from flask import Flask, render_template, session, redirect, url_for

app = Flask(__name__)
app.secret_key = 'jiangsir'  # 用于加密session的密钥

flag = "FLAGFLAGFLAG"  # 成功伪造session后返回的flag

@app.route('/')
def index():
    return render_template('index.html')

@app.route('/user', methods=["GET"])
def admin_can_list_root():
    if session.get('user') == 'admin':
        return flag
    else:
        session['user'] = 'guest'
    return "No admin!!"

if __name__ == '__main__':
    app.run(debug=True, use_reloader=False, host='0.0.0.0', port=80)