From 1ba198f13029d257bc6890e77d85b3827419a2d7 Mon Sep 17 00:00:00 2001
From: benjamyn <benjamyn.love@gmail.com>
Date: Wed, 22 Jan 2020 22:13:19 +1100
Subject: [PATCH] Added bad auth

---
 shop.py               | 42 +++++++++++++++++++++---------------------
 templates/auth.html   | 30 ++++++++++++++++++++++++++++++
 templates/mobile.html |  2 +-
 3 files changed, 52 insertions(+), 22 deletions(-)
 create mode 100644 templates/auth.html

diff --git a/shop.py b/shop.py
index f41392d..c9fbf5e 100644
--- a/shop.py
+++ b/shop.py
@@ -1,4 +1,4 @@
-from flask import Flask, render_template, make_response, request, redirect, url_for
+from flask import Flask, render_template, make_response, request, redirect, url_for, session
 from pprint import pprint
 import sqlite3
 import os.path
@@ -17,12 +17,16 @@ def doesDBExist(DBNAME):
         return False
     return True
 
+def runQuery(query):
+    conn = sqlite3.connect(DBNAME)
+    c = conn.cursor()
+    ret = c.execute(query)
+    conn.commit()
+    return ret
 
 def readFromDB():
-    conn = sqlite3.connect(DBNAME)
-    results = conn.cursor().execute('''select rowid,* from shoplist''').fetchall()
-    conn.close()
-    return results
+    query = '''select rowid,* from shoplist'''
+    return runQuery(query)
 
 def findByName(name):
     conn = sqlite3.connect(DBNAME)
@@ -33,35 +37,27 @@ def findByName(name):
 
 def insertToDB(data):
     query = f"INSERT INTO SHOPLIST VALUES (\"{data['item']}\", 0, 0, \"{data['name']}\")"
-    print(query)
-    conn = sqlite3.connect(DBNAME)
-    c = conn.cursor()
-    c.execute(query)
-    conn.commit()
-    conn.close()
+    runQuery(query)
 
 
 def deleteRow(rowID):
     query = f"DELETE FROM SHOPLIST WHERE ROWID = {rowID}"
-    conn = sqlite3.connect(DBNAME)
-    c = conn.cursor()
-    c.execute(query)
-    conn.commit()
-    conn.close()
+    runQuery(query)
 
 def getItem(rowID):
     query = f"UPDATE shoplist set gotten = 1 where rowid = {rowID}"
-    conn = sqlite3.connect(DBNAME)
-    c = conn.cursor()
-    c.execute(query)
-    conn.commit()
-    conn.close()
+    runQuery(query)
 
 app = Flask(__name__)
 app.config["DEBUG"] = True
+app.secret_key = b'*$#@U9423jr92jioJKL_)_;dasfj()12'
 
 @app.route('/')
 def index():
+    if 'allowed' not in session:
+        data = {"title":"Login"}
+        return render_template("auth.html", data=data)
+        
     query = readFromDB()
     data = {"title":"Shopping List", "results":query}
     for device in MOBILES:
@@ -85,6 +81,10 @@ def handle_data():
     if "got" in request.form:
         getItem(request.form["got"])
 
+    if "loginform" in request.form:
+        if request.form["password"] == "theloves2020":
+            session["allowed"] = "allowed"
+
     return redirect(url_for('index'))
 
 if __name__ == '__main__':
diff --git a/templates/auth.html b/templates/auth.html
new file mode 100644
index 0000000..3f75c0e
--- /dev/null
+++ b/templates/auth.html
@@ -0,0 +1,30 @@
+<!doctype html>
+<html lang="en">
+    <head>
+        <title>Shopping List</title>
+         <!-- Latest compiled and minified CSS -->
+        <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css">
+        <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+        <link rel="stylesheet" content="text/css" href="/static/css/main.css"/>
+    </head>
+    <body>
+        <h1 class="container" style="text-align: center">{{ data["title"] }}</h1>
+
+        <div class="container">
+            <form style="text-align: center" action="/post" method="POST">
+                <input type="password" name="password"/>
+                <input type="submit" name="loginform" value="Login" />
+            </form>
+
+        </div>
+
+        <!-- jQuery library -->
+        <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
+
+        <!-- Popper JS -->
+        <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
+
+        <!-- Latest compiled JavaScript -->
+        <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js"></script> 
+    </body>
+</html>
diff --git a/templates/mobile.html b/templates/mobile.html
index 8f51a67..52dd24f 100644
--- a/templates/mobile.html
+++ b/templates/mobile.html
@@ -9,7 +9,7 @@
     </head>
     <body>
         <h1 class="container" style="text-align: center">{{ data["title"] }}</h1>
-        <div class="" style="; text-align: center">
+        <div class="" style=" text-align: center">
                 <form action="/post" method="post">
                     Name: <input type="text" name="name" value=""><br>
                     Item: <input type="text" name="item" value=""><br><br>