rishima17 · YLaxmikanth · Jun 23, 2026
diff --git a/lecture-pulse/package-lock.json b/lecture-pulse/package-lock.json
diff --git a/lecture-pulse/package.json b/lecture-pulse/package.json
@@ -12,6 +12,7 @@
   "dependencies": {
     "@radix-ui/react-slot": "^1.2.4",
     "@tailwindcss/vite": "^4.1.18",
+    "bcryptjs": "^3.0.3",
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",
     "framer-motion": "^12.23.26",

diff --git a/lecture-pulse/src/context/AuthContext.jsx b/lecture-pulse/src/context/AuthContext.jsx
@@ -1,5 +1,6 @@
 import { createContext, useContext, useState } from "react";
 import { getCurrentTeacher } from "@/utils/storage";
+import bcrypt from "bcryptjs";
 
 const AuthContext = createContext();
 
@@ -9,7 +10,7 @@ export function AuthProvider({ children }) {
   });
   const [loading] = useState(false);
 
-  const login = (teacherId, password) => {
+  const login = async (teacherId, password) => {
     // Hackathon Logic: Retrieve from array of teachers or single object?
     // Let's assume we store a "teachers" object in LS: { [id]: { password, name } }
 
@@ -18,7 +19,30 @@ export function AuthProvider({ children }) {
 
     const user = teachers[teacherId];
 
-    if (user && user.password === password) {
+    let isValidPassword = false;
+    if (user) {
+      const isHashed =
+        typeof user.password === "string" &&
+        user.password.startsWith("$2");
+      if (isHashed) {
+        isValidPassword = await bcrypt.compare(
+          password,
+          user.password
+        );
+      } else {
+        isValidPassword = user.password === password;
+        // Auto-migrate plaintext passwords
+        if (isValidPassword) {
+          user.password = await bcrypt.hash(password, 10);
+          localStorage.setItem(
+            "lecturePulse_teachers_db",
+            JSON.stringify(teachers)
+          );
+        }
+      }
+    }
+
+    if (user && isValidPassword) {
       const sessionUser = { 
         id: teacherId, 
         name: user.name,
@@ -35,15 +59,22 @@ export function AuthProvider({ children }) {
     }
   };
 
-  const register = (name, teacherId, password) => {
+  const register = async (name, teacherId, password) => {
       const teachersFn = localStorage.getItem("lecturePulse_teachers_db");
       const teachers = teachersFn ? JSON.parse(teachersFn) : {};
 
       if (teachers[teacherId]) {
           return { success: false, message: "Teacher ID already exists." };
       }
 
-      teachers[teacherId] = { name, password };
+      const hashedPassword = await bcrypt.hash(
+        password,
+        10
+      );
+      teachers[teacherId] = {
+        name,
+        password: hashedPassword,
+      };
       localStorage.setItem("lecturePulse_teachers_db", JSON.stringify(teachers));
 
       // Auto login

diff --git a/lecture-pulse/src/pages/Login.jsx b/lecture-pulse/src/pages/Login.jsx
@@ -30,12 +30,12 @@ export default function Login() {
     await new Promise((resolve) => setTimeout(resolve, 800));
     let result;
     if (isLogin) {
-      result = login(formData.teacherId, formData.password);
+      result = await login(formData.teacherId, formData.password);
     } else {
       if (!formData.name) {
         result = { success: false, message: "Name is required." };
       } else {
-        result = register(formData.name, formData.teacherId, formData.password);
+        result = await register(formData.name, formData.teacherId, formData.password);
       }
     }
     if (result.success) {