Commit af368ed4 authored by okhin's avatar okhin
Browse files

Fixing some auth code

parent 8d15804f
Pipeline #952 passed with stage
in 2 seconds
......@@ -490,15 +490,15 @@ def static_files(filepath):
def login_admin(user, password):
db = sqlite3.connect(config['piphone']['db'])
user = db.execute('SELECT api, token, admin FROM users where api = ?', (user,))
user = user.fetchone()
if user is None:
sql_user = db.execute('SELECT token, admin FROM users where api = ?', (user,))
sql_user = sql_user.fetchone()
if sql_user is None:
# user does not exist
return False
if password != user[1]:
if password != sql_user[0]:
# password does not match
return False
if user[2] == 0:
if sql_user[1] == 0:
# User is not admin
return False
return True
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment