From 0ba2438541310ba26d38f894232fde263c5ccac9 Mon Sep 17 00:00:00 2001
From: b3yond <b3yond@riseup.net>
Date: Fri, 26 Jan 2018 15:19:03 +0100
Subject: [PATCH] fix sqlite commands, rename to website.py

---
 .gitignore                        |  1 +
 config.toml.example               |  3 ---
 frontend/{login.py => website.py} | 18 +++++++++++++-----
 3 files changed, 14 insertions(+), 8 deletions(-)
 rename frontend/{login.py => website.py} (86%)

diff --git a/.gitignore b/.gitignore
index 8b2b385..e0787e9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,6 +7,7 @@ last_mail
 ticketfrei.cfg
 seen_toots.pickle
 seen_toots.pickle.part
+ticketfrei.sqlite
 pip-selfcheck.json
 config.toml
 bin/
diff --git a/config.toml.example b/config.toml.example
index 3df8f78..235653f 100644
--- a/config.toml.example
+++ b/config.toml.example
@@ -33,9 +33,6 @@ passphrase = "sup3rs3cur3"
 # Mailing list where you want to send warnings to
 list = "yourcity_ticketfrei@lists.links-tech.org"
 
-[web]
-secret = "adoijf83wuc2mwipje8r"
-
 [logging]
 # The directory where logs should be stored.
 logpath = "logs/ticketfrei.log"
diff --git a/frontend/login.py b/frontend/website.py
similarity index 86%
rename from frontend/login.py
rename to frontend/website.py
index 7a52719..9a514d9 100644
--- a/frontend/login.py
+++ b/frontend/website.py
@@ -12,7 +12,7 @@ import pylibscrypt
 
 class Datagetter(object):
     def __init__(self):
-        self.db = "../../../ticketfrei.sqlite"
+        self.db = "../ticketfrei.sqlite"
         self.conn = self.create_connection(self.db)
         self.cur = self.conn.cursor()
 
@@ -43,7 +43,10 @@ def login():
     uname = bottle.request.forms.get('uname')
     psw = bottle.request.forms.get('psw')
     psw = psw.encode("utf-8")
-    if pylibscrypt.scrypt_mcf_check(db.cur.execute("SELECT pass FROM user WHERE email=?;", (uname, )), psw):
+    db.cur.execute("SELECT pass_hashed FROM user WHERE email=?;", (uname, )), psw
+    pass_hashed = db.cur.fetchone()
+    print(pass_hashed)
+    if pylibscrypt.scrypt_mcf_check(pass_hashed, psw):
         # :todo Generate Session Cookie and give to user
         return bottle.static_file("../static/bot.html", root="../static")
     else:
@@ -63,6 +66,8 @@ def register():
     if pswrepeat != psw:
         return "ERROR: Passwords don't match. Try again."
 
+    # check if email is already in use
+
     # needs to be encoded somehow
     psw = psw.encode("utf-8")
     psw = pylibscrypt.scrypt_mcf(psw)
@@ -91,7 +96,8 @@ def confirmaccount():
     pass_hashed = dict["psw_hashed"]
     print(uname, pass_hashed)
     active = "1"
-    db.conn.execute("CREATE ?, ?, ? IN user;", (uname, pass_hashed, active))
+    db.cur.execute("INSERT INTO user(id, email, pass_hashed, enabled) VALUES(?, ?, ?, ?);", (uname, pass_hashed, active, True))
+    db.conn.commit()
     return bottle.static_file("../static/bot.html", root='../static')
 
 
@@ -132,5 +138,7 @@ if __name__ == "__main__":
     global secret
     secret = os.urandom(32)
     db = Datagetter()
-
-    bottle.run(app=StripPathMiddleware(app), host='0.0.0.0', port=8080)
+    try:
+        bottle.run(app=StripPathMiddleware(app), host='0.0.0.0', port=8080)
+    finally:
+        db.conn.close()