When reigstering a user I request two reads from the database to see if there is a username and email and then I write if the checks pass.. Can anyone tell me if this code will block other users?
I am using node with express.js and mongojs.
I know I am saving passwords in plaintext.. This will be changed.
app.post('/register', function(req, res) {
var checked = 0;
var errors = [];
var finishedCheck = function() {
checked++;
register();
}
var register = function() {
if(checked === 2){
if(errors.length > 0) {
console.log('errors', errors);
res.statusCode = 409;
res.send(errors);
} else {
var newuser = {
username: req.body.username,
uppercase: req.body.username.toUpperCase(),
password:req.body.password,
email: req.body.email.toLowerCase(),
userLevel: 0,
createdOn: new Date()
};
db.users.save(newuser, function(err, val){
if(!err) {
req.session.userid = val['_id'];
res.end();
} else {
res.statusCode = 406;
res.end(['Something went wrong', err]);
}
});
}
}
}
var check = function(username, email) {
console.log('chekc');
db.users.ensureIndex({email:1},{unique:true});
db.users.ensureIndex({uppercase:1},{unique:true});
if(!username.match(/^[A-Za-z0-9_]*$/)) {
errors.push('Username is invalid');
finishedCheck();
} else {
db.users.findOne({uppercase: username}, function(err, val) {
if(val) {
errors.push('Username Taken');
}
finishedCheck();
});
}
//check if the is a valid email address if so then check to see if its already registered
if(!email.match(/^[-a-z0-9~!$%^&*_=+}{\'?]+(\.[-a-z0-9~!$%^&*_=+}{\'?]+)*@([a-z0-9_][-a-z0-9_]*(\.[-a-z0-9_]+)*\.(aero|arpa|biz|com|coop|edu|gov|info|int|mil|museum|name|net|org|pro|travel|mobi|[a-z][a-z])|([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}))(:[0-9]{1,5})?$/i)) {
errors.push('Email is invalid');
finishedCheck();
} else {
db.users.findOne({email: email}, function(err, val) {
if(val) {
errors.push('Email is already in the database');
}
finishedCheck();
});
}
};
check(req.body.username.toUpperCase(), req.body.email.toLowerCase());
});
