Skip to content

Instantly share code, notes, and snippets.

@maxisoft

maxisoft/main_unsafe.py

Created December 11, 2013 17:51
Show Gist options
  • Save maxisoft/7915163 to your computer and use it in GitHub Desktop.
Save maxisoft/7915163 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
main_unsafe.py
import cherrypy
import sqlite3
import os
class Message(object):
@cherrypy.expose
def add(self, pseudo_dest, message, Send):
if not cherrypy.session.get('logged'):
raise cherrypy.HTTPRedirect("../login")
conn = sqlite3.connect('csrf.db')
try:
c = conn.cursor()
c.execute('INSERT INTO messages VALUES (?, ?, ?)', (cherrypy.session.get('pseudo'), pseudo_dest, message))
conn.commit()
finally:
conn.close()
return "Msg envoyer. <a href='../secu'>liste msg</a>"
@cherrypy.expose
def index(self):
if not cherrypy.session.get('logged'):
raise cherrypy.HTTPRedirect("../login")
return """<form id="form" name="form" method="post" action="add">
<p>Destinataire :
<label>
<input type="text" name="pseudo_dest" id="pseudo_dest" />
</label>
</p>
<p>Message :
<label>
<textarea name="message" rows="8" cols="42">Entrez votre message
</textarea>
</label>
</p>
<p>
<label>
<input type="submit" name="Send" id="Send" value="Send" />
</label>
</p>
</form>
"""
class Secu(object):
@cherrypy.expose
def index(self):
if not cherrypy.session.get('logged'):
raise cherrypy.HTTPRedirect("../login")
ret = ""
conn = sqlite3.connect('csrf.db')
try:
c = conn.cursor()
c.execute('SELECT * FROM messages WHERE pseudo_dest=?', cherrypy.session.get('pseudo'))
for row in c.fetchall():
ret += "source : {} <br/>\n message : {}<br/>\n<br/>\n".format(row[0], row[2])
finally:
conn.close()
return ret
class Root(object):
def __init__(self):
self.secu = Secu() # sous object cherrypy
self.msg = Message()
@cherrypy.expose
def index(self):
if not cherrypy.session.get('logged'):
return "messagerie <a href='./login'>login</a>"
return "messagerie <a href='./secu'>liste msg</a> <a href='./msg'>ecrire</a>"
@cherrypy.expose
def logout(self):
cherrypy.session.delete()
raise cherrypy.HTTPRedirect("../")
@cherrypy.expose
def login(self, pseudo=None, password=None, Envoyer=None):
if cherrypy.session.get('logged'):
return "Deja log"
if pseudo and password and Envoyer:
conn = sqlite3.connect('csrf.db')
try:
c = conn.cursor()
c.execute('SELECT userID FROM users WHERE pseudo=? AND password=?', (pseudo, password))
tmp = c.fetchone()
finally:
conn.close()
if tmp: # => resultat
cherrypy.session['logged'] = True
cherrypy.session['pseudo'] = pseudo
#cherrypy.session['tokens'] = set()
raise cherrypy.HTTPRedirect("secu")
# dans tous les autres cas
return """<form id="form" name="form" method="post" action="">
<p>Pseudo :
<label>
<input type="text" name="pseudo" id="pseudo" />
</label>
</p>
<p>Password :
<label>
<input type="password" name="password" id="password" />
</label>
</p>
<p>
<label>
<input type="submit" name="Envoyer" id="Envoyer" value="Envoyer" />
</label>
</p>
</form>"""
if __name__ == "__main__":
cherrypy.config.update({
'server.socket_host': '127.0.0.1',
'server.socket_port': 8080,
'environment': 'production',
'log.error_file': 'site.log',
'log.screen': True
})
current_dir = os.path.dirname(os.path.abspath(__file__))
#session . voir http://docs.cherrypy.org/dev/refman/lib/sessions.html
conf = {'/': {'tools.sessions.on': True,
}
}
cherrypy.quickstart(Root(), config=conf)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment