From 50c7e3972ca7b7f08fcf12aaf6a2ac8227304b43 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C5=91cze=20Bence?= <bence@pocze.ch>
Date: Thu, 18 Jun 2020 16:12:40 +0200
Subject: [PATCH 1/2] MAPG-151 check email address validity on server side

---
 public/static/js/signup.js          | 3 +++
 src/Controller/SignupController.php | 5 +++++
 2 files changed, 8 insertions(+)

diff --git a/public/static/js/signup.js b/public/static/js/signup.js
index 4031b32..91836f6 100644
--- a/public/static/js/signup.js
+++ b/public/static/js/signup.js
@@ -14,6 +14,9 @@
             if (this.response.error) {
                 var errorText;
                 switch (this.response.error) {
+                    case 'email_not_valid':
+                        errorText = 'The given email address is not valid.'
+                        break;
                     case 'passwords_too_short':
                         errorText = 'The given password is too short. Please choose a password that is at least 6 characters long!'
                         break;
diff --git a/src/Controller/SignupController.php b/src/Controller/SignupController.php
index ea049bc..b50bfe2 100644
--- a/src/Controller/SignupController.php
+++ b/src/Controller/SignupController.php
@@ -43,6 +43,11 @@ class SignupController
             return new JsonContent($data);
         }
 
+        if (filter_var($this->request->post('email'), FILTER_VALIDATE_EMAIL) === false) {
+            $data = ['error' => 'email_not_valid'];
+            return new JsonContent($data);
+        }
+
         $select = new Select(\Container::$dbConnection, 'users');
         $select->columns(User::getFields());
         $select->where('email', '=', $this->request->post('email'));

From e014bf9dc106a968277c23fff5d7393ad06b418a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C5=91cze=20Bence?= <bence@pocze.ch>
Date: Thu, 18 Jun 2020 16:15:03 +0200
Subject: [PATCH 2/2] MAPG-151 add some client side input checks

---
 views/login.php         | 4 ++--
 views/profile.php       | 4 ++--
 views/signup/signup.php | 6 +++---
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/views/login.php b/views/login.php
index 4d74970..1dfdd94 100644
--- a/views/login.php
+++ b/views/login.php
@@ -9,8 +9,8 @@ $jsFiles = [
     <h2>Login</h2>
     <div class="box">
         <form id="loginForm" action="/login" method="post">
-            <input class="big fullWidth" type="email" name="email" placeholder="Email address" autofocus>
-            <input class="big fullWidth marginTop" type="password" name="password" placeholder="Password">
+            <input class="big fullWidth" type="email" name="email" placeholder="Email address" required autofocus>
+            <input class="big fullWidth marginTop" type="password" name="password" placeholder="Password" required minlength="6">
             <p id="loginFormError" class="formError justify marginTop"></p>
             <div class="right marginTop">
                 <button type="submit">Login</button>
diff --git a/views/profile.php b/views/profile.php
index dc96db1..7154c8c 100644
--- a/views/profile.php
+++ b/views/profile.php
@@ -11,8 +11,8 @@ $jsFiles = [
         <form id="profileForm" action="/profile" method="post">
             <?php /* TODO: disabled for the time being, email modification should be implemented */ ?>
             <input class="big fullWidth" type="email" name="email" placeholder="Email address" value="<?= $user['email'] ?>" disabled>
-            <input class="big fullWidth marginTop" type="password" name="password_new" placeholder="New password" autofocus>
-            <input class="big fullWidth marginTop" type="password" name="password_new_confirm" placeholder="New password confirmation">
+            <input class="big fullWidth marginTop" type="password" name="password_new" placeholder="New password" minlength="6" autofocus>
+            <input class="big fullWidth marginTop" type="password" name="password_new_confirm" placeholder="New password confirmation" minlength="6">
             <hr>
             <input class="big fullWidth" type="password" name="password" placeholder="Current password">
             <p id="profileFormError" class="formError justify marginTop"></p>
diff --git a/views/signup/signup.php b/views/signup/signup.php
index e6be4e4..c2c12bc 100644
--- a/views/signup/signup.php
+++ b/views/signup/signup.php
@@ -9,9 +9,9 @@ $jsFiles = [
     <h2>Sign up</h2>
     <div class="box">
         <form id="signupForm" action="/signup" method="post">
-            <input class="big fullWidth" type="email" name="email" placeholder="Email address" autofocus>
-            <input class="big fullWidth marginTop" type="password" name="password" placeholder="Password">
-            <input class="big fullWidth marginTop" type="password" name="password_confirm" placeholder="Password confirmation">
+            <input class="big fullWidth" type="email" name="email" placeholder="Email address" required autofocus>
+            <input class="big fullWidth marginTop" type="password" name="password" placeholder="Password" required minlength="6">
+            <input class="big fullWidth marginTop" type="password" name="password_confirm" placeholder="Password confirmation" required minlength="6">
             <p id="signupFormError" class="formError justify marginTop"></p>
             <div class="right marginTop">
                 <button type="submit">Sign up</button>