From d7f15601d596b25c667996b98a7eedd237fc3162 Mon Sep 17 00:00:00 2001
From: Lynne <lynne@bune.city>
Date: Tue, 10 Sep 2019 11:17:06 +1000
Subject: [PATCH] implement email verification in db

---
 setup.sql |  1 +
 webui.py  | 13 ++++++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/setup.sql b/setup.sql
index 68360ce..102d95a 100644
--- a/setup.sql
+++ b/setup.sql
@@ -3,6 +3,7 @@ CREATE TABLE IF NOT EXISTS `users` (
   `id` INT AUTO_INCREMENT PRIMARY KEY,
   `email` VARCHAR(128) UNIQUE NOT NULL,
   `password` BINARY(60) NOT NULL,
+  `email_verified` BOOLEAN DEFAULT 0,
   `fetch` ENUM('always', 'once', 'never') DEFAULT 'once',
   `submit` ENUM('always', 'once', 'never') DEFAULT 'once',
   `generation` ENUM('always', 'once', 'never') DEFAULT 'once',
diff --git a/webui.py b/webui.py
index 9fa4765..06e9f8f 100644
--- a/webui.py
+++ b/webui.py
@@ -105,10 +105,21 @@ def settings():
 			pw_hashed = hashlib.sha256(request.form['password'].encode('utf-8')).digest()
 			pw = bcrypt.hashpw(pw_hashed, bcrypt.gensalt(12))
 			c.execute("UPDATE users SET password = %s WHERE id = %s", (pw, session['user_id']))
+
+		# don't require email verification again if the new email address is the same as the old one
+		c.execute("SELECT email_verified FROM users WHERE id = %s", (session['user_id'],))
+		if c.fetchone()[0]:
+			c.execute("SELECT email FROM users WHERE id = %s", (session['user_id'],))
+			previous_email = c.fetchone()[0]
+
+			email_verified = (previous_email == request.form['email'])
+		else:
+			email_verified = False
 		
 		try:
-			c.execute("UPDATE users SET email = %s, `fetch` = %s, submit = %s, generation = %s, reply = %s WHERE id = %s", (
+			c.execute("UPDATE users SET email = %s, email_verified = %s, `fetch` = %s, submit = %s, generation = %s, reply = %s WHERE id = %s", (
 				request.form['email'],
+				email_verified,
 				request.form['fetch-error'],
 				request.form['submit-error'],
 				request.form['generation-error'],