new_user: function(config,callback){ if (!config.firstname||!config.lastname||!config.username||!config.email||!config.password) { callback({"Error": {"error_message": "DATA_NOT_SET", "message_type": "CONFIG"}}); }else{ // Limit character input config.firstname = config.firstname.replace(/[^a-zA-Z\-_]/,""); config.lastname = config.lastname.replace(/[^a-zA-Z\-_]/,""); config.username = config.username.replace(/[^a-zA-Z\-_]/,""); var salt = crypto.random_hash(); var hash = crypto.pbkdf2(config.password,salt); if (!hash.Error) { var new_user = { username: config.username, firstname: config.firstname, lastname: config.lastname, hash: hash, salt: salt, email: config.email, }; database.insert('users', new_user, function(result){ if (result.Error) { if (result.Error.error_message.name == "MongoError" && result.Error.error_message.code == 11000) { callback({"Error": {"error_message": "USER_EXISTS", "message_type": "CONFIG"}}); }else{ callback(result); } }else{ var the_user = new user(new_user.username); the_user.load(callback); } }); }else{ callback({"Error": {"error_message": hash.Error.error_message, "message_type": "CRYPTO"}}); } } },
database.findOne('users', {username: username}, function(error, result) { if (result !== null) { var salt = result.salt; common_crypto.pbkdf2(password, salt, function(error, hash) { if (!error) { if (hash === null || result.password === null) { callback(new Error("Login error"), null); } else if (hash == result.password) { create_new_session(username, callback); } else { callback(new Error("Invalid username/password"), null); } } else { callback(error, null); } }); } else { callback(new Error("Invalid username/password"), null); } });