Lol

2024-10-01 20:14:14 -04:00
parent b3e876bd4c
commit da9156aaa3
2243 changed files with 384830 additions and 148 deletions
--- a/server/security.py
+++ b/server/security.py
@@ -1,33 +1,40 @@
 # server/security.py
-from flask import request
-import platform
+from flask import request, session
 import hashlib
+from db_setup import get_user, increment_login_attempts, reset_login_attempts

-# Mock user database (username: password) - replace with a real database
-USER_DATABASE = {
-    "iphone_user": hashlib.sha256("iphone_password".encode()).hexdigest(),
-    "laptop_user": hashlib.sha256("laptop_password".encode()).hexdigest(),
-}
+MAX_ATTEMPTS = 3

-# Function to validate user credentials
 def validate_user(username, password):
+    user_data = get_user(username)
+    if not user_data:
+        return False, "User does not exist."
+
+    stored_username, stored_password, login_attempts = user_data
+
+    if login_attempts >= MAX_ATTEMPTS:
+        return False, "Maximum login attempts exceeded. Please contact the administrator."
+
    hashed_password = hashlib.sha256(password.encode()).hexdigest()
-    return USER_DATABASE.get(username) == hashed_password
+    
+    if hashed_password == stored_password:
+        reset_login_attempts(username)
+        return True, "Login successful."
+    else:
+        increment_login_attempts(username)
+        return False, f"Invalid credentials. {MAX_ATTEMPTS - login_attempts - 1} attempt(s) remaining."

-# Function to extract device information
-def get_device_info():
-    user_agent = request.headers.get('User-Agent', 'Unknown')
-    return {
-        "ip": request.remote_addr,
-        "user_agent": user_agent,
-        "isa": platform.machine(),  # Get system architecture
-        "os": platform.system(),    # Get OS
-    }
-
-# Function to identify the uploader based on device info
 def identify_uploader():
    device_info = get_device_info()
    if "iPhone" in device_info['user_agent']:
        return f"Uploaded by iPhone (IP: {device_info['ip']})"
    else:
        return f"Uploaded by {device_info['isa']} {device_info['os']} (IP: {device_info['ip']})"
+
+def get_device_info():
+    user_agent = request.headers.get('User-Agent', 'Unknown')
+    return {
+        "ip": request.remote_addr,
+        "user_agent": user_agent,
+    }
+