var db = require("../utils/database");
var maild = require("../utils/mailer.js");
-var TokenGen = require("../utils/tokenGenerator");
+var genToken = require("../utils/tokenGenerator");
+var params = require("../config/parameters");
/*
* Structure:
* notify: boolean (send email notifications for corr games)
*/
-// User creation
+// NOTE: parameters are already cleaned (in controller), thus no sanitization here
exports.create = function(name, email, notify, callback)
{
db.serialize(function() {
- const query =
+ const insertQuery =
"INSERT INTO Users " +
"(name, email, notify) VALUES " +
"('" + name + "', '" + email + "', " + notify + ")";
- db.run(query, callback); //TODO: need to get the inserted user (how ?)
+ db.run(insertQuery, err => {
+ if (!!err)
+ return callback(err);
+ db.get("SELECT last_insert_rowid() AS rowid", callback);
+ });
});
}
const delimiter = (typeof value === "string" ? "'" : "");
db.serialize(function() {
const query =
- "SELECT * FROM Users " +
+ "SELECT * " +
+ "FROM Users " +
"WHERE " + by + " = " + delimiter + value + delimiter;
db.get(query, cb);
});
db.serialize(function() {
const query =
"UPDATE Users " +
- "SET loginToken = " + token + " AND loginTime = " + Date.now() + " " +
+ "SET loginToken = '" + token + "', loginTime = " + Date.now() + " " +
"WHERE id = " + uid;
db.run(query, cb);
});
{
// Also empty the login token to invalidate future attempts
db.serialize(function() {
- const querySessionTOken =
+ const querySessionToken =
"SELECT sessionToken " +
"FROM Users " +
"WHERE id = " + uid;
- db.get(querySessionToken, (err,token) => {
+ db.get(querySessionToken, (err,ret) => {
if (!!err)
return cb(err);
- const newToken = token || TokenGen.generate(params.token.length);
+ const token = ret.sessionToken || genToken(params.token.length);
const queryUpdate =
"UPDATE Users " +
- "SET loginToken = NULL " +
- (!token ? "AND sessionToken = " + newToken + " " : "") +
+ "SET loginToken = NULL" +
+ (!ret.sessionToken ? (", sessionToken = '" + token + "'") : "") + " " +
"WHERE id = " + uid;
db.run(queryUpdate);
- cb(null, newToken);
+ cb(null, token);
});
});
}
db.serialize(function() {
const query =
"UPDATE Users " +
- "SET name = " + user.name +
- " AND email = " + user.email +
- " AND notify = " + user.notify + " " +
- "WHERE id = " + user._id;
+ "SET name = '" + user.name + "'" +
+ ", email = '" + user.email + "'" +
+ ", notify = " + user.notify + " " +
+ "WHERE id = " + user.id;
db.run(query, cb);
});
}