Skip to content

Commit 1078c19

Browse files
DefenderKDefenderK
authored
Update index.js
1 parent 667c438 commit 1078c19

File tree

1 file changed

+1
-38
lines changed

1 file changed

+1
-38
lines changed

routes/index.js

Lines changed: 1 addition & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ exports.index = function (req, res, next) {
3434
});
3535
};
3636

37-
// Insert new vulnerable code:
37+
// Vulnerable code:
3838

3939

4040
exports.loginHandler = function (req, res, next) {
@@ -101,43 +101,6 @@ exports.loginHandler = function (req, res, next) {
101101
};
102102
*/
103103

104-
// Add new vulnerable code
105-
/*
106-
107-
exports.loginHandler = function (req, res, next) {
108-
if (validator.isEmail(req.body.username)) {
109-
User.find({ username: req.body.username, password: req.body.password }, function (err, users) {
110-
if (users.length > 0) {
111-
const redirectPage = req.body.redirectPage
112-
const session = req.session
113-
const username = req.body.username
114-
return adminLoginSuccess(redirectPage, session, username, res)
115-
} else {
116-
return res.status(401).send()
117-
}
118-
});
119-
} else {
120-
return res.status(401).send()
121-
}
122-
};
123-
124-
125-
if (validator.isEmail(req.body.username)) {
126-
User.find({ username: req.body.username, password: req.body.password }, function (err, users) {
127-
if (users.length > 0) {
128-
const redirectPage = req.body.redirectPage
129-
const session = req.session
130-
const username = req.body.username
131-
return adminLoginSuccess(redirectPage, session, username, res)
132-
} else {
133-
return res.status(401).send()
134-
}
135-
});
136-
} else {
137-
return res.status(401).send()
138-
};
139-
*/
140-
141104
function adminLoginSuccess(redirectPage, session, username, res) {
142105
session.loggedIn = 1
143106

0 commit comments

Comments
 (0)