summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--server.js20
-rw-r--r--tools/sql/schema.txt6
2 files changed, 13 insertions, 13 deletions
diff --git a/server.js b/server.js
index f5eb099..3d2213f 100644
--- a/server.js
+++ b/server.js
@@ -364,14 +364,14 @@ app.get('/unsubscribe', must_be_logged_in, function (req, res) {
const sql_select_salt = db.prepare("SELECT salt FROM users WHERE user_id = ?").pluck();
const sql_find_user_by_mail = db.prepare("SELECT user_id FROM users WHERE mail = ?").pluck();
-const sql_find_forgot_password_token = db.prepare(`
- SELECT token FROM forgot_password WHERE user_id = ? AND datetime('now') < datetime(time, '+5 minutes')
+const sql_find_token = db.prepare(`
+ SELECT token FROM tokens WHERE user_id = ? AND datetime('now') < datetime(time, '+5 minutes')
`).pluck();
-const sql_verify_forgot_password_token = db.prepare(`
- SELECT COUNT(*) FROM forgot_password WHERE user_id = ? AND datetime('now') < datetime(time, '+20 minutes') AND token = ?
+const sql_verify_token = db.prepare(`
+ SELECT COUNT(*) FROM tokens WHERE user_id = ? AND datetime('now') < datetime(time, '+20 minutes') AND token = ?
`).pluck();
-const sql_create_forgot_password_token = db.prepare(`
- INSERT OR REPLACE INTO forgot_password VALUES ( ?, lower(hex(randomblob(16))), datetime('now') )
+const sql_create_token = db.prepare(`
+ INSERT OR REPLACE INTO tokens VALUES ( ?, lower(hex(randomblob(16))), datetime('now') )
`);
app.get('/forgot_password', function (req, res) {
@@ -405,10 +405,10 @@ app.post('/forgot_password', function (req, res) {
let mail = req.body.mail;
let user_id = sql_find_user_by_mail.get(mail);
if (user_id) {
- let token = sql_find_forgot_password_token.get(user_id);
+ let token = sql_find_token.get(user_id);
if (!token) {
- sql_create_forgot_password_token.run(user_id);
- token = sql_find_forgot_password_token.get(user_id);
+ sql_create_token.run(user_id);
+ token = sql_find_token.get(user_id);
console.log("FORGOT - create and mail token", token);
mail_password_reset_token(mail, token);
} else {
@@ -443,7 +443,7 @@ app.post('/reset_password', function (req, res) {
req.flash('message', "Password is too short!");
return res.redirect('/reset_password/'+mail+'/'+token);
}
- if (!sql_verify_forgot_password_token.get(user_id, token)) {
+ if (!sql_verify_token.get(user_id, token)) {
req.flash('message', "Invalid or expired token!");
return res.redirect('/reset_password/'+mail);
}
diff --git a/tools/sql/schema.txt b/tools/sql/schema.txt
index bd695f7..57e369e 100644
--- a/tools/sql/schema.txt
+++ b/tools/sql/schema.txt
@@ -1,7 +1,7 @@
CREATE TABLE IF NOT EXISTS users (
user_id INTEGER PRIMARY KEY,
- name TEXT UNIQUE,
- mail TEXT UNIQUE,
+ name TEXT UNIQUE COLLATE NOCASE,
+ mail TEXT UNIQUE COLLATE NOCASE,
password TEXT,
salt TEXT,
ctime TIMESTAMP,
@@ -18,7 +18,7 @@ CREATE TABLE IF NOT EXISTS notifications (
UNIQUE ( user_id, game_id )
);
-CREATE TABLE IF NOT EXISTS forgot_password (
+CREATE TABLE IF NOT EXISTS tokens (
user_id INTEGER PRIMARY KEY,
token TEXT,
time TIMESTAMP