oat/crystal-gauntlet
oat
/
crystal-gauntlet
1
0
Fork 1
Code Issues 11 Pull Requests Packages Projects Releases Wiki Activity

stricter requirements for accounts

This commit is contained in:
Jill 2023-01-03 16:20:31 +03:00
parent 2533475a2e
commit bfb62f3e47
2 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/endpoints/accounts/loginAccount.cr
View File

@ -10,6 +10,14 @@ CrystalGauntlet.endpoints["/accounts/loginGJAccount.php"] = ->(context : HTTP::S
username = params["userName"]
password = params["password"]
if password.size < 6
return "-8"
end
if username.size < 3
return "-9"
end
result = DATABASE.query_all("select id, password from accounts where username = ?", username, as: {Int32, String})
if result.size > 0
account_id, hash = result[0]
@ -19,7 +27,7 @@ CrystalGauntlet.endpoints["/accounts/loginGJAccount.php"] = ->(context : HTTP::S
user_id = Accounts.get_user_id(account_id)
"#{account_id},#{user_id}"
else
return "-12"
return "-11"
end
else
return "-1"

11
src/endpoints/accounts/registerAccount.cr
View File

@ -16,6 +16,17 @@ CrystalGauntlet.endpoints["/accounts/registerGJAccount.php"] = ->(context : HTTP
password = params["password"]
email = params["email"]
if username != params["userName"]
return "-4"
end
if password.size < 6
return "-8"
end
if username.size < 3
return "-9"
end
# caps checks aren't required because `username` is already COLLATE NOCASE in the db
username_exists = DATABASE.scalar "select count(*) from accounts where username = ?", username
if username_exists != 0