Created
February 26, 2019 21:35
-
-
Save VorontsovIE/f1af96c7e562c7447b54f90873b1f335 to your computer and use it in GitHub Desktop.
Whitebox
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import hashlib | |
import random | |
from bottle import get, post, run, template, request, response | |
def valid_session_id(session_id): | |
return len(session_id) == 32 | |
def generate_session_id(): | |
chars = [chr(ord('a')+i) for i in range(26)] + [str(i) for i in range(10)] | |
return ''.join([random.choice(chars) for _ in range(32)]) | |
@get('/whitebox') | |
def login_form(): | |
return ''' | |
<html><head><meta charset="utf-8"></head> | |
<body><form action="/whitebox" method="POST"> | |
<div><label for="name">Имя: </label><input type="text" name="name"></div> | |
<div><label for="password">Пароль: </label><input type="password" name="password"></div> | |
<div><input type="submit" value="Sign in"></div> | |
</form></body></html> | |
''' | |
@post('/whitebox') | |
def login(): | |
digest = '412804fb97b101e1df2840ba6c55953a9a24868e' | |
password = request.forms.getunicode('password') | |
password_hash = hashlib.sha1(password.encode('utf8')).hexdigest() | |
if (password_hash == digest) or valid_session_id(request.get_cookie('session_id', '')): | |
response.set_cookie('session_id', generate_session_id()) | |
name = request.forms.getunicode('name') | |
print(f'{name} signed in.') | |
return template(''' | |
<html><head><meta charset="utf-8"></head> | |
<body><b>Hey, {{name}}</b>!</body></html> | |
''', name=name) | |
return ''' | |
<html><head><meta charset="utf-8"></head> | |
<body><b>You failed to login</b>!</body></html> | |
''' | |
run(host='0.0.0.0', port=8010) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment