From 9f1ab5338568cc9a81c4071029de2e4bd9578827 Mon Sep 17 00:00:00 2001
From: Tracker-Friendly <jliwin98@danwin1210.de>
Date: Mon, 20 Nov 2023 00:19:47 +0000
Subject: [PATCH] Updated login

---
 account/account.py             | 18 +++++++++++++++++-
 account/templates/confirm.html |  2 +-
 account/templates/index.html   |  2 +-
 3 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/account/account.py b/account/account.py
index 4b88f76..d74c274 100644
--- a/account/account.py
+++ b/account/account.py
@@ -37,7 +37,7 @@ def verify_bcrypt(passphrase, hashed_password):
 def index():
     return render_template('index.html')
 
-@app.route('/api', methods=['POST'])
+@app.route('/loginapi', methods=['POST'])
 def login():
     key_to_fetch = request.form['email']
     password_to_check = request.form['password']
@@ -56,6 +56,22 @@ def login():
     else:
         return "Email not found in the database"
 
+@app.route('/deleteapi', methods=['POST'])
+def delete():
+    key_to_fetch = request.form['email']
+    verify_hash = request.form['hash']
+
+    passwordhash = fetch_hash_from_database(key_to_fetch)
+
+    if passwordhash:
+        if verify_hash == passwordhash:
+            return "Your account would have been deleted... if this worked. Which it doesn't. Email postmaster@hectabit.org to delete your email."
+        else:
+            return "Incorrect email or password"
+    else:
+        return "Email not found in the database"
+
+
 @app.route('/dashboard')
 def dashboard():
     if 'passwordhash' in request.cookies and request.cookies.get('passwordhash'):
diff --git a/account/templates/confirm.html b/account/templates/confirm.html
index 708ed38..8cce39f 100644
--- a/account/templates/confirm.html
+++ b/account/templates/confirm.html
@@ -14,7 +14,7 @@
         <h1>Are you SURE you would like to delete your account?</h1>
         <button onclick="location.href = '/account/dashboard';">Whoops, wrong button, bring me back to the safe zone!</button>
         <br>
-        <form method="POST" action="/account/deleteacct">
+        <form method="POST" action="/account/deleteapi">
             <input type="hidden" name="email" value="{{ user_email }}">
             <input type="hidden" name="hash" value="{{ password_hash }}">
             <input type="submit" style="background-color: rgb(20, 10, 30);padding: 0;text-decoration: underline;font-family: Arial;" value="Yes, I understand this is permanent and cannot be undone!">
diff --git a/account/templates/index.html b/account/templates/index.html
index 4e2717a..5ead145 100644
--- a/account/templates/index.html
+++ b/account/templates/index.html
@@ -13,7 +13,7 @@
     <div class="content">
         <h1>Login to your Email Account</h1>
 	<p1>Warning! This is only a proof of concept and has no actual use!</p1>
-        <form method="POST" action="/account/api">
+        <form method="POST" action="/account/loginapi">
             <label for="username">Email</label>
 	    <div class="spacer">
                 <input type="text" name="email" required="">