marek
/
qr-labels
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Admin passwords are stored hashed. Safety third!

Browse Source
master
Marek Baczynski 6 years ago
parent b213966b2d
commit 944d16bfe4
3 changed files with 25 additions and 3 deletions
Show Stats Download Patch File Download Diff File

2
admins.json
Unescape View File

@ -1 +1 @@
{"secret_key":"aihsasodhngfkuabsfh", "marek":{"password":"marek"},"notmarek":{"password":"notmarek"}} {"secret_key":"aihsasodhngfkuabsfh", "secret_cookie":"IPreferSeaSaltCarmelIceCreamOverAnyLameCookies", "marek":{"password":"kYazQA/Q+o1Uw2p4lY7xqLqUAtV71jUQhKRhg/KRzi4="},"notmarek":{"password":"notmarek"}}

16
hasher.py
Unescape View File

@ -0,0 +1,16 @@
import base64, hashlib
secret_cookie = "IPreferSeaSaltCarmelIceCreamOverAnyLameCookies"
username = input("username: ")
password = input("password: ")
if input("retype password: ") != password:
print ("passwords do not match up! Lern 2 spel your password plz!")
exit()
hasher = hashlib.sha256()
hasher.update(password.encode('utf-8'))
hasher.update(secret_cookie.encode('utf-8'))
hashedpassword = base64.b64encode(hasher.digest()).decode('utf-8')
print ('"{}":{{"password":"{}"}}'.format(username,hashedpassword))

10
qr-labels.py
Unescape View File

@ -3,7 +3,7 @@ from flask_login import LoginManager, UserMixin, login_required, login_user, log
from PIL import Image, ImageFont, ImageDraw from PIL import Image, ImageFont, ImageDraw
import qrcode import qrcode
from io import BytesIO from io import BytesIO
import json, random, re, string import json, random, re, string, hashlib, base64
app = Flask(__name__) app = Flask(__name__)
systemURL = 'http://192.168.0.11:5000/' #FULL URL with a '/' at the end systemURL = 'http://192.168.0.11:5000/' #FULL URL with a '/' at the end
@ -30,6 +30,8 @@ with open('admins.json', 'r') as infile:
for key, value in adminfile.items(): for key, value in adminfile.items():
if key=='secret_key': if key=='secret_key':
app.secret_key = value app.secret_key = value
elif key=='secret_cookie':
secret_cookie = value.encode('utf-8')
else: else:
a = Admin(key, value['password']) a = Admin(key, value['password'])
@ -119,7 +121,11 @@ def login():
if request.method == 'POST': if request.method == 'POST':
username = request.form['username'] username = request.form['username']
password = request.form['password'] password = request.form['password']
if admins[username].password == password: hasher = hashlib.sha256()
hasher.update(password.encode('utf-8'))
hasher.update(secret_cookie)
hashedpassword = base64.b64encode(hasher.digest()).decode('utf-8')
if admins[username].password == hashedpassword:
login_user(admins[username]) login_user(admins[username])
return redirect(request.args.get("next")) return redirect(request.args.get("next"))
return abort(401) return abort(401)

Write Preview
Loading…
Cancel
Save