import sqlite3


def get_db():
    return sqlite3.connect('users.db')


def authorize_login(email, password):
    """
    This method checks if a user is authorized and has admin privileges.
    :param email: The email address of the user.
    :param password: The password of the user.
    :return: A tuple, the first element is the email address if the user exists,
    and None if they don't; the second element is a boolean, which is True if
    the user has admin privileges.
    """
    conn = get_db()
    sql_statement = '''SELECT email, is_admin FROM users
                       WHERE email="{}" AND password="{}"'''
    # The problem with this approach is that it substitutes any value received
    # from the user, even if it is a valid SQL statement!
    result = conn.execute(sql_statement.format(email, password)).fetchone()
    if result is None:
        return None, False
    else:
        email, is_admin = result
        return email, is_admin == 1