Created
February 27, 2024 17:28
-
-
Save ProfAndreaPollini/861a212ec4c0a1d1c7c56cd8f4a244b8 to your computer and use it in GitHub Desktop.
webapp flask con autenticazione semplice
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from flask import Flask, redirect, render_template, request, url_for,session,g | |
| import sqlite3 as sq | |
| import hashlib | |
| app = Flask(__name__) | |
| USERNAME = "pippo" | |
| PASSWORD = "pippo" | |
| app.secret_key = b'_5#y2L"F4Q8z\n\xec]/' | |
| def check_password(db,username, password): | |
| if db is None: | |
| return False | |
| cur = db.cursor() | |
| cur.execute("SELECT password FROM users WHERE username = ?", (username,)) | |
| user = cur.fetchone() | |
| if user is None: | |
| return False | |
| return user[0] == password | |
| @app.route("/") | |
| def hello_world(): | |
| return "<p>Hello, World 2!</p>" | |
| @app.before_request | |
| def before_request(): | |
| db = sq.connect("users.db") | |
| g.db = db | |
| @app.after_request | |
| def after_request(response): | |
| g.db.close() | |
| return response | |
| @app.get("/me") | |
| def me(): | |
| if "username" in session: | |
| username = session["username"] | |
| return render_template("private_page.html", username=username) | |
| else: | |
| return redirect(url_for("login")) | |
| @app.post("/logout") | |
| def logout(): | |
| session.pop("username", None) | |
| return redirect(url_for("login")) | |
| @app.route("/login", methods=["GET", "POST"]) | |
| def login(): | |
| if request.method == "GET": | |
| return render_template('login.html') | |
| else: | |
| username = request.form["username"] | |
| password = request.form["password"] | |
| password = hashlib.sha256(password.encode()).hexdigest() | |
| db = g.db | |
| if check_password(db,username, password): | |
| session["username"] = username | |
| return redirect(url_for("me")) | |
| else: | |
| return "<p>Wrong username or password</p>" | |
| if __name__ == "__main__": | |
| app.run(debug=True) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- SQLite DB creation script | |
| CREATE TABLE IF NOT EXISTS users ( | |
| id INTEGER PRIMARY KEY AUTOINCREMENT, | |
| username TEXT NOT NULL, | |
| password TEXT NOT NULL, | |
| created_at DATETIME DEFAULT CURRENT_TIMESTAMP | |
| ); | |
| -- example data | |
| INSERT INTO users ( username, password) | |
| VALUES ('pippo', 'pluto'); | |
| UPDATE users SET password ='c48b4df565b0c96f84fedf18f26596ed40aa9f46f11021af7125d34d1d3acffe' WHERE username = 'pippo'; | |
| INSERT INTO users ( username, password) | |
| VALUES ('admin', '8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918'); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment