使用 dcrypt 对密码进行哈希处理后,使用来自 MySQL 的 NodeJs 登录用户
Login User using NodeJs from MySQL after password has been hashed using dcrypt
我正在使用 NodeJs 和 MySQL 创建一个登录和注册应用程序。我使用 bcrypt 对密码进行了哈希处理,但是在用户注册后我无法使用电子邮件和密码登录。请协助
下面是注册代码片段
// registration
router.post('/register', (req,res)=>{
const name = req.body.name;
const email= req.body.email;
var password= req.body.password;
var password2 = req.body.password2;
let errors = [];
//Check required fields
if(!name || !email || !password || !password2){
errors.push({msg: 'Please fill in all the fields'});
res.send({message:'Please fill in all the fields'});
}
//Check passwords match
if(password != password2){
console.log('Passwords dont match');
errors.push({msg: 'Passwords dont match'});
res.send({message:'Passwords dont match'});
}
if(errors.length>0){
}else{
if(email){
db.query('SELECT * FROM users WHERE email = ?', [email],
(error, results, fields)=>{
if (results.length>0){
res.send('Email exists');
}else{
res.send('Reg success')
bcrypt.hash(password, salt, (err, hash)=> {
if(err)throw err;
password = hash;
db.query('INSERT INTO users(name, email, password) VALUES("'+name+'", "'+email+'", "'+password+'")',
[name, email, password]);
});
}
});
}else{
res.send('Enter Email');
};
}
});
这是登录代码片段
// login
router.post('/login', (req, res)=> {
const email = req.body.email;
const password = req.body.password
var hash = bcrypt.hashSync(password, 10);
const bcryptPassword = bcrypt.compareSync(password, hash);
if (email && bcryptPassword) {
db.query('SELECT password FROM users WHERE email = ? AND password = ?', [email,bcryptPassword],
(error, results, fields)=> {
if (results.length > 0 ) {
res.send("Successful");
} else {
res.send('Incorrect Email and/or Password!');
}
res.end();
});
} else {
res.send('Please enter Username and Password!');
res.end();
}
});
你打错了。不是 dcrypt,只是 bcrypt。这应该有效:
// login
router.post('/login', (req, res)=> {
const email = req.body.email;
const password = req.body.password
var hash = bcrypt.hashSync(password, 10);
const dcryptPassword = bcrypt.compareSync(password, hash); // this one was incorrect
if (email && dcryptPassword) {
db.query('SELECT password FROM users WHERE email = ? AND password = ?', [email,dcryptPassword],
(error, results, fields)=> {
if (results.length > 0 ) {
res.send("Successful");
} else {
res.send('Incorrect Email and/or Password!');
}
res.end();
});
} else {
res.send('Please enter Username and Password!');
res.end();
}
});
对同一个明文进行两次哈希处理,即使使用相同的盐也不会得到相同的哈希值。
您应该 select 来自用户 table 的电子邮件哈希,然后 运行:
bcrypt.compareSync(myPlaintextPassword, hash); // true
这应该告诉您输入的密码和数据库中的哈希值是否匹配。
bcrypt: To check a password - npm
像这样:
// login
router.post('/login', (req, res)=> {
const email = req.body.email;
const password = req.body.password;
if (email && password) {
db.query('SELECT password FROM users WHERE email = ?', [email],
(error, results, fields)=> {
if (bcrypt.compareSync(password, {hash from db})) {
res.send("Successful");
} else {
res.send('Incorrect Email and/or Password!');
}
res.end();
});
} else {
res.send('Please enter Username and Password!');
res.end();
}
});
还有:bcrypt: Why is async mode recommended over sync mode?
If you are using bcrypt on a simple script, using the sync mode is perfectly fine. However, if you are using bcrypt on a server, the async mode is recommended. This is because the hashing done by bcrypt is CPU intensive, so the sync version will block the event loop and prevent your application from servicing any other inbound requests or events. The async version uses a thread pool which does not block the main event loop.
我正在使用 NodeJs 和 MySQL 创建一个登录和注册应用程序。我使用 bcrypt 对密码进行了哈希处理,但是在用户注册后我无法使用电子邮件和密码登录。请协助
下面是注册代码片段
// registration
router.post('/register', (req,res)=>{
const name = req.body.name;
const email= req.body.email;
var password= req.body.password;
var password2 = req.body.password2;
let errors = [];
//Check required fields
if(!name || !email || !password || !password2){
errors.push({msg: 'Please fill in all the fields'});
res.send({message:'Please fill in all the fields'});
}
//Check passwords match
if(password != password2){
console.log('Passwords dont match');
errors.push({msg: 'Passwords dont match'});
res.send({message:'Passwords dont match'});
}
if(errors.length>0){
}else{
if(email){
db.query('SELECT * FROM users WHERE email = ?', [email],
(error, results, fields)=>{
if (results.length>0){
res.send('Email exists');
}else{
res.send('Reg success')
bcrypt.hash(password, salt, (err, hash)=> {
if(err)throw err;
password = hash;
db.query('INSERT INTO users(name, email, password) VALUES("'+name+'", "'+email+'", "'+password+'")',
[name, email, password]);
});
}
});
}else{
res.send('Enter Email');
};
}
});
这是登录代码片段
// login
router.post('/login', (req, res)=> {
const email = req.body.email;
const password = req.body.password
var hash = bcrypt.hashSync(password, 10);
const bcryptPassword = bcrypt.compareSync(password, hash);
if (email && bcryptPassword) {
db.query('SELECT password FROM users WHERE email = ? AND password = ?', [email,bcryptPassword],
(error, results, fields)=> {
if (results.length > 0 ) {
res.send("Successful");
} else {
res.send('Incorrect Email and/or Password!');
}
res.end();
});
} else {
res.send('Please enter Username and Password!');
res.end();
}
});
你打错了。不是 dcrypt,只是 bcrypt。这应该有效:
// login
router.post('/login', (req, res)=> {
const email = req.body.email;
const password = req.body.password
var hash = bcrypt.hashSync(password, 10);
const dcryptPassword = bcrypt.compareSync(password, hash); // this one was incorrect
if (email && dcryptPassword) {
db.query('SELECT password FROM users WHERE email = ? AND password = ?', [email,dcryptPassword],
(error, results, fields)=> {
if (results.length > 0 ) {
res.send("Successful");
} else {
res.send('Incorrect Email and/or Password!');
}
res.end();
});
} else {
res.send('Please enter Username and Password!');
res.end();
}
});
对同一个明文进行两次哈希处理,即使使用相同的盐也不会得到相同的哈希值。
您应该 select 来自用户 table 的电子邮件哈希,然后 运行:
bcrypt.compareSync(myPlaintextPassword, hash); // true
这应该告诉您输入的密码和数据库中的哈希值是否匹配。
bcrypt: To check a password - npm
像这样:
// login
router.post('/login', (req, res)=> {
const email = req.body.email;
const password = req.body.password;
if (email && password) {
db.query('SELECT password FROM users WHERE email = ?', [email],
(error, results, fields)=> {
if (bcrypt.compareSync(password, {hash from db})) {
res.send("Successful");
} else {
res.send('Incorrect Email and/or Password!');
}
res.end();
});
} else {
res.send('Please enter Username and Password!');
res.end();
}
});
还有:bcrypt: Why is async mode recommended over sync mode?
If you are using bcrypt on a simple script, using the sync mode is perfectly fine. However, if you are using bcrypt on a server, the async mode is recommended. This is because the hashing done by bcrypt is CPU intensive, so the sync version will block the event loop and prevent your application from servicing any other inbound requests or events. The async version uses a thread pool which does not block the main event loop.