66import sqlite3
77from lxml import etree
88from flask_restful import Api , Resource
9+ import re
910
1011app = Flask (__name__ )
1112api = Api (app )
@@ -20,63 +21,110 @@ def db_connection():
2021 print (e )
2122 return conn
2223
24+ def s_u (username ):
25+ # Remove any characters that are not letters, numbers, or underscores
26+ sanitized_username = re .sub (r'[^\w]' , '' , username )
27+ # Remove any leading or trailing spaces
28+ sanitized_username = sanitized_username .strip ()
29+ return sanitized_username
30+
31+ def s_p (password ):
32+ # Remove any leading or trailing spaces
33+ sanitized_password = password .strip ()
34+ return sanitized_password
35+
2336# Add Userdata
24- @app .route ('/adduser/<uid>/<username>/<passwd>' , methods = ['POST' ])
25- def add_user (uid , username , passwd ):
37+ @app .route ('/adduser/<auser>:<apass>/< uid>/<username>/<passwd>' , methods = ['POST' ])
38+ def add_user (uid , username , passwd , auser , apass ):
2639 conn = db_connection ()
2740 cursor = conn .cursor ()
41+ auser1 = s_u (auser )
42+ apass1 = s_p (apass )
2843 new_id = uid
29- new_user = username
30- new_passwd = passwd
31- sql = """INSERT INTO users (id, username, passwd) VALUES (?, ?, ?)"""
32- cursor = cursor .execute (sql , (new_id , new_user , new_passwd ))
33- conn .commit ()
44+ new_user = s_u (username )
45+ new_passwd = s_p (passwd )
46+ sql1 = """ SELECT username, passwd FROM users WHERE username = ? AND passwd = ?"""
47+ usernamecheck = cursor .execute (sql1 , (auser1 ,apass1 ))
48+ if not usernamecheck .fetchone ():
49+ return [{"error" :"admin passwd or admin username error" }]
50+ else :
51+ sql = """INSERT INTO users (id, username, passwd) VALUES (?, ?, ?)"""
52+ cursor = cursor .execute (sql , (new_id , new_user , new_passwd ))
53+ conn .commit ()
3454 return f'["added": { [{"ID" :new_id }], [{"Username" :new_user }], [{"Password" : new_passwd }]}
3555
36- @app .route ('/altusername/<uid>/<username>' , methods = ['POST' ])
37- def alt_user (uid , username ):
56+ @app .route ('/altusername/<auser>:<apass>/< uid>/<username>' , methods = ['POST' ])
57+ def alt_user (uid , username , auser , apass ):
3858 conn = db_connection ()
3959 cursor = conn .cursor ()
4060 new_id = uid
41- new_user = username
42- sql = """UPDATE users SET (username=?) WHERE id=?"""
43- cursor = cursor .execute (sql , (new_user , new_id ))
44- conn .commit ()
45- return f'Updated { [{new_id : new_user }]}
46-
47- @app .route ('/altpasswd/<username>/<passwd>' , methods = ['POST' ])
48- def alt_passwd (username , passwd ):
61+ new_user = s_u (username )
62+ auser1 = s_u (auser )
63+ apass1 = s_p (apass )
64+ sql1 = """ SELECT username, passwd FROM users WHERE username = ? AND passwd = ?"""
65+ usernamecheck = cursor .execute (sql1 , (auser1 ,apass1 ))
66+ if not usernamecheck .fetchone ():
67+ return [{"error" :"admin passwd or admin username error" }]
68+ else :
69+ sql = """UPDATE users SET (username=?) WHERE id=?"""
70+ cursor = cursor .execute (sql , (new_user , new_id ))
71+ conn .commit ()
72+ return f'Updated { [{new_id : new_user }]}
73+
74+ @app .route ('/altpasswd/<auser>:<apass>/<username>/<passwd>' , methods = ['POST' ])
75+ def alt_passwd (username , passwd , auser , apass ):
4976 conn = db_connection ()
5077 cursor = conn .cursor ()
51- new_user = username
52- new_passwd = passwd
53- sql = """UPDATE users SET passwd=? WHERE username=?"""
54- cursor = cursor .execute (sql , ( new_passwd , new_user ))
55- conn .commit ()
56- return f'Updated { [{new_user : new_passwd }]}
57-
58- @app .route ('/altid/<uid>/<usern>' , methods = ['POST' ])
59- def alt_id (uid , usern ):
78+ new_user = s_u (username )
79+ new_passwd = s_p (passwd )
80+ auser1 = s_u (auser )
81+ apass1 = s_p (apass )
82+ sql1 = """ SELECT username, passwd FROM users WHERE username = ? AND passwd = ?"""
83+ usernamecheck = cursor .execute (sql1 , (auser1 ,apass1 ))
84+ if not usernamecheck .fetchone ():
85+ return [{"error" :"admin passwd or admin username error" }]
86+ else :
87+ sql = """UPDATE users SET passwd=? WHERE username=?"""
88+ cursor = cursor .execute (sql , ( new_passwd , new_user ))
89+ conn .commit ()
90+ return f'Updated { [{new_user : new_passwd }]}
91+
92+ @app .route ('/altid/<auser>:<apass>/<uid>/<usern>' , methods = ['POST' ])
93+ def alt_id (uid , usern , auser , apass ):
6094 conn = db_connection ()
6195 cursor = conn .cursor ()
6296 new_id = uid
63- username = usern
64- sql = """UPDATE users SET id=? WHERE username=?"""
65- cursor = cursor .execute (sql , ( new_id , username ))
66- conn .commit ()
67- return f'Updated { [{new_id : username }]}
97+ username = s_u (usern )
98+ auser1 = s_u (auser )
99+ apass1 = s_p (apass )
100+ sql1 = """ SELECT username, passwd FROM users WHERE username = ? AND passwd = ?"""
