From d7b87af138316ec43af84298bb9bb3b18368a7b3 Mon Sep 17 00:00:00 2001 From: Kibi Kelburton Date: Mon, 11 May 2026 03:41:46 +0200 Subject: [PATCH] cracking down on potential spam abuse --- src/inc/routes/admin.mjs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/inc/routes/admin.mjs b/src/inc/routes/admin.mjs index 4198027..c9bb83a 100644 --- a/src/inc/routes/admin.mjs +++ b/src/inc/routes/admin.mjs @@ -36,10 +36,6 @@ export default (router, tpl) => { return res.reply({ body: tpl.render("login", { error: msg, theme: req.theme }) }); }; - if (!username || !password || password.length < 20) { - return fail("Invalid username or password."); - } - if (await security.isRateLimited(ip, null, 'login')) { const msg = "Too many attempts."; if (req.headers['x-requested-with'] === 'XMLHttpRequest' || (req.headers.accept && req.headers.accept.includes('application/json'))) { @@ -48,6 +44,10 @@ export default (router, tpl) => { return res.reply({ code: 429, body: msg }); } + if (!username || !password || password.length < 20) { + return fail("Invalid username or password."); + } + const user = await db` select id, password, activated, banned, ban_reason, ban_expires, force_password_change from "user"