submissions werken nu.
bonus feature: sql injection mogelijk
This commit is contained in:
parent
5e1d42b7d4
commit
c7dda63391
3 changed files with 17 additions and 12 deletions
24
web/app.py
24
web/app.py
|
@ -12,23 +12,27 @@ def get_db():
|
|||
|
||||
@app.route("/", methods = ['GET', 'POST'])
|
||||
def root():
|
||||
request
|
||||
db = get_db()
|
||||
user_cookie = request.cookies.get("userid")
|
||||
if request.method == "POST":
|
||||
print(str(request.form))
|
||||
if request.method == "GET":
|
||||
posts = get_db().cursor().execute(f"select * from posts").fetchall()
|
||||
|
||||
resp = make_response(render_template('./index.html', posts=posts))
|
||||
if user_cookie is None:
|
||||
resp.set_cookie("userid", str(random.randint(100000, 999999)))
|
||||
user_cookie = str(random.randint(100000, 999999))
|
||||
print(f"Userid was None, nieuw UID: {user_cookie}")
|
||||
|
||||
if request.method == "POST":
|
||||
new_submission = request.form.get("text")
|
||||
print(f"insert into posts values ({user_cookie},'{new_submission}');")
|
||||
db.cursor().execute(f"insert into posts values ({user_cookie},'{new_submission}');")
|
||||
db.commit()
|
||||
|
||||
|
||||
posts = db.cursor().execute(f"select * from posts where userid = {user_cookie};").fetchall()
|
||||
resp = make_response(render_template('./index.html', posts=posts))
|
||||
resp.set_cookie("userid",str(user_cookie))
|
||||
return resp
|
||||
|
||||
return "YES"
|
||||
|
||||
@app.teardown_appcontext
|
||||
def close_connection(exception):
|
||||
db = getattr(g, '_database', None)
|
||||
if db is not None:
|
||||
db.close()
|
||||
|
||||
|
|
|
@ -9,7 +9,8 @@
|
|||
</head>
|
||||
<body>
|
||||
<form method="POST">
|
||||
<input type="text"/>
|
||||
<label for="text">Enter new submission:</label>
|
||||
<input type="text" name="text" />
|
||||
<input type="submit"/>
|
||||
|
||||
</form>
|
||||
|
|
BIN
web/web.db
BIN
web/web.db
Binary file not shown.
Loading…
Reference in a new issue