mannpatel/Campus-Plug
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed signup bug

Browse Source
This commit is contained in:
estherdev03
2025-03-19 04:10:41 -06:00
parent c75fa01392
commit 1e17449c45
3 changed files with 168 additions and 215 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
backend/controllers/product.js
View File

@@ -1,42 +1,42 @@
const db = require("../utils/database"); const db = require("../utils/database");
exports.addToFavorite = (req, res) => { exports.addToFavorite = async (req, res) => {
const { userID, productsID } = req.body; const { userID, productsID } = req.body;
try {
// Use parameterized query to prevent SQL injection // Use parameterized query to prevent SQL injection
db.execute( const [result] = await db.execute(
"INSERT INTO Favorites (UserID, ProductID) VALUES (?, ?)", "INSERT INTO Favorites (UserID, ProductID) VALUES (?, ?)",
[userID, productsID], [userID, productsID]
(err, result) => { );
if (err) {
console.error("Error adding favorite product:", err);
return res.json({ error: "Could not add favorite product" });
}
res.json({ res.json({
success: true, success: true,
message: "Product added to favorites successfully", message: "Product added to favorites successfully",
}); });
} catch (error) {
console.error("Error adding favorite product:", error);
return res.json({ error: "Could not add favorite product" });
} }
);
}; };
//Get all products //Get all products
exports.getAllProducts = (req, res) => { exports.getAllProducts = async (req, res) => {
const query = "SELECT * FROM Product"; try {
db.execute(query, (err, data) => { const [data, fields] = await db.execute("SELECT * FROM Product");
if (err) {
console.error("Error finding user:", err);
return res.status(500).json({
found: false,
error: "Database error occurred",
});
}
res.json({ res.json({
success: true, success: true,
message: "Product added to favorites successfully", message: "Product added to favorites successfully",
data, data,
}); });
} catch (error) {
console.error("Error finding user:", error);
return res.status(500).json({
found: false,
error: "Database error occurred",
}); });
}
}; };
// db_con.query( // db_con.query(

