web/web.db
Binary file not shown.
Loading…
Reference in a new issue