tobias/eventmaster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

Password encryption

Browse Source
This commit is contained in:
Tobias Zoghaib
2024-11-20 10:43:48 +01:00
parent e02f2d252e
commit d4fbda26d7
12 changed files with 289 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
backend/routes/account.routes.ts
View File

@@ -8,6 +8,7 @@ import { Exercise } from "../models/exercises/exercise.model";
import { sequelize } from "../database";
import jwt from "jsonwebtoken"
import { verifyToken } from "../middlewares/auth.middleware";
import { encryptString } from "../scripts/encryptScripts";
export const account = Router()
@@ -22,12 +23,14 @@ account.get("/", (req: Request, res: Response) => {
// Login user
account.get("/login", async (req: Request, res: Response) => {
const encryptedPassword = encryptString(String(req.query.password))
// Using raw SQL code for SQL injections!
const [results, metadata] =
await sequelize.query(
"SELECT * FROM Accounts " +
"WHERE (username='" + req.query.username +
"' AND password='" + req.query.password + "')"
"' AND password='" + encryptedPassword + "')"
)
if (results.length != 0) {