diff --git a/public/login.html b/public/login.html
index b7d8c23..9b519c9 100644
--- a/public/login.html
+++ b/public/login.html
@@ -73,8 +73,8 @@ Create your account
-
+
@@ -125,14 +125,18 @@ Create your account
e.preventDefault();
document.getElementById('register-err').classList.add('hidden');
const btn = e.target.querySelector('button[type=submit]');
+ const email = document.getElementById('r-email').value.trim();
+ const pw = document.getElementById('r-password').value;
+ if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) { showErr('register-err', 'Please provide a valid email address'); return; }
+ if (pw.length < 8) { showErr('register-err', 'Password must be at least 8 characters'); return; }
btn.textContent = 'Creating...'; btn.disabled = true;
try {
const res = await fetch('/api/register', { method:'POST', headers:{'Content-Type':'application/json'},
body: JSON.stringify({
name: document.getElementById('r-name').value.trim(),
username: document.getElementById('r-username').value.trim(),
- email: document.getElementById('r-email').value.trim(),
- password: document.getElementById('r-password').value,
+ email: email,
+ password: pw,
}) });
const data = await res.json();
if (!res.ok) throw new Error(data.error || 'Registration failed');
diff --git a/src/worker.py b/src/worker.py
index 9656277..3de1ae0 100644
--- a/src/worker.py
+++ b/src/worker.py
@@ -563,6 +563,8 @@ async def api_register(req, env):
if not username or not email or not password:
return err("username, email, and password are required")
+ if not re.fullmatch(r"[^@\s]+@[^@\s]+\.[^@\s]+", email):
+ return err("Please provide a valid email address")
if len(password) < 8:
return err("Password must be at least 8 characters")