lynnesbian/FediBooks
lynnesbian/FediBooks
1
0
Fork 0
mirror of https://github.com/Lynnesbian/FediBooks/ synced 2024-11-25 08:38:59 +00:00
Code Issues Releases Wiki Activity

fix #18 by replacing \0 with \1

Browse source
This commit is contained in:
Lynne Megido 2019-09-14 14:37:25 +10:00
parent ac9ea67edb
commit ad1b59a401
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
webui.py
View file

@ -107,7 +107,7 @@ def settings():
session['error'] = "Password too short." session['error'] = "Password too short."
return redirect(url_for("settings"), 303) return redirect(url_for("settings"), 303)
pw_hashed = hashlib.sha256(request.form['password'].encode('utf-8')).digest() pw_hashed = hashlib.sha256(request.form['password'].encode('utf-8')).digest().replace(b"\0", b"\1")
pw = bcrypt.hashpw(pw_hashed, bcrypt.gensalt(12)) pw = bcrypt.hashpw(pw_hashed, bcrypt.gensalt(12))
c.execute("UPDATE users SET password = %s WHERE id = %s", (pw, session['user_id'])) c.execute("UPDATE users SET password = %s WHERE id = %s", (pw, session['user_id']))
@ -575,7 +575,7 @@ def do_signup():
session['error'] = "Email address already in use." session['error'] = "Email address already in use."
return redirect(url_for("show_signup_page"), 303) return redirect(url_for("show_signup_page"), 303)
pw_hashed = hashlib.sha256(request.form['password'].encode('utf-8')).digest() pw_hashed = hashlib.sha256(request.form['password'].encode('utf-8')).digest().replace(b"\0", b"\1")
pw = bcrypt.hashpw(pw_hashed, bcrypt.gensalt(12)) pw = bcrypt.hashpw(pw_hashed, bcrypt.gensalt(12))
# try to sign up # try to sign up
@ -595,7 +595,7 @@ def do_signout():
@app.route("/do/login", methods=['POST']) @app.route("/do/login", methods=['POST'])
def do_login(): def do_login():
pw_hashed = hashlib.sha256(request.form['password'].encode('utf-8')).digest() pw_hashed = hashlib.sha256(request.form['password'].encode('utf-8')).digest().replace(b"\0", b"\1")
c = mysql.connection.cursor(MySQLdb.cursors.DictCursor) c = mysql.connection.cursor(MySQLdb.cursors.DictCursor)
c.execute("SELECT * FROM users WHERE email = %s", (request.form['email'],)) c.execute("SELECT * FROM users WHERE email = %s", (request.form['email'],))
data = c.fetchone() data = c.fetchone()