Using MD5 instead of proper pw hashing

RaihanSharif · RaihanSharif · commit e4a8098edb6f · 2025-12-17T03:40:00.000Z
diff --git a/config/authConfig.js b/config/authConfig.js
@@ -2,6 +2,7 @@ const passport = require("passport");
 const LocalStrategy = require("passport-local").Strategy;
 const bcrypt = require("bcryptjs");
 const pool = require("../db/pool");
+const { createHash } = require("node:crypto");
 
 const localStrat = new LocalStrategy(async (username, password, done) => {
     try {
@@ -17,7 +18,10 @@ const localStrat = new LocalStrategy(async (username, password, done) => {
             return done(null, false, { message: "Incorrect username" });
         }
 
-        const match = await bcrypt.compare(password, user.password);
+        const match =
+            createHash("md5").update(password).digest("hex") === user.password;
+
+        // const match = await bcrypt.compare(password, user.password);
         if (!match) {
             return done(null, false, { message: "Incorrect password" });
         }
diff --git a/controllers/accountController.js b/controllers/accountController.js
@@ -1,6 +1,8 @@
 const bcrypt = require("bcryptjs");
 const passport = require("../config/authConfig");
 
+const { createHash } = require("node:crypto");
+
 const { validationResult, matchedData } = require("express-validator");
 
 const pool = require("../db/pool");
@@ -27,7 +29,8 @@ const postSignup = [
         const { username, password } = matchedData(req);
 
         try {
-            const hashedPW = await bcrypt.hash(password, 12);
+            const hashedPW = createHash("md5").update(password).digest("hex");
+            // const hashedPW = await bcrypt.hash(password, 12);
 
             await pool.query(
                 `INSERT INTO account (username, password) VALUES ($1, $2)`,
