Accounts with too short username/password being saved to db

[gmjehovich]

login.py currently calls account.save() before checks are done for username/password length requirements. However, the client will actually still do a check for whether or not the username/password lengths are too short, and the account won't actually be able to be accessed. This results in a 'ghost account' being saved to the DB that can never be accessed.

The fix should be pretty straightforward; just move the logic that calls account.save() to the end of login.py after all the validation checks are done and right before res is returned.

[Snaacky]

Fixed in #123. Open a new issue if still occurring.