202
backend/controllers/user.js
View File

@@ -17,58 +17,39 @@ exports.sendVerificationCode = async (req, res) => {
); );
// Check if email already exists in verification table // Check if email already exists in verification table
db.execute( const [results, fields] = await db.execute(
"SELECT * FROM AuthVerification WHERE Email = ?", "SELECT * FROM AuthVerification WHERE Email = ?",
[email], [email]
async (err, results) => { );
if (err) {
console.error("Database error:", err);
return res.status(500).json({ error: "Database error" });
}
if (results.length > 0) { if (results.length > 0) {
// Update existing record // Update existing record
db.execute( const [result] = await db.execute(
`UPDATE AuthVerification SET VerificationCode = ?, Authenticated = FALSE, Date = CURRENT_TIMESTAMP `UPDATE AuthVerification SET VerificationCode = ?, Authenticated = FALSE, Date = CURRENT_TIMESTAMP
WHERE Email = ?`, WHERE Email = ?`,
[verificationCode, email], [verificationCode, email]
async (err) => { );
if (err) {
console.error("Database error:", err);
return res.status(500).json({ error: "Database error" });
}
// Send email and respond // Send email and respond
await sendVerificationEmail(email, verificationCode); await sendVerificationEmail(email, verificationCode);
res.json({ success: true, message: "Verification code sent" }); res.json({ success: true, message: "Verification code sent" });
}
);
} else { } else {
// Insert new record // Insert new record
db.execute( const [result] = await db.execute(
"INSERT INTO AuthVerification (Email, VerificationCode, Authenticated) VALUES (?, ?, FALSE)", "INSERT INTO AuthVerification (Email, VerificationCode, Authenticated) VALUES (?, ?, FALSE)",
[email, verificationCode], [email, verificationCode]
async (err) => { );
if (err) {
console.error("Database error:", err);
return res.status(500).json({ error: "Database error" });
}
// Send email and respond // Send email and respond
await sendVerificationEmail(email, verificationCode); await sendVerificationEmail(email, verificationCode);
res.json({ success: true, message: "Verification code sent" }); res.json({ success: true, message: "Verification code sent" });
} }
);
}
}
);
} catch (error) { } catch (error) {
console.error("Error:", error); console.error("Error:", error);
res.status(500).json({ error: "Server error" }); res.status(500).json({ error: "Server error" });
} }
}; };
exports.verifyCode = (req, res) => { exports.verifyCode = async (req, res) => {
const { email, code } = req.body; const { email, code } = req.body;
if (!email || !code) { if (!email || !code) {
@@ -77,16 +58,12 @@ exports.verifyCode = (req, res) => {
console.log(`Attempting to verify code for ${email}: ${code}`); console.log(`Attempting to verify code for ${email}: ${code}`);
try {
// Check verification code // Check verification code
db.execute( const [results, fields] = await db.execute(
"SELECT * FROM AuthVerification WHERE Email = ? AND VerificationCode = ? AND Authenticated = 0 AND Date > DATE_SUB(NOW(), INTERVAL 15 MINUTE)", "SELECT * FROM AuthVerification WHERE Email = ? AND VerificationCode = ? AND Authenticated = 0 AND Date > DATE_SUB(NOW(), INTERVAL 15 MINUTE)",
[email, code], [email, code]
(err, results) => { );
if (err) {
console.error("Database error:", err);
return res.status(500).json({ error: "Database error" });
}
if (results.length === 0) { if (results.length === 0) {
console.log(`Invalid or expired verification code for email ${email}`); console.log(`Invalid or expired verification code for email ${email}`);
return res return res
@@ -97,71 +74,53 @@ exports.verifyCode = (req, res) => {
const userId = results[0].UserID; const userId = results[0].UserID;
// Mark as authenticated // Mark as authenticated
db.execute( const [result] = await db.execute(
"UPDATE AuthVerification SET Authenticated = TRUE WHERE Email = ?", "UPDATE AuthVerification SET Authenticated = TRUE WHERE Email = ?",
[email], [email]
(err) => { );
if (err) {
console.error("Database error:", err);
return res.status(500).json({ error: "Database error" });
}
console.log(`Email ${email} successfully verified`);
res.json({ res.json({
success: true, success: true,
message: "Verification successful", message: "Verification successful",
userId, userId,
}); });
} catch (error) {
console.log("Error: ", error);
res.status(500).json({ error: "Database error!" });
} }
);
}
);
}; };
exports.completeSignUp = (req, res) => { exports.completeSignUp = async (req, res) => {
const data = req.body; const data = req.body;
db.execute( try {
`SELECT * FROM AuthVerification WHERE Email = '${data.email}' AND Authenticated = 1;`, const [results, fields] = await db.execute(
(err, results) => { `SELECT * FROM AuthVerification WHERE Email = ? AND Authenticated = 1;`,
if (err) { [data.email]
console.error("Database error:", err); );
return res.status(500).json({ error: "Database error" });
}
if (results.length === 0) { if (results.length === 0) {
return res.status(400).json({ error: "Email not verified" }); return res.status(400).json({ error: "Email not verified" });
} }
// Create the user // Create the user
db.execute( const [createResult] = await db.execute(
`INSERT INTO User (Name, Email, UCID, Password, Phone, Address) `INSERT INTO User (Name, Email, UCID, Password, Phone, Address)
VALUES ('${data.name}', '${data.email}', '${data.UCID}', '${data.password}', '${data.phone}', '${data.address}')`, VALUES ('${data.name}', '${data.email}', '${data.UCID}', '${data.password}', '${data.phone}', '${data.address}')`
(err, result) => { );
if (err) {
console.error("Error creating user:", err);
return res.status(500).json({ error: "Could not create user" });
}
// Insert role using the user's ID // Insert role using the user's ID
db.execute( const [insertResult] = await db.execute(
`INSERT INTO UserRole (UserID, Client, Admin) `INSERT INTO UserRole (UserID, Client, Admin)
VALUES (LAST_INSERT_ID(), ${data.client || true}, ${ VALUES (LAST_INSERT_ID(), ${data.client || true}, ${
