2023-08-13 10:15:47 (UTC-03:00)

Marcel Rodrigues <marcelgmr@gmail.com>

add password confirmation in /join

diff --git a/skopos.lua b/skopos.lua
index 0550424..c40e828 100644
--- a/skopos.lua
+++ b/skopos.lua
@@ -70,6 +70,9 @@ function App:routes()
         if #pass == 0 then  -- empty password
             return fail_path, 303
         end
+        if pass ~= req.form.passconfirm then -- invalid password confirmation
+            return fail_path, 303
+        end
         if self.model:get_user(nick) ~= nil then  -- user already exists
             return fail_path, 303
         end

diff --git a/view/join.html b/view/join.html
index bf0a857..a54d199 100644
--- a/view/join.html
+++ b/view/join.html
@@ -30,6 +30,7 @@
       </li>
       <li><input type="text" class="flat-field" name="realname" placeholder="Real Name" required></li>
       <li><input type="password" class="flat-field" name="password" placeholder="Password" required></li>
+      <li><input type="password" class="flat-field" name="passconfirm" placeholder="Confirm Password" required></li>
       <li><input type="submit" class="flat-button" value="Join"></li>
     </ul>
   </form>