Skip to content

Commit

Permalink
on the user's profile, make the tip button open the QR code for the B…
Browse files Browse the repository at this point in the history 
…CH address and remove the PayPal form. OWASP-BLT#1820 (OWASP-BLT#1844)
  • Loading branch information
@Sarthak5598
Sarthak5598 authored Feb 28, 2024
1 parent e51447e commit e35ff87
Show file tree
Hide file tree
Showing 3 changed files with 46 additions and 15 deletions.
1 change: 1 addition & 0 deletions blt/urls.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -416,6 +416,7 @@
path("company/", include("company.urls")),
path("sponsor/", website.views.sponsor_view, name="sponsor"),
path("companies/", DomainListView.as_view(), name="domain_lists"),
path("generate-bch-qr/<str:username>/", website.views.generate_bch_qr, name="generate_bch_qr"),
]

if settings.DEBUG:
Expand Down
29 changes: 14 additions & 15 deletions website/templates/profile.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -214,21 +214,11 @@ <h1 class="page-header text-capitalize">{{ user.username }}</h1>
{% endif %}
{% endif %}
<div class="status">
<form name="_xclick"
action="https://www.paypal.com/cgi-bin/webscr"
method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden"
name="business"
value="{{ project.paypal|default:" coderbounty@gmail.com" }}">
<input type="hidden"
name="item_name"
value="tip for {{ user.username }} on {% env 'DOMAIN_NAME' %}">
<input type="hidden" name="currency_code" value="USD">
<button type="submit" class="btn btn-danger text-black">
<i class="fa fa-money fa-lg"></i> {% trans "Send a tip" %}
</button>
</form>
<button type="button" id="openModal" class="btn btn-danger" style="color: black;">Send a Tip</button>
<dialog id="dialog">
<img id="qr-image" src="{% url 'generate_bch_qr' username=user.username %}" alt="QR Code">
<p id="bch-address" style="color: aliceblue;">BCH: {{ user.userprofile.crypto_address }}</p>
</dialog>
</div>
</div>
<div class="icon-block">
Expand Down Expand Up @@ -421,6 +411,15 @@ <h1 class="page-header text-capitalize">{{ user.username }}</h1>
</div>
</div>
<script type="text/javascript">
document.addEventListener("DOMContentLoaded", function() {
const openModalButton = document.getElementById('openModal');
const dialog = document.getElementById('dialog');

openModalButton.addEventListener('click', function() {
dialog.showModal();
});
});

$(function () {
$('.img-thumbnail, .upload-btn').on('mouseenter', function () {
$('.upload-btn').show();
Expand Down
31 changes: 31 additions & 0 deletions website/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,11 @@
from collections import deque
from datetime import datetime, timedelta, timezone
from decimal import Decimal
from io import BytesIO
from urllib.parse import urlparse, urlsplit, urlunparse

import humanize
import qrcode
import requests
import requests.exceptions
import six
Expand Down Expand Up @@ -3825,3 +3827,32 @@ def invite_friend(request):
# headers=headers,
# )
# mail.logout()


@csrf_exempt
def generate_bch_qr(request, username):
if request.method == "GET":
try:
user = User.objects.get(username=username)
profile = user.userprofile
address = profile.crypto_address
qr = qrcode.QRCode(
version=1,
error_correction=qrcode.constants.ERROR_CORRECT_L,
box_size=10,
border=4,
)
qr.add_data(address)
qr.make(fit=True)

img = qr.make_image(fill_color="black", back_color="white")
buffer = BytesIO()
img.save(buffer)
qr_image = buffer.getvalue()
return HttpResponse(qr_image, content_type="image/png")
except User.DoesNotExist:
return HttpResponse(status=404) # User not found
except Exception as e:
return HttpResponse(status=500) # Internal server error
else:
return HttpResponse(status=405) # Method Not Allowed

0 comments on commit e35ff87

Please sign in to comment.