Remove extra folder from demo path

solvable/src/source_code_server/login_component.py

@@ -0,0 +1,27 @@
+import sqlite3
+
+
+def get_db():
+    return sqlite3.connect('users.db')
+
+
+def authorize_login(email, password):
+    """
+    This method checks if a user is authorized and has admin privileges.
+    :param email: The email address of the user.
+    :param password: The password of the user.
+    :return: A tuple, the first element is the email address if the user exists,
+    and None if they don't; the second element is a boolean, which is True if
+    the user has admin privileges.
+    """
+    conn = get_db()
+    sql_statement = '''SELECT email, is_admin FROM users
+                       WHERE email="{}" AND password="{}"'''
+    # The problem with this approach is that it substitutes any value received
+    # from the user, even if it is a valid SQL statement!
+    result = conn.execute(sql_statement.format(email, password)).fetchone()
+    if result is None:
+        return None, False
+    else:
+        email, is_admin = result
+        return email, is_admin == 1

solvable/src/source_code_server/server.py

@@ -0,0 +1,27 @@
+import json, sys
+from tornado.ioloop import IOLoop
+from tornado.web import RequestHandler, Application
+
+from tfw.config import TFWENV
+
+sys.path.append(TFWENV.WEBIDE_WD)
+from login_component import authorize_login
+
+
+class LoginHandler(RequestHandler):
+    def post(self, *args, **kwargs):
+        request = json.loads(self.request.body)
+        email, is_admin = authorize_login(
+            request['email'],
+            request['password']
+        )
+        self.write({
+            'email': email,
+            'is_admin': is_admin
+        })
+
+
+if __name__ == '__main__':
+    application = Application([(r'/login', LoginHandler)])
+    application.listen(TFWENV.LOGIN_APP_PORT)
+    IOLoop.instance().start()