admin.py 文件源码

python
阅读 33 收藏 0 点赞 0 评论 0

项目:sysu-ctf 作者: ssst0n3 项目源码 文件源码
def admin_view():
    if request.method == 'POST':
        username = request.form.get('name')
        password = request.form.get('password')

        admin_user= Teams.query.filter_by(name=request.form['name'], admin=True).first()
        if admin_user and bcrypt_sha256.verify(request.form['password'], admin_user.password):
            try:
                session.regenerate() # NO SESSION FIXATION FOR YOU
            except:
                pass # TODO: Some session objects dont implement regenerate :(
            session['username'] = admin_user.name
            session['id'] = admin_user.id
            session['admin'] = True
            session['nonce'] = sha512(os.urandom(10))
            db.session.close()
            return redirect('/admin/graphs')

    if is_admin():
        return redirect('/admin/graphs')

    return render_template('admin/login.html')
评论列表
文章目录


问题


面经


文章

微信
公众号

扫码关注公众号