okay fine this will be the last one

2018-11-11 21:31:33 +10:00 · 2018-11-11 21:31:33 +10:00 · 0887a6bad2
parent b3ecbbbbc2
commit 0887a6bad2
2 changed files with 12 additions and 5 deletions
--- a/templates/login.html
+++ b/templates/login.html
@ -9,8 +9,8 @@
 <h2>Log in to your Curious Greg account.</h2>
 <!-- <div id='logo-main'></div> -->
 <form action='/internal/do_login' method='POST'>
-	<label for='acct'>Mastodon Account</label><br />
-	<input name='acct' placeholder='@you@instan.ce' required /><br />
+	<label for='acct'>Mastodon @account@instan.ce</label><br />
+	<input name='acct' placeholder='@account@instan.ce' pattern="@[^@]+@[^@]+" required /><br />
 	<label for='pw'>Password</label><br />
 	<input type='password' placeholder='••••••••' name='pw' required /><br />
 	<button>Log In</button>
--- a/web.py
+++ b/web.py
@ -4,7 +4,7 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.

-import requests, json, hashlib, urllib, time
+import requests, json, hashlib, urllib, time, re
 from mastodon import Mastodon
 from flask import Flask, render_template, request, session, redirect, url_for
 import mysql.connector
@ -31,8 +31,9 @@ c = db.cursor()
 # | latest_post         | tinytext     | YES  |     | NULL                                      |                             |
 # | latest_timestamp    | timestamp    | NO   |     | CURRENT_TIMESTAMP                         | on update CURRENT_TIMESTAMP |
 # | time_between_checks | int(11)      | YES  |     | NULL                                      |                             |
+# | settings            | longtext     | YES  |     | NULL                                      |                             |
 # +---------------------+--------------+------+-----+-------------------------------------------+-----------------------------+
-c.execute("CREATE TABLE IF NOT EXISTS `data` (username VARCHAR(64) NOT NULL, instance VARCHAR(128) NOT NULL, password TINYTEXT NOT NULL, avi TEXT NOT NULL, secret TINYTEXT NOT NULL, client_id VARCHAR(128) NOT NULL, client_secret TINYTEXT NOT NULL, cc TINYTEXT, ccavi VARCHAR(128) DEFAULT 'https://lynnesbian.space/res/ceres/cc.png', latest_post TINYTEXT, latest_timestamp TIMESTAMP, time_between_checks INT, PRIMARY KEY(username, instance))")
+c.execute("CREATE TABLE IF NOT EXISTS `data` (username VARCHAR(64) NOT NULL, instance VARCHAR(128) NOT NULL, password TINYTEXT NOT NULL, avi TEXT NOT NULL, secret TINYTEXT NOT NULL, client_id VARCHAR(128) NOT NULL, client_secret TINYTEXT NOT NULL, cc TINYTEXT, ccavi VARCHAR(128) DEFAULT 'https://lynnesbian.space/res/ceres/cc.png', latest_post TINYTEXT, latest_timestamp TIMESTAMP, time_between_checks INT, settings LONGTEXT, PRIMARY KEY(username, instance))")

 app = Flask(cfg['name'])
 app.secret_key = cfg['flask_key']
@ -127,7 +128,13 @@ def internal_auth_b():

@app.route('/internal/do_login')
 def do_login():
-	pass
+	pw_in = request.form['pw']
+	pw_hashed = hashlib.sha256(pw_in.encode('utf-8'))
+	acct = request.form['acct']
+	session['username'] = re.match("^@[^@]*", acct).group(0)
+	session['instance'] = "https://{}".format(re.search("@([^@]+)$", acct).group(1))
+	pw = c.execute("SELECT password FROM data WHERE username LIKE ? AND password LIKE ?", (session['username'], session['instance'])).fetch_one()[0]
+	pw = bcrypt.hashpw(pw_hashed, bcrypt.gensalt(15))

@app.route('/create_password')
 def create_password():