CheetahCS
diff --git a/‎challenge/create_db.py‎
Lines changed: 30 additions & 0 deletions b/‎challenge/create_db.py‎
Lines changed: 30 additions & 0 deletions
diff --git a/‎challenge/database.db‎
12 KB b/‎challenge/database.db‎
12 KB
diff --git a/‎challenge/forms.py‎
Lines changed: 1 addition & 1 deletion b/‎challenge/forms.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎challenge/templates/challenge1.html‎
Lines changed: 10 additions & 1 deletion b/‎challenge/templates/challenge1.html‎
Lines changed: 10 additions & 1 deletion
diff --git a/‎challenge/templates/challenge2.html‎
Lines changed: 0 additions & 15 deletions b/‎challenge/templates/challenge2.html‎
Lines changed: 0 additions & 15 deletions
diff --git a/‎challenge/templates/index.html‎
Lines changed: 1 addition & 2 deletions b/‎challenge/templates/index.html‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎challenge/views.py‎
Lines changed: 27 additions & 9 deletions b/‎challenge/views.py‎
Lines changed: 27 additions & 9 deletions
diff --git a/‎database.db‎
12 KB b/‎database.db‎
12 KB
@@ -0,0 +1,30 @@
+import sqlite3
+
+def create_db():
+    # Connect to the SQLite database
+    conn = sqlite3.connect('database.db')
+    cursor = conn.cursor()
+
+    cursor.execute('''
+        CREATE TABLE IF NOT EXISTS users (
+                id INTEGER PRIMARY KEY AUTOINCREMENT,
+                username TEXT NOT NULL,
+                password TEXT NOT NULL
+            )
+        ''')
+    
+    cursor.execute('''
+        INSERT INTO users (username, password)
+        VALUES ('admin', 'admin999445')
+    ''')
+
+    
+    conn.commit()
+    users = cursor.fetchall()
+    print(users)
+    conn.close()
+    print("Database created and test user inserted.")
+
+
+if __name__ == '__main__':
+    create_db()
@@ -5,4 +5,4 @@
 
 class LoginForm(FlaskForm):
     username = StringField('username', validators=[DataRequired()])
-    password = PasswordField('password', validators=[DataRequired()])
+    password = PasswordField('password', validators=[DataRequired()])
@@ -2,5 +2,14 @@
 
 {% block content %}
     <h1>Challenge 1</h1>
-    <p>flag{some-flag}</p>
+    <form method="post">
+        <label>Username:</label><br />
+        {{ form.username }}
+        <label>Password:</label><br />
+        {{ form.password }}
+        <button type="submit">Submit</button>
+    </form>
+    <p>
+        {{ response }}
+    </p>
 {% endblock %}
@@ -6,8 +6,7 @@ <h1>Home</h1>
     <div id="challenges">
         <h2>Challenges</h2>
         <ul>
-            <li><a href="/1">Example Challenge 1</a></li>
-            <li><a href="/2">Example Challenge 2</a></li>
+            <li><a href="/1">Challenge 1</a></li>
         </ul>
     </div>
 {% endblock %}
@@ -1,24 +1,42 @@
 import flask
 from flask import render_template
+import sqlite3
 
 from challenge import app, forms
 
+def get_db_connection():
+    conn = sqlite3.connect("database.db")
+    conn.row_factory = sqlite3.Row
+    return conn
+
+def get_db_connection_3():
+    conn = sqlite3.connect("challenge3.db")
+    conn.row_factory = sqlite3.Row
+    return conn
+
 
 @app.route('/', methods=['GET'])
 def index() -> str:
     return render_template("index.html")
 
-@app.route('/1', methods=['GET'])
+@app.route('/1', methods=['GET', 'POST'])
 def ch_1() -> str:
-    return render_template("challenge1.html")
-
-@app.route('/2', methods=['GET', 'POST'])
-def ch_2() -> str:
     form = forms.LoginForm()
+    response = ""
     if flask.request.method == 'POST':
-        if form.username.data == "admin" and form.password.data == "admin":
-            return render_template("challenge2.html", form=form, response="flag{some-flag-idk-lol}")
+        username = form.username.data
+        password = form.password.data
+
+        conn = get_db_connection()
+        query = f"SELECT * FROM users WHERE username = '{username}' AND password = '{password}'"
+        result = conn.execute(query).fetchall()
+        conn.close()
+
+        if result:
+            response = f"flag{{simple_sql_challenge}}"
         else:
-            return render_template("challenge2.html", form=form, response="Incorrect username/password")
-    return render_template("challenge2.html", form=form)
+            response = "Invalid credentials."
+        
+    return render_template("challenge1.html", form=form, response=response)
+