carlitosfigue Posted July 12, 2014 Share Posted July 12, 2014 Hello guys, first post here. I have a web system which contains a login form programmed in 3 different languages HTML, PHP and JS. The problem is that it's not working, you can access without entering any data, you just press enter and it will work, I don't know why it is not validating any credentials. I was thinking about some query problems but I don't know. I am a newbie on this. I have read a lot but haven't found an answer. A friend helped me build the system but left that uncompleted and he's nowhere to be found. I was wondering if you could help me out with this. <form role="form" ng-submit="login(user,password)"> <div class="form-group"> <input type="user" class="form-control" ng-model='user' placeholder="Usuario"> </div> <div class="form-group"> <input type="password" class="form-control" ng-model='password' placeholder="Contraseña"> </div> <div class="alert alert-warning" id='alert' style="display:none">Revise la informacion...</div> <div class="alert alert-danger" style="display:none" id='alertErr'>Error Usuario o Contraseña Erronea intentelo de nuevo</div> <button type="submit" class="btn btn-primary">Ingresar</button> </form> <?php require_once 'database.php'; $db = new Database(); $body = json_decode(file_get_contents('php://input')); $user =$db->query("SELECT * FROM usuario WHERE usua_login = '".$body->user."' AND usua_pass = '".$body->password."'"); if($user == false){ http_response_code(404); } else{ http_response_code(200); echo json_encode($user); } ?> 'use strict'; /** * @ngdoc function * @name belkitaerpApp.controller:MainCtrl * @description * # MainCtrl * Controller of the belkitaerpApp */ angular.module('belkitaerpApp') .controller('MainCtrl', function ($scope,$http,$location) { $scope.login = function(user,password){ console.log('Login...'); if(user =='' || password ==''){ $('#alert').show("slow"); setTimeout(function() { $('#alert').hide('slow'); }, 3000); } else{ $http.post('../serverSide/login.php',{user:user,password:password}).success(function(data){ console.log('OK!'); $location.path('/products'); }).error(function(data){ $('#alertErr').show("slow"); setTimeout(function() { $('#alertErr').hide('slow'); }, 3000); }); } } }); Link to comment https://forums.phpfreaks.com/topic/289796-problem-with-login-form/ Share on other sites More sharing options...
DavidAM Posted July 12, 2014 Share Posted July 12, 2014 It is not clear which Database library you are using. If it is mysqli, then the query() method is going to return a result object (unless the query fails). NOTE that a query that finds ZERO rows has NOT failed. You need to check to see if there was exactly one row returned in order to determine if the credentials are valid. You NEED to escape the user inputs BEFORE putting them in your query. Your current query is subject to SQL Injection. Link to comment https://forums.phpfreaks.com/topic/289796-problem-with-login-form/#findComment-1484819 Share on other sites More sharing options...
carlitosfigue Posted July 14, 2014 Author Share Posted July 14, 2014 Hello DavidAm, turns out I had and old version of Xampp. Updated it and got it to work, a php problem I think. Thank you very much. Link to comment https://forums.phpfreaks.com/topic/289796-problem-with-login-form/#findComment-1485027 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.