101+ usernamecheck = cursor .execute (sql1 , (auser1 ,apass1 ))
102+ if not usernamecheck .fetchone ():
103+ return [{"error" :"admin passwd or admin username error" }]
104+ else :
105+ sql = """UPDATE users SET id=? WHERE username=?"""
106+ cursor = cursor .execute (sql , ( new_id , username ))
107+ conn .commit ()
108+ return f'Updated { [{new_id : username }]}
68109
69110
70- @app .route ('/deluser/<uname>/<upass>' , methods = ['POST' ])
71- def deluser (uname , upass ):
111+ @app .route ('/deluser/<auser>:<apass>/< uname>/<upass>' , methods = ['POST' ])
112+ def deluser (uname , upass , auser , apass ):
72113 conn = db_connection ()
73114 cursor = conn .cursor ()
74- username = uname
75- passwd = upass
76- sql = """DELETE from users where username=? AND passwd=?"""
77- cursor = cursor .execute (sql , (username , passwd ))
78- conn .commit ()
79- return f'Removed { [{"Username" :username }]}
115+ username = s_u (uname )
116+ passwd = s_p (upass )
117+ auser1 = s_u (auser )
118+ apass1 = s_p (apass )
119+ sql1 = """ SELECT username, passwd FROM users WHERE username = ? AND passwd = ?"""
120+ usernamecheck = cursor .execute (sql1 , (auser1 ,apass1 ))
121+ if not usernamecheck .fetchone ():
122+ return [{"error" :"admin passwd or admin username error" }]
123+ else :
124+ sql = """DELETE from users where username=? AND passwd=?"""
125+ cursor = cursor .execute (sql , (username , passwd ))
126+ conn .commit ()
127+ return f'Removed { [{"Username" :username }]}
80128
81129# class altpasswd2(Resource):
82130# def POST(self, username, password):
@@ -108,8 +156,10 @@ def get(self, username, password, url):
108156 # Nmap Execution command
109157 conn = db_connection ()
110158 cursor = conn .cursor ()
159+ un = s_u (username )
160+ pa = s_p (password )
111161 sql = """ SELECT username, passwd FROM users WHERE username = ? AND passwd = ?"""
112- usernamecheck = cursor .execute (sql , (username , password ))
162+ usernamecheck = cursor .execute (sql , (un , pa ))
113163 if not usernamecheck .fetchone ():
114164 return [{"error" :"passwd or username error" }]
115165 else :
@@ -134,8 +184,10 @@ def get(self, username, password, url):
134184 # Nmap Execution command
135185 conn = db_connection ()
136186 cursor = conn .cursor ()
137- sql = """ SELECT COUNT(*) FROM users WHERE username = ? AND passwd = ?"""
138- usernamecheck = cursor .execute (sql , (username ,password ))
187+ un = s_u (username )
188+ pa = s_p (password )
189+ sql = """ SELECT username, passwd FROM users WHERE username = ? AND passwd = ?"""
190+ usernamecheck = cursor .execute (sql , (un ,pa ))
139191 if not usernamecheck .fetchone ():
140192 return [{"error" :"passwd or username error" }]
141193 else :
@@ -160,8 +212,10 @@ def get(self, username, password, url):
160212 # Nmap Execution command
161213 conn = db_connection ()
162214 cursor = conn .cursor ()
163- sql = """ SELECT COUNT(*) FROM users WHERE username = ? AND passwd = ?"""
164- usernamecheck = cursor .execute (sql , (username ,password ))
215+ un = s_u (username )
216+ pa = s_p (password )
217+ sql = """ SELECT username, passwd FROM users WHERE username = ? AND passwd = ?"""
218+ usernamecheck = cursor .execute (sql , (un ,pa ))
165219 if not usernamecheck .fetchone ():
166220 return [{"error" :"passwd or username error" }]
167221 else :
@@ -185,8 +239,10 @@ def get(self, username, password, url):
185239 # Nmap Execution command
186240 conn = db_connection ()
187241 cursor = conn .cursor ()
188- sql = """ SELECT COUNT(*) FROM users WHERE username = ? AND passwd = ?"""
189- usernamecheck = cursor .execute (sql , (username ,password ))
242+ un = s_u (username )
243+ pa = s_p (password )
244+ sql = """ SELECT username, passwd FROM users WHERE username = ? AND passwd = ?"""
245+ usernamecheck = cursor .execute (sql , (un ,pa ))
190246 if not usernamecheck .fetchone ():
191247 return [{"error" :"passwd or username error" }]
192248 else :
@@ -210,8 +266,10 @@ def get(self, username, password, url):
210266 # Nmap Execution command
211267 conn = db_connection ()
212268 cursor = conn .cursor ()
213- sql = """ SELECT COUNT(*) FROM users WHERE username = ? AND passwd = ?"""
214- usernamecheck = cursor .execute (sql , (username ,password ))
269+ un = s_u (username )
270+ pa = s_p (password )
271+ sql = """ SELECT username, passwd FROM users WHERE username = ? AND passwd = ?"""
272+ usernamecheck = cursor .execute (sql , (un ,pa ))
215273 if not usernamecheck .fetchone ():
216274 return [{"error" :"passwd or username error" }]
217275 else :
@@ -237,4 +295,4 @@ def get(self, username, password, url):
237295# api.add_resource(altpasswd2, "/altpasswd2/<string:username>/<string:password>")
238296
239297if __name__ == '__main__' :
240- app .run (host = "127.0.0.1" , port = "5010" )
298+ app .run (host = "127.0.0.1" , port = "5010" )
0 commit comments