benjamyn/shoplist2
1
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Fixed SQL injection

Browse Source
This commit is contained in:
Benjamyn Love 2020-01-30 12:35:57 +11:00
parent b98750e169
commit da42644403
1 changed files with 29 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
shop.py
View File

@ -33,10 +33,13 @@ def doesTableExist():
mycursor.execute('''CREATE TABLE USERS (id INT AUTO_INCREMENT PRIMARY KEY, username VARCHAR(255), password VARCHAR(255))''') mycursor.execute('''CREATE TABLE USERS (id INT AUTO_INCREMENT PRIMARY KEY, username VARCHAR(255), password VARCHAR(255))''')
mydb.close() mydb.close()
def runQuery(query): def runQuery(query, data=None):
mydb = dbConnect() mydb = dbConnect()
c = mydb.cursor() c = mydb.cursor()
c.execute(query) if data is not None:
c.execute(query, data)
else:
c.execute(query)
if query.lower().startswith("select"): if query.lower().startswith("select"):
ret = c.fetchall() ret = c.fetchall()
else: else:
@ -51,40 +54,47 @@ def readFromDB():
return runQuery(query) return runQuery(query)
def insertToDB(data): def insertToDB(data):
query = f"INSERT INTO SHOPLIST (item, gotten, user_id) VALUES (\"{data['item']}\", 0, {data['name']})" query = f"INSERT INTO SHOPLIST (item, gotten, user_id) VALUES (%s, 0, %s)"
data = (data['item'], data['name'])
# print(query) # print(query)
runQuery(query) runQuery(query, data)
def deleteRow(rowID): def deleteRow(rowID):
query = f"DELETE FROM SHOPLIST WHERE id = {rowID}" query = f"DELETE FROM SHOPLIST WHERE id = %s"
runQuery(query) data = (rowID, )
runQuery(query, data)
def getItem(rowID): def getItem(rowID):
query = f"UPDATE SHOPLIST set gotten = 1 where id = {rowID}" query = f"UPDATE SHOPLIST set gotten = 1 where id = %s"
runQuery(query) data = (rowID, )
runQuery(query, data)
def unGetItem(rowID): def unGetItem(rowID):
query = f"UPDATE SHOPLIST set gotten = 0 where id = {rowID}" query = f"UPDATE SHOPLIST set gotten = 0 where id = %s"
runQuery(query) data = (rowID, )
runQuery(query, data)
def get_users(username=None): def get_users(username=None):
if username == None: if username == None:
#return all users #return all users
query = "select username, admin, id from USERS" query = "select username, admin, id from USERS"
return runQuery(query) return runQuery(query)
query = f"select username, admin from USERS where username like '{username}'" query = f"select username, admin from USERS where username like %s"
return runQuery(query) data = (username, )
return runQuery(query, data)
def add_user(userData): def add_user(userData):
username = userData["username"] username = userData["username"]
password = userData["password"] password = userData["password"]
query = f"insert into USERS (username, password, admin) values ('{username}', md5('{password}'), False)" query = f"insert into USERS (username, password, admin) values (%s, md5(%s), False)"
runQuery(query) data = (username, password)
runQuery(query, data)
def update_pass(user_id, newpass): def update_pass(user_id, newpass):
query = f"update USERS set password=md5('{newpass}') where id={user_id}" query = f"update USERS set password=md5(%s) where id=%s"
runQuery(query) data = (newpass, user_id)
runQuery(query, data)
app = Flask(__name__) app = Flask(__name__)
app.config["DEBUG"] = True app.config["DEBUG"] = True
@ -120,9 +130,10 @@ def handle_data():
unGetItem(request.form["ungot"]) unGetItem(request.form["ungot"])
if "loginform" in request.form: if "loginform" in request.form:
query = "select id, username, admin from USERS where username = '%s' and password = md5('%s')" % (request.form["username"].lower(), request.form["password"]) query = "select id, username, admin from USERS where username = %s and password = md5(%s)"
data = (request.form["username"].lower(), request.form["password"])
res = runQuery(query) res = runQuery(query, data)
if len(res) != 0: if len(res) != 0:
session["id"] = res[0][0] session["id"] = res[0][0]
session["username"] = res[0][1] session["username"] = res[0][1]