How user registration and login works?

✅1.User Registration: How Data is Saved in DB

🔹 Frontend (e.g., React Form)

The user fills a registration form:

{
  name: "Avinash",
  email: "avi@example.com",
  password: "MySecurePassword123"
}

🔹 Backend (Node.js + Express example)

  1. Receive form data in an API endpoint:

app.post("/register", async (req, res) => {
  const { name, email, password } = req.body;
  ...
});

  1. Check if user already exists:

const existingUser = await User.findOne({ email });
if (existingUser) {
  return res.status(400).json({ message: "User already exists" });
}

  1. Hash the password using bcrypt:

const bcrypt = require("bcrypt");
const saltRounds = 10;
const hashedPassword = await bcrypt.hash(password, saltRounds);

  1. Save the user in the database (MongoDB):

const newUser = new User({ name, email, password: hashedPassword });
await newUser.save();
res.status(201).json({ message: "User registered successfully" });

✅ 🔐 Result:

Only the hashed version of the password is saved in the database:

{
  "_id": "12345",
  "name": "Avinash",
  "email": "avi@example.com",
  "password": "$2b$10$eJx12345fK...encryptedHash"
}

2. User Login: How Identity is Verified

🔹 Frontend:

User submits login form:

{
  email: "avi@example.com",
  password: "MySecurePassword123"
}

🔹 Backend:

  1. Find user by email:

const user = await User.findOne({ email });
if (!user) {
  return res.status(401).json({ message: "Invalid credentials" });
}

  1. Compare entered password with hashed one:

const isMatch = await bcrypt.compare(req.body.password, user.password);
if (!isMatch) {
  return res.status(401).json({ message: "Invalid credentials" });
}

  1. Create a session or JWT (JSON Web Token):

const jwt = require("jsonwebtoken");
const token = jwt.sign({ id: user._id }, "your_jwt_secret", { expiresIn: "1d" });
res.json({ message: "Login successful", token });

3. What Happens Behind the Scenes

Step Purpose
Hashing Irreversibly encrypts the password, making it unreadable. Even if database is hacked, attacker can't get real passwords.
Salting Adds random characters to the password before hashing, to prevent dictionary and rainbow table attacks.
JWT Token Used to authenticate the user in future requests, proving identity without saving sessions on the server.
Token Verification Every protected API checks token validity before responding to the user.

✅ Example MongoDB User Record:

{
  "_id": "64a123456789",
  "name": "Avinash",
  "email": "avi@example.com",
  "password": "$2b$10$aGjDqrGrV2ZhRjeqxkYMEuX/9QKv.aa5kIvga4X0fJtVSkRz.kPu6"
}

🔐 Summary:

Feature Description
Hashing Password is hashed using bcrypt, never stored in plain text.
Verification On login, bcrypt compares hash of input password with stored one.
JWT or Sessions Authenticated users receive a token to access protected resources.


User Registration and Login Flow

 User Registration : 
Through frontend like register page collect the data like the name/username, email, password

eg: 

{

  name: "Avinash",

  email: "avi@example.com",

  password: "MySecurePassword123"

}

user fill these all data and hit on the submit buttom.
Then through the regsiter api it reach to the backend part 
where controller already write what to do when user send these api request 
ex:
app.post("/register", async (req, res) => {
  const { name, email, password } = req.body;
  ...
});

and also check or validate the user register is already register or not 
for this we handle from this
const existingUser = await User.findOne({ email });
if (existingUser) {
  return res.status(400).json({ message: "User already exists" });
}

if new user then first bcrypt the password of user 1st
ex:
const bcrypt = require("bcrypt");
const saltRounds = 10;
const hashedPassword = await bcrypt.hash(password, saltRounds);

https://unhealthyirreparable.com/cit2c8ca?key=7566cfdb82de49ba4912160b26b7621f
after this user need to save in the database for the future login
ex:
const newUser = new User({ name, email, password: hashedPassword });
await newUser.save();
res.status(201).json({ message: "User registered successfully" });

now save data in database is like
{
  "_id": "12345",
  "name": "Avinash",
  "email": "avi@example.com",
  "password": "$2b$10$eJx12345fK...encryptedHash"
}

