Portfol/app.py

from flask import Flask
from flask import render_template
from flask import request
from flask import session, redirect, url_for, abort
from sqlalchemy import *

app = Flask(__name__)
app.secret_key = 'my_super_duper_secret_key' # session keys

engine = create_engine('postgresql+psycopg2://Exel:kali%20linux@127.0.0.1:5432/user', echo=True)

@app.route("/login", methods=['POST', 'GET'])
def login():
    # check if the user is curently logged
    if session.get('id') is not None:
        return redirect(url_for('index'))
    wrongpass = False # wrong pass flag
    if request.method == 'POST':
        usrname = request.form.get("username")
        passwd = request.form.get('passwd')
        print(f"Username: {usrname}, Password: {passwd}")   
        #connect to db
        try:
            with engine.connect() as c:
                # vulnerable to sql injection
                res = c.execute(text(f"select * from users where username = '{usrname}'"))
                r1 = res.fetchone() 
                if r1 != None:
                    if r1.password == passwd:
                        session['id'] = r1.id; # register a session
                        return redirect(url_for("index"))
                        print("Correct")
                    else:
                        wrongpass = True
                        print("Error")
                else:
                    wrongpass = True
                    print("Error")
        except Exception as e:
            print(f"[*] Error: {e}")
    if wrongpass:
        return render_template('login.html', error=True)
    return render_template('login.html', error=False)
        

@app.route('/games', methods=['GET'])
def games():
    if session.get('id') is not None:
        return render_template('games.html')
    abort(403)

@app.route('/2048', methods=['GET'])
def twentyfouroeight():
    if session.get('id') is not None:
        return render_template('2048.html')
    abort(403)

@app.route('/SpaceImpact', methods=['GET'])
def SpaceImpact():
    if session.get('id') is not None:
        return render_template('Space-Impact-Web.html')
    abort(403)


@app.route("/logout", methods=['GET'])
def logout():
    if session.get('id') is not None:
        session.pop("id", None)
        return redirect(url_for('index'))
    abort(403)

@app.route("/", methods=['GET'])
def index():
    if session.get('id') is not None:
        return render_template("index.html", logged_in=True)
    return render_template("index.html", logged_in=False)