akhilstanis · December 5, 2019 15:16
diff --git a/server.rb b/server.rb
 require 'sinatra'
 require 'pg'

 database_url = ENV['DATABASE_URL'] || 'postgres://localhost:5432/sql_injection'
 pg = PG.connect(database_url)
 pg.exec('CREATE TABLE IF NOT EXISTS users (username CHAR(50), password CHAR(50));')

 set :session_secret, 'super_secret'
 enable :sessions

 get '/' do
  current_user = session[:current_user]

  if !current_user
    redirect to('/login')
  end

  "Welcome #{current_user}<br/><a href='/logout'>Logout</a>"
 end

 get '/login' do
  erb :login
 end

 post '/login' do
  @username = params[:username]
  @password = params[:password]

  user = pg.exec("SELECT * FROM users WHERE username = '#{@username}' AND password = '#{@password}'").first
  if !user
    @error = 'invalid username or password'
    erb :login
  else
    session[:current_user] = user
    redirect to('/')
  end
 end

 get '/logout' do
  session.delete(:current_user)
  redirect to('/login')
 end
	require 'sinatra'
	require 'pg'

	database_url = ENV['DATABASE_URL'] \|\| 'postgres://localhost:5432/sql_injection'
	pg = PG.connect(database_url)
	pg.exec('CREATE TABLE IF NOT EXISTS users (username CHAR(50), password CHAR(50));')

	set :session_secret, 'super_secret'
	enable :sessions

	get '/' do
	current_user = session[:current_user]

	if !current_user
	redirect to('/login')
	end

	"Welcome #{current_user}<br/><a href='/logout'>Logout</a>"
	end

	get '/login' do
	erb :login
	end

	post '/login' do
	@username = params[:username]
	@password = params[:password]

	user = pg.exec("SELECT * FROM users WHERE username = '#{@username}' AND password = '#{@password}'").first
	if !user
	@error = 'invalid username or password'
	erb :login
	else
	session[:current_user] = user
	redirect to('/')
	end
	end

	get '/logout' do
	session.delete(:current_user)
	redirect to('/login')
	end