From 06e99247771046b262ef100426a9af94508e7155 Mon Sep 17 00:00:00 2001
From: Mystikfluu <Mystikfluu@gmail.com>
Date: Wed, 25 May 2022 17:36:37 +0200
Subject: [PATCH] usernames now allow non-utf8 characters as well

---
 js/posts.js |  4 ++--
 server.js   | 16 ++++++++--------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/js/posts.js b/js/posts.js
index 5c28fea..e8c3661 100644
--- a/js/posts.js
+++ b/js/posts.js
@@ -54,7 +54,7 @@ document.getElementById("post-btn").addEventListener("click",async function() {
     alert(`Error, your message cant contain more than 1000 characters! (${len})`)
     return
   }
-  let r = await post("/api/post",{"message":encodeURIComponent(document.getElementById("post-text").value)})
+  let r = await post("/api/post",{"message":document.getElementById("post-text").value})
   if(window.location.href.split("?mention=")[1])location.replace('/posts');
   document.getElementById("post-text").value=""
 })
@@ -132,7 +132,7 @@ async function main(){
   if(!last_10_posts)return;
   document.getElementById("posts").innerHTML = ""
   last_10_posts.forEach((item, i) => {
-    createPost(item.post_user_name,decodeURIComponent(atob(item.post_text)),item.post_time,item.post_special_text,item.post_id)
+    createPost(decodeURIComponent(atob(item.post_user_name)),decodeURIComponent(atob(item.post_text)),item.post_time,item.post_special_text,item.post_id)
   });
 
   let links = document.getElementsByClassName("insertedlink")
diff --git a/server.js b/server.js
index 5908b48..7606ee0 100644
--- a/server.js
+++ b/server.js
@@ -257,14 +257,14 @@ router.get("/api/getotheruser",async function(req,res) {
 })
 
 router.post("/api/post", async function(req,res) {
-  req.body.message = req.body.message.trim()
+  req.body.message = encodeURIComponent(req.body.message.trim())
   if(!req.body.message) {
     res.json({"error":"no message to post"})
     return
   }
 
   let sql = `insert into zerotwohub.posts (post_user_name,post_text,post_time) values (?,?,?);`
-  let values = [res.locals.username,b64(req.body.message),Date.now()]
+  let values = [b64(encodeURIComponent(res.locals.username)),b64(req.body.message),Date.now()]
   con.query(sql, values, function (err, result) {
     if (err) throw err;
     console.log(result);
@@ -303,7 +303,7 @@ router.post("/api/setBio", async function(req,res) {
     return
   }
   let sql = `update zerotwohub.users set User_Bio=? where User_Name=?`
-  con.query(sql, [b64(bio),b64(res.locals.username)], function (err, result) {
+  con.query(sql, [b64(encodeURIComponent(bio)),b64(encodeURIComponent(res.locals.username))], function (err, result) {
     if (err) throw err;
     res.json({"success":"updated bio"})
   });
@@ -434,7 +434,7 @@ router.post("/register",async function(req,res) {
     return
   }
   let userexistssql = `SELECT User_Name from zerotwohub.users where User_Name = ?`
-  con.query(userexistssql,[b64(username)],function(error,result) {
+  con.query(userexistssql,[b64(encodeURIComponent(username))],function(error,result) {
     if(result && result[0] && result[0].User_Name) {
       res.status(400)
       res.redirect("/register?success=false&reason=already_exists")
@@ -442,7 +442,7 @@ router.post("/register",async function(req,res) {
     }
     let hashed_pw = SHA256(password,username,HASHES_DB)
     let ip = req.socket.remoteAddress
-    let values = [b64(username),hashed_pw, Date.now(), ip, ip]
+    let values = [b64(encodeURIComponent(username)),hashed_pw, Date.now(), ip, ip]
     let sql = `INSERT INTO zerotwohub.users (User_Name, User_PW, User_CreationStamp, User_CreationIP, User_LastIP) VALUES (?, ?, ?, ? ,?);`
     con.query(sql, values, function (err, result) {
       if (err) throw err;
@@ -485,8 +485,8 @@ router.post("/login",async function(req,res) {
   let hashed_pw = SHA256(password,username,HASHES_DB)
 
   let userexistssql = `SELECT User_Name,User_PW,User_LastIP from zerotwohub.users where User_Name = ? and User_PW = ?;`
-  con.query(userexistssql,[b64(username),hashed_pw],function(error,result) {
-    if(result && result[0] && result[0].User_Name && result[0].User_Name==b64(username) && result[0].User_PW && result[0].User_PW == hashed_pw) {
+  con.query(userexistssql,[b64(encodeURIComponent(username)),hashed_pw],function(error,result) {
+    if(result && result[0] && result[0].User_Name && result[0].User_Name==b64(encodeURIComponent(username)) && result[0].User_PW && result[0].User_PW == hashed_pw) {
       let ip = req.socket.remoteAddress
       let setTo = username + " " + SHA256(password,username,HASHES_COOKIE)
       let cookiesigned = signature.sign(setTo, cookiesecret+ip);
@@ -494,7 +494,7 @@ router.post("/login",async function(req,res) {
       res.redirect("/user?success=true")
       if(result[0].User_LastIP != ip) {
         let sql = `update zerotwohub.users set User_LastIP = ? where User_Name = ?;`
-        con.query(sql,[ip,b64(username)],function(error,result) {
+        con.query(sql,[ip,b64(encodeURIComponent(username))],function(error,result) {
           if(error)throw error
         })
       }