[英]bcrypt.compare from bcryptjs always returns false
I am using bcryptjs on a React and Node js project but can't seem to get it to return true.我在 React 和 Node js 项目上使用 bcryptjs,但似乎无法让它返回 true。 On all online verifiers it returns as valid using the password and hash.
在所有在线验证器上,它使用密码和哈希返回为有效。 I've already verified that the length is correct but can't get it to work.
我已经验证长度是正确的,但无法让它工作。
My HandleSubmit function:我的 HandleSubmit 函数:
event.preventDefault();
const self = this;
const data = `username=${encodeURIComponent(this.state['username'])}&`;
axios.post(`/test/do_login/${data}`)
.then(function (response) {
console.log("RESPONSE");
console.log(response);
bcrypt.compare(self.state.password, response.data).then(function (result) {
console.log(`PW: ${self.state.password}\nDATA:${response.data}\nRES:${result}`);
if (result) self.setState({ loginSuccess: true });
});
});
}
On the server:在服务器上:
const express = require('express');
const bcrypt = require('bcryptjs');
const router = express.Router();
const regexp = /=(.+?)&/g
router.post('/do_login/:data', (req, res) => {
var con = req.app.get('con');
var args = [...(req.params.data).matchAll(regexp)];
console.log(args);
var username = args[0][1];
query = `SELECT * FROM users WHERE username="${username}";`
con.query(query, (err, result) => {
if (err) throw err;
console.log(result);
if (result.length < 1) res.send("USERNAME_INV")
else {
res.send(String(result[0].pw).slice(0,59));
};
});
});
module.exports = router;
I am using slice to remove the \\u000 at the end of database entry.我正在使用 slice 删除数据库条目末尾的 \\u000 。 It is stored in a BINARY(60)
它存储在 BINARY(60) 中
I think you are trying to resolve this problem in the wrong way.我认为你试图以错误的方式解决这个问题。
In your react app, just post a request with a body payload (username and password) to your server.在您的 React 应用程序中,只需将带有正文负载(用户名和密码)的请求发布到您的服务器。 That's it.
而已。 Don't send credentials as query parameters, it is not safe.
不要将凭据作为查询参数发送,这是不安全的。
In your nodejs app, you have to handle this call doing:在您的 nodejs 应用程序中,您必须处理此调用:
Moreover, check your username field to avoid sql injection.此外,请检查您的用户名字段以避免 sql 注入。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.