-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhtml_pages.py
164 lines (141 loc) · 4.81 KB
/
html_pages.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
#!/usr/bin/python3
#Author: Andy Garcia
import random
import string
import cgi, cgitb, os
cgitb.enable()
#Login page prompts user for credentials and generates token
def login_page():
print("Content-Type: text/html")
print()
loginpage = """
<!DOCTYPE html>
<!-- HTML code to send a POST request to login.py -->
<html>
<head>
<title>Safe Bank Website</title>
</head>
<body>
<form action="login.py" method="POST">
<h1>Safe Bank Website</h1>
<strong>Username:</strong><br>
<input type="text" name="username"><br>
<strong>Password:</strong><br>
<input type="text" name="password"><br>
<input type="hidden" name="CSRFtoken" value="{token}">
<input type="submit" value="Submit">
</form>
</body>
</html>
"""
#Generate CSRF token
token = ''.join(random.choices(string.ascii_lowercase + string.ascii_uppercase + string.digits, k=15))
print(loginpage.format(token=token))
#Welcome page when users successfully log on
def welcome_page(username, checkings, savings):
print("Content-Type: text/html")
print()
welcomepage = """
<!DOCTYPE html>
<html>
<head>
<style>
table, th, td {{ border: 2px solid black; text-align: left;}}
th, td {{ padding: 5px; }}
</style>
</head>
<body>
<h2>Welcome {username}!</h2>
<table style="width:100%">
<tr>
<th>Checkings</th>
<th>Savings</th>
</tr>
<tr>
<td>{checkings}</td>
<td>{savings}</td>
</tr>
</table>
<a href="http://localhost/srt311/project2/transfer_form.py">Transfer money</a>
</body>
</html>"""
print(welcomepage.format(username=username,checkings=checkings,savings=savings))
#Prints success page and redirects user upon successful login and creates cookies
def success_page(username, password, CSRFtoken):
successpage = """Content-Type: text/html
Set-Cookie: username={username}
Set-Cookie: password={password}
Set-Cookie: CSRFtoken={CSRFtoken}
<!DOCTYPE html>
<html>
<head>
<title>Login successful!</title>
<meta http-equiv = "refresh" content = "3; url = http://localhost/srt311/project2/main.py"/>
</head>
<body>
<h1>Login</h1>
<p> Status: <br> Succesful login! Please wait 3 seconds for the page to redirect you.</p>
</body>
</html>
"""
print(successpage.format(username=username,password=password,CSRFtoken=CSRFtoken))
#Failure page will redirect users to the main page
def failure_page(status):
failurepage = """Content-Type: text/html
<!DOCTYPE html>
<html>
<head>
<title>Error!</title>
<meta http-equiv = "refresh" content = "3; url = http://localhost/srt311/project2/main.py"/>
</head>
<body>
<h1>Error!</h1>
<p> Status: <br> {status} Please wait 3 seconds for the page to redirect you.</p>
</body>
</html>
"""
print(failurepage.format(status=status))
#Transfer page if cookies are valid
def transfer_page(CSRFtoken):
transferpage = """Content-Type: text/html
<!DOCTYPE html>
<!-- HTML code to send a POST request to transfer.py -->
<html>
<head>
<title>Safe Bank Website</title>
</head>
<body>
<form action="transfer.py" method="POST">
<h1><strong>Safe Bank Website</strong></h1>
<input type="hidden" name="CSRFtoken" value="{CSRFtoken}">
<strong>Enter recipient's username</strong><br>
<input type="text" name="recipient"><br>
<strong>Sender's account</strong><br>
<input type="radio" name="SenderAccount" value="checkings"> Checkings<br>
<input type="radio" name="SenderAccount" value="savings"> Savings<br><br>
<strong>Recipient's account</strong><br>
<input type="radio" name="RecipientAccount" value="checkings"> Checkings<br>
<input type="radio" name="RecipientAccount" value="savings"> Savings<br><br>
<strong>How much would you like to transfer?</strong><br>
<input type="text" name="transfer"><br>
<input type="submit" value="Submit">
</form>
</body>
</html>"""
print(transferpage.format(CSRFtoken=CSRFtoken))
#If funds are successfully transferred then this message will display
def transfersuccess_page():
TransferSuccess = """Content-Type: text/html
<!DOCTYPE html>
<html>
<head>
<title>Success!</title>
<meta http-equiv = "refresh" content = "3; url = http://localhost/srt311/project2/main.py"/>
</head>
<body>
<h1>Login</h1>
<p> Status: <br> Funds successfully transferred! Please wait 3 seconds for the page to redirect you.</p>
</body>
</html>
"""
print(TransferSuccess)