11 Replies
What're you expecting to happen & what's your error?
After logging my credentials I'm expecting to be directed to home page. The problem is when I typed my username and password it shows that the password didn't match in red text even it's already stored in my database.
More than likely the error is arising from
LoginValidation.js
which you didn't include in your post.
Is it expecting there to be two password
fields where the user repeats their password to make sure they typed it correctly?Here's what LoginValidation.js looks like
Wait, I think I know what's wrong.
const password_pattern = /^(?=.[a-z])(?=.[A-Z])(?=.\d)(?=.[@$!%?&])[A-Za-z\d@$!%?&]{8,}$/;
I think in this part
because the minimum password should be 8, what do you think?
It's the:
Where
password_pattern
is /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$/
which is a regular expression I'll not try to decipher for you, but you can put it in https://regexr.com/ & it'll break it down for you.
"aA1@12345678
" is a valid password under that regex, for example.
Honestly, there's no good reason to restrict the characters people are allowed to use in their passwords. There's no situation where fewer choices is going to make for better security.
The only thing you might do is a minimum length which is achieved with the minlength
attribute on the <input>
element.RegExr
RegExr: Learn, Build, & Test RegEx
RegExr is an online tool to learn, build, & test Regular Expressions (RegEx / RegExp).
Maybe I should try to exclude LoginValidation.js for a while to see if it's really the problem and you're right I should not restrict the characters.
Just comment out
setErrors(Validation(values))
.But so far it there something wrong with my codes in server.js? I mean my query for login.
Though, actually, looking at your code, that should remove the error, but you won't get past the guard:
Since
errors
is initialized to an empty object, errors.username
& errors.password
will be undefined
.
To make it more flexible in several respects, I would change the guard to:
(!!undefined
is false
& so is !!''
, but !!'any non-empty string'
is true
.)
I'm pretty sure that a query returning zero rows is not an error.
So, if their password doesn't match it will just return no rows, but it won't be an error, so the login will always succeed.Wow, it works now. Thank very much!