From f3d980218461f18effcfc0ffa8d7328a599dd836 Mon Sep 17 00:00:00 2001
From: jakobsn <jakob_sn_@hotmail.com>
Date: Tue, 1 Oct 2019 13:28:40 +0200
Subject: [PATCH] basic login and session enabled

---
 templates/index.html | 21 ++++++++++++-------
 vulnapp.py           | 48 +++++++++++++++++++++++++++++++++++++++-----
 2 files changed, 57 insertions(+), 12 deletions(-)

diff --git a/templates/index.html b/templates/index.html
index ef3b223..dac92c7 100644
--- a/templates/index.html
+++ b/templates/index.html
@@ -1,4 +1,4 @@
-$def with (friends)
+$def with (login_form, friends)
 
 <head>
     <title>Friends</title>
@@ -15,13 +15,20 @@ $def with (friends)
 
     <h3>Login, or become a friend!</h3>
 
-    <h3>Regitered friends:</h3>
-    
+    <form method="POST">
+        $:login_form.render()
+    </form> 
+
     
-    <ul>
-        $for name in friends:
-            <li id="t$name.userid">$name.username</li>
-        </ul>
+    $if session.username:
+        <h1>Logged in as $session.username</h1>
+        <a href="logout">Logout</a>
+
+        <h3>Registered friends:</h3>
+            <ul>
+                $for name in friends:
+                    <li id="t$name.userid">$name.username</li>
+            </ul>
     
 
 </body>
diff --git a/vulnapp.py b/vulnapp.py
index ceb47fa..342ae67 100644
--- a/vulnapp.py
+++ b/vulnapp.py
@@ -1,10 +1,27 @@
 import web
-render = web.template.render('templates/')
+from web import form
+
+# Turn of debug because sessions doesnt support it
+web.config.debug = False
 
+# Define routes
 urls = (
-    '/', 'application'
+    '/', 'application',
+    "/logout", "logout",
 )
 
+# Initialize application using the web py framework
+app = web.application(urls, globals())
+
+# Enable sessions
+session = web.session.Session(app, web.session.DiskStore("sessions"), initializer={"username": None})
+
+# Get html templates
+render = web.template.render('templates/')
+render._add_global(session, 'session')
+
+
+# Connect to database
 db = web.database(
     dbn="mysql",
     host='127.0.0.1',
@@ -16,11 +33,32 @@ db = web.database(
 
 class application():
 
+    login_form = form.Form(
+        form.Textbox("username", description="Username"),
+        form.Password("password", description="Password"),
+        form.Button("submit", type="submit", description="Login"),
+    )
+
     def GET(self):
-        name = 'Bob'
         friends = db.select('users')
-        return render.index(friends)
+        return render.index(self.login_form, friends)
+
+    def POST(self):
+        friends = db.select('users')
+        data = web.input()
+        print("name:", data.username)
+        for row in friends:
+            print(row)
+            print(row.username)
+            if data.username == row.username and data.password == row.password:
+                friends = db.select('users')
+                session.username = data.username
+                return render.index(self.login_form, friends)
+
+class logout:
+    def GET(self):
+        session.kill()
+        return "Logged out"
 
 if __name__ == "__main__":
-    app = web.application(urls, globals())
     app.run()