0

i have created database named 'USERS' and also created 'USERS' table inside the database it looks like

enter image description here

now i run 'localhost:8000'. i got my login.html and also 'connected' message in console. now i want to know After Entering username password in login.html i want to validate usename password on 'verify' button click. how can i do that????? pls Help me.

Server.js:

var http=require('http');
var express=require('express');
var fs=require('fs');
var mysql=require('mysql');
var app=express();
var server=http.createServer(app);
server.listen(8000);
var connection=mysql.createConnection({
host:'localhost',
user:'root',
password:'root'
});
connection.connect(function(err) {
if(!err)
 {
 console.log('connected');
 }
});
app.get('/', function(request,response){
fs.readFile('login.html', function(Error,Res){
if(!Error)
{
response.writeHead(200,{'content-type':'text/html'});
response.write(Res);
}
});
});

login.html:

<html>
<head>
<title>Angular Js</title>
<script src="assets/js/Angular.min.js"></script>
<style>
</style>
<body>
<input id="username" />
<input id="password" />
<button id="submit">Verify</button>
</body>
</html>
Jared Farrish
  • 48,585
  • 17
  • 95
  • 104
Arunkumar
  • 5,150
  • 4
  • 28
  • 40
  • You seem to have a reasonable grasp of the technologies involved, where are you stuck? – T.J. Crowder Aug 09 '14 at 12:21
  • 10
    Please, *please*, ***please*** don't store passwords in databases in clear text. It's just such an amazingly bad idea. Instead, store a *one-way hash* of the password (SHA-1, etc.) and to check the password, you hash what they give you and compare it with the hash you're holding. That way, a compromised database doesn't reveal everyone's passwords. – T.J. Crowder Aug 09 '14 at 12:21
  • Password is visible for ur refernce – Arunkumar Aug 09 '14 at 12:22
  • I wouldn't call "root" a real password. It's probably his dev machine anyway. @T.J.Crowder: You forgot to mention salting. Unsalted hashes are almost as bad as plaintext passwords. – ThiefMaster Aug 09 '14 at 12:28
  • @ThiefMaster: I assumed there'd be *some* follow-on reading. But I really should have said "salted" in there somewhere. ("root"? did you mean "Admin"?) – T.J. Crowder Aug 09 '14 at 12:31
  • There are [libraries for this](http://passportjs.org/); you should not write your own authentication system. – Jared Farrish Aug 09 '14 at 12:37
  • @Arunkumar have you read the node.js docs? Have you read the express.js docs? (and, like everyone else has said, have you considered NOT creating your own authentication system?) – Dan O Aug 09 '14 at 12:39

1 Answers1

1

You need to make a few changes to your code..

As a first step, you will need to add in some middleware for the Express framework to handle post data - something like:

var app=express();
var bodyParser = require('body-parser')
app.use( bodyParser.urlencoded() );

Starting with the html page, your input fields need to be wrapped in a form - otherwise they won't be / can't be posted to anything when you click Submit. 

<body>
    <form id="someform" action="/login" method="post">
        <input id="username" />
        <input id="password" />
        <button id="submit">Verify</button>
    </form>
</body>

Then, add a new method in your server.js to handle a post request to the /login url, in which you would then be able to read the submitted values & do something appropriate with them.

app.post('/login', function(sReq, sRes) {
        var username = sReq.body.username;
        var password = sReq.body.password;

        if (username=='myusername' && password == 'mypassword') {
               // do something here with a valid login

        } else { 
               // user or password doesn't match
        }
});

Have a look at How to retrieve POST query parameters? for some more hints.

This example doesn't do anything around comparing submitted values to the database or encrypting passwords, but might help you get started with submitting post data and accessing it in Node.

It's also not something you should ever do in something you're planning on using in a production setting - passwords should be encrypted, and you'd need a lot of other stuff around handling session state.

By far the best option is to find and use some pre-built authentication middleware - and configure it to suit your needs.

Community
  • 1
  • 1
TimLS14
  • 41
  • 6
  • 2
    This is more accurately conditional field confirmation than (more complex and specific) user authentication. I find this answer problematic because it demonstrates *absolutely the worst* way of doing authentication, because it does not at all address how to do this appropriately. – Jared Farrish Aug 09 '14 at 12:46
  • Agreed Jared -in that this code isn't fit for a production environment in any way, shape or form. However, looking at it in the context of the question where someone's trying to get started with node, I felt it might be useful to outline some basics. – TimLS14 Aug 09 '14 at 12:50
  • why i got username,password is undefined in console??? – Arunkumar Aug 11 '14 at 05:10