don't allow user to create a password if they already have one

This commit is contained in:
Lynne Megido 2018-11-12 12:51:01 +10:00
parent 4b8d432449
commit 79cb6ffa54
Signed by: lynnesbian
GPG key ID: FB7B970303ACE499

10
web.py
View file

@ -144,7 +144,8 @@ def do_login():
acct = request.form['acct'] acct = request.form['acct']
session['username'] = re.match("^@[^@]*", acct).group(0) session['username'] = re.match("^@[^@]*", acct).group(0)
session['instance'] = "https://{}".format(re.search("@([^@]+)$", acct).group(1)) session['instance'] = "https://{}".format(re.search("@([^@]+)$", acct).group(1))
data = dc.execute("SELECT * FROM data WHERE username LIKE %s AND password LIKE %s", (session['username'], session['instance'])).fetch_one() dc.execute("SELECT * FROM data WHERE username LIKE %s AND password LIKE %s", (session['username'], session['instance']))
data = dc.fetchone()
if bcrypt.checkpw(pw_hashed, data['password']): if bcrypt.checkpw(pw_hashed, data['password']):
#password is correct, log the user in #password is correct, log the user in
for item in ['username', 'instance', 'avi', 'secret', 'client_id', 'client_secret', 'cc', 'ccavi']: for item in ['username', 'instance', 'avi', 'secret', 'client_id', 'client_secret', 'cc', 'ccavi']:
@ -155,7 +156,12 @@ def do_login():
@app.route('/create_password') @app.route('/create_password')
def create_password(): def create_password():
return render_template("create_password.html", bg = "background-image:url('{}')".format(session['avi'])) c.execute("SELECT COUNT(*) FROM data WHERE username LIKE %s AND instance LIKE %s", (session['username'], session['instance']))
if c.fetchone()[0] == 0:
return render_template("create_password.html", bg = "background-image:url('{}')".format(session['avi']))
else:
#user already exists in database, so they already have a password
return redirect(url_for('main'))
@app.route('/internal/create_account', methods=['POST']) @app.route('/internal/create_account', methods=['POST'])
def create_account(): def create_account():