wmantly/mp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update with pass hashing and login

Browse Source
This commit is contained in:
BIG2EYEZ 2023-12-19 21:43:07 +08:00
parent 6fcf603603
commit 1cd8d62469
4 changed files with 275 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Sean/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
.env
node_modules

245
Sean/server.js
View File

@ -6,6 +6,8 @@ const bcrypt = require('bcrypt');
const app = express(); const app = express();
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json());
const PORT = process.env.PORT || 3000; const PORT = process.env.PORT || 3000;
require('dotenv').config(); require('dotenv').config();
@ -30,10 +32,6 @@ app.use(bodyParser.urlencoded({ extended: true }));
app.use(session({ secret: 'your_session_secret', resave: false, saveUninitialized: true })); app.use(session({ secret: 'your_session_secret', resave: false, saveUninitialized: true }));
app.set('view engine', 'ejs'); app.set('view engine', 'ejs');
app.get('/login', (req, res) => {
res.render('login');
});
function isAuthenticated(req, res, next) { function isAuthenticated(req, res, next) {
if (req.session && req.session.authenticated) { if (req.session && req.session.authenticated) {
return next(); return next();
@ -42,57 +40,89 @@ function isAuthenticated(req, res, next) {
} }
} }
app.post('/login', (req, res) => { app.get('/login', (req, res) => {
let { username, password } = req.body; // Pass an initial value for the error variable
username = username.trim(); res.render('login', { error: null });
const loginSql = 'SELECT * FROM users WHERE username = ? AND password = ?';
const updateLastLoginSql = 'UPDATE users SET lastLogin = CURRENT_TIMESTAMP WHERE username = ?';
// Check credentials and retrieve user information
const connection = mysql.createConnection(mysqlConfig);
connection.connect();
connection.query(loginSql, [username, password], (error, results) => {
if (error) {
console.error('Error executing login query:', error);
res.status(500).send('Internal Server Error');
connection.end(); // Close the connection in case of an error
return;
}
if (results.length === 0) {
res.status(401).send('Invalid username or password');
connection.end(); // Close the connection when not needed anymore
} else {
// Update lastLogin field for the user
connection.query(updateLastLoginSql, [username], (updateError, updateResults) => {
if (updateError) {
console.error('Error updating lastLogin:', updateError);
res.status(500).send('Internal Server Error');
connection.end(); // Close the connection in case of an error
return;
}
// Check if the update affected any rows
if (updateResults.affectedRows > 0) {
// Set session data for authentication
req.session.authenticated = true;
req.session.username = username;
// Redirect to the home page or any other protected route
res.redirect('/home');
} else {
res.status(500).send('Error updating lastLogin. No rows affected.');
}
connection.end(); // Close the connection when not needed anymore
});
}
});
}); });
app.post('/login', async (req, res) => {
try {
let { username, password } = req.body;
username = username.trim();
const loginSql = 'SELECT * FROM users WHERE username = ?';
const updateLastLoginSql = 'UPDATE users SET lastLogin = CURRENT_TIMESTAMP WHERE username = ?';
// Check credentials and retrieve user information
const connection = mysql.createConnection(mysqlConfig);
connection.connect();
console.log('Login Query:', loginSql);
console.log('Query Parameters:', [username]);
connection.query(loginSql, [username], async (error, results) => {
console.log('Login Results:', results);
if (error) {
console.error('Error executing login query:', error);
res.status(500).send('Internal Server Error');
connection.end(); // Close the connection in case of an error
return;
}
if (results.length === 0) {
// Pass the error to the template
res.render('login', { error: 'Invalid username or password' });
connection.end(); // Close the connection when not needed anymore
} else {
const user = results[0];
const passwordMatch = await bcrypt.compare(password, user.password);
if (passwordMatch) {
// Update lastLogin field for the user
connection.query(updateLastLoginSql, [username], (updateError, updateResults) => {
if (updateError) {
console.error('Error updating lastLogin:', updateError);
res.status(500).send('Internal Server Error');
connection.end(); // Close the connection in case of an error
return;
}
// Check if the update affected any rows
if (updateResults.affectedRows > 0) {
// Set session data for authentication
req.session.regenerate(err => {
if (err) {
console.error('Error regenerating session:', err);
}
console.log('Session regenerated successfully');
req.session.authenticated = true;
req.session.username = username;
res.redirect('/home');
connection.end();
});
} else {
// Pass the error to the template
res.render('login', { error: 'Error updating lastLogin. No rows affected.' });
