adds

HoussemCharf · Jun 3, 2019 · 97f525f · 97f525f
1 parent 2d3695f
commit 97f525f
Show file tree

Hide file tree

Showing 8 changed files with 30 additions and 59 deletions.
diff --git a/core/app.py b/core/app.py
@@ -38,9 +38,7 @@ def login():
         email= request.form['email']
         password = request.form['password']
         if general_check(password,7,20) and check_email(email):
-        #TODO by Houssem 1- sanatize data passed from user
             if User.valid_login(email,password):
-        # Hacky code here <.<
                 uuid = User.get_id_by_email(email)
                 User.login(uuid)
                 return redirect(url_for('index'))
@@ -245,7 +243,7 @@ def new_report():
             user = User.get_by_id(_id)
             error = None
             if user['banned'] == True:
-                error = "You are not allowed, to add a report because you are banned!"
+                error = "You are not allowed to add a report because you are banned!"
                 return view.render_template(view='banned.html',error=error)
             return view.render_template(view='add.html',error=error)
     return redirect(url_for('index'))
@@ -256,12 +254,8 @@ def register():
         email = request.form['email']
         password = request.form['password']
         username = request.form['name']
-        firstpartner = request.form['firstpartner']
-        secondpartner = request.form['secondpartner']
-        thirdpartner = request.form['thirdpartner']
-        #TODO by houssem 1- sanatize data passed from user
-        if  check_email(email) == True and general_check(password,7,20) and general_check(username,4,20) and general_check(firstpartner,4,20) and general_check(secondpartner,0,20) and general_check(thirdpartner,0,20):         
-            user = User.register(username,email,password,firstpartner,secondpartner,thirdpartner)
+        if  check_email(email) == True and general_check(password,7,20) and general_check(username,4,20):      
+            user = User.register(username,email,password)
             if user:
                 return redirect(url_for('index'))
             error= 'Account already exists!'

diff --git a/core/config.py b/core/config.py
@@ -13,8 +13,9 @@ class StaticVars:
 	""" global vars to be passed"""
 	SITE_NAME= 'BugBountyTN'
 	SITE_URL= 'https://127.0.0.1:5000'
+
+
 class Development_Config(BaseConfig):
-	"""development config for me and souheil"""
 	DEBUG = True
 	BCRYPT_LOG_ROUNDS=4
 

diff --git a/core/models/Usermodel.py b/core/models/Usermodel.py
@@ -5,13 +5,10 @@
 import bcrypt
 from  models.ReportModel import Report
 class User(object):
-	def __init__(self,username,email,password,firstpartner,secondpartner,thirdpartner,_id=None,registeredOn=None,admin=False,banned=False):
+	def __init__(self,username,email,password,_id=None,registeredOn=None,admin=False,banned=False):
 		self.username = username
 		self.email = email
 		self.password = bcrypt.hashpw(password.encode('utf-8'),bcrypt.gensalt())
-		self.firstpartner = firstpartner
-		self.secondpartner = secondpartner
-		self.thirdpartner = thirdpartner
 		self._id = uuid.uuid4().hex if _id is None else _id
 		self.registeredOn=datetime.datetime.now()
 		self.banned=banned
@@ -59,10 +56,10 @@ def valid_login(cls,email,password):
 			return bcrypt.checkpw(password.encode("utf-8"),user["password"])
 		return False
 	@classmethod
-	def register(cls,username,email,password,firstpartner,secondpartner,thirdpartner):
+	def register(cls,username,email,password):
 		user = cls.get_only_email(email)
 		if user is None:
-			guest = cls (username,email,password,firstpartner,secondpartner,thirdpartner)
+			guest = cls (username,email,password)
 			guest.savemongo()
 			dataSaved = cls.get_by_email(email)
 			cls.init_login(dataSaved["_id"])
@@ -108,10 +105,7 @@ def json(self):
 		"password":self.password,
 		"admin":self.admin,
 		"banned":self.banned,
-		"registeredOn":self.registeredOn,
-		"firstpartner" : self.firstpartner,
-		"secondpartner" : self.secondpartner,
-		"thirdpartner" : self.thirdpartner
+		"registeredOn":self.registeredOn
 		}
 	def savemongo(self):
 		Database.insert("users",self.json())

diff --git a/core/templates/admin/admin.html b/core/templates/admin/admin.html
@@ -37,7 +37,7 @@
               <section class="content-header">
                   <h1>
                     <span id="Tab">Dashboard</span>
-                    <small>PenParty Control panel</small>
+                    <small>BugBountyTN Control panel</small>
                 </h1>
               </section>
         <!-- Dashboard section -->
@@ -333,7 +333,7 @@ <h3 class="box-title">Chat (feature not fully implemented)</h3>
 
             <tr>
                 <td>{{ post['reportName'] }}</td>
-                <td>{{ post['reportDescription'] }}</td>
+                <td style="max-width:100px">{{ post['reportDescription'] }}</td>
                 <td>{{post['AttackVector']}}</td>
                 <td>{{post['reportType']}}</td>
                 {% if post['reportFile'] == None %}

diff --git a/core/templates/admin_report.html b/core/templates/admin_report.html
@@ -1,8 +1,6 @@
 {% extends "layout.html" %}
 {% block body %}
 <link href="{{ url_for('static', filename='css/report/report.css') }}" rel="stylesheet">
-<section id="content">
-<article>
 <div class="container">
     <div class="page-header">
   <h1 align="center"> Evaluate Report </h1>  
@@ -17,15 +15,13 @@ <h1 align="center"> Evaluate Report </h1>
 </div>
 <div class="row">
           <form method=POST action="{{ url_for('score_report') }}">
-            <div class="row" id="firstrow">
+            <div class="col-md-12">
                 <table class="table table-striped">
                     <thead>
-                    <th> Username </th>
-                    <th>Bug name: </th>
-
-                    <th>Bug type: </th>
-
-                    <th>Report Level</th>
+                    <th> Reporter Name </th>
+                    <th>Bug name </th>
+                    <th>Bug type </th>
+                    <th>Threat Level</th>
 
