diff --git a/setup.sql b/setup.sql index 68360ce..102d95a 100644 --- a/setup.sql +++ b/setup.sql @@ -3,6 +3,7 @@ CREATE TABLE IF NOT EXISTS `users` ( `id` INT AUTO_INCREMENT PRIMARY KEY, `email` VARCHAR(128) UNIQUE NOT NULL, `password` BINARY(60) NOT NULL, + `email_verified` BOOLEAN DEFAULT 0, `fetch` ENUM('always', 'once', 'never') DEFAULT 'once', `submit` ENUM('always', 'once', 'never') DEFAULT 'once', `generation` ENUM('always', 'once', 'never') DEFAULT 'once', diff --git a/webui.py b/webui.py index 9fa4765..06e9f8f 100644 --- a/webui.py +++ b/webui.py @@ -105,10 +105,21 @@ def settings(): pw_hashed = hashlib.sha256(request.form['password'].encode('utf-8')).digest() pw = bcrypt.hashpw(pw_hashed, bcrypt.gensalt(12)) c.execute("UPDATE users SET password = %s WHERE id = %s", (pw, session['user_id'])) + + # don't require email verification again if the new email address is the same as the old one + c.execute("SELECT email_verified FROM users WHERE id = %s", (session['user_id'],)) + if c.fetchone()[0]: + c.execute("SELECT email FROM users WHERE id = %s", (session['user_id'],)) + previous_email = c.fetchone()[0] + + email_verified = (previous_email == request.form['email']) + else: + email_verified = False try: - c.execute("UPDATE users SET email = %s, `fetch` = %s, submit = %s, generation = %s, reply = %s WHERE id = %s", ( + c.execute("UPDATE users SET email = %s, email_verified = %s, `fetch` = %s, submit = %s, generation = %s, reply = %s WHERE id = %s", ( request.form['email'], + email_verified, request.form['fetch-error'], request.form['submit-error'], request.form['generation-error'],