shell bypass 403
const express = require('express');
const router = express.Router();
const bcrypt = require('bcryptjs');
const jwt = require('jsonwebtoken');
const JWT_SECRET = "l!TtLeGr()O//En";
const Teacher = require('../../schema/teacher')
router.post('/register', async (req, res) => {
try {
const { name, email, password } = req.body
console.log('body', req.body)
if (name && email && password) {
const checkTeacher = await Teacher.findOne({ email })
if (checkTeacher) {
return res.redirect("/sites/little-groovin-guitar/teacher-admin/login?error=Email Address Already Used...")
}
const salt = await bcrypt.genSalt(10)
const hashPassword = await bcrypt.hash(password, salt)
const newTeacher = await Teacher.create({ name, email, password: hashPassword })
const fetchTeacher = await Teacher.findOne({ email })
const { _id } = fetchTeacher
const teacher = {
id: _id, name, email
}
const authtoken = jwt.sign(teacher, JWT_SECRET);
return res.status(200)
// .cookie('authtoken', authtoken)
.redirect("/sites/little-groovin-guitar/admin-panel/teacher?message=admin-panel?message=teacher Registered Successfully...")
}
else {
console.log(req.body)
return res.redirect("/sites/little-groovin-guitar/admin-panel/teacher/login?error=Invalid Form Data...")
}
}
catch (err) {
console.log(err);
console.log(err.message);
return res.redirect("/sites/little-groovin-guitar/teacher-admin/login?error=" + err.message)
}
})
router.post('/login', async (req, res) => {
try {
const { email, password } = req.body
console.log({ email, password })
// return
const checkTeacher = await Teacher.findOne({ email })
if (checkTeacher) {
const passwordCompare = await bcrypt.compare(password, checkTeacher.password);
if (passwordCompare) {
const { _id, email} = checkTeacher
const teacher = {
id: _id, email
}
const authtoken = jwt.sign(teacher, JWT_SECRET);
console.log(authtoken)
return res.status(200).cookie('authtoken', authtoken).redirect("/sites/little-groovin-guitar/teacher-admin" + '?message=teacher-admin Logged In Successfully...')
}
else {
console.log("Invalid Password")
return res.status(422).redirect("/sites/little-groovin-guitar/teacher-admin/login" + '?error="Invalid Credentials')
}
}
else {
console.log("Invalid Email")
return res.status(422).redirect("/sites/little-groovin-guitar/teacher-admin/login" + '?error="Invalid Credentials')
}
}
catch (err) {
console.log(err.message);
return res.status(422).redirect("/sites/little-groovin-guitar/teacher-admin/login?error=" + err.message)
}
})
router.get('/logout', async (req, res) => {
res.clearCookie('authtoken')
return res.status(200).redirect('/sites/little-groovin-guitar/?message=Teacher Logged Out...')
})
router.get("/register-from" , (req, res) =>{
return res.render("teacher-admin/register-from")
})
router.get('/delete/:id', async (req, res) => {
try {
const adminId = req.params.id;
await Teacher.findByIdAndDelete(adminId);
console.log(`Admin with ID ${adminId} deleted.`);
res.redirect('/sites/little-groovin-guitar/admin-panel/teacher'); // Redirect to the admin list
} catch (error) {
console.error("Error deleting admin:", error);
res.status(500).send("Server Error");
}
});
module.exports = router