如何检查用户和密码验证

时间:2017-05-25 16:08:56

标签: php mysql angularjs ionic-framework

我正在使用angularJS和php在后端的应用程序,我想在我的应用程序中实现身份验证,我尝试下面粘贴的代码,但它不会产生任何错误,任何消息,当我尝试输入用户名和密码我会进入视图' admin"无论我输入什么用户,都意味着它不会检查用户和密码。在表'客户端'的数据库中,我有:NomClient和mdp(密码)。

的login.html 

<ion-content class="padding" ng-controller="loginCtrl">
<div class="list list-inset" >
<label class="item item-input">
      <input type="text" placeholder="nom" required="" ng-model="NomClient"> 
</label> 
<label class="item item-input">
      <input type="password" placeholder="Password" ng-model="mdp"> 
</label> 
    <button class="button button-block button-positive" ng-click="submit()">Login</button>       
 </ion-content>

app.js 

app.controller('loginCtrl', function($scope,$state,$http){
  $scope.submit= function(){
 const url = 'http://localhost/deb/login.php';
const postBody = {
    NomClient: $scope.NomClient,
    mdp: $scope.mdp
};

$http.post(url, postBody).then(data => {
   $location.path('/admin');
});
};

的login.php 

 <?php  

$data = json_decode(file_get_contents("php://input"));

 $connect = mysqli_connect("localhost", "root", "", "tem");  


$response['status'] = 0;
$response['message'] = '';
$NomClient=mysqli_real_escape_string($connect, $data->NomClient);
$mdp=mysqli_real_escape_string($connect, $data->mdp);


$query = 'SELECT * FROM `client` WHERE NomClient = "'.$NomClient.'" AND   mdp= "'.$mdp.'"';


if(mysqli_connect_errno()){
    $response['status'] = 0;
    $response['message'] = "Failed to connect to MySQL: ".mysqli_connect_error();
    echo jsone_encode($response);exit;
}

$result = mysqli_query($connect, $query);
$rowcount=mysqli_num_rows($result);
if($rowcount>0){
    $response['status'] = 1;
    $response['message'] = 'Login successful';
}
else{
    $response['status'] = 0;
    $response['message'] = 'Invalid username of password';
}

echo json_encode($response);exit;
 ?>

提前致谢

1 个答案:

答案 0 :(得分:-1)

行。你有很多问题。首先,您应该为查询使用预准备语句。

$stmt = mysqli_prepare($link,"SELECT * FROM client WHERE NomClient = ? AND   mdp=?;");
mysqli_stmt_bind_param($stmt,'ss', $NomClient, $mdp);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$rowcount = mysqli_stmt_num_rows($stmt)
mysqli_stmt_free_result($stmt);
mysqli_stmt_close($stmt);

更大的问题是,您正在以明文形式存储密码,这是一种可怕的,可怕的密码管理方式。请查看password_hash()和password_verify()。

相关问题
最新问题