diff --git a/index.js b/index.js index 066060cde12c0df6973117d40a976e0cab951b58..b6be466f1a06db7e2de8c36bc97fee93ea0e504c 100644 --- a/index.js +++ b/index.js @@ -104,17 +104,20 @@ app.post('/signup', (req, res) => { app.post('/login', (req, res) => { if (!req.body.username || !req.body.password) { return res.redirect('/signup'); + } else if (req.session.user) { + error(req, res, 'User already logged in', 'You must logout before log in.') + } else { + User.findOne({ username: req.body.username }, (err, user) => { + err ? error(req, res, 'Error fetching user', err) : null; + if (bcrypt.compareSync(req.body.password, user.passwordHash)) { + req.session.user = user; + return res.redirect(req.query.nextUrl || '/'); + } else { + error(req, res, 'Bad credentials') + return res.redirect('/signup'); + } + }); } - User.findOne({ username: req.body.username }, (err, user) => { - err ? error(req, res, 'Error fetching user', err) : null; - if (bcrypt.compareSync(req.body.password, user.passwordHash)) { - req.session.user = user; - return res.redirect(req.query.nextUrl || '/'); - } else { - error(req, res, 'Bad credentials') - return res.redirect('/signup'); - } - }); }); app.post('/logout', (req, res) => { req.session.destroy();