Ratstail91/kingdombattles
Archived
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed critical error

Browse Source
This commit is contained in:
Kayne Ruse
2019-05-25 21:50:03 +10:00
parent eef8b3721f
commit eb612f01d6
2 changed files with 22 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/accounts.js
+18 -18
View File
@@ -18,6 +18,15 @@ const signup = (connection) => (req, res) => {
form.parse(req, (err, fields) => {
if (err) throw err;
//prevent too many clicks
if (isThrottled(fields.email)) {
res.status(400).write(log('signup throttled', fields.email));
res.end();
return;
}
throttle(fields.email);
//validate email, username and password
if (!validateEmail(fields.email) || fields.username.length < 4 || fields.username.length > 100 || fields.password.length < 8 || fields.password !== fields.retype) {
res.status(400).write(log('Invalid signup data', fields));
@@ -56,15 +65,6 @@ const signup = (connection) => (req, res) => {
connection.query(query, [fields.email, fields.username, salt, hash, rand], (err) => {
if (err) throw err;
//prevent too many clicks
if (isThrottled(fields.email)) {
res.status(400).write(log('signup throttled', fields.email));
res.end();
return;
}
throttle(fields.email);
//build the verification email
let addr = `http://${process.env.WEB_ADDRESS}/verify?email=${fields.email}&verify=${rand}`;
let msg = 'Hello! Please visit the following address to verify your account: ';
@@ -277,6 +277,15 @@ const passwordRecover = (connection) => (req, res) => {
form.parse(req, (err, fields) => {
if (err) throw err;
//prevent too many clicks
if (isThrottled(fields.email)) {
res.status(400).write(log('recover throttled', fields.email));
res.end();
return;
}
throttle(fields.email);
//validate email, username and password
if (!validateEmail(fields.email)) {
res.status(400).write(log('Invalid recover data', fields.email));
@@ -307,15 +316,6 @@ const passwordRecover = (connection) => (req, res) => {
let msg = 'Hello! Please visit the following address to set a new password (if you didn\'t request a password recovery, ignore this email): ';
let msgHtml = `<html><body><p>${msg}<a href='${addr}'>${addr}</a></p></body></html>`;
//prevent too many clicks
if (isThrottled(fields.email)) {
res.status(400).write(log('recover throttled', fields.email));
res.end();
return;
}
throttle(fields.email);
//send the verification email
sendmail({
from: `passwordrecover@${process.env.WEB_ADDRESS}`,
sql/drop_everything.sql
+4 -4
View File
@@ -1,5 +1,5 @@
DROP TABLE signups;
DROP TABLE accounts;
DROP TABLE sessions;
DROP TABLE passwordRecover;
DROP TABLE profiles;
DROP TABLE passwordRecover;
DROP TABLE sessions;
DROP TABLE accounts;
DROP TABLE signups;