connection.end(); // Close the connection when not needed anymore
}
});
} else {
// Pass the error to the template
res.render('login', { error: 'Invalid username or password' });
connection.end(); // Close the connection when not needed anymore
}
}
});
} catch (error) {
console.error('Error in login route:', error);
res.status(500).send('Internal Server Error');
}
});
// Update your /home route to retrieve the overall last 10 logins for all users // Update your /home route to retrieve the overall last 10 logins for all users
app.get('/home', isAuthenticated, (req, res) => { app.get('/home', isAuthenticated, (req, res) => {
// Retrieve the overall last 10 logins for all users // Retrieve the overall last 10 logins for all users
@ -127,57 +157,96 @@ app.get('/inusers', isAuthenticated, (req, res) => {
res.render('inusers', { allUsers }); res.render('inusers', { allUsers });
}); });
}); });
function isStrongPassword(password) {
// Password must be at least 10 characters long
if (password.length < 10) {
return false;
}
app.post('/createUser', async (req, res) => { // Password must contain at least one uppercase letter
if (!/[A-Z]/.test(password)) {
return false;
}
// Password must contain at least one lowercase letter
if (!/[a-z]/.test(password)) {
return false;
}
// Password must contain at least one digit
if (!/\d/.test(password)) {
return false;
}
// Password must contain at least one symbol
if (!/[!@#$%^&*(),.?":{}|<>]/.test(password)) {
return false;
}
return true;
}
app.post('/createUser', (req, res) => {
try { try {
const { name, username, email, password, jobTitle } = req.body; const { name, username, email, password, jobTitle } = req.body;
// Hash the password using bcrypt // Validate password complexity
const hashedPassword = await bcrypt.hash(password, 10); if (!isStrongPassword(password)) {
return res.status(400).json({ error: 'Password does not meet complexity requirements' });
}
// Start a transaction // Hash the password before storing it in the database
mysqlConnection.beginTransaction((transactionErr) => { bcrypt.hash(password, 10, (hashError, hashedPassword) => {
if (transactionErr) { if (hashError) {
console.error('Error starting transaction:', transactionErr); console.error('Error hashing password:', hashError);
res.status(500).json({ error: 'Internal Server Error' }); res.status(500).json({ error: 'Internal Server Error' });
return; return;
} }
// Define the insert query // Start a transaction
const insertUserQuery = 'INSERT INTO users (name, username, email, password, lastLogin, jobTitle) VALUES (?, ?, ?, ?, NULL, ?)'; mysqlConnection.beginTransaction((transactionErr) => {
if (transactionErr) {
// Log the query and its parameters console.error('Error starting transaction:', transactionErr);
console.log('Insert Query:', insertUserQuery); res.status(500).json({ error: 'Internal Server Error' });
console.log('Query Parameters:', [name, username, email, hashedPassword, jobTitle]);
// Execute the query with user data
mysqlConnection.query(insertUserQuery, [name, username, email, hashedPassword, jobTitle], (queryErr, results) => {
if (queryErr) {
console.error('Error executing query:', queryErr);
// Rollback the transaction in case of an error
mysqlConnection.rollback((rollbackErr) => {
if (rollbackErr) {
console.error('Error rolling back transaction:', rollbackErr);
}
res.status(500).json({ error: 'Internal Server Error' });
});
return; return;
} }
// Commit the transaction // Define the insert query
mysqlConnection.commit((commitErr) => { const insertUserQuery = 'INSERT INTO users (name, username, email, password, lastLogin, jobTitle) VALUES (?, ?, ?, ?, NULL, ?)';
if (commitErr) {
console.error('Error committing transaction:', commitErr); // Log the query and its parameters
res.status(500).json({ error: 'Internal Server Error' }); console.log('Insert Query:', insertUserQuery);
console.log('Query Parameters:', [name, username, email, hashedPassword, jobTitle]);
// Execute the query with user data
mysqlConnection.query(insertUserQuery, [name, username, email, hashedPassword, jobTitle], (queryErr, results) => {
if (queryErr) {
console.error('Error executing query:', queryErr);
// Rollback the transaction in case of an error
mysqlConnection.rollback((rollbackErr) => {
if (rollbackErr) {
console.error('Error rolling back transaction:', rollbackErr);
}
res.status(500).json({ error: 'Internal Server Error' });
});
return; return;
} }
// Log the results of the query // Commit the transaction
console.log('Query Results:', results); mysqlConnection.commit((commitErr) => {
if (commitErr) {
console.error('Error committing transaction:', commitErr);
res.status(500).json({ error: 'Internal Server Error' });
return;
}
// Respond with a success message // Log the results of the query
res.status(201).json({ message: 'User created successfully' }); console.log('Query Results:', results);
// Respond with a success message
res.status(201).json({ message: 'User created successfully' });
});
}); });
}); });
}); });

