diff --git a/templates/index.html b/templates/index.html
index ef3b223..dac92c7 100644
--- a/templates/index.html
+++ b/templates/index.html
@@ -1,4 +1,4 @@
-$def with (friends)
+$def with (login_form, friends)
Friends
@@ -15,13 +15,20 @@ $def with (friends)
Login, or become a friend!
- Regitered friends:
-
+
+
-
- $for name in friends:
- - $name.username
-
+ $if session.username:
+ Logged in as $session.username
+ Logout
+
+ Registered friends:
+
+ $for name in friends:
+ - $name.username
+
diff --git a/vulnapp.py b/vulnapp.py
index ceb47fa..342ae67 100644
--- a/vulnapp.py
+++ b/vulnapp.py
@@ -1,10 +1,27 @@
import web
-render = web.template.render('templates/')
+from web import form
+
+# Turn of debug because sessions doesnt support it
+web.config.debug = False
+# Define routes
urls = (
- '/', 'application'
+ '/', 'application',
+ "/logout", "logout",
)
+# Initialize application using the web py framework
+app = web.application(urls, globals())
+
+# Enable sessions
+session = web.session.Session(app, web.session.DiskStore("sessions"), initializer={"username": None})
+
+# Get html templates
+render = web.template.render('templates/')
+render._add_global(session, 'session')
+
+
+# Connect to database
db = web.database(
dbn="mysql",
host='127.0.0.1',
@@ -16,11 +33,32 @@ db = web.database(
class application():
+ login_form = form.Form(
+ form.Textbox("username", description="Username"),
+ form.Password("password", description="Password"),
+ form.Button("submit", type="submit", description="Login"),
+ )
+
def GET(self):
- name = 'Bob'
friends = db.select('users')
- return render.index(friends)
+ return render.index(self.login_form, friends)
+
+ def POST(self):
+ friends = db.select('users')
+ data = web.input()
+ print("name:", data.username)
+ for row in friends:
+ print(row)
+ print(row.username)
+ if data.username == row.username and data.password == row.password:
+ friends = db.select('users')
+ session.username = data.username
+ return render.index(self.login_form, friends)
+
+class logout:
+ def GET(self):
+ session.kill()
+ return "Logged out"
if __name__ == "__main__":
- app = web.application(urls, globals())
app.run()