#!/usr/bin/python3 # Simple event ticketing system # Generate QR codes, share to attendees # Each ticket can be used only once import random, string, qrcode, os.path, time, re from pathlib import Path from flask import Flask, request, escape # Domain name for the service domain = "v-space.hu" # Generate QR code and save to file def gen_qr(qdata, qid): data = qdata filename = qid + ".png" img = qrcode.make(data) img.save(filename) # Generate random string def random_string(length): letters = string.ascii_lowercase return ''.join(random.choice(letters) for i in range(length)) # Burn QR (filename touch with _burned) def burn_qr(ticket): # Allow burning only when event starts, https://time.is/Unix_time_converter now = int( time.time() ) if now < 1670223600: return "The time has not come yet." # Burning if the event is open ticket = str(ticket) if os.path.exists(ticket+".png"+"_burned") == True: return "Problem: you can't reuse tickets! Call the organizers if you think this is a mistake or incident." if os.path.exists(ticket+".png") == True: Path(ticket+".png"+"_burned").touch() print(ticket + " burned!") # Idea: add NFT minting here return "Ticket burned, get you swagz! Welcome to PMC!" else: print("Ticket NOT found!") return "Ticket NOT found!" # Generate the tickets and save them to tickets.txt def generate_tickets(amount): ticket_file = open("tickets.txt", "w") for x in range(amount): rand_val = random_string(16) # Save logs ticket_val = "https://" + domain + "/ticket?id=" + rand_val print("Ticket: " + ticket_val) ticket_file.write(ticket_val + " \n") # Generate the QR code image files gen_qr(ticket_val, rand_val) ticket_file.close() # Cleanup ticketing system # TODO, dangerously removing all files listed in tickets.txt, needs validation/verification/etc #def ticket_cleanup(): # surely = input("Are you sure you want to remove all .png, _burned and tickets.txt files from this directory? [y/n] ") # if surely == "y": # import subprocess # ticket_file = open("tickets.txt", "r") # Lines = ticket_file.readlines() # for line in Lines: # line = line.strip() # subprocess.run(["rm", line]) # line = line + "_burned" # subprocess.run(["rm", line]) # subprocess.run(["rm", "tickets.txt"]) generate_tickets(100) # Web service app = Flask(__name__) @app.route('/ticket',methods=['GET']) def r00t(): ticket_id = escape(request.args.get('id')) ticket_id = re.sub('[^a-zA-Z0-9]', '', ticket_id) # Whitelist based XSS Protection try: return "

PMC ticketing system, click to burn!

" except: return "PMC ticketing system: id missing from parameter." @app.route('/ticket/burn',methods=['GET']) def burn(): burn_id = request.args.get('id') return "

" + burn_qr(burn_id) + "

" if __name__ == '__main__': app.run(debug=False,host='127.0.0.1', port=8686) # Functionalities for testing / alternatively: API # random_string(16) # gen_qr("test") # generate_tickets(5) # burn_qr("123456789") # ticket_cleanup()