For example, if I want to change the password, I have an old password and a new password. The verification of the old password is separated from the change of the new password. How can I prevent the new password from being changed?
router.get('/:userid', function(req, res,next) {
if(req.session.userid){
return next();
}
res.redirect('/login');
});
router.get('/:userid', function(req,res,next){
User.find(req.session.userid,function(err,doc){
res.render('changepassword',{
userid: req.session.userid,
user:doc
});
});
});
router.post("/:userid",function(req,res) {
User.findOne({
name: req.session.userid,
pwd: req.body.oldpwd
}, function (err, doc) {
if (err) {
r.error = err;
return;
}
if (doc) {
console.log('success');
} else {
console.log('fail');
return;
}
res.json(r);
});
});
//不想使得当旧密码验证不成功的时候让以下代码执行
router.post("/:userid",function(req,res) {
var u = {
pwd :req.body.pwd
};
var userid = req.session.userid;
if(userid && '' != userid) {
User.findOneAndUpdate(userid,u,function(err, docs) {
console.log('modify-----'+ docs);
res.redirect('/');
});
}
});
Add next to the parameters of the callback function. If the verification is successful, next will be returned. If the verification fails, failure will be returned.
But they can actually be together, so why separate them? For example:
For reference:
1. router.post("/:userid",function(req,res) {
and
//We don’t want the following code to be executed when the old password verification fails
router.post("/:userid", function(req,res) {
It is a duplicate router. You need to put the following processing code (change the password) on it.
2. In addition, you can consider password.js for login management.
For reference.
Love MongoDB! Have fun!