In this code, the first function is Findaccount()
that will find the email address in the database and the password that is present as a hash. So the CompareHashAndPassword()
compares the hash and password.
Now in the handler.go
file I have a function called loginData()
that will allow the user to log in. I have a problem here. I called database.Findaccount(email, password, hash)
function but it just verifies an email address and does not verify the
correct password, and give me the false
But if I call the function like this database.Findaccount(email, "1234", hash)
, it verifies both email and password.
How to solve this problem because I won't be able to remember each password.
func Findaccount(myEmail, myPassword, hash string) bool {
collection := Connect.Database("WebApp2").Collection("dataStored")
if err := collection.FindOne(context.TODO(), bson.M{"email": myEmail}).Decode(&Account); err != nil {
fmt.Println("Enter the correct email or password")
err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(myPassword))
return err == nil
func HashPassword(password string) (string, error) {
bytes, err := bcrypt.GenerateFromPassword([]byte(password), 14)
return string(bytes), err
func loginData(w http.ResponseWriter, r *http.Request) {
email := r.FormValue("email")
password := r.FormValue("password")
hash, _ := HashPassword(password)
match := database.Findaccount(email, password, hash) // here is a problem
if match == false {
} else {
As per documentation, this is the func schema of bycrypt.CompareHashAndPassword()
func CompareHashAndPassword(hashedPassword, password []byte) error
To use that, you need to place the hashedPassword
(which is the hashed password that you stored in the db) as the 1st parameter of the function call.
And then okace the password
from request param as the value of 2nd parameter.
func loginData(w http.ResponseWriter, r *http.Request) {
email := r.FormValue("email")
password := r.FormValue("password")
match := database.Findaccount(email, password)
if match == false {
} else {
func Findaccount(myEmail, myPassword string) bool {
collection := Connect.Database("WebApp2").Collection("dataStored")
if err := collection.FindOne(context.TODO(), bson.M{"email": myEmail}).Decode(&Account); err != nil {
fmt.Println("Enter the correct email or password")
err := bcrypt.CompareHashAndPassword([]byte(Account.Password), []byte(myPassword))
return err == nil
See on the Findaccount()
, the first param of statement bcrypt.CompareHashAndPassword()
is filled by Account.Password
which is the hashed password stored on the db.