Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add hashing #60(Security Issue: Storing Passwords Without Protection in NGORoutes.js) #81

Closed
wants to merge 2 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
190 changes: 59 additions & 131 deletions routers/NgoRoutes.js
Original file line number Diff line number Diff line change
Expand Up @@ -11,154 +11,82 @@ const NGO=require("../model/ngo")
const Query = require("../model/query"); // Adjust the path based on your project structure


router.post("/NGO-login",async(req,res)=>{
router.post("/NGO-login", async (req, res) => {
const username = req.body.username;
const password = req.body.password;
const ngo = await NGO.findOne({ username: username, password: password });
try {
const ngo = await NGO.findOne({ username: username, password: password });
if (!ngo) {
return res.status(400).json({ error: 'NGO not found' });
}
const isPasswordValid = await bcrypt.compare(password, ngo.password);
if (!isPasswordValid) {
return res.status(400).json({ error: 'Invalid credentials' });
}
const dooner = await User.find(); // Assuming User is your Mongoose model for users



res.render("NGO-Dashboard", {
fullName: ngo.NGOName,
email: ngo.username,
id: ngo.NGOID,
phoneNo:ngo.Mobile,
address :ngo.NGOLocation,
Donation : dooner,
Pickup : dooner,
id: ngo.NgoID,
phoneNo: ngo.Mobile,
address: ngo.NgoLocation,
Donation: dooner,
Pickup: dooner,
complain: ""
});
} catch (err) {
console.error(err);
res.status(500).send("An internal server error occurred.");
}
})

router.post("/NGO-Registarion", async (req, res) => {
// Check if the NGO already exists
const existingNGO = await NGO.findOne({ username: req.body.username });
if (existingNGO) {
return res.status(400).json({ error: 'NGO already exists' });
}

// Create a new NGO registration
const newNGO = new NGO({
username: req.body.username,
password: req.body.password,
NGOName: req.body.NGOName,
Mobile: req.body.Mobile,
NGOID: req.body.NGOID,
NGOLocation: req.body.NGOLocation,
approved: false
});

// Save the new NGO to the database
});

router.post("/NGO-Registration", async (req, res) => {
try {
// Save the new NGO to the database
await newNGO.save();

// Send an email to the admin for approval
let mailOptions = {
to:newNGO.username, // Admin's email address
subject: 'New NGO Registration',
text: 'A new NGO registration is pending approval. Login to the admin panel to review and approve.',
// Include any necessary information in the email body
};
transporter.sendMail(mailOptions, function (error, info) {
if (error) {
console.log(error);
} else {
console.log('Email sent: ' + info.response);
}
});

console.log('NGO registration request sent for approval');
res.status(200).json({ message: 'NGO registration request sent for approval' });
} catch (err) {
console.error('Error creating NGO:', err);
res.status(500).json({ error: 'Internal server error' });
}
// try {
// await newNGO.save();

// let mailOptions = {
// to: newNGO.username,
// subject: 'Welcome To Petari',
// template: 'Email.template',
// context: {
// ngo: {
// ngoName: newNGO.name,
// _id: newNGO._id,
// username: newNGO.password,
// },
// year: new Date().getFullYear()
// },
// attachments: [{
// filename: 'logo.png',
// path: path.join(__dirname, 'public', 'img', 'logo.png'),
// cid: 'logo'
// }]
// };

// transporter.sendMail(mailOptions, function(error, info){
// if (error) {
// console.log(error);
// } else {
// console.log('Email sent: ' + info.response);
// }
// });

// console.log('NGO registered successfully');
// res.status(200).json({ message: 'NGO registration received. It will be reviewed by the admin.' });
// } catch (err) {
// console.error('Error creating NGO:', err);
// res.status(500).json({ error: 'Internal server error' });
// }
// newNGO.save()
// .then((ngo) => {
// let mailOptions = {
// to: ngo.username,
// subject: 'Welcome To Petari',
// template: 'Email.template',
// context: {
// ngo: {
// ngoName: ngo.name,
// _id: ngo._id,
// username: ngo.password,

// },

// year: new Date().getFullYear()
// },
// attachments: [{
// filename: 'logo.png',
// path: path.join(__dirname, 'public', 'img', 'logo.png'),
// cid: 'logo'
// }]
// };
// transporter.sendMail(mailOptions, function(error, info){
// if (error) {
// console.log(error);
// } else {
// console.log('Email sent: ' + info.response);
// }
// });
// Check if the NGO already exists
const existingNGO = await NGO.findOne({ username: req.body.username });
if (existingNGO) {
return res.status(400).json({ error: 'NGO already exists' });
}

// Hash the password for security
const hashedPassword = await bcrypt.hash(req.body.password, saltRounds);

// Create a new NGO registration
const newNGO = new NGO({
username: req.body.username,
password: hashedPassword, // Save the hashed password
NGOName: req.body.NGOName,
Mobile: req.body.Mobile,
NgoID: req.body.NgoID,
NgoLocation: req.body.NgoLocation,
approved: false
});

// console.log('NGO registered successfully');
// res.status(200).json({ message: 'NGO registered successfully' });
// Save the new NGO to the database
await newNGO.save();

// Send an email to the admin for approval
let mailOptions = {
to:newNGO.username, // Admin's email address
subject: 'New NGO Registration',
text: 'A new NGO registration is pending approval. Login to the admin panel to review and approve.',
// Include any necessary information in the email body
};
transporter.sendMail(mailOptions, function (error, info) {
if (error) {
console.log(error);
} else {
console.log('Email sent: ' + info.response);
}
});

// })
// .catch((err) => {
// console.error('Error creating NGO:', err);
// res.status(500).json({ error: 'Internal server error' });
// });
console.log('NGO registration request sent for approval');
res.status(200).json({ message: 'NGO registration request sent for approval' });
} catch (err) {
console.error('Error creating NGO:', err);
res.status(500).json({ error: 'Internal server error' });
}
});

module.exports = router;




module.exports = router
3 changes: 2 additions & 1 deletion views/NGO-Registration.ejs
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@
<header class="header">NGO Registration Form</header>
<br>
<hr>
<form action="/NGO-Registarion" class="form" method="POST">
<form action="/NGO-Registration" class="form" method="POST">
<div class="input-box">
<label>NGO Name</label>
<input type="text" name="NGOName" placeholder="Enter NGO name" required />
Expand Down Expand Up @@ -129,3 +129,4 @@

</body>
</html>