3

Here I use bcryptjs library to encrypt my password, Its works fine when i insert into db but its returns false every time to compare same password which i insert in DB. Here is my code.. Please tell me where i am wrong.

This code for inserting hash password in DB , It works perfect

     bcrypt.hash(insertData.Password, 10, function(err, hash) {
            // Store hash in your password DB.
            console.log('hash' , hash)
            insertData.Password = hash;

            insertIntoDB(table,insertData,function(result){
                if(result && result.length > 0){
                        res.json({
                            "status":"1",
                            "result":result[0]._id
                        });
                }
            });
     });

And Here is code for compare password but it always returns false.

var actualPass = results[0].Password //Store in DB password
bcrypt.hash(UserInputPassword, 10, function(err, hash) {
        console.log('hash' , hash)

        bcrypt.compare(actualPass, hash, function(err, response) {
            if(err){
                 console.log("err",err)
             }else{
                 console.log("response",response)                               
             }

        });
 });
Improve this question
2
  • Did you try compare()'ing actualPass against the hash from the database (e.g. insertData.Password) instead of a newly generated hash? Commented Jul 5, 2014 at 6:37
  • yes i try , here is my code you can check it. But i dont know How it works.. Commented Jul 5, 2014 at 6:39

1 Answer 1

Reset to default
10

When you compare(), you need to pass in the plaintext value as the first argument and the hash from your database as the second argument. For example:

var hashFromDB = '$2a$10$foo';
var plainPassFromUser = 'mypassword';

bcrypt.compare(plainPassFromUser, hashFromDB, function(err, matches) {
  if (err)
    console.log('Error while checking password');
  else if (matches)
    console.log('The password matches!');
  else
    console.log('The password does NOT match!');
});

You also don't need to bcrypt.hash() a second time before compare(). Just once when you're inserting into the database.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.