1
0
Fork 0
mirror of https://github.com/Lynnesbian/FediBooks/ synced 2024-11-25 08:38:59 +00:00

implement email verification in db

This commit is contained in:
Lynne Megido 2019-09-10 11:17:06 +10:00
parent 49ddde2b9f
commit d7f15601d5
2 changed files with 13 additions and 1 deletions

View file

@ -3,6 +3,7 @@ CREATE TABLE IF NOT EXISTS `users` (
`id` INT AUTO_INCREMENT PRIMARY KEY, `id` INT AUTO_INCREMENT PRIMARY KEY,
`email` VARCHAR(128) UNIQUE NOT NULL, `email` VARCHAR(128) UNIQUE NOT NULL,
`password` BINARY(60) NOT NULL, `password` BINARY(60) NOT NULL,
`email_verified` BOOLEAN DEFAULT 0,
`fetch` ENUM('always', 'once', 'never') DEFAULT 'once', `fetch` ENUM('always', 'once', 'never') DEFAULT 'once',
`submit` ENUM('always', 'once', 'never') DEFAULT 'once', `submit` ENUM('always', 'once', 'never') DEFAULT 'once',
`generation` ENUM('always', 'once', 'never') DEFAULT 'once', `generation` ENUM('always', 'once', 'never') DEFAULT 'once',

View file

@ -105,10 +105,21 @@ def settings():
pw_hashed = hashlib.sha256(request.form['password'].encode('utf-8')).digest() pw_hashed = hashlib.sha256(request.form['password'].encode('utf-8')).digest()
pw = bcrypt.hashpw(pw_hashed, bcrypt.gensalt(12)) pw = bcrypt.hashpw(pw_hashed, bcrypt.gensalt(12))
c.execute("UPDATE users SET password = %s WHERE id = %s", (pw, session['user_id'])) c.execute("UPDATE users SET password = %s WHERE id = %s", (pw, session['user_id']))
# don't require email verification again if the new email address is the same as the old one
c.execute("SELECT email_verified FROM users WHERE id = %s", (session['user_id'],))
if c.fetchone()[0]:
c.execute("SELECT email FROM users WHERE id = %s", (session['user_id'],))
previous_email = c.fetchone()[0]
email_verified = (previous_email == request.form['email'])
else:
email_verified = False
try: try:
c.execute("UPDATE users SET email = %s, `fetch` = %s, submit = %s, generation = %s, reply = %s WHERE id = %s", ( c.execute("UPDATE users SET email = %s, email_verified = %s, `fetch` = %s, submit = %s, generation = %s, reply = %s WHERE id = %s", (
request.form['email'], request.form['email'],
email_verified,
request.form['fetch-error'], request.form['fetch-error'],
request.form['submit-error'], request.form['submit-error'],
request.form['generation-error'], request.form['generation-error'],