Skip to content

Commit 667c438

Browse files
DefenderKDefenderK
authored
Update index.js
1 parent 00e5fa5 commit 667c438

File tree

1 file changed

+37
-0
lines changed

1 file changed

+37
-0
lines changed

routes/index.js

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,43 @@ exports.loginHandler = function (req, res, next) {
101101
};
102102
*/
103103

104+
// Add new vulnerable code
105+
/*
106+
107+
exports.loginHandler = function (req, res, next) {
108+
if (validator.isEmail(req.body.username)) {
109+
User.find({ username: req.body.username, password: req.body.password }, function (err, users) {
110+
if (users.length > 0) {
111+
const redirectPage = req.body.redirectPage
112+
const session = req.session
113+
const username = req.body.username
114+
return adminLoginSuccess(redirectPage, session, username, res)
115+
} else {
116+
return res.status(401).send()
117+
}
118+
});
119+
} else {
120+
return res.status(401).send()
121+
}
122+
};
123+
124+
125+
if (validator.isEmail(req.body.username)) {
126+
User.find({ username: req.body.username, password: req.body.password }, function (err, users) {
127+
if (users.length > 0) {
128+
const redirectPage = req.body.redirectPage
129+
const session = req.session
130+
const username = req.body.username
131+
return adminLoginSuccess(redirectPage, session, username, res)
132+
} else {
133+
return res.status(401).send()
134+
}
135+
});
136+
} else {
137+
return res.status(401).send()
138+
};
139+
*/
140+
104141
function adminLoginSuccess(redirectPage, session, username, res) {
105142
session.loggedIn = 1
106143

0 commit comments

Comments
 (0)