def confirm_email(token):
try:
email = key.loads(token, salt="email-confirm-key", max_age=172800)
if "'" in email or '"' in email or "(" in email or " )" in email:
raise Exception
if ',' in email or ";" in email or "%" in email:
raise Exception
except Exception as e:
return str(e)
try:
conn = mysql.connect()
cursor = conn.cursor()
cursor.execute('SELECT confirmed FROM users WHERE email=%s', (email,))
data = cursor.fetchall()
except Exception as e:
return str(e)
if str(data[0][0]) == "1":
return render_template("already-confirmed.html")
else:
try:
cursor.execute("UPDATE users SET confirmed='1' WHERE email=%s",
(email,))
conn.commit()
return render_template("activated.html")
except Exception as e:
return str(e)
cursor.close()
conn.close()
def confirm_email(token):
try:
email = key.loads(token, salt="email-confirm-key", max_age=86400)
except:
return "error"
conn = mysql.connect()
cursor = conn.cursor()
cursor.execute('SELECT confirmed FROM users WHERE email=%s', (email))
data = cursor.fetchall()
# checks if user is already confirmed
if str(data[0][0]) == "1":
return render_template("alreadyconfirmed.html")
else:
# updates confirmed column to '1'
cursor.execute("UPDATE users SET confirmed='1' WHERE email=%s", (email))
conn.commit()
return render_template("activated.html")
cursor.close()
conn.close()