const express = require('express'); const session = require('express-session'); const mysql = require('mysql'); const bodyParser = require('body-parser'); const bcrypt = require('bcrypt'); const crypto = require('crypto'); const nodemailer = require('nodemailer'); const app = express(); app.use(bodyParser.urlencoded({ extended: true })); app.use(bodyParser.json()); const PORT = process.env.PORT || 3000; require('dotenv').config(); const mysqlConfig = { host: process.env.host, user: process.env.user, password: process.env.password, database: process.env.database, timezone: 'Z', // Set the timezone to UTC }; const mysqlConnection = mysql.createConnection(mysqlConfig); mysqlConnection.connect((err) => { if (err) { console.error('Error connecting to MySQL:', err); return; } console.log('Connected to MySQL'); }); const transporter = nodemailer.createTransport({ service: 'gmail', host: 'smtp.gmail.com', port: 587, // use the appropriate port for your SMTP server secure: false, // true for 465, false for other ports auth: { user: process.env.euser, pass: process.env.epass }, }); console.log(process.env.euser); app.use(bodyParser.urlencoded({ extended: true })); app.use(session({ secret: 'your_session_secret', resave: false, saveUninitialized: true })); app.set('view engine', 'ejs'); function isAuthenticated(req, res, next) { if (req.session && req.session.authenticated) { return next(); } else { res.redirect('/login'); } } app.get('/login', (req, res) => { // Pass an initial value for the error variable res.render('login', { error: null }); }); app.post('/login', async (req, res) => { try { let { username, password } = req.body; username = username.trim(); const loginSql = 'SELECT * FROM users WHERE username = ?'; const updateLastLoginSql = 'UPDATE users SET lastLogin = CURRENT_TIMESTAMP WHERE username = ?'; // Check credentials and retrieve user information const connection = mysql.createConnection(mysqlConfig); connection.connect(); console.log('Login Query:', loginSql); console.log('Query Parameters:', [username]); connection.query(loginSql, [username], async (error, results) => { console.log('Login Results:', results); if (error) { console.error('Error executing login query:', error); res.status(500).send('Internal Server Error'); connection.end(); // Close the connection in case of an error return; } if (results.length === 0) { // Pass the error to the template res.render('login', { error: 'Invalid username or password' }); connection.end(); // Close the connection when not needed anymore } else { const user = results[0]; const passwordMatch = await bcrypt.compare(password, user.password); if (passwordMatch) { // Update lastLogin field for the user connection.query(updateLastLoginSql, [username], (updateError, updateResults) => { if (updateError) { console.error('Error updating lastLogin:', updateError); res.status(500).send('Internal Server Error'); connection.end(); // Close the connection in case of an error return; } // Check if the update affected any rows if (updateResults.affectedRows > 0) { // Set session data for authentication req.session.regenerate(err => { if (err) { console.error('Error regenerating session:', err); } console.log('Session regenerated successfully'); req.session.authenticated = true; req.session.username = username; res.redirect('/home'); connection.end(); }); } else { // Pass the error to the template res.render('login', { error: 'Error updating lastLogin. No rows affected.' }); connection.end(); // Close the connection when not needed anymore } }); } else { // Pass the error to the template res.render('login', { error: 'Invalid username or password' }); connection.end(); // Close the connection when not needed anymore } } }); } catch (error) { console.error('Error in login route:', error); res.status(500).send('Internal Server Error'); } }); // Update your /home route to retrieve the overall last 10 logins for all users app.get('/home', isAuthenticated, (req, res) => { // Retrieve the overall last 10 logins for all users const loginsQuery = 'SELECT username, lastLogin FROM users ORDER BY lastLogin DESC LIMIT 10'; mysqlConnection.query(loginsQuery, (error, loginResults) => { if (error) { console.error('Error executing login logs query:', error); res.status(500).send('Internal Server Error'); return; } // Log the results on the server side console.log('Login Logs on Server:', loginResults); // Render the home page with login logs data res.render('home', { username: req.session.username, loginLogs: loginResults }); }); }); app.get('/inusers', isAuthenticated, (req, res) => { // Fetch all user data from the database const allUsersQuery = 'SELECT * FROM users'; mysqlConnection.query(allUsersQuery, (error, allUsers) => { if (error) { console.error('Error fetching all users:', error); res.status(500).send('Internal Server Error'); return; } // Render the inusers page with JSON data res.render('inusers', { allUsers }); }); }); function isStrongPassword(password) { // Password must be at least 10 characters long if (password.length < 10) { return false; } // Password must contain at least one uppercase letter if (!/[A-Z]/.test(password)) { return false; } // Password must contain at least one lowercase letter if (!/[a-z]/.test(password)) { return false; } // Password must contain at least one digit if (!/\d/.test(password)) { return false; } // Password must contain at least one symbol if (!/[!