Commit af368ed4 authored by okhin's avatar okhin 🚴

Fixing some auth code

parent 8d15804f
Pipeline #952 passed with stage
in 2 seconds
......@@ -490,15 +490,15 @@ def static_files(filepath):
def login_admin(user, password):
db = sqlite3.connect(config['piphone']['db'])
user = db.execute('SELECT api, token, admin FROM users where api = ?', (user,))
user = user.fetchone()
if user is None:
sql_user = db.execute('SELECT token, admin FROM users where api = ?', (user,))
sql_user = sql_user.fetchone()
if sql_user is None:
# user does not exist
return False
if password != user[1]:
if password != sql_user[0]:
# password does not match
return False
if user[2] == 0:
if sql_user[1] == 0:
# User is not admin
return False
return True
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment