Updated login

This commit is contained in:
Tracker-Friendly 2023-11-20 00:19:47 +00:00
parent 0251d0eeb1
commit 9f1ab53385
3 changed files with 19 additions and 3 deletions

View File

@ -37,7 +37,7 @@ def verify_bcrypt(passphrase, hashed_password):
def index(): def index():
return render_template('index.html') return render_template('index.html')
@app.route('/api', methods=['POST']) @app.route('/loginapi', methods=['POST'])
def login(): def login():
key_to_fetch = request.form['email'] key_to_fetch = request.form['email']
password_to_check = request.form['password'] password_to_check = request.form['password']
@ -56,6 +56,22 @@ def login():
else: else:
return "Email not found in the database" return "Email not found in the database"
@app.route('/deleteapi', methods=['POST'])
def delete():
key_to_fetch = request.form['email']
verify_hash = request.form['hash']
passwordhash = fetch_hash_from_database(key_to_fetch)
if passwordhash:
if verify_hash == passwordhash:
return "Your account would have been deleted... if this worked. Which it doesn't. Email postmaster@hectabit.org to delete your email."
else:
return "Incorrect email or password"
else:
return "Email not found in the database"
@app.route('/dashboard') @app.route('/dashboard')
def dashboard(): def dashboard():
if 'passwordhash' in request.cookies and request.cookies.get('passwordhash'): if 'passwordhash' in request.cookies and request.cookies.get('passwordhash'):

View File

@ -14,7 +14,7 @@
<h1>Are you SURE you would like to delete your account?</h1> <h1>Are you SURE you would like to delete your account?</h1>
<button onclick="location.href = '/account/dashboard';">Whoops, wrong button, bring me back to the safe zone!</button> <button onclick="location.href = '/account/dashboard';">Whoops, wrong button, bring me back to the safe zone!</button>
<br> <br>
<form method="POST" action="/account/deleteacct"> <form method="POST" action="/account/deleteapi">
<input type="hidden" name="email" value="{{ user_email }}"> <input type="hidden" name="email" value="{{ user_email }}">
<input type="hidden" name="hash" value="{{ password_hash }}"> <input type="hidden" name="hash" value="{{ password_hash }}">
<input type="submit" style="background-color: rgb(20, 10, 30);padding: 0;text-decoration: underline;font-family: Arial;" value="Yes, I understand this is permanent and cannot be undone!"> <input type="submit" style="background-color: rgb(20, 10, 30);padding: 0;text-decoration: underline;font-family: Arial;" value="Yes, I understand this is permanent and cannot be undone!">

View File

@ -13,7 +13,7 @@
<div class="content"> <div class="content">
<h1>Login to your Email Account</h1> <h1>Login to your Email Account</h1>
<p1>Warning! This is only a proof of concept and has no actual use!</p1> <p1>Warning! This is only a proof of concept and has no actual use!</p1>
<form method="POST" action="/account/api"> <form method="POST" action="/account/loginapi">
<label for="username">Email</label> <label for="username">Email</label>
<div class="spacer"> <div class="spacer">
<input type="text" name="email" required=""> <input type="text" name="email" required="">