@#$%^&*(),.?":{}|<>]/.test(password)) { return false; } return true; } app.post('/createUser', (req, res) => { try { const { name, username, email, password, jobTitle } = req.body; // Validate password complexity if (!isStrongPassword(password)) { return res.status(400).json({ error: 'Password does not meet complexity requirements' }); } // Hash the password before storing it in the database bcrypt.hash(password, 10, (hashError, hashedPassword) => { if (hashError) { console.error('Error hashing password:', hashError); res.status(500).json({ error: 'Internal Server Error' }); return; } // Start a transaction mysqlConnection.beginTransaction((transactionErr) => { if (transactionErr) { console.error('Error starting transaction:', transactionErr); res.status(500).json({ error: 'Internal Server Error' }); return; } // Define the insert query const insertUserQuery = 'INSERT INTO users (name, username, email, password, lastLogin, jobTitle) VALUES (?, ?, ?, ?, NULL, ?)'; // Log the query and its parameters console.log('Insert Query:', insertUserQuery); console.log('Query Parameters:', [name, username, email, hashedPassword, jobTitle]); // Execute the query with user data mysqlConnection.query(insertUserQuery, [name, username, email, hashedPassword, jobTitle], (queryErr, results) => { if (queryErr) { console.error('Error executing query:', queryErr); // Rollback the transaction in case of an error mysqlConnection.rollback((rollbackErr) => { if (rollbackErr) { console.error('Error rolling back transaction:', rollbackErr); } res.status(500).json({ error: 'Internal Server Error' }); }); return; } // Commit the transaction mysqlConnection.commit((commitErr) => { if (commitErr) { console.error('Error committing transaction:', commitErr); res.status(500).json({ error: 'Internal Server Error' }); return; } // Log the results of the query console.log('Query Results:', results); // Respond with a success message res.status(201).json({ message: 'User created successfully' }); }); }); }); }); } catch (error) { console.error('Error creating user:', error); res.status(500).json({ error: 'Internal Server Error' }); } }); app.get('/forgot-password', (req, res) => { res.render('forgot-password'); // Assuming you have an EJS template for this }); app.get('/forgot-password', (req, res) => { res.render('forgot-password', { error: null, success: null }); }); // Handle the submission of the forgot password form app.post('/forgot-password', (req, res) => { const { usernameOrEmail } = req.body; // Perform the logic for sending the reset password email // This is a simplified example, you should implement your own logic here // Check if the username or email exists in the database const checkUserQuery = 'SELECT * FROM users WHERE username = ? OR email = ?'; mysqlConnection.query(checkUserQuery, [usernameOrEmail, usernameOrEmail], (checkError, checkResults) => { if (checkError) { console.error('Error checking user:', checkError); const error = 'An error occurred during the password reset process.'; res.render('forgot-password', { error, success: null }); } else if (checkResults.length === 0) { const error = 'Username or email not found.'; res.render('forgot-password', { error, success: null }); } else { // Assuming the user exists, generate a reset token and send an email const user = checkResults[0]; const resetToken = crypto.randomBytes(20).toString('hex'); const resetTokenExpiry = new Date(Date.now() + 3600000); // Token expires in 1 hour // Update user with reset token and expiry const updateQuery = 'UPDATE users SET reset_token = ?, reset_token_expiry = ? WHERE id = ?'; mysqlConnection.query(updateQuery, [resetToken, resetTokenExpiry, user.id], (updateError) => { if (updateError) { console.error('Error updating reset token:', updateError); const error = 'An error occurred during the password reset process.'; res.render('forgot-password', { error, success: null }); } else { // Send email with reset link const resetLink = `http://localhost:3000/reset-password/${resetToken}`; const mailOptions = { to: user.email, subject: 'Password Reset', text: `Click on the following link to reset your password: ${resetLink}`, }; transporter.sendMail(mailOptions, (emailError, info) => { if (emailError) { console.error('Error sending email:', emailError); const error = 'An error occurred during the password reset process.'; res.render('forgot-password', { error, success: null }); } else { console.log('Email sent: ' + info.response); const success = 'Password reset email sent successfully. Check your inbox.'; res.render('forgot-password', { error: null, success }); } }); } }); } }); }); // Handle Reset Password request app.post('/reset-password/:token', async (req, res) => { const { token } = req.params; const { password, confirmPassword } = req.body; // Find user with matching reset token and not expired const selectQuery = 'SELECT * FROM users WHERE reset_token = ? AND reset_token_expiry > NOW()'; mysqlConnection.query(selectQuery, [token], async (selectErr, selectResults) => { if (selectErr) { console.error('Error querying reset token:', selectErr); return res.status(500).json({ error: 'Error querying reset token' }); } if (selectResults.length === 0) { return res.status(400).json({ error: 'Invalid or expired reset token' }); } // Check if passwords match if (password !== confirmPassword) { return res.render('reset-password', { token, error: 'Passwords do not match' }); } // Check if the new password meets complexity requirements if (!isStrongPassword(password)) { return res.render('reset-password', { token, error: 'Password does not meet complexity requirements. It must be at least 10 characters long and include at least one uppercase letter, one lowercase letter, one digit, and one symbol.' }); } // Hash the new password const hashedPassword = await bcrypt.hash(password, 10); // Update user's password and clear reset token const updateQuery = 'UPDATE users SET password = ?, reset_token = NULL, reset_token_expiry = NULL WHERE reset_token = ?'; mysqlConnection.query(updateQuery, [hashedPassword, token], (updateErr) => { if (updateErr) { console.error('Error updating password:', updateErr); res.status(500).json({ error: 'Error updating password' }); } else { res.render('reset-password', { error: null, success: 'Password changed successfully', token }); } }); }); }); app.get('/reset-password/:token', (req, res) => { const { token } = req.params; const error = req.query.error || null; // Get error from query parameter res.render('reset-password', { token, error: null, success: null }); }); app.use(express.static('views')); app.listen(PORT, () => { console.log(`Server is running on port ${PORT}`); });