|
|
@ -8,8 +8,12 @@ module.exports = async (req, res, next) => { |
|
|
|
|
|
|
|
|
|
|
|
const username = req.body.username.toLowerCase(); |
|
|
|
const username = req.body.username.toLowerCase(); |
|
|
|
const password = req.body.password; |
|
|
|
const password = req.body.password; |
|
|
|
const goto = req.body.goto || '/account.html'; |
|
|
|
let goto = req.body.goto; |
|
|
|
const failRedirect = `/login.html${goto ? '?goto='+goto : ''}` |
|
|
|
// we don't want to redirect the user to random sites
|
|
|
|
|
|
|
|
if (goto == null || !/^\/[0-9a-zA-Z][0-9a-zA-Z._/-]*$/.test(goto)) { |
|
|
|
|
|
|
|
goto = '/account.html'; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
const failRedirect = `/login.html${goto ? '?goto='+encodeURIComponent(goto) : ''}` |
|
|
|
|
|
|
|
|
|
|
|
//fetch an account
|
|
|
|
//fetch an account
|
|
|
|
const account = await Accounts.findOne(username); |
|
|
|
const account = await Accounts.findOne(username); |
|
|
|