banned users cant login, show error messages on failed logins

12 years ago · 74af205426
parent 9ad82f4907
commit 74af205426
6 changed files with 34 additions and 12 deletions
--- a/public/src/forum/login.js
+++ b/public/src/forum/login.js
@ -27,11 +27,15 @@
 			url: RELATIVE_PATH + '/login',
 			data: loginData,
 			success: function(data, textStatus, jqXHR) {
-				$('#login-error-notify').hide();
+				if(!data.success) {
-				window.location.replace(RELATIVE_PATH + "/?loggedin");
+					$('#login-error-notify').html(data.message).show();
 				} else {
 					$('#login-error-notify').hide();
 					window.location.replace(RELATIVE_PATH + "/?loggedin");
 				}
 			},
 			error : function(data, textStatus, jqXHR) {
-				$('#login-error-notify').show().delay(1000).fadeOut(250);
+				$('#login-error-notify').show();
 			},
 			dataType: 'json',
 			async: true,
--- a/public/templates/login.tpl
+++ b/public/templates/login.tpl
@ -14,7 +14,7 @@
 			<button class="btn btn-primary" id="login" type="submit">Login</button> &nbsp; <a href="/reset">Forgot Password?</a>
 		</form>
-		<span id="login-error-notify" class="label label-important hide">Invalid username/password</span><br/>
+		<div id="login-error-notify" class="alert alert-danger hide">Invalid username/password</div>
 	</div>
 	<div class="well span6 {alternate_logins:display}">
--- a/src/categories.js
+++ b/src/categories.js
@ -281,7 +281,7 @@ var	RDB = require('./redis.js'),
 				}
 				Categories.hasReadCategory(cid, current_user, function(hasRead) {
-					categoryData['badgeclass'] = (parseInt(categoryData.topic_count,10) === 0 || (hasRead && current_user != 0)) ? '' : 'badge-important';
+					categoryData['badgeclass'] = (parseInt(categoryData.topic_count, 10) === 0 || (hasRead && current_user != 0)) ? '' : 'badge-important';
 					categories.push(categoryData);
 					callback(null);
--- a/src/login.js
+++ b/src/login.js
@ -25,8 +25,14 @@ var user = require('./user.js'),
 					});
 				}
-				user.getUserField(uid, 'password', function(user_password) {
+				user.getUserFields(uid, ['password', 'banned'], function(userData) {
-					bcrypt.compare(password, user_password, function(err, res) {
+					if(userData.banned && userData.banned === '1') {
 						return next({
 							status: "error",
 							message: "user-banned"
 						});
 					}
 					bcrypt.compare(password, userData.password, function(err, res) {
 						if(err) {
 							winston.err(err);
 							next({
--- a/src/routes/authentication.js
+++ b/src/routes/authentication.js
@ -137,9 +137,20 @@
 			});
 		});
-
+		app.post('/login', function(req, res, next) {
-		app.post('/login', passport.authenticate('local'), function(req, res) {
+			passport.authenticate('local', function(err, user, info) {
-			res.json({success:1});
+				if(err) {
 					return next(err);
 				}
 				if (!user) {
 					return res.send({ success : false, message : info.message });
 				}
 				req.login({
 					uid: user.uid
 				}, function() {
 					res.send({ success : true, message : 'authentication succeeded' });
 				});
 			})(req, res, next);
 		});
 		app.post('/register', function(req, res) {
--- a/src/webserver.js
+++ b/src/webserver.js
@ -124,6 +124,7 @@ var express = require('express'),
 	});
 	app.use(function(err, req, res, next) {
 		// we may use properties of the error object
 		// here and next(err) appropriately, or if
 		// we possibly recovered from the error, simply next().