From ba53a035e4dc0b45a0e3a4a7cf3bdccd6d4212c4 Mon Sep 17 00:00:00 2001
From: Finn <toyou1995@gmail.com>
Date: Mon, 31 Oct 2016 16:19:58 +0000
Subject: [PATCH] Update foodloopserver.pl

---
 foodloopserver.pl | 30 +++++++++++++++++++++++-------
 1 file changed, 23 insertions(+), 7 deletions(-)

diff --git a/foodloopserver.pl b/foodloopserver.pl
index 40c354f..67a841f 100644
--- a/foodloopserver.pl
+++ b/foodloopserver.pl
@@ -139,14 +139,30 @@ post '/token' => sub {
   });
 };
 
-helper get_account_by_token => sub {
-  my ( $self, $token ) = @_;
+post '/fetchuser' => sub {
+  my $self = shift;
 
-  return $self->db->selectrow_hashref(
-    "SELECT keyused, username FROM accounts WHERE idkey = ?",
-    {},
-    $token,
-  );
+  my $json = $self->req->json;
+
+  my $account = $self->get_account_by_username( $json->{username} );
+
+  unless ( defined $account ) {
+    return $self->render( json => {
+      success => Mojo::JSON->false,
+      message => 'Username not recognised, has your token expired?',
+    });
+# PLUG SECURITY HOLE
+  } elsif ( $account->{keyused} ne 't' ) {
+    return $self->render( json => {
+      success => Mojo::JSON->false,
+      message => 'Token has not been used yet!',
+    });
+  }
+
+# Add stuff to send back to user below here!
+  $self->render( json => { 
+  success => Mojo::JSON->true,
+  });
 };
 
 helper get_account_by_username => sub {