don't allow user to create a password if they already have one

web.py

@@ -144,7 +144,8 @@ def do_login():
 	acct = request.form['acct']
 	session['username'] = re.match("^@[^@]*", acct).group(0)
 	session['instance'] = "https://{}".format(re.search("@([^@]+)$", acct).group(1))
-	data = dc.execute("SELECT * FROM data WHERE username LIKE %s AND password LIKE %s", (session['username'], session['instance'])).fetch_one()
+	dc.execute("SELECT * FROM data WHERE username LIKE %s AND password LIKE %s", (session['username'], session['instance']))
+	data = dc.fetchone()
 	if bcrypt.checkpw(pw_hashed, data['password']):
 		#password is correct, log the user in
 		for item in ['username', 'instance', 'avi', 'secret', 'client_id', 'client_secret', 'cc', 'ccavi']:
@@ -155,7 +156,12 @@ def do_login():
 
 @app.route('/create_password')
 def create_password():
-	return render_template("create_password.html", bg = "background-image:url('{}')".format(session['avi']))
+	c.execute("SELECT COUNT(*) FROM data WHERE username LIKE %s AND instance LIKE %s", (session['username'], session['instance']))
+	if c.fetchone()[0] == 0:
+		return render_template("create_password.html", bg = "background-image:url('{}')".format(session['avi']))
+	else:
+		#user already exists in database, so they already have a password
+		return redirect(url_for('main'))
 
 @app.route('/internal/create_account', methods=['POST'])
 def create_account():