from flask import ( Flask, request, render_template_string, session, redirect, send_file ) from random import SystemRandom import sqlite3 import os app = Flask(__name__) app.secret_key = os.getenv('FLASK_KEY') rand = SystemRandom() allowed_characters = set( 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ123456789' ) def execute(query): con = sqlite3.connect('db/db.sqlite3') cur = con.cursor() cur.execute(query) con.commit() return cur.fetchall() def generate_token(): return ''.join( rand.choice(list(allowed_characters)) for _ in range(32) ) def create_user(username, password): if any(c not in allowed_characters for c in username): return (False, 'Alphanumeric usernames only, please.') if len(username) < 1: return (False, 'Username is too short.') if len(password) > 50: return (False, 'Password is too long.') other_users = execute( f'SELECT * FROM users WHERE username=\'{username}\';' ) if len(other_users) > 0: return (False, 'Username taken.') execute( 'INSERT INTO users (username, password)' f'VALUES (\'{username}\', \'{password}\');' ) return (True, '') def check_login(username, password): if any(c not in allowed_characters for c in username): return False correct_password = execute( f'SELECT password FROM users WHERE username=\'{username}\';' ) if len(correct_password) < 1: return False return correct_password[0][0] == password @app.route('/', methods=['GET', 'POST']) def login(): error = '' if request.method == 'POST': valid_login = check_login( request.form['username'], request.form['password'] ) if valid_login: session['username'] = request.form['username'] return redirect('/message') error = 'Incorrect username or password.' if 'username' in session: return redirect('/message') return render_template_string('''
Log in to see Aaron's message!
{{ error }}
RegisterRegister!
{{ error }}