diff --git a/web.py b/web.py index 050015e..09a65e8 100755 --- a/web.py +++ b/web.py @@ -56,7 +56,7 @@ def main(): @app.route('/home') def home(): if 'acct' in session: - dc.execute("SELECT * FROM data WHERE username LIKE %s AND instance LIKE %s", (session['username'], session['instance'])) + dc.execute("SELECT * FROM data WHERE username = %s AND instance = %s", (session['username'], session['instance'])) #TODO: if this fails, redirect to /logout data = dc.fetchone() for item in ['username', 'instance', 'avi', 'secret', 'client_id', 'client_secret', 'cc', 'ccavi']: @@ -66,7 +66,7 @@ def home(): session['cc'] = "None" if session['cc'] == "None" or 'ccavi' not in session: #every time home is rendered without cc being set - c.execute("SELECT cc, ccavi FROM `data` WHERE client_id LIKE %s AND instance LIKE %s", (session['client_id'], session['instance'])) + c.execute("SELECT cc, ccavi FROM `data` WHERE client_id = %s AND instance = %s", (session['client_id'], session['instance'])) cc = c.fetchone() if cc[0] != '': session['cc'] = cc[0] @@ -82,9 +82,9 @@ def home(): r = requests.get("https://curiouscat.me/api/v2/profile?username={}".format(session['cc'])) j = r.json() session['ccavi'] = j['userData']['avatar'] - c.execute("UPDATE data SET avi = %s, ccavi = %s WHERE client_id LIKE %s AND instance LIKE %s", (session['avi'], session['ccavi'], session['client_id'], session['instance'])) + c.execute("UPDATE data SET avi = %s, ccavi = %s WHERE client_id = %s AND instance = %s", (session['avi'], session['ccavi'], session['client_id'], session['instance'])) else: - c.execute("UPDATE data SET avi = %s WHERE client_id LIKE %s AND instance LIKE %s", (session['avi'], session['client_id'], session['instance'])) + c.execute("UPDATE data SET avi = %s WHERE client_id = %s AND instance = %s", (session['avi'], session['client_id'], session['instance'])) session['last_avi_update'] = int(time.time()) return render_template("home.html", mabg="background-image:url('{}')".format(session['avi']), ccbg="background-image:url('{}')".format(session['ccavi'])) else: @@ -139,11 +139,11 @@ def internal_auth_b(): session['username'] = acct_info['username'] session['avi'] = acct_info['avatar'] session['acct'] = "@{}@{}".format(session['username'], session['instance'].replace("https://", "")) - c.execute("SELECT COUNT(*) FROM data WHERE username LIKE %s AND instance LIKE %s", (session['username'], session['instance'])) + c.execute("SELECT COUNT(*) FROM data WHERE username = %s AND instance = %s", (session['username'], session['instance'])) if c.fetchone()[0] > 0: #user already has an account with CG #update the user's info to use the new info we just got, then redirect them to the login page - c.execute("UPDATE data SET client_id = ?, client_secret = ?, secret = ?, avi = ? WHERE username LIKE %s AND instance LIKE %s", (session['client_id'], session['client_secret'], session['secret'], session['avi'], session['username'], session['instance'])) + c.execute("UPDATE data SET client_id = ?, client_secret = ?, secret = ?, avi = ? WHERE username = %s AND instance = %s", (session['client_id'], session['client_secret'], session['secret'], session['avi'], session['username'], session['instance'])) return redirect(url_for('log_in')) else: return redirect(url_for('create_password')) @@ -155,7 +155,7 @@ def do_login(): acct = request.form['acct'] session['username'] = re.match("^@([^@]+)@", acct).group(1) session['instance'] = "https://{}".format(re.search("@([^@]+)$", acct).group(1)) - dc.execute("SELECT * FROM data WHERE username LIKE %s AND instance LIKE %s", (session['username'], session['instance'])) + dc.execute("SELECT * FROM data WHERE username = %s AND instance = %s", (session['username'], session['instance'])) data = dc.fetchone() if bcrypt.checkpw(pw_hashed, data['password'].encode('utf-8')): #password is correct, log the user in @@ -168,7 +168,7 @@ def do_login(): @app.route('/create_password') def create_password(): - c.execute("SELECT COUNT(*) FROM data WHERE username LIKE %s AND instance LIKE %s", (session['username'], session['instance'])) + c.execute("SELECT COUNT(*) FROM data WHERE username = %s AND instance = %s", (session['username'], session['instance'])) if c.fetchone()[0] == 0: return render_template("create_password.html", bg = "background-image:url('{}')".format(session['avi'])) else: