我使用nodeJS password-hash-and-salt库来加密密码,然后将其存储在数据库中。这很好用。当我尝试验证密码时出现问题。查看文档,它应该很简单......该示例完美无瑕,但验证以前存储在数据库中的哈希是否失败。我已经验证了哈希值没有在数据库中更改,并且查询时返回了哈希值...我还散列了一个字符串,然后尝试使用相同的字符串验证该字符串 - 代码(没有变量)。我一定是做错了......有人有什么想法吗? (下面的代码,此处的图书馆链接https://github.com/florianheinemann/password-hash-and-salt)
verifyPassword = function(user,pw){
// Connect to db
myuser = {};
var con = connect();
// Run query
con.query('SELECT UID,password FROM users WHERE username = ?', user, function(err,res){
if(err){ throw err; }
else {
myuser.userID = res[0].UID;
myuser.pswdV = res[0].password;
// Verifying hash
//console.log(pw);
//console.log(myuser.pswdV);
password(pw).verifyAgainst(myuser.pswdV, function(error, verified) {
//console.log(verified);
if(error)
throw new Error('Something went wrong!');
if(!verified) {
//socket.emit('popError','Invalid username or password. Please check your password and try again.');
//return {err:'Invalid username or password. Please check your password and try again.'}
console.log('Not verified');
} else {
var token = crypto.randomBytes(64);
token = buf.toString('hex');
myuser.secret = token;
delete myuser.pswdV;
con.query('UPDATE users SET magicSecret = ? WHERE username = ?', [token,user], function(err,res){
if(err) {
socket.emit('popError','Failed to login, this is a server problem.');
//return {err:'Failed to login, this is a server problem.'}
}
else {
socket.emit('login_success',myuser);
// return {err:myuser}
}
});
}
});
}
});
con.end(function(err) {
// The connection is terminated gracefully
// Ensures all previously enqueued queries are still
// before sending a COM_QUIT packet to the MySQL server.
});
};
请原谅调试代码...这可以让您了解我尝试做什么。如果你知道它失败的原因,请告诉我。