如何在应用程序中使用经过身份验证的用户数据

时间:2017-06-29 10:10:12

标签: php angularjs authentication

我有一个问题,我一直试图解决很长一段时间。我已经阅读了有关PHP会话的课程,我有建议使用localstorage但无济于事

问题:

我正在使用angularJS和PHP后端,我有2个视图,一个是'login.html',另一个是'info.html',2个控制器(一个用于登录功能,另一个用于选择用户的数据)。我设法进行了身份验证阶段,但是对于第二步,我希望在用户进行身份验证时,它会被重定向到其他视图(info.html),其中将显示该用户的所有信息。如何存储登录功能中的数据并将其用于第二个控制器(第二个Web服务)

的login.php

 <?php  
session_start();
$data = json_decode(file_get_contents("php://input"));

 $connect = mysqli_connect("localhost", "root", "", "test");  

 if(count($data) > 0)  

 { 

$Email=mysqli_real_escape_string($connect, $data->Email);
$password=mysqli_real_escape_string($connect, $data->password);

$query = 'SELECT * FROM `client` WHERE (EmailClient = "'.$Email.'" AND   password= "'.$password.'")';

$q = mysqli_query($connect , $query);

if(mysqli_num_rows($q) > 0 )
  { 
       $_SESSION["logged_in"] = true; 
       $_SESSION["naam"] = $Email; 
       $result['email'] =$Email;
       $resultstring=json_encode($result);
       $resultstring=str_replace("null", '""', $resultstring);
       echo $resultstring;
       exit;

  } 
       $result['code'] = 603;
       $result['message'] ='The username or password are incorrect!';


$resultstring = json_encode($result);
$resultstring = str_replace("null",'""',$resultstring);
echo $resultstring;
exit;
}

?>

loginCtrl

app.controller('loginCtrl', function($scope, $location,$state,$http,$window){

    $scope.submit = function()
    {
        data = {
            'Email' : $scope.Email,
            'password' : $scope.password
    };

        $http.post('http://localhost/deb/login.php', data)
        .success(function(data, status, headers, config,result)
        {
            console.log(data);
            $state.go('info');

             }
        })
        .error(function(data, status, headers, config, result)
        {      
            console.log('error');   
        });
    }

});

infoCtrl:

app.controller('infoCtrl', function($scope, $http,$state,$filter){

    $scope.loadColis = function(){ 
              $http.get("http://localhost/deb/info.php")  
           .success(function(data){  
                $scope.names = data;  
           });
      } 

info.php的

...
$query = "SELECT * FROM client where ???" ;
....

我不知道如何获取用户身份验证的数据,我该怎么办?

提前致谢

2 个答案:

答案 0 :(得分:0)

您可以生成“令牌”并将其保存在服务器端(数据库)和$ _SESSION或cookie(客户端)

这样,每次执行php请求时都可以检查会话/ cookie。

<强> info.php的

$query = "SELECT * FROM client WHERE token = '".$_SESSION['token']."'";

<强>的login.php

每次客户登录时,令牌都应该是唯一且不同的。

$token = md5($Email.time()."51395+81519851");
$query = "UPDATE client SET token = '".$token."' WHERE email = '".$Email."'";
mysqli_query($connect , $query);

所以你的login.php可能看起来像这样..

<?php  
session_start();
$data = json_decode(file_get_contents("php://input"));

 $connect = mysqli_connect("localhost", "root", "", "test");  

 if(count($data) > 0)  

 { 

$Email=mysqli_real_escape_string($connect, $data->Email);
$password=mysqli_real_escape_string($connect, $data->password);

$query = 'SELECT * FROM `client` WHERE (EmailClient = "'.$Email.'" AND   password= "'.$password.'")';

$q = mysqli_query($connect , $query);

if(mysqli_num_rows($q) > 0 )
  { 
$token = md5($Email.time()."51395+81519851");
    $query = "UPDATE client SET token = '".$token."' WHERE email = '".$Email."'";
    mysqli_query($connect , $query);

       $_SESSION["logged_in"] = true; 
       $_SESSION["token"] = $token; 
       $_SESSION["naam"] = $Email; 
       $result['email'] =$Email;
       $resultstring=json_encode($result);
       $resultstring=str_replace("null", '""', $resultstring);
       echo $resultstring;
       exit;

  } 
       $result['code'] = 603;
       $result['message'] ='The username or password are incorrect!';


$resultstring = json_encode($result);
$resultstring = str_replace("null",'""',$resultstring);
echo $resultstring;
exit;
}

?>

我希望我没有错过任何东西。 :)

答案 1 :(得分:0)

作为良好做法,您可以创建令牌:

if(mysqli_num_rows($q) > 0 )
   ...
   $result['token'] = ...Generate some random string...
   $result['token'] = $token;
   mysqli_query($connect , "INSERT INTO tokens set token = $token and email = $Email");
   ...

之后,您将此令牌保存在cookie中,在info.php中,您可以执行以下操作:

...
$query = "SELECT email FROM tokens WHERE token = $_COOKIE['token']"
...

如果需要,您也可以通过电子邮件从客户表中获取信息。