我有一个注册页面,用户可以在上面向数据库发送请求。 在发送请求之前,我使用salt+hash算法修改密码。
来自数据库的示例:
用户名:AUSER1234
密码:密码12345
哈希:$2B$13$DTBZ4IEMDEXKQHWCL7LZQE8NKNYKBVA2MQWK8GNPDLWC4O6HYVEW2
我试图从数据库中获取散列密码,但我的代码有三个问题。
GetConnection().Query()...Await BCrypt.Compare(password,hashedPassowrd);
router.post回调函数是否也需要async?router.post('/user_login', async (req, res) => { //Does this needs to be an async callback function?
const username = req.body.thisUsername; //aUser1234
const password = req.body.thisPassword; //password12345
const sqlString = "SELECT username FROM student_demographics WHERE username = ?";
getConnection().query(sqlString, [username], async (err, results, fields) => {
if(err){
res.sendStatus(500);
}
if(results.length){
console.log("NO ERRORS HERE"); //WORKS OKAY UNTIL HERE
//HOW TO GET HASHED PASSWORD AND STORE IT ON VARIABLE
const isValid = await bcrypt.compare(password, hashedPassowrd); //ERROR
if(isValid){
//PASSWORD MATCHED
res.redirect('/homePage.html');
res.end();
}else{
//PASSWORD DIDN'T MATCH
res.redirect('/login.html');
}
}else{ //THE USERNAME DOES NOT exists
console.log(" > The username or password are invalid :(")
res.redirect('/login.html');
res.end();
}
});
});
您需要从数据库中选择哈希密码进行比较。
也许是这样的:
router.post("/user_login", (req, res) => {
const username = req.body.thisUsername; //aUser1234
const password = req.body.thisPassword; //password12345
const sqlString = "SELECT hashed_password FROM student_demographics WHERE username = ? LIMIT 1";
getConnection().query(sqlString, [username], async (err, results, fields) => {
if (err) {
console.log(err);
res.sendStatus(500);
return;
}
if (!results.length) {
console.log(" > The username is invalid :(");
res.redirect("/login.html");
res.end();
return;
}
const [hashedPassword] = results[0];
const isValid = await bcrypt.compare(password, hashedPassword);
if (isValid) {
//PASSWORD MATCHED
res.redirect("/homePage.html");
res.end();
} else {
console.log(" > The password is invalid :(");
res.redirect("/login.html");
res.end();
return;
}
});
});
注意,您没有对登录信息进行任何操作(您可能希望将其保存在会话或cookie中)。
