Updated account service

account/account.py

@@ -49,6 +49,7 @@ def login():
         if is_password_valid:
             response = make_response("Logged in!")
             response.set_cookie('passwordhash', passwordhash)
+            response.set_cookie('email', request.form['email'])
             return response
         else:
             return "Incorrect email or password"
@@ -62,5 +63,12 @@ def dashboard():
     else:
         return redirect(url_for('index'))
 
+@app.route('/deleteacct')
+def deleteacct():
+    if 'passwordhash' in request.cookies and request.cookies.get('passwordhash'):
+        return render_template('dashboard.html', user_email=request.cookies.get('email'), password_hash=request.cookies.get('passwordhash'))
+    else:
+        return redirect(url_for('index'))
+
 if __name__ == '__main__':
     serve(app, host='0.0.0.0', port=runport)

account/templates/confirm.html

@@ -14,7 +14,8 @@
         <h1>Are you SURE you would like to delete your account?</h1>
         <button onclick="location.href = '/account/dashboard';">Whoops, wrong button, bring me back to the safe zone!</button>
         <form method="POST" action="/account/deleteacct">
-            <input type="hidden" name="unique_token" value="{{ password_hash }}">
+            <input type="hidden" name="email" value="{{ user_email }}">
+            <input type="hidden" name="hash" value="{{ password_hash }}">
             <input type="submit" style="background-color: rgb(20, 10, 30);padding: 0;text-decoration: underline;font-family: Arial;" value="Yes, I understand this is permanent and cannot be undone!">
     </div>
 <style type="text/css"></style>