From fee93023a64feeda0af6b50da78705f5fb1a3c02 Mon Sep 17 00:00:00 2001 From: Tyler Lightwood Date: Thu, 8 Feb 2024 12:01:19 +0000 Subject: [PATCH] Removed unused comments + headers - Created potential fix to SQL Injection warning for delete animals, will monitor and modify/remove accordingly --- .gitignore | 3 +++ N_P_P.py | 2 +- add_animal.py | 8 ++++---- common_functions.py | 8 +++++++- edit_animal_entries.py | 3 +++ login.py | 11 +---------- view_animals.py | 5 ++++- 7 files changed, 23 insertions(+), 17 deletions(-) diff --git a/.gitignore b/.gitignore index 62f26ca..6da5ff3 100644 --- a/.gitignore +++ b/.gitignore @@ -152,6 +152,9 @@ dmypy.json # Cython debug symbols cython_debug/ +# .vscode +.vscode/ + # PyCharm # JetBrains specific template is maintained in a separate JetBrains.gitignore that can # be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore diff --git a/N_P_P.py b/N_P_P.py index 1d30d76..16b970d 100644 --- a/N_P_P.py +++ b/N_P_P.py @@ -4,7 +4,7 @@ from notifications import notifications from staff_portal import staff_portal from view_animals import view_animals -from common_functions import clear_screen, log_action, hash_password, get_mongodb_uri, load_animal_data +from common_functions import clear_screen, log_action, hash_password, get_mongodb_uri from login import login from client_database import client_database from pymongo import MongoClient diff --git a/add_animal.py b/add_animal.py index 30479ef..e2b6792 100644 --- a/add_animal.py +++ b/add_animal.py @@ -29,7 +29,7 @@ def add_animal(): print("Enter animal details or type 'exit' to cancel:") # Input fields for animal data - name = input(Fore.GREEN + "\nName: " + Style.RESET_ALL).strip().capitalize() # Capitalize the first letter + name = input(Fore.GREEN + "\nName: " + Style.RESET_ALL).strip().capitalize() # Check if user wants to exit if name.lower() == 'exit': @@ -39,9 +39,9 @@ def add_animal(): print_animal_table(animals) break - species = input(Fore.GREEN + "Species: " + Style.RESET_ALL).strip().capitalize() # Capitalize the first letter - breed = input(Fore.GREEN + "Breed: " + Style.RESET_ALL).strip().capitalize() # Capitalize the first letter - gender = input(Fore.GREEN + "Gender: " + Style.RESET_ALL).strip().capitalize() # Capitalize the first letter + species = input(Fore.GREEN + "Species: " + Style.RESET_ALL).strip().capitalize() + breed = input(Fore.GREEN + "Breed: " + Style.RESET_ALL).strip().capitalize() + gender = input(Fore.GREEN + "Gender: " + Style.RESET_ALL).strip().capitalize() age = input(Fore.GREEN + "Age: " + Style.RESET_ALL).strip() # Validate input fields diff --git a/common_functions.py b/common_functions.py index e4d1934..23b3d8f 100644 --- a/common_functions.py +++ b/common_functions.py @@ -1,4 +1,5 @@ import os +import re from argon2 import PasswordHasher from argon2.exceptions import VerifyMismatchError import datetime @@ -89,4 +90,9 @@ def get_input(prompt): return value else: print(Fore.RED + "\nThis field cannot be left blank. Please try again." + Style.RESET_ALL) - time.sleep(2) \ No newline at end of file + time.sleep(2) + +def sanitize_input(input_string): + # Only allow alphanumeric characters and spaces + pattern = re.compile('a-zA-z') + return pattern.sub('', input_string) \ No newline at end of file diff --git a/edit_animal_entries.py b/edit_animal_entries.py index 43fcf37..916296b 100644 --- a/edit_animal_entries.py +++ b/edit_animal_entries.py @@ -23,6 +23,7 @@ def get_animal_name(): return input(Fore.CYAN + "Enter the name of the animal to modify (enter 'exit' to leave): " + Style.RESET_ALL).strip().capitalize() + def get_field_choice(): return input("Enter the number of the field to modify or 'exit' to cancel: ") @@ -75,6 +76,8 @@ def modify_animal(): if field_choice.lower() == 'exit': print(Fore.YELLOW + "\nExiting..." + Style.RESET_ALL) time.sleep(2) + clear_screen() + print_animal_table(animals) return if field_choice.isdigit(): diff --git a/login.py b/login.py index 66d6434..1e8fa86 100644 --- a/login.py +++ b/login.py @@ -1,7 +1,7 @@ import getpass import time from colorama import Fore, Style -from common_functions import clear_screen, log_action, hash_password, verify_password, get_mongodb_uri, get_input +from common_functions import clear_screen, log_action, hash_password, verify_password, get_mongodb_uri from admin_dashboard import admin_dashboard from pymongo import MongoClient @@ -34,11 +34,8 @@ def change_admin_password(username): # Check if passwords match if new_password == confirm_password: # Generate salt and hash password - hashed_password = hash_password(new_password) - # Convert salt to hexadecimal string for serialization - # Update the password in the MongoDB collection for ADMIN users_collection.update_one( {'username': 'ADMIN'}, @@ -122,12 +119,6 @@ def login(): time.sleep(2) exit() -def get_user_credentials(): - print("\nšŸ‘¤ User Login šŸ‘¤") - username = input("\nEnter your username: ") - password = getpass.getpass("Enter your password: ") - return username, password - def handle_successful_login(user, username, password): user_level = user['level'] print("\nLogging in...") diff --git a/view_animals.py b/view_animals.py index 4b90fbc..066c18f 100644 --- a/view_animals.py +++ b/view_animals.py @@ -1,6 +1,6 @@ import time from colorama import Fore, Style -from common_functions import clear_screen, load_animal_data, log_action, get_mongodb_uri +from common_functions import clear_screen, load_animal_data, log_action, get_mongodb_uri, sanitize_input from view_animal_profile import view_animals_full from sudo_user_login import SudoUserLevel1, SudoUser from edit_animal_entries import modify_animal @@ -150,6 +150,9 @@ def sort_animals(animals, key='name', reverse=False): return sorted_animals def delete_animal(animal_name): + + animal_name = sanitize_input(animal_name) + try: animal_count = animals_collection.count_documents({"name": animal_name})