                     <th> Description:</th>
                     <br>
@@ -36,39 +32,36 @@ <h1 align="center"> Evaluate Report </h1>
 
                     <th>PriviligesRequired(PR):</th>
 
-                    <th>File</th>
+                    <th>Filename</th>
                 </thead>
                 <tbody>
                     <tr>
                     <td>{{usernames}}</td>
+                    <td> {{report['reportName']}}</td>
                     <td>{{report['reportType']}}</td>
                     <td>{{report['reportLevel']}}</td>
-                     <td>{{report['reportDescription']}}</td>
+                    <td >{{report['reportDescription']}}</td>
                     <td>{{report['AttackVector']}}</td>
 
                     <td>{{report['AttackComplexity']}}</td>
                     <td>{{report['getprivilege']}}</td>
                     {% if report['reportFile'] != None %}
-                    <td><a href="/uprep1/{{report['reportFile']}}"><span>{{report['reportFile']}}</span></a></td></tr>
+                    <td>{{report['reportFile']}}</td>
                     {% else %}
-                    <td><span>No File</span></td></tr>
+                    <td><span>No File</span></td>
+                </tr>
                     {% endif %}
                     </tbody>
                 </table>
             </div>
+
                 <div class="col-md-2">
                     <input type="text" class="form-control" name="score" placeholder="Score..." required="Please score!">
                     </div>
                     <input type="hidden" name="id" value="{{report['reportId']}}">
                 <br>
-                    <button type="submit" class="btn btn-danger">Score</button>             
-                </div>
-            </div>
+                    <button type="submit" class="btn btn-danger" style="margin-top:2px">Score</button>             
         </form>
-</div><br>
-<br>
 </div>
-</article>
-</section>
 </div>
 {% endblock %}
diff --git a/core/templates/home.html b/core/templates/home.html
@@ -21,10 +21,8 @@ <h1>Welcome to PenParty Platform</h1>
 		<div class="col-md-12">
 <h4>
 <p> <b>PenParty is a pentest contest organized by Engineer Spark Community in colloboration with the ministry of information and technology , in which teams compete to find  bugs infrastructure, and report them for the purpose of gaining points. This event is in it first edition, it's unique of kind like no other hacking contest. Similar to the real world, players are required to exploit and report under 24h.So best of luck Hackers!
-Made with&nbsp;<span class="heart">&#9829;</span>&nbsp;by Cheesus and harloNzz & hosted by Spark Engineer Community</b>
+</b></p>
 <br>
-  <a href="https://github.com/HoussemCharf"> <i class="fa fa-github" aria-hidden="true"></i></a>
-  <a href="https://www.facebook.com/EngineersSparkCommunity"><i class="fa fa-facebook" aria-hidden="true"></i></a></p>
 </h4>
 </div>
 </div>

diff --git a/core/templates/layout.html b/core/templates/layout.html
@@ -43,7 +43,9 @@
                                 <li><a href="/administration">Admin area</a></li>
                                 {% endif%}
                                 <li><a href="/userdashboard">My Space</a></li>
+                                {% if admin == False %}
                                 <li><a href="/reports">Reports</a></li>
+                                {% endif %}
                                 <li role="separator" class="divider"></li>
                                 <li><a href="/logout">Sign out</a></li>
                             </ul>

diff --git a/core/templates/register.html b/core/templates/register.html
@@ -7,31 +7,20 @@
         <img width="400" height="200" src="{{url_for('static',filename='img/register.png')}}">
         </div>
         <div class="col-md-4 col-md-offset-4">
-            <span id="team"><h3 align="center">Team registration</h3></span>
+            <span id="team"><h3 align="center">User registration</h3></span>
             <form method=POST action="{{ url_for('register') }}">                
                 <div class="form-group">
                     <label for="InputUsername">Username</label>
                     <input type="text" class="form-control" name="name" placeholder="Username">
                 </div>
                 <div class="form-group">
                     <label for="InputEmail">Email</label>
-                    <input type="text" class="form-control" name="email" placeholder="Team@domain.com">
+                    <input type="text" class="form-control" name="email" placeholder="user@domain.com">
                 </div>
                 <div class="form-group">
                     <label for="InputPassword">Password</label>
                     <input type="password" class="form-control" name="password" placeholder="Password">
-                </div>
-                <div class="form-group">
-                    <label for="Inputfirstpartner"> First Partner </label>
-                    <input type="text" class="form-control" name="firstpartner" placeholder="First Partner">
-                </div>
-                <div class="form-group">
-                    <label for="Inputsecondpartner"> Second Partner </label>
-                    <input type="text" class="form-control" name="secondpartner" placeholder="Second Partner">
-                </div>
-                <div class="form-group">
-                    <label for="Inputthirdpartner"> Third Partner </label>
-                    <input type="text" class="form-control" name="thirdpartner" placeholder="Third Partner">
+                    <span class="hint"style="display: inline-block;font-size: 12px;line-height: 20px;">Password Settings, min 7,max 20 etc.</span>
                 </div>
                 <br>
                 <button type="submit" class="btn btn-primary btn-block">Register</button>