now user has to login 
Through the frontend part login with email id , password
ex:
{
  email: "avi@example.com",
  password: "MySecurePassword123"
}

and hit login button the through api this data reach to the backend part
where find is user present through the email id
ex:
const user = await User.findOne({ email });
if (!user) {
  return res.status(401).json({ message: "Invalid credentials" });
}

ones the find the user then create session which help the user to authetication in future requests
example;
{
  "_id": "64a123456789",
  "name": "Avinash",
  "email": "avi@example.com",
  "password": "$2b$10$aGjDqrGrV2ZhRjeqxkYMEuX/9QKv.aa5kIvga4X0fJtVSkRz.kPu6"
}




🌍 Explore Our Projects

Project Link
🎬 Telegram Bot https://tpi.li/nXPuWjXk
🍿 Movie Website https://cine-link-hub.vercel.app/
📝 Blogging Platform https://studio--blogger-showcase.us-central1.hosted.app/
💍 ShaadiCraft Page ShaadiCraft

Comments

Post a Comment

Popular posts from this blog

How to Upload Your Local Project to GitHub Properly

Image
How to Upload Your Local Project to GitHub – Step-by-Step Guide  📂 How I Learned the Right Way to Upload a Project to GitHub (From My College Mistake) 🏫 The College Phase: Uploading Projects to GitHub… the Wrong Way When I was in college, like many students, I worked on small development projects — web apps, Java-based tools, and mini full-stack apps. Back then, seniors and recruiters would often ask: “Do you have a GitHub link for your projects?” So I did what most beginners do: I created a new repository on GitHub. Then, I clicked Upload Files . I dragged and dropped my entire project folder . And hit “Commit”. Done, right? Well... not exactly . ❌ Why That Was the Wrong Way At first glance, it looked fine — my code was there on GitHub. But: There was no commit history Git wasn’t tracking actual changes over time No .gitignore file — so unnecessary files were also uploaded If I cloned it somewhere else, setup was messy Worse, I coul...
Read more

YouTube Videos, Translation, AI Tools Aur Hindi Mein Dekhne Ka Experience

  YouTube Videos, Translation, AI Tools Aur Hindi Mein Dekhne Ka Experience  Introduction Aaj kal har koi YouTube pe videos dekhta hai—tutorials, funny clips, interviews, ya podcasts. Lekin jab content English mein ho aur aapko Hindi mein samajhna ho, toh kya options hain? Language barrier content enjoy karne mein bada hurdle ho sakta hai, especially jab video English mein ho aur aapko Hindi mein samajhna ho ya Hindi audio chahiye. Is blog mein hum yehi samjhenge ki aap English YouTube video ko Hindi mein kaise dekh sakte hain ya sun sakte hain, kaun-kaun se AI tools available hain, aur kya limitations hain real life usage mein. YouTube Video Dekhne Mein Language Problem YouTube duniya ka sabse bada video platform hai—yahan har topic, har language, har audience ke liye kuch na kuch available hai. Lekin jab: Video English ya kisi aur language mein ho https://unhealthyirreparable.com/cit2c8ca?key=7566cfdb82de49ba4912160b26b7621f User ko Hindi mein content ch...
Read more

How to Build a Telegram Bot Using Node.js – Step-by-Step Guide

Image
How to Build a Telegram Bot Using Node.js – Step-by-Step Guide   Creating your own Telegram bot is easier than you think. In this guide, I’ll walk you through the complete process — from setting up your bot with BotFather , writing the bot using Node.js , to deploying it live 24/7 using Render . username: tns_server_error_bot 🧭 Step 1: Create a Bot on Telegram Using BotFather Open Telegram app In the search bar, type: BotFather Start the chat and type /start Then type /newbot and follow the steps: Choose a name for your bot (e.g., TNS Server Bot ) Choose a username that must end with _bot (e.g., tns_server_error_bot ) Copy the HTTP API token that BotFather gives you — we’ll use this later in our .env file. 💻 Step 2: Set Up Y our Project in VS Code (or Cursor) Open your preferred IDE (I used Cursor but you can use VS Code) Create a new folder for your project: mkdir tns_server_error_bot cd tns_server_error_bot Initiali...
Read more