diff --git a/src/endpoints/accounts/loginAccount.cr b/src/endpoints/accounts/loginAccount.cr
index ab7fe02..7477c46 100644
--- a/src/endpoints/accounts/loginAccount.cr
+++ b/src/endpoints/accounts/loginAccount.cr
@@ -10,6 +10,14 @@ CrystalGauntlet.endpoints["/accounts/loginGJAccount.php"] = ->(context : HTTP::S
 
   username = params["userName"]
   password = params["password"]
+
+  if password.size < 6
+    return "-8"
+  end
+  if username.size < 3
+    return "-9"
+  end
+
   result = DATABASE.query_all("select id, password from accounts where username = ?", username, as: {Int32, String})
   if result.size > 0
     account_id, hash = result[0]
@@ -19,7 +27,7 @@ CrystalGauntlet.endpoints["/accounts/loginGJAccount.php"] = ->(context : HTTP::S
       user_id = Accounts.get_user_id(account_id)
       "#{account_id},#{user_id}"
     else
-      return "-12"
+      return "-11"
     end
   else
     return "-1"
diff --git a/src/endpoints/accounts/registerAccount.cr b/src/endpoints/accounts/registerAccount.cr
index 2a707c5..3f1be3c 100644
--- a/src/endpoints/accounts/registerAccount.cr
+++ b/src/endpoints/accounts/registerAccount.cr
@@ -16,6 +16,17 @@ CrystalGauntlet.endpoints["/accounts/registerGJAccount.php"] = ->(context : HTTP
   password = params["password"]
   email = params["email"]
 
+  if username != params["userName"]
+    return "-4"
+  end
+
+  if password.size < 6
+    return "-8"
+  end
+  if username.size < 3
+    return "-9"
+  end
+
   # caps checks aren't required because `username` is already COLLATE NOCASE in the db
   username_exists = DATABASE.scalar "select count(*) from accounts where username = ?", username
   if username_exists != 0