Skip to content

Commit

Permalink
Admin password is encrypting anymore with bcrypt
Browse files Browse the repository at this point in the history
  • Loading branch information
@ahmetbcakici
ahmetbcakici committed Jan 5, 2020
1 parent d452e4b commit b4874d6
Show file tree
Hide file tree
Showing 9 changed files with 77 additions and 36 deletions.
Binary file modified Database_Exported/admins.bson
View file
Binary file not shown.
Binary file modified Database_Exported/homepage_fields.bson
View file
Binary file not shown.
1 change: 1 addition & 0 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
},
"homepage": "https://github.com/ahmetbcakici/DynamicPersonalWebsite#readme",
"dependencies": {
"bcryptjs": "^2.4.3",
"body-parser": "^1.19.0",
"ejs": "^2.7.4",
"express": "^4.17.1",
Expand Down
13 changes: 7 additions & 6 deletions routes/admin.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,15 +22,16 @@ router.get("/blog", (req, res) => {
sessionControl(req, res, "blog_admin");
})
router.get("/change", (req, res) => {
sessionControl(req, res, "changepass_admin");
sessionControl(req, res, "changepass_admin",req.query.state);
})

var sessionControl = (req, res, page) => {
var sessionControl = (req, res, page,state = 0) => {
session = req.session;
if (session.username)
res.render(`${page}`);
else
res.render("login_admin");
if (session.username){
if(page === "changepass_admin") res.render(`${page}`,{state:state});
else res.render(`${page}`);
}else
res.render("login_admin" ,{state:req.query.state});
}

module.exports = router;
15 changes: 0 additions & 15 deletions routes/api.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ const Skill = require("../models/Skill");
const Post = require("../models/Post");
const Homepage = require("../models/Homepage");
const Portfolio = require("../models/Portfolio");
const Admin = require("../models/Admin");

const Funcs = require("../assets/js/funcsback");
const Functions = new Funcs();
Expand Down Expand Up @@ -254,18 +253,4 @@ router.post("/portfolio", upload.single('portfolio-image'),(req, res,next) => {
}
})

router.post("/admin", (req, res) => {
const newrecord = new Admin({
username: "test",
password: "123"
})
// newrecord.save((err) => {
// if (err) throw err;
// console.log("admin post req")
// // res.redirect("/admin/portfolio");
// })
})



module.exports = router;
50 changes: 38 additions & 12 deletions routes/operation.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ const express = require("express");
const formidable = require("formidable");
const fs = require("fs");
const path = require("path");
const bcrypt = require('bcryptjs');

const router = express.Router();
const Admin = require("../models/Admin");
Expand All @@ -15,13 +16,30 @@ router.post("/mail", (req, res) => {
return res.redirect("/contact");
})

router.post("/admin", async (req, res) => {
var newrecord;
await bcrypt.genSalt(10, async(err,salt) => {
if(err) throw err;
await bcrypt.hash("123",salt, (err,hash) => {
if(err) throw err;
newrecord = new Admin({
username: "admin",
password: hash
})
newrecord.save((err) => {
if(err) throw err;
})
})
})
})

router.post("/login", async(req, res) => {
let control = false;
let temp_req_ression, temp_req_body_username;
await Admin.find((err, docs) => {
await Admin.find(async(err, docs) => {
if (err) throw err;
for (let data of docs) {
if (req.body.username == data.username && req.body.password == data.password) {
if(await bcrypt.compare(req.body.password, data.password) && req.body.username == data.username){
temp_req_ression = req.session;
temp_req_body_username = req.body.username;
control = true;
Expand All @@ -34,7 +52,7 @@ router.post("/login", async(req, res) => {
session = temp_req_ression;
session.username = temp_req_body_username;
return res.redirect("/admin");
} else return res.redirect("/admin");
} else return res.redirect("/admin?state=-1");
})

router.get("/logout", (req, res) => {
Expand All @@ -45,19 +63,27 @@ router.get("/logout", (req, res) => {
})

router.post("/changepass", (req, res) => {
Admin.findOne({ username: req.session.username }, (err, docs) => {
if(docs.password === req.body.current_pass) {
docs.username = req.body.new_username;
docs.password = req.body.new_pass;
docs.save((error) => {
if(error) throw error;
return res.redirect("/admin/change");
});
Admin.findOne({ username: req.session.username }, async (err, docs) => {
if(await bcrypt.compare(req.body.current_pass, docs.password)){
await bcrypt.genSalt(10, async(err,salt) => {
if(err) throw err;
await bcrypt.hash(req.body.new_pass,salt, (err,hash) => {
if(err) throw err;
docs.username = req.body.new_username;
docs.password = hash;
docs.save((err) => {
if(err) throw err;
return res.redirect("/admin/change?state=1");
})
})
})
}
else{
return res.redirect("/admin/change?state=-1");
}
});
})


router.post("/upload/avatar", (req, res) => {
var form = new formidable.IncomingForm();
form.parse(req, function(err, fields, files) {
Expand Down
26 changes: 25 additions & 1 deletion views/changepass_admin.ejs
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,14 @@
<% include partials/header_admin %>

<% if(state != 0) { %>
<div class="card card-login mx-auto text-center">
<% if(state == -1){ %>
<div class="alert alert-danger m-0">Incorrect Password!</div>
<% }else if(state == 1){ %>
<div class="alert alert-success m-0">Successful</div>
<% } %>
</div>
<% } %>
<div class="card card-login mx-auto mt-3 ">
<div class="card-header">Change Password</div>
<div class="card-body">
Expand All @@ -18,11 +28,25 @@
<div class="form-group">
<div class="form-label-group">
<input type="password" name="new_pass" id="inputNewPassword" class="form-control" placeholder="New Password" required>
<label for="inputNewPassword">New Password</label>
<label for="inputNewPassword">New Password<a href="#" class="show-password float-right" style="font-size:1rem;"><i class="fas fa-eye"></i></a></label>
</div>
</div>
<input type="submit" class="btn btn-primary btn-block" value="Change">
</form>
</div>
</div>

<script>
var oddone = 0;
$(".show-password").click(function(){
if(oddone % 2 == 0){
$(".fa-eye").attr("class","fas fa-eye-slash");
$("input[name='new_pass']").attr("type","text");
}else{
$(".fa-eye-slash").attr("class","fas fa-eye");
$("input[name='new_pass']").attr("type","password");
}
oddone++;
})
</script>
<% include partials/footer_admin %>
5 changes: 5 additions & 0 deletions views/login_admin.ejs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,11 @@
<div class="card card-login mx-auto mt-5">
<div class="card-header">Login Form</div>
<div class="card-body">
<% if(state == -1) { %>
<div class="card card-login mx-auto text-center mb-4">
<div class="alert alert-danger m-0">Incorrect Username or Password!</div>
</div>
<% } %>
<form method="POST" action="/operation/login">
<div class="form-group">
<div class="form-label-group">
Expand Down
3 changes: 1 addition & 2 deletions views/partials/header.ejs
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
<!DOCTYPE html>
<html lang="tr">
<html lang="en">

<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<!-- <script src="https://kit.fontawesome.com/5ee609cd40.js" crossorigin="anonymous"></script> -->
<link href="/assets/vendor/fontawesome-free/css/all.min.css" rel="stylesheet" type="text/css">
<link rel="shortcut icon" class="site-icon" href="" />
<link href="https://fonts.googleapis.com/css?family=Montserrat:500|Roboto&display=swap" rel="stylesheet">
Expand Down

1 comment on commit b4874d6

@davidnalbandian143
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not able to login with credentials

Please sign in to comment.