From edf92b16aa29d477e0e01a67d775e3307be46ac9 Mon Sep 17 00:00:00 2001 From: Lynne Date: Sun, 11 Nov 2018 22:04:30 +1000 Subject: [PATCH] more login code: validate password, retrieve session variables, and redirect to /home --- web.py | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/web.py b/web.py index 089d616..c1ee3fc 100755 --- a/web.py +++ b/web.py @@ -12,9 +12,14 @@ import bcrypt cfg = json.load(open("meta.json")) scopes = ["read:accounts", "write:statuses"] +settings = { + "cw": False, + # "disabled": False, +} db = mysql.connector.connect(user=cfg['dbuser'], password=cfg['dbpass'], database=cfg['dbname']) c = db.cursor() +dc = db.cursor(dictionary=True) # MariaDB [curiousgreg]> DESCRIBE data; # +---------------------+--------------+------+-----+-------------------------------------------+-----------------------------+ # | Field | Type | Null | Key | Default | Extra | @@ -133,8 +138,14 @@ def do_login(): acct = request.form['acct'] session['username'] = re.match("^@[^@]*", acct).group(0) session['instance'] = "https://{}".format(re.search("@([^@]+)$", acct).group(1)) - pw = c.execute("SELECT password FROM data WHERE username LIKE ? AND password LIKE ?", (session['username'], session['instance'])).fetch_one()[0] - pw = bcrypt.hashpw(pw_hashed, bcrypt.gensalt(15)) + data = dc.execute("SELECT * FROM data WHERE username LIKE ? AND password LIKE ?", (session['username'], session['instance'])).fetch_one() + if bcrypt.checkpw(pw_hashed, data['password']): + #password is correct, log the user in + for item in ['username', 'instance', 'avi', 'secret', 'client_id', 'client_secret', 'cc', 'ccavi']: + session[item] = data[item] + return redirect('/home') + else: + return redirect('/login?invalid') @app.route('/create_password') def create_password():