blob: a308dde3357fa2ae2103391a92a62b1a989a0db5 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
#!/usr/bin/env python2.7
import Cookie, os, time
import re
import uuid
import cgi
import cgitb
import random
from output import *
cgitb.enable() ## allows for debugging errors from the cgi scripts in the browser
cookie = Cookie.SimpleCookie() # for writing cookies
cookie_string = os.environ.get('HTTP_COOKIE') # for reading cookies
form = cgi.FieldStorage() # for reading GET data
login = form.getvalue('username')
password = form.getvalue('password')
with open('users', 'r') as users:
s = users.read()
if s.find(login + ' ' + password) == -1:
ShowError()
# else set session id cookie and store it in the file!
s_id = uuid.uuid4().hex
cookie['session_id'] = s_id # login
# xss protection -- set session_id cookie to httpOnly
cookie['session_id']['httponly'] = '1'
with open("sessions", "a") as myfile:
# csrf protection -- session token construction
random.seed()
csrfToken = str(random.random())
myfile.write(s_id + ' ' + login + ' ' + csrfToken + '\n')
print cookie
RedirectToBoard()
|
