changed LIKE to equals because i am perhaps the least intelligent person on earth

This commit is contained in:
Lynne Megido 2018-11-13 13:29:48 +10:00
parent 1edc72061e
commit edb0559aee
Signed by: lynnesbian
GPG key ID: FB7B970303ACE499

16
web.py
View file

@ -56,7 +56,7 @@ def main():
@app.route('/home') @app.route('/home')
def home(): def home():
if 'acct' in session: if 'acct' in session:
dc.execute("SELECT * FROM data WHERE username LIKE %s AND instance LIKE %s", (session['username'], session['instance'])) dc.execute("SELECT * FROM data WHERE username = %s AND instance = %s", (session['username'], session['instance']))
#TODO: if this fails, redirect to /logout #TODO: if this fails, redirect to /logout
data = dc.fetchone() data = dc.fetchone()
for item in ['username', 'instance', 'avi', 'secret', 'client_id', 'client_secret', 'cc', 'ccavi']: for item in ['username', 'instance', 'avi', 'secret', 'client_id', 'client_secret', 'cc', 'ccavi']:
@ -66,7 +66,7 @@ def home():
session['cc'] = "None" session['cc'] = "None"
if session['cc'] == "None" or 'ccavi' not in session: if session['cc'] == "None" or 'ccavi' not in session:
#every time home is rendered without cc being set #every time home is rendered without cc being set
c.execute("SELECT cc, ccavi FROM `data` WHERE client_id LIKE %s AND instance LIKE %s", (session['client_id'], session['instance'])) c.execute("SELECT cc, ccavi FROM `data` WHERE client_id = %s AND instance = %s", (session['client_id'], session['instance']))
cc = c.fetchone() cc = c.fetchone()
if cc[0] != '': if cc[0] != '':
session['cc'] = cc[0] session['cc'] = cc[0]
@ -82,9 +82,9 @@ def home():
r = requests.get("https://curiouscat.me/api/v2/profile?username={}".format(session['cc'])) r = requests.get("https://curiouscat.me/api/v2/profile?username={}".format(session['cc']))
j = r.json() j = r.json()
session['ccavi'] = j['userData']['avatar'] session['ccavi'] = j['userData']['avatar']
c.execute("UPDATE data SET avi = %s, ccavi = %s WHERE client_id LIKE %s AND instance LIKE %s", (session['avi'], session['ccavi'], session['client_id'], session['instance'])) c.execute("UPDATE data SET avi = %s, ccavi = %s WHERE client_id = %s AND instance = %s", (session['avi'], session['ccavi'], session['client_id'], session['instance']))
else: else:
c.execute("UPDATE data SET avi = %s WHERE client_id LIKE %s AND instance LIKE %s", (session['avi'], session['client_id'], session['instance'])) c.execute("UPDATE data SET avi = %s WHERE client_id = %s AND instance = %s", (session['avi'], session['client_id'], session['instance']))
session['last_avi_update'] = int(time.time()) session['last_avi_update'] = int(time.time())
return render_template("home.html", mabg="background-image:url('{}')".format(session['avi']), ccbg="background-image:url('{}')".format(session['ccavi'])) return render_template("home.html", mabg="background-image:url('{}')".format(session['avi']), ccbg="background-image:url('{}')".format(session['ccavi']))
else: else:
@ -139,11 +139,11 @@ def internal_auth_b():
session['username'] = acct_info['username'] session['username'] = acct_info['username']
session['avi'] = acct_info['avatar'] session['avi'] = acct_info['avatar']
session['acct'] = "@{}@{}".format(session['username'], session['instance'].replace("https://", "")) session['acct'] = "@{}@{}".format(session['username'], session['instance'].replace("https://", ""))
c.execute("SELECT COUNT(*) FROM data WHERE username LIKE %s AND instance LIKE %s", (session['username'], session['instance'])) c.execute("SELECT COUNT(*) FROM data WHERE username = %s AND instance = %s", (session['username'], session['instance']))
if c.fetchone()[0] > 0: if c.fetchone()[0] > 0:
#user already has an account with CG #user already has an account with CG
#update the user's info to use the new info we just got, then redirect them to the login page #update the user's info to use the new info we just got, then redirect them to the login page
c.execute("UPDATE data SET client_id = ?, client_secret = ?, secret = ?, avi = ? WHERE username LIKE %s AND instance LIKE %s", (session['client_id'], session['client_secret'], session['secret'], session['avi'], session['username'], session['instance'])) c.execute("UPDATE data SET client_id = ?, client_secret = ?, secret = ?, avi = ? WHERE username = %s AND instance = %s", (session['client_id'], session['client_secret'], session['secret'], session['avi'], session['username'], session['instance']))
return redirect(url_for('log_in')) return redirect(url_for('log_in'))
else: else:
return redirect(url_for('create_password')) return redirect(url_for('create_password'))
@ -155,7 +155,7 @@ def do_login():
acct = request.form['acct'] acct = request.form['acct']
session['username'] = re.match("^@([^@]+)@", acct).group(1) session['username'] = re.match("^@([^@]+)@", acct).group(1)
session['instance'] = "https://{}".format(re.search("@([^@]+)$", acct).group(1)) session['instance'] = "https://{}".format(re.search("@([^@]+)$", acct).group(1))
dc.execute("SELECT * FROM data WHERE username LIKE %s AND instance LIKE %s", (session['username'], session['instance'])) dc.execute("SELECT * FROM data WHERE username = %s AND instance = %s", (session['username'], session['instance']))
data = dc.fetchone() data = dc.fetchone()
if bcrypt.checkpw(pw_hashed, data['password'].encode('utf-8')): if bcrypt.checkpw(pw_hashed, data['password'].encode('utf-8')):
#password is correct, log the user in #password is correct, log the user in
@ -168,7 +168,7 @@ def do_login():
@app.route('/create_password') @app.route('/create_password')
def create_password(): def create_password():
c.execute("SELECT COUNT(*) FROM data WHERE username LIKE %s AND instance LIKE %s", (session['username'], session['instance'])) c.execute("SELECT COUNT(*) FROM data WHERE username = %s AND instance = %s", (session['username'], session['instance']))
if c.fetchone()[0] == 0: if c.fetchone()[0] == 0:
return render_template("create_password.html", bg = "background-image:url('{}')".format(session['avi'])) return render_template("create_password.html", bg = "background-image:url('{}')".format(session['avi']))
else: else: