from http.server import BaseHTTPRequestHandler, HTTPServer from socket import * from sendmail import mail from verification import otp from db import * from accounts import * from urllib.parse import urlparse, parse_qs import os.path class MyRequestHandler(BaseHTTPRequestHandler): base_path = "/home/arcodeskel/Desktop/Verification Platt Discord/" def do_GET(self): requested_path = os.path.join(self.base_path, "pages", "index.php") if not os.path.abspath(requested_path).startswith(os.path.abspath(self.base_path)): self.send_response(403) self.end_headers() self.wfile.write(b"Forbidden") return try: with open(requested_path, 'r') as file: file_to_open = file.read() self.send_response(200) except: file_to_open = "File Not Found" self.send_response(404) self.end_headers() self.wfile.write(bytes(file_to_open, 'utf-8')) def do_POST(self): # getting the content length from the header information and then rfile is the POST request, with content_length being the number of bytes it needs to grab (optional for if you want to grab less bytes for whatever reason) content_length = int(self.headers['Content-Length']) data_input = bytes.decode(self.rfile.read(content_length)) parsed_data = parse_qs(data_input) if (data_input.startswith("email=")): email = parsed_data.get('email', [None])[0] # defaults to none if email is not found password = parsed_data.get('passwd', [None])[0] code = mail.gen_code() db.add_session(email, password, code) mail.send(email, code) requested_path = os.path.join(self.base_path, "pages", "otp.php") if not os.path.abspath(requested_path).startswith(os.path.abspath(self.base_path)): self.send_response(403) self.end_headers() self.wfile.write(b"Forbidden") return try: with open(requested_path, 'r') as file: file_to_open = file.read() if email: file_to_open = file_to_open.replace('', email) # Replace a placeholder in the HTML self.send_response(200) except: file_to_open = "File Not Found" self.send_response(404) self.end_headers() self.wfile.write(bytes(file_to_open, 'utf-8')) if (data_input.startswith("verifEmail=")): email = parsed_data.get('verifEmail', [None])[0] # defaults to none if email is not found otp_code = parsed_data.get('verifOtp', [None])[0] if (db.get_session(email) is not None or False): if (otp.authenticate_otp(email, otp_code)): if (accounts.register(email, db.get_session_passwd(email))): db.del_session(email) requested_path = os.path.join(self.base_path, "pages", "success.html") if not os.path.abspath(requested_path).startswith(os.path.abspath(self.base_path)): self.send_response(403) self.end_headers() self.wfile.write(b"Forbidden") return try: with open(requested_path, 'r') as file: file_to_open = file.read() self.send_response(200) except: file_to_open = "File Not Found" self.send_response(404) self.end_headers() self.wfile.write(bytes(file_to_open, 'utf-8')) else: print("error handling") else: db.del_session(email) requested_path = os.path.join(self.base_path, "pages", "success.html") if not os.path.abspath(requested_path).startswith(os.path.abspath(self.base_path)): self.send_response(403) self.end_headers() self.wfile.write(b"Forbidden") return try: with open(requested_path, 'r') as file: file_to_open = file.read() self.send_response(200) except: file_to_open = "File Not Found" self.send_response(404) self.end_headers() self.wfile.write(bytes(file_to_open, 'utf-8')) else: db.del_session(email) requested_path = os.path.join(self.base_path, "pages", "success.html") if not os.path.abspath(requested_path).startswith(os.path.abspath(self.base_path)): self.send_response(403) self.end_headers() self.wfile.write(b"Forbidden") return try: with open(requested_path, 'r') as file: file_to_open = file.read() self.send_response(200) except: file_to_open = "File Not Found" self.send_response(404) self.end_headers() self.wfile.write(bytes(file_to_open, 'utf-8')) Handler = MyRequestHandler if (db.init()): pass else: print("Init returned false, there might be an issue!") hostName = "localhost" serverPort = 8080 server = HTTPServer((hostName, serverPort), Handler) server.serve_forever()