fix: tighten query

gwe mwnya yg intended aja yh

app.py

@@ -24,7 +24,8 @@ def setup_db():
 def check_login(username, password):
     conn = sqlite3.connect("users.db")
     c = conn.cursor()
-    query = f"SELECT role FROM users WHERE username='{username}' AND password='{password}' LIMIT 1"
+
+    query = f"SELECT role FROM (SELECT username, password, role FROM users WHERE role='user') AS t WHERE username='{username}' AND password='{password}' LIMIT 1"
     try:
         c.execute(query)
         result = c.fetchone()
@@ -33,10 +34,10 @@ def check_login(username, password):
             return "admin"
         elif result and result[0] == "user":
             return "user"
-        return None  # Return None for failed login
+        return None
     except:
         conn.close()
-        return None  # Return None for any errors
+        return None
 
 
 def respond(