Jump to content

Problem with Login form.


carlitosfigue

Recommended Posts

Hello guys, first post here.

I have a web system which contains a login form programmed in 3 different languages HTML, PHP and JS. The problem is that it's not working, you can access without entering any data, you just press enter and it will work, I don't know why it is not validating any credentials. I was thinking about some query problems but I don't know. I am a newbie on this. I have read a lot but haven't found an answer. A friend helped me build the system but left that uncompleted and he's nowhere to be found.

I was wondering if you could help me out with this.

<form role="form" ng-submit="login(user,password)">
  <div class="form-group">
    <input type="user" class="form-control" ng-model='user' placeholder="Usuario">
  </div>
  <div class="form-group">
    <input type="password" class="form-control" ng-model='password' placeholder="Contraseña">
  </div>
  <div class="alert alert-warning" id='alert' style="display:none">Revise la informacion...</div>
  <div class="alert alert-danger" style="display:none" id='alertErr'>Error Usuario o Contraseña Erronea intentelo de nuevo</div>
  <button type="submit" class="btn btn-primary">Ingresar</button>
</form>
  
<?php
	require_once 'database.php';
	$db = new Database();
	$body = json_decode(file_get_contents('php://input'));
	$user =$db->query("SELECT * FROM usuario WHERE usua_login = '".$body->user."' AND usua_pass = '".$body->password."'");
	if($user == false){
		http_response_code(404);
	}
	else{
		http_response_code(200);
		echo json_encode($user);
	}
?>
'use strict';

/**
 * @ngdoc function
 * @name belkitaerpApp.controller:MainCtrl
 * @description
 * # MainCtrl
 * Controller of the belkitaerpApp
 */
angular.module('belkitaerpApp')
  .controller('MainCtrl', function ($scope,$http,$location) {


    	$scope.login = function(user,password){
    		console.log('Login...');
    		if(user =='' || password ==''){
    			$('#alert').show("slow");
             	
             	setTimeout(function() {
                	$('#alert').hide('slow');
           		 }, 3000);
    		}
    		else{
    			$http.post('../serverSide/login.php',{user:user,password:password}).success(function(data){
    				console.log('OK!');
    				$location.path('/products');	
    			}).error(function(data){
    				$('#alertErr').show("slow");
             	
             		setTimeout(function() {
                		$('#alertErr').hide('slow');
           			 }, 3000);
    			});
    		}
    	}
  });

Link to comment
Share on other sites

It is not clear which Database library you are using. If it is mysqli, then the query() method is going to return a result object (unless the query fails). NOTE that a query that finds ZERO rows has NOT failed. You need to check to see if there was exactly one row returned in order to determine if the credentials are valid.

 

You NEED to escape the user inputs BEFORE putting them in your query. Your current query is subject to SQL Injection.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.