Reputation: 613
Angular authentication : http post not sending request
EDIT: I guess I misplaced my submit button because I ve got it working since then (in fact the request was not sent because my function was not called, classic issue..).
Also, the fact that the authentication was always successful is because the verification via my DB was totally skipped due to the lack of params I guess, so this step was skipped, my http_response_code wasn't called back, and I was directly redirected to my home page...
Not sure if I should answer myself but the question is solved !
I have an Angular app, I'm making authentication through a PHP file (simple yet) with POST params, but when I click on submit, no request is sent and whether my username/password are filled or not (or right, or wrong), the authentication is a success and I go straight to my Home page.
It basically never check if the conditions are ok or not..
My user.service :
angular
.module("service")
.factory("user", userService);
function userService($q, $http) {
User.userConnected = null;
User.getUserConnected = getUserConnected;
User.setUserConnected = setUserConnected;
// attribution des logs après validation
function User() {
this.nom = null;
this.password = null;
this.login = login;
}
// get last logged user
function getUserConnected() {
return User.userConnected;
}
// set last connected user as 'main' user
function setUserConnected(user) {
User.userConnected = user;
}
function login() {
var there = this;
var deferred = $q.defer();
var params = 'nom='+this.nom+'&password='+this.password;
$http({
method: 'POST',
url: '/api',
data: params,
headers: {'Content-Type': 'application/json'}
})
.success(function (success) {
there.password = null;
User.setUserConnected(there);
deferred.resolve(success);
})
.error(function(error){
deferred.reject(error);
});
return deferred.promise;
}
return User;
}
My controller :
//Controller login
.controller('LoginCtrl', function ($http, user, $state, $scope) {
var vm = this;
vm.errorMessage = null;
vm.userLog = new user();
vm.doLogin = doLogin;
//login -> on récupère les identifiants
function doLogin() {
vm.userLog
.login()
.then(_userLogged, _userRefused);
}
// on success, go to Home page
function _userLogged(success) {
$state.go('home');
console.log('OK!!!');
}
// on error, show error
function _userRefused(error) {
vm.errorMessage = 'Combinaison login/mdp incorrect';
}
})
My login.php :
<?php
if (isset($_SERVER['HTTP_ORIGIN'])) {
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400');
}
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
header("Access-Control-Allow-Headers:{$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
exit(0);
}
// host/bdd settings
$hostname = '******.****.com';
$username = '*****';
$password = '*****';
$database = '*****';
try {
$pdo = new PDO("mysql:host=$hostname;dbname=$database", $username, $password);
echo 'Connection bdd ok <br>';
}
catch (Exception $e)
{
die('Erreur : ' . $e->getMessage());
}
//On récupère les identifiants
$postdata = file_get_contents("php://input");
$request = json_decode($postdata);
$nom = $request->nom;
$password = $request->password;
if ($nom != "") {
// Vérification des identifiants
$req = $pdo->prepare('SELECT nom FROM users WHERE (nom = :nom AND password = :password)');
$req->execute(array(
'nom' => $nom,
"password" => $password
));
$rows = ($req->fetch(PDO::FETCH_OBJ));
if (!$rows) //if pas de résultat correspondant
{
echo 'Mauvais identifiant ou mot de passe !';
}
else //sinon, tout est bon
{
foreach($rows as $row){
echo json_encode($row);
echo "<br> Vous êtes connecté !";
}
}
}
else {
echo 'Indiquez votre pseudo';
}
?>
My submit button looks like this:
<button class="button button-block button-positive" type="submit" ng-click="vm.doLogin()">Connexion</button>
Its driving me crazy, I really don't get where is my mistake. I am supposed to get my parameters from my http post request, it looks ok to me..Any help will be greatly appreciated !!!
Upvotes: 0
Views: 83
Answers (1)
Reputation: 643
That's because you are returning HTTP status 200 with different content, even if you found a user or not. That's why the code Java Script below runs:
.success(function (success) {
there.password = null;
User.setUserConnected(there);
deferred.resolve(success);
})
If the logic responsible for checking user name and password is implemented properly, then changing:
echo 'Mauvais identifiant ou mot de passe !';
to
die('Mauvais identifiant ou mot de passe !');
should make it working, but it is insecure.
Please never store user password as a text in your database.
You should use http://php.net/manual/en/function.password-hash.php or other hashing strategy.
Upvotes: 1
Related Questions
- HTTP POST request in AngularJS returns 403
- AngularJs - PHP POST issue
- Angular 2.0 Http post request does not send credentials
- Angular JS HTTP Post not working
- Angular - cannot send POST request to log in user and don't know whats wrong?
- $http.post is not sending the request?
- $http.post from angular reaches php, but response is not received back in angularjs
- Trouble in authorization with post request in Angular
- angularjs can't communicate with php using POST
- $http.post request not working in angularJS?