forked from uofa-cmput404/cgi-lab
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathhello.py
More file actions
executable file
·117 lines (94 loc) · 2.7 KB
/
Copy pathhello.py
File metadata and controls
executable file
·117 lines (94 loc) · 2.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
#!/usr/bin/env python3
import os
import json
import secret
import requests
import sys
from cgi import escape
# From templates.py
def login_page():
return """
<h1> Welcome! </h1>
<form method="POST" action="hello.py">
<label> <span>Username:</span> <input autofocus type="text" name="username"></label> <br>
<label> <span>Password:</span> <input type="password" name="password"></label>
<button type="submit"> Login! </button>
</form>
"""
# From templates.py
def secret_page(username=None, password=None):
if username is None or password is None:
raise ValueError("You need to pass both username and password!")
return """
<h1> Welcome, {username}! </h1>
<p>
<small> Pst! I know your password is
<span class="spoilers"> {password} </span>
</small>
</p>
""".format(username=escape(username.capitalize()),
password=escape(password))
# Check for a POST request and set cookies if username and password are correct
postedUsername = None
postedPassword = None
posted_bytes = os.environ.get("CONTENT_LENGTH", 0)
if posted_bytes:
try:
posted = sys.stdin.read(int(posted_bytes))
for line in posted.splitlines():
for pair in line.split('&'):
(key, val) = pair.split('=')
if key == "username" and val == secret.username:
postedUsername = val
if key == "password" and val == secret.password:
postedPassword = val
except:
postedUsername = None
postedPassword = None
if postedUsername != None and postedPassword != None:
print("Set-Cookie:Username={};".format(postedUsername))
print("Set-Cookie:Password={};".format(postedPassword))
print("Content-Type: text/html")
print()
print(
"""
<!DOCTYPE html>
<html>
<body>
<ul>
"""
)
# Prints the query parameters
try:
for param in os.environ["QUERY_STRING"].split('&'):
(key, val) = param.split('=')
print("<li><em>{}</em> = {}</li>".format(key, val))
except:
print("<p>Could not print query parameters.</p>")
print("</ul>")
# Show the browser
print("<p><em>Browser:</em> {}</p>".format(os.environ["HTTP_USER_AGENT"]))
# Show the login form
print(login_page())
#Checks for cookies. If it finds the right ones, shows the secret message
cookieUser = None
cookiePass = None
try:
for cookie in os.environ["HTTP_COOKIE"].split("; "):
(key, val) = cookie.split('=')
if key == "Username":
cookieUser = val
if key == "Password":
cookiePass = val
except:
print("<p>No cookies.</p>")
cookieUser = None
cookiePass = None
if cookieUser != None and cookiePass != None:
print(secret_page(cookieUser, cookiePass))
print(
"""
</body>
</html>
"""
)