search

andrewelick / amazon-giveaway-bot

Bot that automatically enters you in to hundreds of instant amazon giveaways
13 stars 6 forks source link

Having an issue loading prizes #9

Closed 0dayCTF closed 5 years ago

0dayCTF commented 5 years ago

I created a Firefox profile, I installed all requirements but am having some issues loading items, would love to see this work!

Loading prizes Could not load items

Loading prizes Could not load items

Loading prizes Could not load items

Loading prizes Could not load items

Loading prizes Could not load items

Loading prizes

SlickStretch commented 5 years ago

Same.

0dayCTF commented 5 years ago

It's prob just an issue with how he's scraping the giveaway data from https://www.giveawaylisting.com/index2.html

That's my guess, hopefully he replies soon!

SlickStretch commented 5 years ago

Not sure if it's helpful or not, but when I attempt to interrupt with ctrl+c in IDLE, I get the following message on loop:

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "I:\Working\Amazon Bot\amazoncontest.py", line 24, in amazon_bot
    response = get("view-source:https://www.giveawaylisting.com/index2.html")
  File "C:\Program Files (x86)\Python37-32\lib\site-packages\requests\api.py", line 75, in get
    return request('get', url, params=params, **kwargs)
  File "C:\Program Files (x86)\Python37-32\lib\site-packages\requests\api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "C:\Program Files (x86)\Python37-32\lib\site-packages\requests\sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "C:\Program Files (x86)\Python37-32\lib\site-packages\requests\sessions.py", line 640, in send
    adapter = self.get_adapter(url=request.url)
  File "C:\Program Files (x86)\Python37-32\lib\site-packages\requests\sessions.py", line 731, in get_adapter
    raise InvalidSchema("No connection adapters were found for '%s'" % url)
requests.exceptions.InvalidSchema: No connection adapters were found for 'view-source:https://www.giveawaylisting.com/index2.html'
andrewelick commented 5 years ago

Oh my bad i should update the readme. Try installing lxml package on pip.

pip install lxml

See if that is the problem, might be having an issue parsing the data

AMDphreak commented 5 years ago

Oh my bad i should update the readme. Try installing lxml package on pip.

pip install lxml

See if that is the problem, might be having an issue parsing the data

Installed LXML, and it did get rid of the Could not load items message. However, it seems the SQL statement to clean up your URLs is bugged.

Loading prizes
100% complete...

Removing prizes that you have already entered into
Traceback (most recent call last):
  File "amazoncontest.py", line 381, in <module>
    load_login_info()
  File "amazoncontest.py", line 372, in load_login_info
    amazon_bot(email, password, name, want_follow)
  File "amazoncontest.py", line 69, in amazon_bot
    cursor.execute("DELETE FROM enteredurls WHERE url=", (row[1],))
sqlite3.OperationalError: incomplete input

The code block with the problem is included below:

    for row in entered_urls_database:
        time_since = datetime.date.today() - row[2] #Compare date of url
        if time_since.days >= 7: #If url is older than a week delete it
            cursor.execute("DELETE FROM enteredurls WHERE url=", (row[1],))

Not sure if you mean to append the row to your SQL command, but that's what it looks like you want to do.

One thing you need to look out for is NOT using concatenation to send SQL commands. A person running your program can attack your database (access restricted data and delete your stuff) using SQL injection, which they can do by putting a malicious parameter in the submitted string or putting another command on the end of your command, so it ends up sending "DELETE FROM " + rest of expected command + dangerous command that deletes your whole database.

Better info here: w3schools

It is not as dangerous here, since this is a local SQLite db, so it's only going to hurt the user attacking the database (LOL) but you need to use the official way (passing tuples into a function that performs the SQL query and looks for malicious patterns) for any queries directed to your server. Links and details below:

Python SQLite3 Docs

Example:

AUSTRIA = u"\xd6sterreich"

# by default, rows are returned as Unicode
cur.execute("select ?", (AUSTRIA,))

In this example, AUSTRIA is a string (all caps naming is used to indicate constant, but it is still technically mutable). the cur.execute statement has a ? where it will substitute the value, and this substitution will be santitized. Now I get the idea that you just forgot to include a ? where you wanted your variable inserted. My bad.

@andrewelick : Submitted a patch.