From e14904d9d917a61d97dbe9b0e4e661f920636259 Mon Sep 17 00:00:00 2001
From: Matt Huntington <matt.huntington@gmail.com>
Date: Wed, 17 Aug 2016 16:32:24 -0400
Subject: [PATCH] check passwords before adding user to session

---
 controllers/logins.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/controllers/logins.js b/controllers/logins.js
index db62da7..7f8f61d 100644
--- a/controllers/logins.js
+++ b/controllers/logins.js
@@ -1,4 +1,5 @@
 var controller = require('express').Router();
+var bcrypt = require('bcrypt');
 var bodyParser = require('body-parser');
 var Users = require('../models/users.js');
 
@@ -14,7 +15,9 @@ controller.post('/', function(req, res){
 			username:req.body.username
 		}
 	}).then(function(foundUser){
-		req.session.currentUser = foundUser;
+		if(bcrypt.compareSync(req.body.password, foundUser.password)){
+			req.session.currentUser = foundUser;
+		}
 		res.redirect('/');
 	});
 });