From 692eecf32e4d569a55de2c4b5abb6a6897c88abe Mon Sep 17 00:00:00 2001 From: Bobby Date: Fri, 3 Jun 2022 16:54:52 +0530 Subject: password change function --- public/css/main.css | 4 ++ routes/auth.routes.js | 149 +++++++++++++++++++++++++++++++++++--------------- views/account.ejs | 18 +++--- views/error.ejs | 14 +++++ 4 files changed, 135 insertions(+), 50 deletions(-) create mode 100644 views/error.ejs diff --git a/public/css/main.css b/public/css/main.css index bcb8c5cd..c6f001c3 100644 --- a/public/css/main.css +++ b/public/css/main.css @@ -82,6 +82,10 @@ nav > ul > li { color: red; } +.success { + color: green; +} + .account { display: flex; flex-direction: row; diff --git a/routes/auth.routes.js b/routes/auth.routes.js index da1f339f..e8de4ed9 100644 --- a/routes/auth.routes.js +++ b/routes/auth.routes.js @@ -1,61 +1,124 @@ const router = require("express").Router(); const jwt = require("jsonwebtoken"); -const mysql = require('mysql2'); -const bcrypt = require('bcryptjs'); +const mysql = require("mysql2"); +const bcrypt = require("bcryptjs"); +const { renderRoute } = require("../functions/render"); require("dotenv").config(); const validationString = process.env.AUTHORIZATION_STRING; const connectionURL = process.env.DATABASE_URL; -router.get('/logout', (req, res) => { - res.clearCookie("token"); - res.redirect(req.get('referer')); -}) +router.get("/logout", (req, res) => { + res.clearCookie("token"); + res.redirect(req.get("referer")); +}); -router.post('/login', (req, res) => { - // Log in as user - const username = req.body.username; - const password = req.body.password; - const connection = mysql.createConnection(connectionURL); - connection.connect(); - const sql = "SELECT * FROM Users WHERE username = ?"; - connection.query(sql, [username], (err, results, fields) => { +router.post("/login", (req, res) => { + // Log in as user + const username = req.body.username; + const password = req.body.password; + const connection = mysql.createConnection(connectionURL); + connection.connect(); + const sql = "SELECT * FROM Users WHERE username = ?"; + connection.query(sql, [username], (err, results, fields) => { + if (err) { + res.status(500).render("error", { + error: err, + }); + } else { + if (results.length > 0) { + const user = results[0]; + if (bcrypt.compareSync(password, user.password)) { + // expires in 30 days + const token = jwt.sign( + { + username: user.username, + admin: user.admin, + }, + validationString, + { + expiresIn: "30d", + } + ); + // set cookie + res.cookie("token", token, { + maxAge: 30 * 24 * 60 * 60 * 1000, + httpOnly: true, + }); + res.redirect(req.get("referer")); + } else { + // incorrect password, redirect to referer with error + req.flash("error", "Incorrect password"); + res.redirect(req.get("referer")); + } + } else { + // user not found, redirect to referer with error + req.flash("error", "User not found"); + res.redirect(req.get("referer")); + } + } + }); + connection.end(); +}); + +router.post("/changePassword", (req, res) => { + jwt.verify(req.cookies.token, validationString, (err, decoded) => { + if (err) { + renderRoute(req, res, "index", "Home", false); + } else { + const username = decoded.username; + const password = req.body.password; + const newPassword = req.body.new_password; + const connection = mysql.createPool(connectionURL); + connection.getConnection((err, connection) => { if (err) { - res.status(500).json({ - message: "Error logging in", - error: err - }); + renderRoute(req, res, "error", "Error", false, { + error: err.message, + }); } else { - if (results.length > 0) { + const sql = "SELECT * FROM Users WHERE username = ?"; + connection.query(sql, [username], (err, results, fields) => { + if (err) { + renderRoute(req, res, "error", "Error", false, { + error: err.message, + }); + } else { + if (results.length > 0) { const user = results[0]; if (bcrypt.compareSync(password, user.password)) { - // expires in 30 days - const token = jwt.sign({ - username: user.username, - admin: user.admin - }, validationString, { - expiresIn: '30d' - }); - // set cookie - res.cookie('token', token, { - maxAge: 30 * 24 * 60 * 60 * 1000, - httpOnly: true - }); - res.redirect(req.get('referer')); + const hashedPassword = bcrypt.hashSync(newPassword, 10); + const sql = + "UPDATE Users SET password = ? WHERE username = ?"; + connection.query( + sql, + [hashedPassword, username], + (err, results, fields) => { + if (err) { + req.flash("passchangeerror", "Error updating password"); + res.redirect(req.get("referer")); + } else { + req.flash( + "passchangesuccess", + "Password updated successfully" + ); + res.redirect(req.get("referer")); + } + } + ); } else { - // incorrect password, redirect to referer with error - req.flash('error', 'Incorrect password'); - res.redirect(req.get('referer')); + req.flash("passchangeerror", "Incorrect password"); + res.redirect(req.get("referer")); } - } else { - // user not found, redirect to referer with error - req.flash('error', 'User not found'); - res.redirect(req.get('referer')); + } else { + req.flash("passchangeerror", "User not found"); + res.redirect(req.get("referer")); + } } + }); } - }); - connection.end(); + }); + } + }); }); - -module.exports = router; \ No newline at end of file +module.exports = router; diff --git a/views/account.ejs b/views/account.ejs index cc100875..f3bc3359 100644 --- a/views/account.ejs +++ b/views/account.ejs @@ -17,14 +17,20 @@ Avatar <%= user.username %>'s avatar -
+
Change Password - - - - + + + + + <% if (locals.messages.passchangesuccess) { %> +

<%= messages.passchangesuccess %>

+ <% } %> + <% if (locals.messages.passchangeerror) { %> +

<%= messages.passchangeerror %>

+ <% } %>
@@ -61,8 +67,6 @@ diff --git a/views/error.ejs b/views/error.ejs new file mode 100644 index 00000000..d11cc4be --- /dev/null +++ b/views/error.ejs @@ -0,0 +1,14 @@ +<%- include('partials/header.ejs') %> <%- include('partials/sidebar.ejs') %> +
+
+

error

+

+ <%= error %> +

+
+
+

Recent Posts

+
+
+ +<%- include('partials/footer.ejs') %> -- cgit v1.2.3