diff --git a/account.js b/account.js index 2b7781a..b448104 100644 --- a/account.js +++ b/account.js @@ -22,7 +22,7 @@ function normalizeUser(user) { firstName: user.firstName || "", lastName: user.lastName || "", email: user.email || "", - password: user.password || "", + hashedPassword: user.hashedPassword || "", orders: Array.isArray(user.orders) ? user.orders : [], paymentMethods: Array.isArray(user.paymentMethods) ? user.paymentMethods : [] }; @@ -70,7 +70,14 @@ if (currentUser && currentUser.email) { } } -function registerUser() { +async function hashMessage(message) { + const msgBuffer = new TextEncoder().encode(message); // Encode as UTF-8 + const hashBuffer = await crypto.subtle.digest('SHA-256', msgBuffer); // Hash + const hashArray = Array.from(new Uint8Array(hashBuffer)); // Convert to bytes + return hashArray.map(b => b.toString(16).padStart(2, '0')).join(''); // Hex string +} + +async function registerUser() { const firstName = document.getElementById("reg-firstname")?.value.trim() || ""; const lastName = document.getElementById("reg-lastname")?.value.trim() || ""; const email = (document.getElementById("reg-email")?.value.trim() || "").toLowerCase(); @@ -92,11 +99,13 @@ function registerUser() { return; } + const hashedPassword = await hashMessage(password); + const newUser = { firstName, lastName, email, - password, + hashedPassword, orders: [], paymentMethods: [] }; @@ -113,12 +122,13 @@ function registerUser() { openAccountDashboard(); } -function loginUser() { +async function loginUser() { const email = (document.getElementById("login-email")?.value.trim() || "").toLowerCase(); const password = document.getElementById("login-password")?.value || ""; + const hashedPassword = await hashMessage(password); const user = users.find( - (entry) => entry.email.toLowerCase() === email && entry.password === password + (entry) => entry.email.toLowerCase() === email && entry.hashedPassword === hashedPassword ); if (!user) {