added client and server validation on registration

12 years ago · 487d740164
parent 9a768a4f6c
commit 487d740164
3 changed files with 77 additions and 52 deletions
--- a/public/templates/register.tpl
+++ b/public/templates/register.tpl
@ -2,9 +2,9 @@
 <div class="row-fluid">
 	<div class="well {register_window:spansize}">
 		<form method="post" action="/register">
-			<label for="email">Email Address</label><input type="email" name="email" placeholder="Enter Email Address" id="email" /> <span id="email-notify" class="label label-important"></span> <br />
+			<label for="email">Email Address</label><input type="email" name="email" placeholder="Enter Email Address" id="email" /> <span id="email-notify" class="label label-important"></span><br />
 			<label for="username">Username</label><input type="text" name="username" placeholder="Enter Username" id="username" /> <span id="username-notify" class="label label-success"></span> <br />
-			<label for="password">Password</label><input type="password" name="password" placeholder="Enter Password" id="password" /><br />
+			<label for="password">Password</label><input type="password" name="password" placeholder="Enter Password" id="password" /> <span id="password-notify" class="label label-important"></span> <br />
 			<button class="btn btn-primary" id="register" type="submit">Register Now</button>
 		</form>
 	</div>
@ -24,7 +24,8 @@
 		register = document.getElementById('register'),
 		emailEl = document.getElementById('email'),
 		username_notify = document.getElementById('username-notify'),
-		email_notify = document.getElementById('email-notify');
+		email_notify = document.getElementById('email-notify'),
 		password_notify = document.getElementById('password-notify');
 	username.onkeyup = function() {
 		if (username.value.length > 2) socket.emit('user.exists', {username: username.value});
@ -36,6 +37,13 @@
 	emailEl.addEventListener('change', function() {
 		socket.emit('user.email.exists', { email: emailEl.value });
 	}, false);
 	password.addEventListener('keyup', function() {
 		if (password.value.length < 5) {
 			password_notify.innerHTML = 'Password too short';
 		} else {
 			password_notify.innerHTML = '';
 		}
 	}, false);
 	ajaxify.register_events(['user.exists', 'user.email.exists']);
@ -63,5 +71,34 @@
 			document.location.href = e.target.getAttribute('data-url');
 		}
 	});
 	// Form Validation
 	function validateForm() {
 		var validated = true;
 		if (username.value.length < 2) {
 			username_notify.innerHTML = 'Invalid username';
 			username_notify.className = 'label label-important';
 			validated = false;
 		}
 		if (password.value.length < 5) {
 			password_notify.innerHTML = 'Password too short';
 			validated = false;
 		} else {
 			password_notify.innerHTML = '';
 		}
 		if (email.value.indexOf('@') === -1) {
 			email_notify.innerHTML = 'Invalid email address';
 			validated = false;
 		} else {
 			email_notify.innerHTML = '';
 		}
 		return validated;
 	}
 	register.addEventListener('click', function(e) {
 		if (!validateForm()) e.preventDefault();
 	}, false);
 }());
 </script>
--- a/src/routes/authentication.js
+++ b/src/routes/authentication.js
@ -138,9 +138,8 @@
 		}));
 		app.post('/register', function(req, res) {
 			console.log('wtf');
 			user_module.create(req.body.username, req.body.password, req.body.email, function(err, uid) {
-				if (err === null) {
+				if (err === null && uid > 0) {
 					req.login({
 						uid: uid
 					}, function() {
--- a/src/user.js
+++ b/src/user.js
@ -237,21 +237,12 @@ var	config = require('../config.js'),
 	User.create = function(username, password, email, callback) {
-		if(!username) {
+		User.exists(username, function(exists) {
-			console.log("invalid registration data! username ["+username+"], password ["+password+"], email ["+email+"]");
+			if (exists || email.indexOf('@') === -1 || password.length < 5) return callback(null, -1);
 			return;
 		}
 		// TODO : check if username email is unique!! -baris
 			RDB.incr('global:next_user_id', function(err, uid) {
 				RDB.handle(err);
 			console.log("Registering uid : " + uid);
 				User.hashPassword(password, function(hash) {
 					var gravatar = User.createGravatarURLFromEmail(email);
 					RDB.hmset('user:'+uid, {
@ -286,11 +277,9 @@ var	config = require('../config.js'),
 					io.sockets.emit('user.latest', {username: username});
 					callback(null, uid);
 				});
 			});
-
+		});
 	};
 	User.createGravatarURLFromEmail = function(email) {