Skip to content

fix(auth): correct localStorage boolean type mismatch causing auth bypass #19

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
KGFCH2 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(auth): correct localStorage boolean type mismatch causing auth bypass #19

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
171 changes: 122 additions & 49 deletions log/login.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,49 +1,122 @@
document.addEventListener("DOMContentLoaded", () => {
const loginForm = document.getElementById("loginForm");
const registerForm = document.getElementById("registerForm");

// Check if user is already logged in, redirect to home if true
if (window.location.pathname.includes("login.html") && localStorage.getItem("isLoggedIn") === true) {
window.location.href = "../home.html";
}

// Login Form Submission
if (loginForm) {
loginForm.addEventListener("submit", (e) => {
e.preventDefault();
const email = document.getElementById("email").value;
const password = document.getElementById("password").value;

const storedUser = JSON.parse(localStorage.getItem("user"));

if (storedUser && storedUser.email === email && storedUser.password === password) {
localStorage.setItem("isLoggedIn", "true"); // Mark user as logged in
alert("Login successful! Redirecting to Home...");
window.location.href = "../home.html"; // Redirect to home page
}
else {
alert("Invalid email or password.");
}
});
}

// Registration Form Submission
if (registerForm) {
registerForm.addEventListener("submit", (e) => {
e.preventDefault();
const fullname = document.getElementById("fullname").value;
const email = document.getElementById("email").value;
const password = document.getElementById("password").value;

if (fullname && email && password) {
const user = { fullname, email, password };
localStorage.setItem("user", JSON.stringify(user)); // Save user in localStorage

alert("Registration successful! Redirecting to login...");
window.location.href = "login.html"; // Redirect to login page
} else {
alert("Please fill out all fields.");
}
});
}
});
/**
* login.js — LearnSphere Authentication Logic
*
* Handles login and registration form submission using localStorage.
* Note: This is a client-side demo implementation. In production,
* authentication must be handled server-side with hashed passwords
* and proper session management.
*/

document.addEventListener("DOMContentLoaded", () => {
const loginForm = document.getElementById("loginForm");
const registerForm = document.getElementById("registerForm");

// BUG FIX: localStorage always returns strings, never booleans.
// Previously: localStorage.getItem("isLoggedIn") === true → always false
// Fixed: localStorage.getItem("isLoggedIn") === "true" → correct
if (
window.location.pathname.includes("login.html") &&
localStorage.getItem("isLoggedIn") === "true"
) {
window.location.href = "../home.html";
return; // Prevent further execution after redirect
}

// ── Login Form ──────────────────────────────────────────────────
if (loginForm) {
loginForm.addEventListener("submit", (e) => {
e.preventDefault();

const email = document.getElementById("email").value.trim();
const password = document.getElementById("password").value;

if (!email || !password) {
showError("Please fill in all fields.");
return;
}

const storedUser = JSON.parse(localStorage.getItem("user"));

if (
storedUser &&
storedUser.email === email &&
storedUser.password === password
) {
localStorage.setItem("isLoggedIn", "true"); // Store as string "true"
window.location.href = "../home.html";
} else {
showError("Invalid email or password. Please try again.");
}
});
}

// ── Registration Form ────────────────────────────────────────────
if (registerForm) {
registerForm.addEventListener("submit", (e) => {
e.preventDefault();

const fullname = document.getElementById("fullname").value.trim();
const email = document.getElementById("email").value.trim();
const password = document.getElementById("password").value;

if (!fullname || !email || !password) {
showError("Please fill out all fields.");
return;
}

if (password.length < 6) {
showError("Password must be at least 6 characters.");
return;
}

const user = { fullname, email, password };
localStorage.setItem("user", JSON.stringify(user));

// Show success before redirecting
showSuccess("Account created! Redirecting to login...");
setTimeout(() => {
window.location.href = "login.html";
}, 1500);
});
}
});

/**
* Displays an inline error message instead of using alert().
* @param {string} message
*/
function showError(message) {
let errorEl = document.getElementById("auth-error");
if (!errorEl) {
errorEl = document.createElement("p");
errorEl.id = "auth-error";
errorEl.setAttribute("role", "alert");
errorEl.setAttribute("aria-live", "assertive");
errorEl.style.cssText =
"color:#ff6b6b;font-size:0.9rem;margin-top:10px;font-weight:bold;";
const form = document.querySelector("form");
if (form) form.appendChild(errorEl);
}
errorEl.textContent = message;
errorEl.style.display = "block";
}

/**
* Displays an inline success message instead of using alert().
* @param {string} message
*/
function showSuccess(message) {
let successEl = document.getElementById("auth-success");
if (!successEl) {
successEl = document.createElement("p");
successEl.id = "auth-success";
successEl.setAttribute("role", "status");
successEl.setAttribute("aria-live", "polite");
successEl.style.cssText =
"color:#66fcf1;font-size:0.9rem;margin-top:10px;font-weight:bold;";
const form = document.querySelector("form");
if (form) form.appendChild(successEl);
}
successEl.textContent = message;
successEl.style.display = "block";
}