我正在使用NodeJ和MySQL创建一个登录和注册应用程序。我使用bcrypt散列了密码,但是在用户注册后我无法使用电子邮件和密码登录。请协助
下面是注册代码段
// registration
router.post('/register', (req,res)=>{
const name = req.body.name;
const email= req.body.email;
var password= req.body.password;
var password2 = req.body.password2;
let errors = [];
//Check required fields
if(!name || !email || !password || !password2){
errors.push({msg: 'Please fill in all the fields'});
res.send({message:'Please fill in all the fields'});
}
//Check passwords match
if(password != password2){
console.log('Passwords dont match');
errors.push({msg: 'Passwords dont match'});
res.send({message:'Passwords dont match'});
}
if(errors.length>0){
}else{
if(email){
db.query('SELECT * FROM users WHERE email = ?', [email],
(error, results, fields)=>{
if (results.length>0){
res.send('Email exists');
}else{
res.send('Reg success')
bcrypt.hash(password, salt, (err, hash)=> {
if(err)throw err;
password = hash;
db.query('INSERT INTO users(name, email, password) VALUES("'+name+'", "'+email+'", "'+password+'")',
[name, email, password]);
});
}
});
}else{
res.send('Enter Email');
};
}
});
这是登录代码段
// login
router.post('/login', (req, res)=> {
const email = req.body.email;
const password = req.body.password
var hash = bcrypt.hashSync(password, 10);
const bcryptPassword = bcrypt.compareSync(password, hash);
if (email && bcryptPassword) {
db.query('SELECT password FROM users WHERE email = ? AND password = ?', [email,bcryptPassword],
(error, results, fields)=> {
if (results.length > 0 ) {
res.send("Successful");
} else {
res.send('Incorrect Email and/or Password!');
}
res.end();
});
} else {
res.send('Please enter Username and Password!');
res.end();
}
});
答案 0 :(得分:1)
将相同的明文哈希两次,即使使用相同的盐也不会产生相同的哈希。
您应该从用户表中为电子邮件选择哈希,然后运行:
bcrypt.compareSync(myPlaintextPassword, hash); // true
这应该告诉您是对还是错,输入的密码和db中的哈希是否匹配。
bcrypt: To check a password - npm
类似这样的东西:
// login
router.post('/login', (req, res)=> {
const email = req.body.email;
const password = req.body.password;
if (email && password) {
db.query('SELECT password FROM users WHERE email = ?', [email],
(error, results, fields)=> {
if (bcrypt.compareSync(password, {hash from db})) {
res.send("Successful");
} else {
res.send('Incorrect Email and/or Password!');
}
res.end();
});
} else {
res.send('Please enter Username and Password!');
res.end();
}
});
还:bcrypt: Why is async mode recommended over sync mode?
如果在简单脚本上使用bcrypt,则完全可以使用同步模式。但是,如果在服务器上使用bcrypt,则建议使用异步模式。这是因为bcrypt进行的哈希处理占用大量CPU,因此同步版本将阻止事件循环,并阻止您的应用程序处理任何其他入站请求或事件。异步版本使用不会阻止主事件循环的线程池。
答案 1 :(得分:0)
您有错字。它不是dcrypt,而只是bcrypt。这应该起作用:
// login
router.post('/login', (req, res)=> {
const email = req.body.email;
const password = req.body.password
var hash = bcrypt.hashSync(password, 10);
const dcryptPassword = bcrypt.compareSync(password, hash); // this one was incorrect
if (email && dcryptPassword) {
db.query('SELECT password FROM users WHERE email = ? AND password = ?', [email,dcryptPassword],
(error, results, fields)=> {
if (results.length > 0 ) {
res.send("Successful");
} else {
res.send('Incorrect Email and/or Password!');
}
res.end();
});
} else {
res.send('Please enter Username and Password!');
res.end();
}
});