登录服务似乎无法读取php文件

时间:2017-01-18 06:20:37

标签: php angularjs

我的angularjs登录服务似乎无法读取我的登录php文件,因为它允许用户使用错误的凭据进行登录。请帮我。提前谢谢。

这是我的登录php文件

<?php
$con = mysqli_connect("localhost","root","");
mysqli_select_db($con, "motor_pool");

$user = json_decode(file_get_contents("php://input"));

$Username = mysqli_real_escape_string($con, $user->Username);
$Password = mysqli_real_escape_string($con, md5($user->Password));

$sql = "SELECT * FROM users WHERE Username='$Username' AND                  
Password='$Password'";
$result = mysqli_query($con, $sql);

if(mysqli_num_rows($result) > 0){
session_start();
$_SESSION['uid'] = uniqid('auth_');
print $_SESSION['uid'];
}else {
echo "no";
}
?>

这是我的登录服务文件

'use strict';
angular.module('motorApp')
.factory('loginService', ['$http', '$location', 'sessionService',  
     function($http, $location, sessionService) {
         return {
             login: function(data, scope) {
                 var $promise = $http.post('database/login.php', data);
                 $promise.then(function(msg) {
                     var uid = msg.data;
                     if(uid) {
                         sessionService.set('uid', uid);
                         $location.path('/dashboard');
                     } else {
                         $scope.msgtxt = 'incorrect info';
                         $location.path('/login');
                     }
                 });
             }
         }
     }
 ]);

这是我的登录标记

 <div class="w3-group">
     <label class="w3-label w3-text-black">User Name</label>
     <input class="w3-input w3-border w3-round" type="text"    style="width:100%" name="Username" ng-model="user.Username" required="">
 </div>
 <div class="w3-group">
     <label class="w3-label w3-text-black">Password</label>
     <input class="w3-input w3-border w3-round" name="Password" type="password" style="width:100%" required="" ng-model="user.Password">
 </div>
 <div class="w3-center">
     <input type="button" name="button" class="w3-btn-block w3-red btnlog" ng-click="login(user)" value="LOGIN">
 </div>

1 个答案:

答案 0 :(得分:1)

在login.php中,无论用户是否经过身份验证,您都要设置$ _SESSION ['uid']。

您需要以下内容:

$result = mysqli_query($con, $sql);
if (mysqli_num_rows($result) > 0) {  //found an authenticated user
   session_start();
   $_SESSION['uid'] = uniqid('auth_');
   //print $_SESSION['uid'];
   //now redirect to the first authenticated page of your site
   header("Location: nextPage.php");  //or you can do a url 
   exit;
} else { //user wasn't found
//user wasn't found and present error message or error message page
}

请注意,在nextPage.php的开头,您应该检查设置会话,如果无效(即不是偶然浏览那里的有效用户),请将该用户发送到其他地方,或者至少阻止剩下的脚本运行。

相关问题
最新问题