diff --git a/README.md b/README.md index 4c7d3e2..756f5a1 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,13 @@ -Prerequisites +# Simple python web application -Python >= 3.5 +Python webpy application running on uswgi server with nginx using docker connected to another docker-runned mysql database. -INSTALL +Web Server image: https://github.com/tiangolo/uwsgi-nginx-docker +webpy framework: http://webpy.org/ -pip install -r requirements.txt -RUN +### prerequisites: +docker https://www.docker.com/ -python vulnapp - +### Run +docker-compose up diff --git a/src/app/model.py b/src/app/model.py new file mode 100644 index 0000000..a3e5d6e --- /dev/null +++ b/src/app/model.py @@ -0,0 +1,30 @@ +import mysql.connector + +# Access database using mysql connector package +db = mysql.connector.connect( + user='root', + password='root', + host='10.5.0.5', + database='db' +) + +def get_users(): + cursor = db.cursor() + query = ("SELECT userid, username from users") + cursor.execute(query) + users = cursor.fetchall() + cursor.close() + return users + +def match_user(username, password): + cursor = db.cursor() + query = ("SELECT userid, username from users where username = (%s) and password = (%s)") + cursor.execute(query, (username, password)) + user = cursor.fetchall() + return user + +def register_user(username, password): + cursor = db.cursor() + query = ("INSERT INTO users VALUES (NULL, (%s), (%s))") + cursor.execute(query, (username, password)) + cursor.close() diff --git a/src/app/templates/register.html b/src/app/templates/register.html index 18f898c..fb01fe2 100644 --- a/src/app/templates/register.html +++ b/src/app/templates/register.html @@ -14,4 +14,4 @@ $def with (register_form) - \ No newline at end of file + diff --git a/src/app/views.py b/src/app/views.py index 6a97f9c..09c0fb6 100644 --- a/src/app/views.py +++ b/src/app/views.py @@ -1,6 +1,6 @@ import web -import mysql.connector from forms import login_form, register_form +import model # Define application routes urls = ( @@ -8,14 +8,6 @@ urls = ( '/logout', 'logout', '/register', 'register', ) - -# Access datavase using mysql connector package -db = mysql.connector.connect( - user='root', - password='root', - host='10.5.0.5', - database='db' -) # Initialize application using the web py framework app = web.application(urls, globals()) @@ -39,11 +31,7 @@ class index(): def GET(self): # Show other registered users if the user is logged in if session.username: - cursor = db.cursor() - query = ("SELECT userid, username from users") - cursor.execute(query) - friends = cursor.fetchall() - cursor.close() + friends = model.get_users() else: friends = [[],[]] return render.index(login_form, friends) @@ -51,21 +39,13 @@ class index(): # Log In def POST(self): # Validate login credential with database query - cursor = db.cursor() - query = ("SELECT userid, username from users where username = (%s) and password = (%s)") data = web.input() - cursor.execute(query, (data.username, data.password)) - friends = cursor.fetchall() + user = model.match_user(data.username, data.password) # If there is a matching user/password in the database the user is logged in - if len(friends) == 1: - query = ("SELECT userid, username from users") - cursor.execute(query) - friends = cursor.fetchall() + if len(user) == 1: + friends = model.get_users() session.username = data.username - cursor.close() return render.index(login_form, friends) - cursor.close() - class register: @@ -75,11 +55,8 @@ class register: # Register new user in database def POST(self): - cursor = db.cursor() - query = ("INSERT INTO users VALUES (NULL, (%s), (%s))") data = web.input() - cursor.execute(query, (data.username, data.password)) - cursor.close() + model.register_user(data.username, data.password) return render.register(register_form)