lynnesbian
/
curious-greg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

changed LIKE to equals because i am perhaps the least intelligent person on earth

This commit is contained in:
Lynne Megido 2018-11-13 13:29:48 +10:00
parent 1edc72061e
commit edb0559aee
Signed by: lynnesbian
GPG Key ID: FB7B970303ACE499
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
web.py
View File

@ -56,7 +56,7 @@ def main():
@app.route('/home')
def home():
if 'acct' in session:
dc.execute("SELECT * FROM data WHERE username LIKE %s AND instance LIKE %s", (session['username'], session['instance']))
dc.execute("SELECT * FROM data WHERE username = %s AND instance = %s", (session['username'], session['instance']))
#TODO: if this fails, redirect to /logout
data = dc.fetchone()
for item in ['username', 'instance', 'avi', 'secret', 'client_id', 'client_secret', 'cc', 'ccavi']:
@ -66,7 +66,7 @@ def home():
session['cc'] = "None"
if session['cc'] == "None" or 'ccavi' not in session:
#every time home is rendered without cc being set
c.execute("SELECT cc, ccavi FROM `data` WHERE client_id LIKE %s AND instance LIKE %s", (session['client_id'], session['instance']))
c.execute("SELECT cc, ccavi FROM `data` WHERE client_id = %s AND instance = %s", (session['client_id'], session['instance']))
cc = c.fetchone()
if cc[0] != '':
session['cc'] = cc[0]
@ -82,9 +82,9 @@ def home():
r = requests.get("https://curiouscat.me/api/v2/profile?username={}".format(session['cc']))
j = r.json()
session['ccavi'] = j['userData']['avatar']
c.execute("UPDATE data SET avi = %s, ccavi = %s WHERE client_id LIKE %s AND instance LIKE %s", (session['avi'], session['ccavi'], session['client_id'], session['instance']))
c.execute("UPDATE data SET avi = %s, ccavi = %s WHERE client_id = %s AND instance = %s", (session['avi'], session['ccavi'], session['client_id'], session['instance']))
else:
c.execute("UPDATE data SET avi = %s WHERE client_id LIKE %s AND instance LIKE %s", (session['avi'], session['client_id'], session['instance']))
c.execute("UPDATE data SET avi = %s WHERE client_id = %s AND instance = %s", (session['avi'], session['client_id'], session['instance']))
session['last_avi_update'] = int(time.time())
return render_template("home.html", mabg="background-image:url('{}')".format(session['avi']), ccbg="background-image:url('{}')".format(session['ccavi']))
else:
@ -139,11 +139,11 @@ def internal_auth_b():
session['username'] = acct_info['username']
session['avi'] = acct_info['avatar']
session['acct'] = "@{}@{}".format(session['username'], session['instance'].replace("https://", ""))
c.execute("SELECT COUNT(*) FROM data WHERE username LIKE %s AND instance LIKE %s", (session['username'], session['instance']))
c.execute("SELECT COUNT(*) FROM data WHERE username = %s AND instance = %s", (session['username'], session['instance']))
if c.fetchone()[0] > 0:
#user already has an account with CG
#update the user's info to use the new info we just got, then redirect them to the login page
c.execute("UPDATE data SET client_id = ?, client_secret = ?, secret = ?, avi = ? WHERE username LIKE %s AND instance LIKE %s", (session['client_id'], session['client_secret'], session['secret'], session['avi'], session['username'], session['instance']))
c.execute("UPDATE data SET client_id = ?, client_secret = ?, secret = ?, avi = ? WHERE username = %s AND instance = %s", (session['client_id'], session['client_secret'], session['secret'], session['avi'], session['username'], session['instance']))
return redirect(url_for('log_in'))
else:
return redirect(url_for('create_password'))
@ -155,7 +155,7 @@ def do_login():
acct = request.form['acct']
session['username'] = re.match("^@([^@]+)@", acct).group(1)
session['instance'] = "https://{}".format(re.search("@([^@]+)$", acct).group(1))
dc.execute("SELECT * FROM data WHERE username LIKE %s AND instance LIKE %s", (session['username'], session['instance']))
dc.execute("SELECT * FROM data WHERE username = %s AND instance = %s", (session['username'], session['instance']))
data = dc.fetchone()
if bcrypt.checkpw(pw_hashed, data['password'].encode('utf-8')):
#password is correct, log the user in
@ -168,7 +168,7 @@ def do_login():
@app.route('/create_password')
def create_password():
c.execute("SELECT COUNT(*) FROM data WHERE username LIKE %s AND instance LIKE %s", (session['username'], session['instance']))
c.execute("SELECT COUNT(*) FROM data WHERE username = %s AND instance = %s", (session['username'], session['instance']))
if c.fetchone()[0] == 0:
return render_template("create_password.html", bg = "background-image:url('{}')".format(session['avi']))
else: