Finalize user signin and session backend

players.rb

@@ -14,7 +14,7 @@ module Players
   end
 
   def self.rm_player(email)
-    DB["delete from Players where email = ?", email].delete
+    DB["delete from Players where email = ?", email].delete != 0
   end
 
   def self.mk_player(username, email, pass)
@@ -46,10 +46,6 @@ module Players
     ].insert
 
     send_email(:new, email, username, code)
-    Thread.new do
-      sleep 24 * 60 * 60
-      rm_player(email) unless verified?(email)
-    end
 
     "Successfully registered!"
   rescue ArgumentError => e
@@ -62,7 +58,12 @@ module Players
     DB["update Players set activation_code = ? where code = ?", "!", code].update != 0
   end
 
+  def self.unverified
+    DB["select * from Players where activation_code <> ?", "!"].all
+  end
+
   def self.pass_req(email)
+    return unless self[email]
     path = File.expand_path("db.json")
     json = File.exist?(path) ? JSON.parse(File.read(path)) : {}
     json["pass_num"] ||= 0
@@ -83,7 +84,8 @@ module Players
   end
 
   def self.pass_reset(new_pass, code)
-    DB["update Players set pass = ? where new_pass_code = ?", new_pass, code].update != 0
+    digest = XXhash.xxh32(new_pass, 1234)
+    DB["update Players set digest = ? where new_pass_code = ?", digest, code].update != 0
   end
 
   def self.[](email)
@@ -104,4 +106,11 @@ module Players
     player = self[email]
     player && player[:code] == "!"
   end
+
+  Thread.new do
+    sleep 60 * 60
+    unverified.each do |player|
+      rm_player(player[:email]) if player[:created_at] + 24 * 60 * 60 < Time.now
+    end
+  end
 end