1

我在检查 Redis 中的用户名和密码时遇到问题,它说用户名和密码未定义。我希望你能帮助我解决 NodeJs/ExpressJs 中的这个问题。

代码:

应用程序.js

var express = require('express');
var app = express();
var redis = require("redis"),
client = redis.createClient();
var user, pass;

app.use(express.bodyParser());

client.on("error", function (err) {
console.log("error event - " + client.host + ":" + client.port + " - " + err);
});

app.get('/', function (req, res) {
res.sendfile(__dirname + '/index.html');
});

app.post('/', function (req, res) {
console.log("");
console.log("--------------------");
console.log(req.body.user.username);
console.log(req.body.user.password);

console.log("--------EOF---------");
client.hmget(req.body.user.username + user, req.body.user.pasword + pass,
 redis.print);
if (req.body.user.username && req.body.user.password == user && pass)
{
    res.write("Successfully logged in!");
}
else
{
    res.write("Username or Password is incorrect");
}
console.log("req.body.username: " + req.body.username);
console.log("req.body.password: " + req.body.password);
console.log("username: " + user);
console.log("username: " + pass);
res.end();

});

app.listen(80)

这是我的 index.html 代码。

索引.html

<html>
<head></head>
<body>
<form method="post" action="/">

Username: <input type="text" name="user[username]" > <br>
Password: <input type="text" name="user[password]"> <br>

<input type="submit" value="Submit">
</form>
</body>
</html>
4

1 回答 1

0

我假设 Redis 实例包含一个名为“凭据”的哈希对象,其中包含用户和密码之间的关联。

HMSET credentials didier mypass

我会重写post方法如下:

app.post('/', function (req, res) {
    console.log("--------------------");
    console.log(req.body.user.username);
    console.log(req.body.user.password);
    console.log("--------EOF---------");
    client.hmget( 'credentials', req.body.user.username, function (err,pass) {
        console.log("req.body.username: " + req.body.user.username);
        console.log("req.body.password: " + req.body.user.password);
        console.log("pass: " + pass );
        console.log("err: " + err );
        if ( (!err) && pass && pass == req.body.user.password )
            res.write( "Successfully logged in!" );
        else
            res.write( "Username or Password is incorrect");
        res.end();
     });
 });

使用此代码,我有成功的登录消息,以及以下跟踪:

--------------------
didier
mypass
--------EOF---------
req.body.username: didier
req.body.password: mypass
pass: mypass
err: null

请注意,这种存储凭据的方式和这种身份验证机制是完全不安全的。

于 2013-08-27T18:19:45.933 回答