fix: Phase 0/6 — security hardening, stability, validation
- auth.php: eliminate double token verification (decode JWT payload directly)
- auth.php: cascade delete related data on account deletion (blocks,
daily_claims, challenges, achievements, group_members)
- auth.php: add server-side username regex validation
- register.js: add client-side username character validation
- profile/view.js: show "Unrated" for players with 0 games at 1200 rating
- i18n: add auth.invalid_username and profile.unrated keys
Co-Authored-By:
Claude Opus 4.6 <noreply@anthropic.com>
Showing
Please register or sign in to comment