PSTnD6MX

· 7 years ago · Jan 08, 2019, 03:32 PM
1from flask import Flask, session, redirect, render_template, request
2from flask_session.__init__ import Session
3from hashlib import md5
4from Crypto import Random
5from Crypto.Cipher import AES
6from random import randint
7import codecs
8import secret_key
9
10app = Flask(__name__)
11app.secret_key = secret_key.key_calc()
12app.config['SESSION_TYPE'] = 'filesystem'
13app.config.from_object(__name__)
14Session(app)
15
16BLOCK_SIZE = 16 
17pad = lambda s: s.decode("utf-8") + (BLOCK_SIZE - len(s) % BLOCK_SIZE) * chr(BLOCK_SIZE - len(s) % BLOCK_SIZE)
18unpad = lambda s: s[:-ord(s[len(s) - 1:])]
19
20class AESCipher:
21    def __init__(self, key):
22        self.key = md5(key.encode('utf8')).hexdigest()
23
24    def encrypt(self, raw):
25        raw = pad(raw)
26        iv = Random.new().read(AES.block_size)
27        cipher = AES.new(self.key.encode("utf-8"), AES.MODE_CBC, iv)
28        return codecs.encode(iv + cipher.encrypt(raw.encode("utf-8")), 'hex_codec')
29
30    def decrypt(self, enc):
31        enc = codecs.decode(enc,'hex_codec')
32        iv = enc[:16]
33        cipher = AES.new(self.key.encode("utf-8"), AES.MODE_CBC, iv)
34        return unpad(cipher.decrypt(enc[16:]))
35
36def gen_lott_check(number):
37	return True if (0 <= int(number) <= 50) else False
38
39def get_length(balance):
40	count=0
41	for i in balance:
42		try:
43			int(i)
44			count+=1
45		except:
46			break
47	return count
48
49def check_bet(bet):
50	length_bet = get_length(bet)
51	length_balance = get_length(session['current_money'])
52	if (length_bet > length_balance):
53		return False
54	if (length_bet == length_balance):
55		for i in range(0,length_balance):
56				if int(str(session['current_money'])[i]) < int(bet[i]):
57					return False
58	return True
59
60@app.errorhandler(404)
61def page_not_found(e):
62    return render_template("error.html")
63
64@app.errorhandler(500)
65def internal_error(e):
66    return render_template("error.html")
67
68@app.route('/', methods=['GET','POST'])
69def hello_world():
70	tsu = None
71	flower = None
72	source = None
73	flag = None
74	content = None
75	if(session.get('isset') == 1):
76		if session['flower'] == 1:
77			flower = 'Flower'
78			if request.method == 'POST' and request.form['take']=='flower':
79				content = "Flower can be seen as a girl, beautiful girl ^.^!"
80		if session['tsu'] == 1:
81			tsu = 'Tsug0d'
82			if request.method == 'POST' and request.form['take']=='tsu':
83				content = "Tsu? just the author of this challenge ^_^!"
84		if session['source'] == 1:
85			source = 'Source'
86			if request.method == 'POST' and request.form['take']=='source':
87				content = open("app.py").read()
88		if session['flag'] == 1:
89			flag = '=Flag='
90			if request.method == 'POST' and request.form['take']=='flag':
91				content = open("fl4gggg.txt").read()
92	else:
93		session['isset'] = 1
94		session['current_money'] = "1000"
95		session['flower'] = 0
96		session['tsu'] = 0
97		session['flag'] = 0
98		session['source'] = 0
99	return render_template('index.html', money=session['current_money'], tsu = tsu, flower = flower, source = source, flag = flag, content = content)
100
101@app.route('/lott', methods=['GET','POST'])
102def lott():
103	status = None
104	stored_value={}
105	jackpot = randint(0,50)
106	if request.method == 'POST':
107		if request.form['ticket']:
108			ticket = AESCipher(app.secret_key).decrypt(request.form['ticket']).decode('utf-8')
109			ticket = ticket.split(";")
110			if (len(ticket)!=3):
111				return redirect("/lott", code=302)
112			for i in ticket:
113				x = i.split('=')
114				stored_value[x[0]]=x[1]
115			if(str(stored_value['bet']).find("-")>=0 or str(stored_value['bet']).find("+")>=0):
116				return render_template("error.html")
117			if (check_bet(stored_value['bet'].strip()) and stored_value['number'].isnumeric()):
118				status = "Jackpot: %s | Your guess: %s" % (jackpot, stored_value['number'])
119				if (stored_value['number'] == str(jackpot)):
120					session['current_money'] = str(int(session['current_money']) + int(stored_value['bet']))
121				else:
122					session['current_money'] = str(int(session['current_money']) - int(stored_value['bet']))
123			else:
124				status = "You bet $%s, but you only have $%s" % (str(stored_value['bet']), session['current_money'])
125	return render_template('lott.html', money=session['current_money'], status = status)
126
127@app.route('/market', methods=['GET','POST'])
128def market():
129	status=None
130	if request.method == 'POST':
131		if request.form['buy']:
132			if request.form['buy']=='flower':
133				if int(session['current_money'])>=500:
134					session['current_money']=str(int(session['current_money'])-500)
135					session['flower'] = 1
136					status="Buy flower Successful!"
137				else:
138					status="Not enough money!"
139			elif request.form['buy']=='tsu':
140				if int(session['current_money'])>=500:
141					session['current_money']=str(int(session['current_money'])-500)
142					session['tsu'] = 1
143					status="Buy tsu Successful!"
144				else:
145					status="Not enough money!"
146			elif request.form['buy']=='source':
147				if int(session['current_money'])>=2000:
148					session['current_money']=str(int(session['current_money'])-2000)
149					session['source'] = 1
150					status="Buy source Successful!"
151				else:
152					status="Not enough money!"
153			elif request.form['buy']=='flag':
154				if int(session['current_money'])>=1337000000:
155					session['current_money']=str(int(session['current_money'])-1337000000)
156					session['flag'] = 1
157					status="Buy flag Successful!"		
158				else:
159					status="Not enough money!"
160			else:
161				status="Item not available!"
162	return render_template('market.html', money=session['current_money'], status=status)
163
164@app.route('/ticket', methods=['GET','POST'])
165def buy_ticket():
166	status=None
167	session_x = request.cookies.get('session')
168	if request.method == 'POST':
169		if request.form['number'] and request.form['bet']:
170			number = request.form['number']
171			bet = request.form['bet']
172			if (gen_lott_check(number) and bet.isnumeric()):
173				ticket = "number=%s;bet=%s;session=%s" %(number,bet,session_x)
174				status = 'Here your ticket: %s' % AESCipher(app.secret_key).encrypt(bytes(ticket,"utf-8")).decode("utf-8") 
175			else:
176				status = "Something wrong"
177	return render_template('ticket.html', money = session['current_money'], status = status)
178
179@app.route('/reset')
180def reset():
181	session.clear()
182	return redirect("/", code=302)
183
184
185if __name__ == '__main__':
186	app.run()