0

EDIT: I guess I misplaced my submit button because I ve got it working since then (in fact the request was not sent because my function was not called, classic issue..).

Also, the fact that the authentication was always successful is because the verification via my DB was totally skipped due to the lack of params I guess, so this step was skipped, my http_response_code wasn't called back, and I was directly redirected to my home page...
Not sure if I should answer myself but the question is solved !

I have an Angular app, I'm making authentication through a PHP file (simple yet) with POST params, but when I click on submit, no request is sent and whether my username/password are filled or not (or right, or wrong), the authentication is a success and I go straight to my Home page.
It basically never check if the conditions are ok or not..
My user.service : 

angular
  .module("service")
  .factory("user", userService);

function userService($q, $http) {

  User.userConnected = null;
  User.getUserConnected = getUserConnected;
  User.setUserConnected = setUserConnected;


  // attribution des logs après validation
  function User() {
    this.nom = null;
    this.password = null;
    this.login = login;
  }

  // get last logged user
  function getUserConnected() {
    return User.userConnected;
  }

  // set last connected user as 'main' user
  function setUserConnected(user) {
    User.userConnected = user;
  }

  function login() {
    var there = this;
    var deferred = $q.defer();
    var params = 'nom='+this.nom+'&password='+this.password;
    $http({
        method: 'POST',
        url: '/api',
        data: params,
        headers: {'Content-Type': 'application/json'}
    })
    .success(function (success) {
      there.password = null;
      User.setUserConnected(there);
      deferred.resolve(success);
    })
    .error(function(error){
      deferred.reject(error);
    });
    return deferred.promise;
  }

  return User;
}

My controller : 

//Controller login
.controller('LoginCtrl', function ($http, user, $state, $scope) {

  var vm = this;
  vm.errorMessage = null;
  vm.userLog = new user();
  vm.doLogin = doLogin;

//login -> on récupère les identifiants
  function doLogin() {
    vm.userLog
    .login()
    .then(_userLogged, _userRefused);
  }

// on success, go to Home page
  function _userLogged(success) {
    $state.go('home');
    console.log('OK!!!');
  }

// on error, show error
  function _userRefused(error) {
    vm.errorMessage = 'Combinaison login/mdp incorrect';
  }
})

My login.php :

<?php

if (isset($_SERVER['HTTP_ORIGIN'])) {
    header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
    header('Access-Control-Allow-Credentials: true');
    header('Access-Control-Max-Age: 86400');
}

if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {

    if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
        header("Access-Control-Allow-Methods: GET, POST, OPTIONS");

    if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
        header("Access-Control-Allow-Headers:{$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
    exit(0);
}

// host/bdd settings
$hostname = '******.****.com';
$username = '*****';
$password = '*****';
$database = '*****';

try {
$pdo = new PDO("mysql:host=$hostname;dbname=$database", $username, $password);
  echo 'Connection bdd ok <br>';
}
catch (Exception $e)
{
        die('Erreur : ' . $e->getMessage());
}

//On récupère les identifiants
$postdata = file_get_contents("php://input");
$request = json_decode($postdata);

$nom = $request->nom;
$password = $request->password;

if ($nom != "") {

  // Vérification des identifiants
  $req = $pdo->prepare('SELECT nom FROM users WHERE (nom = :nom AND password = :password)');
  $req->execute(array(
      'nom' => $nom,
      "password" => $password
    ));

  $rows = ($req->fetch(PDO::FETCH_OBJ));

  if (!$rows) //if pas de résultat correspondant
  {
      echo 'Mauvais identifiant ou mot de passe !';
  }
  else //sinon, tout est bon
  {
      foreach($rows as $row){
      echo json_encode($row);
      echo "<br> Vous êtes connecté !";
      }
  }
}
else {
  echo 'Indiquez votre pseudo';
}

?>

My submit button looks like this: 

 <button class="button button-block button-positive" type="submit" ng-click="vm.doLogin()">Connexion</button>

Its driving me crazy, I really don't get where is my mistake. I am supposed to get my parameters from my http post request, it looks ok to me..Any help will be greatly appreciated !!!

Improve this question

1 Answer 1

Reset to default
1

That's because you are returning HTTP status 200 with different content, even if you found a user or not. That's why the code Java Script below runs:

.success(function (success) {
  there.password = null;
  User.setUserConnected(there);
  deferred.resolve(success);
})

If the logic responsible for checking user name and password is implemented properly, then changing:

echo 'Mauvais identifiant ou mot de passe !';

to 

die('Mauvais identifiant ou mot de passe !');

should make it working, but it is insecure.

Please never store user password as a text in your database.

You should use http://php.net/manual/en/function.password-hash.php or other hashing strategy.

Improve this answer
Sign up to request clarification or add additional context in comments.

13 Comments

but is the logic properly implemented?? you tell me ! I gave you all my files so you may tell me. I tried replacing my echo by a 'die' but it doesn't change anything man
About the password, Im still testing things so thats not a priority. I need help on why it doesn't check my ids !
Please open browser console and check what is going on. I need to know what is a server response on that request.
The thing is, it doesn't actually make any request, it just acts like there is no checking ! the file could not even exists that it would make no difference... I click on submit and I go straight to my new state :(
Provide JSfiddle with the code. What do you mean "to my new state"? You button is submit type, so it may go to another state without running ng-click.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.