data.admin || false data.admin || false
})`, })`
(roleErr) => { );
if (roleErr) {
console.error("Error creating role:", roleErr);
return res.status(500).json({ error: "Could not create role" });
}
// Delete verification record // Delete verification record
db.execute( const [deleteResult] = await db.execute(
`DELETE FROM AuthVerification WHERE Email = '${data.email}'`, `DELETE FROM AuthVerification WHERE Email = '${data.email}'`
(deleteErr) => { );
if (deleteErr) {
console.error("Error deleting verification:", deleteErr);
}
res.json({ res.json({
success: true, success: true,
message: "User registration completed successfully", message: "User registration completed successfully",
@@ -169,27 +128,23 @@ exports.completeSignUp = (req, res) => {
email: data.email, email: data.email,
UCID: data.UCID, UCID: data.UCID,
}); });
} catch (error) {
console.log("Error: ", error);
res.status(500).json({ error: "Database error!" });
} }
);
}
);
}
);
}
);
}; };
exports.getAllUser = (req, res) => { exports.getAllUser = async (req, res) => {
db.execute("SELECT * FROM User;", (err, data) => { try {
if (err) { const [users, fields] = await db.execute("SELECT * FROM User;");
console.error("Errors: ", err); res.json({ Users: users });
} catch (error) {
console.error("Errors: ", error);
return res.status(500).json({ error: "\nCould not fetch users!" }); return res.status(500).json({ error: "\nCould not fetch users!" });
} }
res.json({ Users: data });
});
}; };
exports.findUserByEmail = (req, res) => { exports.findUserByEmail = async (req, res) => {
const { email } = req.body; const { email } = req.body;
// Input validation // Input validation
@@ -200,16 +155,10 @@ exports.findUserByEmail = (req, res) => {
}); });
} }
try {
// Query to find user with matching email and password // Query to find user with matching email and password
const query = "SELECT * FROM User WHERE email = ?"; const query = "SELECT * FROM User WHERE email = ?";
db.execute(query, [email], (err, data) => { const [data, fields] = await db.execute(query, [email]);
if (err) {
console.error("Error finding user:", err);
return res.status(500).json({
found: false,
error: "Database error occurred",
});
}
// Check if user was found // Check if user was found
if (data && data.length > 0) { if (data && data.length > 0) {
@@ -235,10 +184,16 @@ exports.findUserByEmail = (req, res) => {
error: "Invalid email or password", error: "Invalid email or password",
}); });
} }
} catch (error) {
console.error("Error finding user:", error);
return res.status(500).json({
found: false,
error: "Database error occurred",
}); });
}
}; };
exports.updateUser = (req, res) => { exports.updateUser = async (req, res) => {
const { userId, ...updateData } = req.body; const { userId, ...updateData } = req.body;
if (!userId) { if (!userId) {
@@ -264,48 +219,45 @@ exports.updateUser = (req, res) => {
// Add userId to values array // Add userId to values array
values.push(userId); values.push(userId);
try {
const query = `UPDATE User SET ${updateFields.join(", ")} WHERE UserID = ?`; const query = `UPDATE User SET ${updateFields.join(", ")} WHERE UserID = ?`;
const [updateResult] = await db.execute(query, values);
db.execute(query, values, (err, result) => { if (updateResult.affectedRows === 0) {
if (err) {
console.error("Error updating user:", err);
return res.status(500).json({ error: "Could not update user" });
}
if (result.affectedRows === 0) {
return res.status(404).json({ error: "User not found" }); return res.status(404).json({ error: "User not found" });
} }
res.json({ success: true, message: "User updated successfully" }); res.json({ success: true, message: "User updated successfully" });
}); } catch (error) {
console.error("Error updating user:", error);
return res.status(500).json({ error: "Could not update user" });
}
}; };
exports.deleteUser = (req, res) => { exports.deleteUser = async (req, res) => {
const { userId } = req.body; const { userId } = req.body;
if (!userId) { if (!userId) {
return res.status(400).json({ error: "User ID is required" }); return res.status(400).json({ error: "User ID is required" });
} }
try {
// Delete from UserRole first (assuming foreign key constraint) // Delete from UserRole first (assuming foreign key constraint)
db.execute("DELETE FROM UserRole WHERE UserID = ?", [userId], (err) => { const [result1] = await db.execute(
if (err) { "DELETE FROM UserRole WHERE UserID = ?",
console.error("Error deleting user role:", err); [userId]
return res.status(500).json({ error: "Could not delete user role" }); );
}
// Then delete from User table // Then delete from User table
db.execute("DELETE FROM User WHERE UserID = ?", [userId], (err, result) => { const [result2] = await db.execute("DELETE FROM User WHERE UserID = ?", [
if (err) { userId,
console.error("Error deleting user:", err); ]);
return res.status(500).json({ error: "Could not delete user" });
}
if (result.affectedRows === 0) { if (result2.affectedRows === 0) {
return res.status(404).json({ error: "User not found" }); return res.status(404).json({ error: "User not found" });
} }
res.json({ success: true, message: "User deleted successfully" }); res.json({ success: true, message: "User deleted successfully" });
}); } catch (error) {
}); console.error("Error: ", error);
return res.status(500).json({ error: "Could not delete user!" });
}
}; };

3
backend/utils/database.js
View File

@@ -1,6 +1,6 @@
const mysql = require("mysql2"); const mysql = require("mysql2");
//Create a pool of connection to allow multiple query happen at the same time //Create a pool of connections to allow multiple query happen at the same time
const pool = mysql.createPool({ const pool = mysql.createPool({
host: "localhost", host: "localhost",
user: "root", user: "root",
@@ -8,4 +8,5 @@ const pool = mysql.createPool({
password: "12345678", password: "12345678",
}); });
//Export a promise for promise-based query
module.exports = pool.promise(); module.exports = pool.promise();