diff --git a/src/inc/routes/admin.mjs b/src/inc/routes/admin.mjs index 4198027..c9bb83a 100644 --- a/src/inc/routes/admin.mjs +++ b/src/inc/routes/admin.mjs @@ -36,10 +36,6 @@ export default (router, tpl) => { return res.reply({ body: tpl.render("login", { error: msg, theme: req.theme }) }); }; - if (!username || !password || password.length < 20) { - return fail("Invalid username or password."); - } - if (await security.isRateLimited(ip, null, 'login')) { const msg = "Too many attempts."; if (req.headers['x-requested-with'] === 'XMLHttpRequest' || (req.headers.accept && req.headers.accept.includes('application/json'))) { @@ -48,6 +44,10 @@ export default (router, tpl) => { return res.reply({ code: 429, body: msg }); } + if (!username || !password || password.length < 20) { + return fail("Invalid username or password."); + } + const user = await db` select id, password, activated, banned, ban_reason, ban_expires, force_password_change from "user"