prevent duplicate email registering
This commit is contained in:
@@ -382,9 +382,22 @@ export default router => {
|
||||
group.put(/\/email/, lib.loggedin, async (req, res) => {
|
||||
const { email } = req.post;
|
||||
if (!email || !email.trim()) return res.json({ success: false, msg: 'Email is required' }, 400);
|
||||
if (!email.includes('@')) return res.json({ success: false, msg: 'Invalid email address' }, 400);
|
||||
const cleanEmail = email.trim();
|
||||
if (!cleanEmail.includes('@')) return res.json({ success: false, msg: 'Invalid email address' }, 400);
|
||||
|
||||
await db`update "user" set email = ${email.trim()} where id = ${+req.session.id}`;
|
||||
// Check if email is already taken by another user
|
||||
const existing = await db`
|
||||
select id from "user"
|
||||
where lower(email) = lower(${cleanEmail})
|
||||
and id != ${+req.session.id}
|
||||
limit 1
|
||||
`;
|
||||
|
||||
if (existing.length > 0) {
|
||||
return res.json({ success: false, msg: 'Email already in use' }, 400);
|
||||
}
|
||||
|
||||
await db`update "user" set email = ${cleanEmail} where id = ${+req.session.id}`;
|
||||
return res.json({ success: true, msg: 'Email updated successfully' }, 200);
|
||||
});
|
||||
|
||||
|
||||
@@ -110,8 +110,22 @@ export default (router, tpl) => {
|
||||
}
|
||||
|
||||
// Check user existence
|
||||
const existing = await db`select id from "user" where "login" = ${username.toLowerCase()} or "user" = ${username}`;
|
||||
if (existing.length > 0) return renderError("Username taken");
|
||||
const existing = await db`
|
||||
select id, login, email
|
||||
from "user"
|
||||
where "login" = ${username.toLowerCase()}
|
||||
or "user" = ${username}
|
||||
or ("email" is not null and "email" = ${email})
|
||||
`;
|
||||
|
||||
if (existing.length > 0) {
|
||||
// Check if it was the email that matched
|
||||
const emailMatch = existing.find(u => u.email && u.email.toLowerCase() === (email || '').toLowerCase());
|
||||
if (emailMatch) {
|
||||
return renderError("Email already registered");
|
||||
}
|
||||
return renderError("Username taken");
|
||||
}
|
||||
|
||||
// Create User
|
||||
const hash = await lib.hash(password);
|
||||
|
||||
Reference in New Issue
Block a user