javascriptnode.jsundefinedundefined-variable

ReferenceError: hash is not defined in node.js

i am making a login system and using bcrypt to hash passwords. But now when i try to login i got this error that says that ReferenceError: hash is not defined.I will be thankful if anyone can help me and tell me where and how to declare hash. This is my login.js code.

var mysql = require('mysql');
var express = require('express');
var session = require('express-session');
var bodyParser = require('body-parser');
var bcrypt= require('bcrypt');
var path = require('path');
var connection = mysql.createConnection({
    host     : 'localhost',
    user     : 'root',
    password : 'sahoolat1',
    database : 'fyp_sahoolat'
});
var app = express();
app.use(session({
    secret: 'secret',
    resave: true,
    saveUninitialized: true
}));
app.use(bodyParser.urlencoded({extended : true}));
app.use(bodyParser.json());
app.get('/', function(request, response) {
    response.sendFile(path.join(__dirname + '/welcome.html'));
});
app.post('/auth', function(request, response) {
    var number = request.body.number;
    var password = request.body.pwd;
    
    if (number && password) {
        bcrypt.compare(password, hash, function(err, result) {
        connection.query('SELECT fyp_helpers.Mobile_number AS number FROM fyp_helpers WHERE Mobile_number = ? AND Password = ? UNION SELECT fyp_employers.Employer_Contact AS number FROM fyp_employers WHERE Employer_Contact = ? AND Employer_Password = ?', [number, password, number, password], function(error, results, fields) {
            if (error) {
                console.error("An error occurred:", error);
                response.send('Oops, something went wrong!');
            } else if (results.length > 0) {
                request.session.loggedin = true;
                request.session.number = number;
                response.redirect('/home');
            } else {
                 response.send('Incorrect Username and/or Password!');
            }           
            response.end();
        });

    });
}
        else {
        response.send('Please enter Username and Password!');
        response.end();
    }

});
app.get('/home', function(request, response) {
    if (request.session.loggedin) {
        response.send('Welcome back, ' + request.session.number + '!');
    } else {
        response.send('Please login to view this page!');
    }
    response.end();
});
app.listen(3000);

This is full error :

ReferenceError: hash is not defined
    at C:\Users\palwasha\sahoolat-master\login.js:29:31
    at Layer.handle [as handle_request] (C:\Users\palwasha\sahoolat-master\node_modules\express\lib\router\layer.js:95:5)
    at next (C:\Users\palwasha\sahoolat-master\node_modules\express\lib\router\route.js:137:13)
    at Route.dispatch (C:\Users\palwasha\sahoolat-master\node_modules\express\lib\router\route.js:112:3)
    at Layer.handle [as handle_request] (C:\Users\palwasha\sahoolat-master\node_modules\express\lib\router\layer.js:95:5)
    at C:\Users\palwasha\sahoolat-master\node_modules\express\lib\router\index.js:281:22
    at Function.process_params (C:\Users\palwasha\sahoolat-master\node_modules\express\lib\router\index.js:335:12)
    at next (C:\Users\palwasha\sahoolat-master\node_modules\express\lib\router\index.js:275:10)
    at jsonParser (C:\Users\palwasha\sahoolat-master\node_modules\body-parser\lib\types\json.js:101:7)
    at Layer.handle [as handle_request] (C:\Users\palwasha\sahoolat-master\node_modules\express\lib\router\layer.js:95:5)
Solution

  • bcrypt.compare(password, hash, callback)

    bcrypt.compare expects 3 parameters

    1. The entered password which is request.body.pwd in your case

    2. The password which you are comparing with request.body.pwd which is usually stored in database

    3. Callback which will be called after comparison

    In your case, you are not providing any hashed password that's why the error is showing

    Please Check documentation here https://www.npmjs.com/package/bcrypt

    I recommend using following code to verify password

        if (number && password) {
    var sql = `SELECT 
            fyp_helpers.Mobile_number AS number,
            fyp_helpers.Password AS  Password
        FROM fyp_helpers 
        WHERE Mobile_number = ? 
    UNION 
        SELECT 
            fyp_employers.Employer_Contact AS number ,
            fyp_employers.Employer_Password AS Employer_Password
        FROM fyp_employers 
        WHERE Employer_Contact = ?`;
    connection.query(sql, [number, number], function (error, results, fields) {
        if (results.length > 0) {
            var hashedPassword = result[0].Password;
            bcrypt.compare(password, hashedPassword, function (cryptErr, cryptResult) {
                if (cryptResult) {
                    request.session.loggedin = true;
                    request.session.number = number;
                    response.redirect('/home');
                } else {
                    response.send('Incorrect Password!');
                    console.log(cryptErr);
                }
                response.end();
            });
        } else {
            response.send('User not registered');
        }
    });
}

    Hope this helps