Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- .post('/api/login', function (req, res) {
- /* API LOGIN */
- let email = req.body.email;
- let pass = req.body.password;
- if (typeof email !== 'string' || email.length === 0 || typeof pass !== 'string' || pass.length === 0) {
- return res.status(400).send({status_code: 400, error: 'Invalid request'});
- }
- let db = mysql.createConnection({
- host: "localhost",
- user: "root",
- password: "YmU5YTViZmQwYWZj",
- database: "db"
- });
- db.connect(function (err) {
- if (err) {
- return res.status(500);
- }
- db.query('SELECT userid, password, verified FROM users WHERE email = ?', email, function (err, reply) {
- if (err) {
- return res.status(500);
- }
- if (reply.length === 0) {
- return res.status(401).send({status_code: 401, error: 'Invalid credentials'});
- }
- if (reply.length > 1) {
- return res.status(500);
- }
- if (!bcrypt.compareSync(pass, reply[0].password)) {
- return res.status(401).send({status_code: 401, error: 'Invalid credentials'});
- }
- if (!reply[0].verified) {
- return res.status(401).send({status_code: 401, error: 'Account not verified'})
- }
- let sess_salt = bcrypt.genSaltSync();
- let sess_id = bcrypt.hashSync(bcrypt.hashSync(Date.now()) + bcrypt.hashSync(reply[0].userid) + sess_salt, sess_salt);
- res.cookie('SESS_ID', sess_id);
- db.query('DELETE FROM sessions WHERE expirationts < ?', Date.now() - 1000 * 60 * 60 * 24, function (err, reply2) {
- if (err) {
- return res.status(500);
- }
- db.query('INSERT INTO sessions SET ?', {
- cookiesessid: sess_id,
- userid: reply[0].userid,
- expirationts: Date.now() + 1000 * 60 * 24
- }, function (err, reply3) {
- if (err) {
- return res.status(500);
- }
- res.status(200).send({status_code: 200, error: 'Successful'})
- })
- })
- });
- });
- });
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement