From d7f15601d596b25c667996b98a7eedd237fc3162 Mon Sep 17 00:00:00 2001 From: Lynne Date: Tue, 10 Sep 2019 11:17:06 +1000 Subject: [PATCH] implement email verification in db --- setup.sql | 1 + webui.py | 13 ++++++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/setup.sql b/setup.sql index 68360ce..102d95a 100644 --- a/setup.sql +++ b/setup.sql @@ -3,6 +3,7 @@ CREATE TABLE IF NOT EXISTS `users` ( `id` INT AUTO_INCREMENT PRIMARY KEY, `email` VARCHAR(128) UNIQUE NOT NULL, `password` BINARY(60) NOT NULL, + `email_verified` BOOLEAN DEFAULT 0, `fetch` ENUM('always', 'once', 'never') DEFAULT 'once', `submit` ENUM('always', 'once', 'never') DEFAULT 'once', `generation` ENUM('always', 'once', 'never') DEFAULT 'once', diff --git a/webui.py b/webui.py index 9fa4765..06e9f8f 100644 --- a/webui.py +++ b/webui.py @@ -105,10 +105,21 @@ def settings(): pw_hashed = hashlib.sha256(request.form['password'].encode('utf-8')).digest() pw = bcrypt.hashpw(pw_hashed, bcrypt.gensalt(12)) c.execute("UPDATE users SET password = %s WHERE id = %s", (pw, session['user_id'])) + + # don't require email verification again if the new email address is the same as the old one + c.execute("SELECT email_verified FROM users WHERE id = %s", (session['user_id'],)) + if c.fetchone()[0]: + c.execute("SELECT email FROM users WHERE id = %s", (session['user_id'],)) + previous_email = c.fetchone()[0] + + email_verified = (previous_email == request.form['email']) + else: + email_verified = False try: - c.execute("UPDATE users SET email = %s, `fetch` = %s, submit = %s, generation = %s, reply = %s WHERE id = %s", ( + c.execute("UPDATE users SET email = %s, email_verified = %s, `fetch` = %s, submit = %s, generation = %s, reply = %s WHERE id = %s", ( request.form['email'], + email_verified, request.form['fetch-error'], request.form['submit-error'], request.form['generation-error'],