Jump to content

Problem with Login form.


carlitosfigue
Go to solution Solved by carlitosfigue,

Recommended Posts

Hello guys, first post here.

I have a web system which contains a login form programmed in 3 different languages HTML, PHP and JS. The problem is that it's not working, you can access without entering any data, you just press enter and it will work, I don't know why it is not validating any credentials. I was thinking about some query problems but I don't know. I am a newbie on this. I have read a lot but haven't found an answer. A friend helped me build the system but left that uncompleted and he's nowhere to be found.

I was wondering if you could help me out with this.

<form role="form" ng-submit="login(user,password)">
  <div class="form-group">
    <input type="user" class="form-control" ng-model='user' placeholder="Usuario">
  </div>
  <div class="form-group">
    <input type="password" class="form-control" ng-model='password' placeholder="Contraseña">
  </div>
  <div class="alert alert-warning" id='alert' style="display:none">Revise la informacion...</div>
  <div class="alert alert-danger" style="display:none" id='alertErr'>Error Usuario o Contraseña Erronea intentelo de nuevo</div>
  <button type="submit" class="btn btn-primary">Ingresar</button>
</form>
  
<?php
	require_once 'database.php';
	$db = new Database();
	$body = json_decode(file_get_contents('php://input'));
	$user =$db->query("SELECT * FROM usuario WHERE usua_login = '".$body->user."' AND usua_pass = '".$body->password."'");
	if($user == false){
		http_response_code(404);
	}
	else{
		http_response_code(200);
		echo json_encode($user);
	}
?>
'use strict';

/**
 * @ngdoc function
 * @name belkitaerpApp.controller:MainCtrl
 * @description
 * # MainCtrl
 * Controller of the belkitaerpApp
 */
angular.module('belkitaerpApp')
  .controller('MainCtrl', function ($scope,$http,$location) {


    	$scope.login = function(user,password){
    		console.log('Login...');
    		if(user =='' || password ==''){
    			$('#alert').show("slow");
             	
             	setTimeout(function() {
                	$('#alert').hide('slow');
           		 }, 3000);
    		}
    		else{
    			$http.post('../serverSide/login.php',{user:user,password:password}).success(function(data){
    				console.log('OK!');
    				$location.path('/products');	
    			}).error(function(data){
    				$('#alertErr').show("slow");
             	
             		setTimeout(function() {
                		$('#alertErr').hide('slow');
           			 }, 3000);
    			});
    		}
    	}
  });

Link to comment
Share on other sites

It is not clear which Database library you are using. If it is mysqli, then the query() method is going to return a result object (unless the query fails). NOTE that a query that finds ZERO rows has NOT failed. You need to check to see if there was exactly one row returned in order to determine if the credentials are valid.

 

You NEED to escape the user inputs BEFORE putting them in your query. Your current query is subject to SQL Injection.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.