0

I have created login form. posting data to database to check combination of email and password , if it is satisfied then logged in successfully.

now i am redirecting to profile page after logged in.

i want to display currently logged in user details stored in database in this profile page.. i use ui-router for navigation.

my login.html

<div class="col-lg-6 col-lg-offset-3 well " style="margin-top:1em; background-color:black; ">

  <h4 style="color:white; text-align:center;"> <strong> LOGIN  </strong> </h4>

</div>


<div class="col-lg-6 col-lg-offset-3 well" style="margin-bottom:13em;">

  <form name="login" ng-app="TempleWebApp" ng-controller="logCtrl" ng-submit="signin(login.$valid)" novalidate>

    <div class="form-group col-lg-12" ng-class="{ 'has-error' : login.email.$invalid && (login.email.$dirty || submitted)}">
      <label>Email</label>
      <input class="form-control" type="text" name="email" ng-model="useremail" placeholder="Email" ng-pattern="/^[^\s@]+@[^\s@]+\.[^\s@]{2,}$/" ng-required="true">
      <span class="help-block" ng-show="login.email.$invalid && login.email.$error.required && (login.email.$dirty || submitted)">
              Email is required.</span>
      <span class="help-block" ng-show="login.email.$error.pattern">
            Enter Valid  Email .</span>
    </div>


    <div class="form-group col-lg-12" ng-class="{ 'has-error' : login.password.$invalid && (login.password.$dirty || submitted)}">
      <label>Password</label>
      <input class="form-control" type="password" name="password" ng-model="userpassword" placeholder="Password" ng-required="true">
      <span class="help-block" ng-show="login.password.$invalid && login.password.$error.required && (login.password.$dirty || submitted)">
              Password is required.</span>
    </div>

    <div class="col-lg-12 well " ng-repeat="error in errors" style="background-color:red; margin-top:0.5em;"> {{ error}} </div>
    <div class="col-lg-12 well" ng-repeat="msg in msgs" style="margin-top:0.5em;">
      <h5 style="color:green;">{{ msg}} </h5>
    </div>


    <button type="submit" class="btn btn-success col-lg-12"> 
       <span ng-show="searchButtonText == 'REDIRECTING TO PROFILE PAGE'"><i class="glyphicon glyphicon-refresh spinning"></i></span>
                  {{ searchButtonText }}
    </button>


  </form>
</div>

my angular controller for login

app.controller('logCtrl', function($scope, $location, $http, $timeout) {

  $scope.errors = [];
  $scope.msgs = [];
  $scope.searchButtonText = "LOGIN";
  $scope.test = "false";

  $scope.signin = function(isValid) {

    // Set the 'submitted' flag to true
    $scope.submitted = true;
    $scope.errors.splice(0, $scope.errors.length); // remove all error messages
    $scope.msgs.splice(0, $scope.msgs.length);



    if (isValid) {

      $http.post('php/login.php', {
          'email': $scope.useremail,
          'pswd': $scope.userpassword

        })
        .success(function(data, status, headers, config) {
          if (data.msg != '') {
            $scope.msgs.push(data.msg);

            $scope.test = "true";
            $scope.searchButtonText = "REDIRECTING TO PROFILE PAGE";
            var goTopayment = function() {
              $scope.searchButtonText = "LOGIN";
              $location.path('/profile');
            };
            $timeout(goTopayment, 3000);

          } else {
            $scope.errors.push(data.error);
          }
        })
        .error(function(data, status) { // called asynchronously if an error occurs or server returns response with an error status.

          $scope.errors.push(status);
        });
    } // closing bracket for IF(isvalid)

  } // closing bracket for $scope.SIGNUP = function   




});

login.php

<?php

$data = json_decode(file_get_contents("php://input"));

$uemail = mysql_real_escape_string($data->email);
$upswd = mysql_real_escape_string($data->pswd);


$con = mysql_connect('localhost', 'root', '');
mysql_select_db('registraion', $con);

$qry_em = 'select Email,Password,Status from users where Email ="' . $uemail . '" and Password ="' . $upswd . '" '; 
$qry_res = mysql_query($qry_em);
$res = mysql_fetch_assoc($qry_res);

if ( $res ['Email']==$uemail && $res ['Password']==$upswd && $res['Status']=='active')
 
 {
  
  $arr = array('msg' => "Logged in Successfully!!!", 'error' => '');
        $jsn = json_encode($arr);
        print_r($jsn);
  
 }
 
else
{
     $arr = array('msg' => "", 'error' => 'Email And Password Miss Match Or Your Account Is Not Activated Yet. Please Activate Account.');
    $jsn = json_encode($arr);
    print_r($jsn);
}

?>

profile.html

<div ng-controller="logCtrl" class="col-lg-12 well">
  <h4 style="text-align:center;">DETAILS</h4>

  <table class="table table-hover">
    <thead>
      <tr>
        <th>Name</th>
        <th>city</th>
        <th>gender</th>

      </tr>
    </thead>
    <tbody>
      <tr ng-repeat="user in data ">
        <td>{{user.Firstname}}</td>
        <td>{{user.City}}</td>
        <td>{{user.Gender}}</td>

      </tr>
    </tbody>

  </table>

</div>

How do i get that currently logged in user data in profile.html page.

Keshav Desai
  • 23
  • 1
  • 9
  • ***Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php).*** [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Mar 13 '17 at 18:26
  • [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Mar 13 '17 at 18:26
  • **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Mar 13 '17 at 18:26
  • Store the data in a cookie or session values and those will be available to every page in your app if done correctly. – Jay Blanchard Mar 13 '17 at 18:27
  • Okay i will covert syntax to mysqli_ itself. how to get currently logged in user details in profile page – Keshav Desai Mar 13 '17 at 18:28
  • How to store the currently entered email id in to cookies..? if i store that emailid in cookie, can i use that cookie value in my profile controller and pass that email id to profile.php page for querying the database. like select * from user where email=cookie_email;? – Keshav Desai Mar 13 '17 at 18:38

0 Answers0