diff --git a/admins.json b/admins.json index 52ad0a2..8ba3584 100644 --- a/admins.json +++ b/admins.json @@ -1 +1 @@ -{"secret_key":"aihsasodhngfkuabsfh", "marek":{"password":"marek"},"notmarek":{"password":"notmarek"}} \ No newline at end of file +{"secret_key":"aihsasodhngfkuabsfh", "secret_cookie":"IPreferSeaSaltCarmelIceCreamOverAnyLameCookies", "marek":{"password":"kYazQA/Q+o1Uw2p4lY7xqLqUAtV71jUQhKRhg/KRzi4="},"notmarek":{"password":"notmarek"}} \ No newline at end of file diff --git a/hasher.py b/hasher.py new file mode 100644 index 0000000..2431e5c --- /dev/null +++ b/hasher.py @@ -0,0 +1,16 @@ +import base64, hashlib + +secret_cookie = "IPreferSeaSaltCarmelIceCreamOverAnyLameCookies" + +username = input("username: ") +password = input("password: ") +if input("retype password: ") != password: + print ("passwords do not match up! Lern 2 spel your password plz!") + exit() + +hasher = hashlib.sha256() +hasher.update(password.encode('utf-8')) +hasher.update(secret_cookie.encode('utf-8')) +hashedpassword = base64.b64encode(hasher.digest()).decode('utf-8') + +print ('"{}":{{"password":"{}"}}'.format(username,hashedpassword)) \ No newline at end of file diff --git a/qr-labels.py b/qr-labels.py index f529eb5..708784d 100644 --- a/qr-labels.py +++ b/qr-labels.py @@ -3,7 +3,7 @@ from flask_login import LoginManager, UserMixin, login_required, login_user, log from PIL import Image, ImageFont, ImageDraw import qrcode from io import BytesIO -import json, random, re, string +import json, random, re, string, hashlib, base64 app = Flask(__name__) systemURL = 'http://192.168.0.11:5000/' #FULL URL with a '/' at the end @@ -30,6 +30,8 @@ with open('admins.json', 'r') as infile: for key, value in adminfile.items(): if key=='secret_key': app.secret_key = value + elif key=='secret_cookie': + secret_cookie = value.encode('utf-8') else: a = Admin(key, value['password']) @@ -119,7 +121,11 @@ def login(): if request.method == 'POST': username = request.form['username'] password = request.form['password'] - if admins[username].password == password: + hasher = hashlib.sha256() + hasher.update(password.encode('utf-8')) + hasher.update(secret_cookie) + hashedpassword = base64.b64encode(hasher.digest()).decode('utf-8') + if admins[username].password == hashedpassword: login_user(admins[username]) return redirect(request.args.get("next")) return abort(401)