maliks1/vulnerable-flask-app — reverse-engineered prompt

Build me an educational Flask lab for learning SQL Injection. I want it to have two separate versions I can run locally, one intentionally vulnerable login page and one protected login page, so students can clearly see the difference.

Please include a simple SQLite user database with demo accounts like admin and alice, a normal login flow, a home page after login, and clear messages when login succeeds or fails. For the protected version, use safe database queries, input validation, and a middleware style check that can detect suspicious SQL Injection text using the included machine learning model. If an attack is detected, show a blocked page instead of letting it continue.

Also add a comparison page where I can type the same input and see how the vulnerable mode and protected mode behave side by side. Include a small JSON prediction endpoint for checking whether text looks like SQL Injection. Keep the interface simple and clean, with basic styling, and make sure the setup script can recreate the database easily.