Only allow low case session names

d05bcfd3 · Dennis Willers · 9f0d0040 · d05bcfd3
Commit d05bcfd3 authored Jan 02, 2021 by Dennis Willers 🏀
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 10 deletions

events.js events.js +10 -10

No files found.
--- a/events.js
+++ b/events.js
@@ -20,7 +20,7 @@ function createRouter(db) {
    const isSession = function isSession(req, res, next) {
        const spielname = req.body.spielname;
-        if (spielname.match(/^[0-9a-zA-Z]+$/) != null) {
+        if (spielname.match(/^[0-9a-z]+$/) != null) {
            const sql = 'SELECT SessionName FROM Session WHERE SessionName = \''+spielname+'\';';
            console.log('isSession:' ,sql);
            db.query(
@@ -45,7 +45,7 @@ function createRouter(db) {
    const getGamestatus = function(req, res) {
        const spielname = req.body.spielname;
-        if (spielname.match(/^[0-9a-zA-Z]+$/) != null) {
+        if (spielname.match(/^[0-9a-z]+$/) != null) {
            const sql = 'SELECT SessionID, Red, Blue, RedTurn, ActiveExplainer, ActiveWatchdog FROM Gamestatus WHERE SessionID = (SELECT SessionID FROM Session WHERE SessionName = \"'+spielname+'\")';
            console.log('getGamestatus: ',sql);
            db.query(
@@ -76,7 +76,7 @@ function createRouter(db) {
    const addSession = function addSession(req, res) {
        const spielname = req.body.spielname;
-        if (spielname.match(/^[0-9a-zA-Z]+$/) != null) {
+        if (spielname.match(/^[0-9a-z]+$/) != null) {
            const sql = 'INSERT INTO Session (SessionName) VALUES (\"'+spielname+'\");';
            console.log('addSession1: ', sql);
            db.query(
@@ -128,7 +128,7 @@ function createRouter(db) {
    const getS2C = function getS2C(req, res) {
        const spielname = req.body.spielname;
-        if (spielname.match(/^[0-9a-zA-Z]+$/) != null) {
+        if (spielname.match(/^[0-9a-z]+$/) != null) {
            let card;
            const sql = 'SELECT Card.CardID, Solution, Tabu1, Tabu2, Tabu3, Tabu4, Tabu5 \n' +
                'FROM Card \n' +
@@ -186,7 +186,7 @@ function createRouter(db) {
    const isActiveExplainer = function isActiveExplainer(req, res, next) {
        const spielname = req.body.spielname;
-        if (spielname.match(/^[0-9a-zA-Z]+$/) != null) {
+        if (spielname.match(/^[0-9a-z]+$/) != null) {
            const sql = 'SELECT ActiveExplainer FROM Gamestatus WHERE SessionID = (SELECT SessionID FROM Session WHERE SessionName = \"'+spielname+'\")';
            console.log('isActiveExplainer: ',sql)
            db.query(
@@ -211,7 +211,7 @@ function createRouter(db) {
    const newRound = function newRound(req, res) {
        const spielname = req.body.spielname;
-        if (spielname.match(/^[0-9a-zA-Z]+$/) != null) {
+        if (spielname.match(/^[0-9a-z]+$/) != null) {
            const sql = 'UPDATE Gamestatus SET ActiveExplainer = 1, ActiveWatchdog=1 WHERE SessionID = (SELECT SessionID FROM Session WHERE SessionName = \"'+spielname+'\")';
            console.log('newRound: ', sql);
            db.query(
@@ -237,7 +237,7 @@ function createRouter(db) {
    function endRound(req) {
        const spielname = req.body.spielname;
-        if (spielname.match(/^[0-9a-zA-Z]+$/) != null) {
+        if (spielname.match(/^[0-9a-z]+$/) != null) {
            const sql = 'UPDATE Gamestatus SET RedTurn = (SELECT 1-Gamestatus.RedTurn FROM Gamestatus INNER JOIN Session ON Session.SessionID=Gamestatus.SessionID WHERE Session.SessionName = \"'+spielname+'\"),  ActiveExplainer = 0, ActiveWatchdog=0 WHERE SessionID = (SELECT SessionID FROM Session WHERE SessionName = \"'+spielname+'\")';
            console.log('endRound: ', sql);
            db.query(
@@ -263,7 +263,7 @@ function createRouter(db) {
    const newGame = function newGame(req, res) {
        const spielname = req.body.spielname;
-        if (spielname.match(/^[0-9a-zA-Z]+$/) != null) {
+        if (spielname.match(/^[0-9a-z]+$/) != null) {
            const sql = 'UPDATE Gamestatus SET Red = 0, Blue = 0, RedTurn = '+Math.round(Math.random())+' WHERE SessionID = (SELECT SessionID FROM Session WHERE SessionName = \"'+spielname+'\")';
            console.log('newGame: ', sql);
            db.query(
@@ -289,7 +289,7 @@ function createRouter(db) {
        console.log(req.body);
        const spielname = req.body.spielname;
        const team = req.body.team;
-        if (spielname.match(/^[0-9a-zA-Z]+$/) != null && team.match(/^[0-9a-zA-Z]+$/) != null) {
+        if (spielname.match(/^[0-9a-z]+$/) != null && team.match(/^[0-9a-z]+$/) != null) {
            if (team === 'red') {
                const sql = 'UPDATE Gamestatus SET Red = 1+(SELECT Red FROM Gamestatus WHERE SessionID = (SELECT SessionID FROM Session WHERE SessionName = \"'+spielname+'\")) WHERE SessionID = (SELECT SessionID FROM Session WHERE SessionName = \"'+spielname+'\")';
                console.log('addPoint Red:', sql);
@@ -340,7 +340,7 @@ function createRouter(db) {
        console.log(req.body);
        const spielname = req.body.spielname;
        const team = req.body.team;
-        if (spielname.match(/^[0-9a-zA-Z]+$/) != null && team.match(/^[0-9a-zA-Z]+$/) != null) {
+        if (spielname.match(/^[0-9a-z]+$/) != null && team.match(/^[0-9a-z]+$/) != null) {
            if (team === 'red') {
                const sql = 'UPDATE Gamestatus SET Red = -1+(SELECT Red FROM Gamestatus WHERE SessionID = (SELECT SessionID FROM Session WHERE SessionName = \"'+spielname+'\")) WHERE SessionID = (SELECT SessionID FROM Session WHERE SessionName = \"'+spielname+'\")';
                console.log('removePoint Red: ', sql);