Skip to content

Instantly share code, notes, and snippets.

@VorontsovIE
Created February 26, 2019 21:35
Show Gist options
  • Save VorontsovIE/f1af96c7e562c7447b54f90873b1f335 to your computer and use it in GitHub Desktop.
Save VorontsovIE/f1af96c7e562c7447b54f90873b1f335 to your computer and use it in GitHub Desktop.
Whitebox
import hashlib
import random
from bottle import get, post, run, template, request, response
def valid_session_id(session_id):
return len(session_id) == 32
def generate_session_id():
chars = [chr(ord('a')+i) for i in range(26)] + [str(i) for i in range(10)]
return ''.join([random.choice(chars) for _ in range(32)])
@get('/whitebox')
def login_form():
return '''
<html><head><meta charset="utf-8"></head>
<body><form action="/whitebox" method="POST">
<div><label for="name">Имя: </label><input type="text" name="name"></div>
<div><label for="password">Пароль: </label><input type="password" name="password"></div>
<div><input type="submit" value="Sign in"></div>
</form></body></html>
'''
@post('/whitebox')
def login():
digest = '412804fb97b101e1df2840ba6c55953a9a24868e'
password = request.forms.getunicode('password')
password_hash = hashlib.sha1(password.encode('utf8')).hexdigest()
if (password_hash == digest) or valid_session_id(request.get_cookie('session_id', '')):
response.set_cookie('session_id', generate_session_id())
name = request.forms.getunicode('name')
print(f'{name} signed in.')
return template('''
<html><head><meta charset="utf-8"></head>
<body><b>Hey, {{name}}</b>!</body></html>
''', name=name)
return '''
<html><head><meta charset="utf-8"></head>
<body><b>You failed to login</b>!</body></html>
'''
run(host='0.0.0.0', port=8010)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment