from flask import Flask from flask import render_template from flask import request from flask import session, redirect, url_for, abort from sqlalchemy import * app = Flask(__name__) app.secret_key = 'my_super_duper_secret_key' # session keys engine = create_engine('postgresql+psycopg2://Exel:kali%20linux@127.0.0.1:5432/user', echo=True) @app.route("/login", methods=['POST', 'GET']) def login(): # check if the user is curently logged if session.get('id') is not None: return redirect(url_for('index')) wrongpass = False # wrong pass flag if request.method == 'POST': usrname = request.form.get("username") passwd = request.form.get('passwd') print(f"Username: {usrname}, Password: {passwd}") #connect to db try: with engine.connect() as c: # vulnerable to sql injection res = c.execute(text(f"select * from users where username = '{usrname}'")) r1 = res.fetchone() if r1 != None: if r1.password == passwd: session['id'] = r1.id; # register a session return redirect(url_for("index")) print("Correct") else: wrongpass = True print("Error") else: wrongpass = True print("Error") except Exception as e: print(f"[*] Error: {e}") if wrongpass: return render_template('login.html', error=True) return render_template('login.html', error=False) @app.route('/games', methods=['GET']) def games(): if session.get('id') is not None: return render_template('games.html') abort(403) @app.route('/2048', methods=['GET']) def twentyfouroeight(): if session.get('id') is not None: return render_template('2048.html') abort(403) @app.route('/SpaceImpact', methods=['GET']) def SpaceImpact(): if session.get('id') is not None: return render_template('Space-Impact-Web.html') abort(403) @app.route("/logout", methods=['GET']) def logout(): if session.get('id') is not None: session.pop("id", None) return redirect(url_for('index')) abort(403) @app.route("/", methods=['GET']) def index(): if session.get('id') is not None: return render_template("index.html", logged_in=True) return render_template("index.html", logged_in=False)