akhilstanis/server.rb

## server.rb
require 'sinatra'
require 'pg'

database_url = ENV['DATABASE_URL'] || 'postgres://localhost:5432/sql_injection'
pg = PG.connect(database_url)
pg.exec('CREATE TABLE IF NOT EXISTS users (username CHAR(50), password CHAR(50));')

set :session_secret, 'super_secret'
enable :sessions

get '/' do
  current_user = session[:current_user]

  if !current_user
    redirect to('/login')
  end

  "Welcome #{current_user}<br/><a href='/logout'>Logout</a>"
end

get '/login' do
  erb :login
end

post '/login' do
  @username = params[:username]
  @password = params[:password]

  user = pg.exec("SELECT * FROM users WHERE username = '#{@username}' AND password = '#{@password}'").first
  if !user
    @error = 'invalid username or password'
    erb :login
  else
    session[:current_user] = user
    redirect to('/')
  end
end

get '/logout' do
  session.delete(:current_user)
  redirect to('/login')
end
	require 'sinatra'
	require 'pg'

	database_url = ENV['DATABASE_URL'] \|\| 'postgres://localhost:5432/sql_injection'
	pg = PG.connect(database_url)
	pg.exec('CREATE TABLE IF NOT EXISTS users (username CHAR(50), password CHAR(50));')

	set :session_secret, 'super_secret'
	enable :sessions

	get '/' do
	current_user = session[:current_user]

	if !current_user
	redirect to('/login')
	end

	"Welcome #{current_user}<br/><a href='/logout'>Logout</a>"
	end

	get '/login' do
	erb :login
	end

	post '/login' do
	@username = params[:username]
	@password = params[:password]

	user = pg.exec("SELECT * FROM users WHERE username = '#{@username}' AND password = '#{@password}'").first
	if !user
	@error = 'invalid username or password'
	erb :login
	else
	session[:current_user] = user
	redirect to('/')
	end
	end

	get '/logout' do
	session.delete(:current_user)
	redirect to('/login')
	end