无法使用Node js验证Express中的哈希密码
[英]Cannot verify Hashed password in Express using Node js
问题描述
This is how i Hash and store my password in the Database. 
这是我哈希并将密码存储在数据库中的方式。
NEWUSER FUNCTION 新用户功能
var salt = bcrypt.genSaltSync(10);
var hash = bcrypt.hashSync(password, salt);
var query="INSERT into user(email,firstname,lastname,logintime,gender,password) VALUES('"+email+"','"+firstname+"','"+lastname+"','"+logintime+"','"+gender+"','"+hash+"')";
This is how i retrieve and check to authenticate 这是我检索和检查身份验证的方式
VALIDATE FUNCTION 验证功能
var query = "SELECT password from user where email='" + email + "'";
connection.query(query,function(err,result){
if(err)
{
console.log("ERROR:"+err.message);
}
else
{
if(result.length!==0)
{
var hash=JSON.stringify(result[0].password); console.log(hash);
console.log(bcrypt.compareSync(password,hash ));
if(bcrypt.compareSync(password, hash)) { callback(err, result); }
This always shows false but if i do it this way it shows the expected result 这总是显示错误,但如果我这样做,它将显示预期的结果
var hash = bcrypt.hashSync("sacjap", 8);
//var hash=JSON.stringify(result[0].password);
console.log(hash);
console.log(bcrypt.compareSync(password,hash ));
if(bcrypt.compareSync(password, hash))
{
callback(err, result);
}
So the problem is that whenever i get the password from the database its not working. 所以问题是,每当我从数据库中获取密码时,密码就无法正常工作。 PLZ Help PLZ帮助
1 个解决方案
解决方案1
0 2015-10-15 07:13:57
First of all, my answer is based on the documentation I found here: https://github.com/davidwood/node-password-hash 首先,我的答案基于我在这里找到的文档: https : //github.com/davidwood/node-password-hash
It seems that the password-hash module tries to call the 'split' function on the second argument you provided to the 'verify' function, assuming it is a string ( JavaScript String split function on MDN ). 似乎密码哈希模块尝试在您提供给'verify'函数的第二个参数上调用'split'函数,假设它是字符串( MDN上的JavaScript String split函数 )。 I think you should check the type of your 'result' variable, it looks to me like a more complex query result object returned by your database. 我认为您应该检查“结果”变量的类型,在我看来,它看起来像是数据库返回的更复杂的查询结果对象。 Your provided code doesn't give me more information about what type of connection you are using here, so I can't give you a more specific answer. 您提供的代码不会为我提供有关您在此处使用哪种连接类型的更多信息,因此我无法为您提供更具体的答案。 My approach would be to find out how to get a plain string from your 'result' variable, which then would represent the hashed password you can hand over to 'verify'. 我的方法是找出如何从“结果”变量中获取纯字符串,然后该字符串将代表您可以传递给“验证”的哈希密码。 This is just a wild guess, I hope this little hint helps you to solve your problem. 这只是一个疯狂的猜测,我希望这个小提示可以帮助您解决问题。
Side note: The module you are using for password hashing appears to be deprecated, maybe you should look out for an alternative. 旁注:用于密码哈希处理的模块似乎已被弃用,也许您应该寻找替代方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.