122
Sean/views/inusers.ejs
View File

@ -75,23 +75,27 @@
<div class="user-details"> <div class="user-details">
<div class="input-box"> <div class="input-box">
<span class="details">Full Name</span> <span class="details">Full Name</span>
<input type="text" name="name" placeholder="Enter your name" required> <input type="text" name="name" id="name" placeholder="Enter your name" required>
</div> </div>
<div class="input-box"> <div class="input-box">
<span class="details">Username</span> <span class="details">Username</span>
<input type="text" name="username" placeholder="Enter your username" required> <input type="text" name="username" id="username" placeholder="Enter your username" required>
</div> </div>
<div class="input-box"> <div class="input-box">
<span class="details">Email</span> <span class="details">Email</span>
<input type="text" name="email" placeholder="Enter your email" required> <input type="text" name="email" id="email" placeholder="Enter your email" required>
</div> </div>
<div class="input-box"> <div class="input-box">
<span class="details">Password</span> <span class="details">Password</span>
<input type="password" name="password" placeholder="Enter your password" required> <input type="password" name="password" id="password" placeholder="Enter your password" required>
</div>
<div class="input-box">
<span class="details">Confirm Password</span>
<input type="password" name="confirmPassword" id="confirmPassword" placeholder="Confirm your password" required>
</div> </div>
<div class="input-box"> <div class="input-box">
<span class="details">Job Title</span> <span class="details">Job Title</span>
<select name="jobTitle"> <select name="jobTitle" id="jobTitle">
<option value="admin">Admin</option> <option value="admin">Admin</option>
<option value="dataAnalyst">Data Analyst</option> <option value="dataAnalyst">Data Analyst</option>
</select> </select>
@ -106,6 +110,7 @@
</div> </div>
<!-- Your existing script tags --> <!-- Your existing script tags -->
<script src="https://code.jquery.com/jquery-3.6.4.min.js"></script> <script src="https://code.jquery.com/jquery-3.6.4.min.js"></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/5.3.0/js/bootstrap.bundle.min.js"></script> <script src="https://stackpath.bootstrapcdn.com/bootstrap/5.3.0/js/bootstrap.bundle.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/xlsx/0.17.4/xlsx.full.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/xlsx/0.17.4/xlsx.full.min.js"></script>
@ -133,35 +138,90 @@ document.getElementById('userDataLink').addEventListener('click', function () {
}); });
document.getElementById('userForm').addEventListener('submit', function (event) { document.getElementById('userForm').addEventListener('submit', function (event) {
event.preventDefault(); event.preventDefault();
const formData = new FormData(this);
const newUser = {}; // Use FormData directly
formData.forEach((value, key) => { const formData = new FormData(document.getElementById('userForm'));
newUser[key] = value;
// Check password complexity
const password = formData.get('password');
const confirmPassword = formData.get('confirmPassword');
if (!isStrongPassword(password)) {
alert('Password does not meet complexity requirements. It must be at least 10 characters long and include at least one uppercase letter, one lowercase letter, one digit, and one symbol.');
return;
}
// Check if passwords match
if (password !== confirmPassword) {
alert('Passwords do not match. Please enter the same password in both fields.');
return;
}
// Make a fetch request
fetch('/createUser', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({
name: formData.get('name'),
username: formData.get('username'),
email: formData.get('email'),
password: password, // Use the validated password
jobTitle: formData.get('jobTitle'),
}),
})
.then(response => {
if (!response.ok) {
throw new Error(`HTTP error! Status: ${response.status}`);
}
return response.json();
})
.then(data => {
console.log('Success:', data);
// Show an alert with the received data
alert(`User Registered!`);
// Optionally, you can clear the form or take other actions after registration
document.getElementById('userForm').reset();
})
.catch(error => {
console.error('Fetch Error:', error);
});
}); });
console.log('Form Data Before Sending:', newUser); // Function to validate password complexity
function isStrongPassword(password) {
// Password must be at least 10 characters long
if (password.length < 10) {
return false;
}
// Password must contain at least one uppercase letter
if (!/[A-Z]/.test(password)) {
return false;
}
// Password must contain at least one lowercase letter
if (!/[a-z]/.test(password)) {
return false;
}
// Password must contain at least one digit
if (!/\d/.test(password)) {
return false;
}
// Password must contain at least one symbol
if (!/[!@#$%^&*(),.?":{}|<>]/.test(password)) {
return false;
}
return true;
}
fetch('/createUser', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify(newUser),
})
.then(response => {
if (!response.ok) {
throw new Error(`HTTP error! Status: ${response.status}`);
}
return response.json();
})
.then(data => {
console.log('Success:', data);
})
.catch(error => {
console.error('Fetch Error:', error);
});
})
function downloadExcel(allUsers) { function downloadExcel(allUsers) {
if (allUsers && allUsers.length > 0) { if (allUsers && allUsers.length > 0) {

36
Sean/views/login.ejs
View File

@ -55,19 +55,33 @@
button:hover { button:hover {
background-color: #45a049; background-color: #45a049;
} }
.error-message {
color: red;
margin-top: 10px;
}
</style> </style>
</head> </head>
<body> <body>
<form action="/login" method="post"> <div id="loginForm" class="user-creation-container">
<h1>Admin Login</h1> <div class="title">Login</div>
<div class="content">
<label for="username">Username:</label> <form action="/login" method="post">
<input type="text" id="username" name="username" required> <% if (error) { %>
<div class="error-message"><%= error %></div>
<label for="password">Password:</label> <% } %>
<input type="password" id="password" name="password" required> <div class="input-box">
<span class="details">Username</span>
<button type="submit">Login</button> <input type="text" name="username" placeholder="Enter your username" required>
</form> </div>
<div class="input-box">
<span class="details">Password</span>
<input type="password" name="password" placeholder="Enter your password" required>
</div>
<div class="button">
<input type="submit" value="Login">
</div>
</form>
</div>
</div>
</body> </body>
</html> </html>