stricter requirements for accounts
This commit is contained in:
parent
2533475a2e
commit
bfb62f3e47
|
@ -10,6 +10,14 @@ CrystalGauntlet.endpoints["/accounts/loginGJAccount.php"] = ->(context : HTTP::S
|
||||||
|
|
||||||
username = params["userName"]
|
username = params["userName"]
|
||||||
password = params["password"]
|
password = params["password"]
|
||||||
|
|
||||||
|
if password.size < 6
|
||||||
|
return "-8"
|
||||||
|
end
|
||||||
|
if username.size < 3
|
||||||
|
return "-9"
|
||||||
|
end
|
||||||
|
|
||||||
result = DATABASE.query_all("select id, password from accounts where username = ?", username, as: {Int32, String})
|
result = DATABASE.query_all("select id, password from accounts where username = ?", username, as: {Int32, String})
|
||||||
if result.size > 0
|
if result.size > 0
|
||||||
account_id, hash = result[0]
|
account_id, hash = result[0]
|
||||||
|
@ -19,7 +27,7 @@ CrystalGauntlet.endpoints["/accounts/loginGJAccount.php"] = ->(context : HTTP::S
|
||||||
user_id = Accounts.get_user_id(account_id)
|
user_id = Accounts.get_user_id(account_id)
|
||||||
"#{account_id},#{user_id}"
|
"#{account_id},#{user_id}"
|
||||||
else
|
else
|
||||||
return "-12"
|
return "-11"
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
return "-1"
|
return "-1"
|
||||||
|
|
|
@ -16,6 +16,17 @@ CrystalGauntlet.endpoints["/accounts/registerGJAccount.php"] = ->(context : HTTP
|
||||||
password = params["password"]
|
password = params["password"]
|
||||||
email = params["email"]
|
email = params["email"]
|
||||||
|
|
||||||
|
if username != params["userName"]
|
||||||
|
return "-4"
|
||||||
|
end
|
||||||
|
|
||||||
|
if password.size < 6
|
||||||
|
return "-8"
|
||||||
|
end
|
||||||
|
if username.size < 3
|
||||||
|
return "-9"
|
||||||
|
end
|
||||||
|
|
||||||
# caps checks aren't required because `username` is already COLLATE NOCASE in the db
|
# caps checks aren't required because `username` is already COLLATE NOCASE in the db
|
||||||
username_exists = DATABASE.scalar "select count(*) from accounts where username = ?", username
|
username_exists = DATABASE.scalar "select count(*) from accounts where username = ?", username
|
||||||
if username_exists != 0
|
if username_exists != 0
|
||||||
|
|
Loading…
Reference in New Issue