Authentication using AngularJs and PHP

Question

I want to implement authentication in my application, and I don't know how check name and password entered by the user to be the same as the one in the database, and I don't know how the query in php file must be. in the database of Table 'client', I have NomClient and mdp(password).

login.html

<ion-content class="padding" ng-controller="loginCtrl">
<div class="list list-inset" >
<label class="item item-input">
      <input type="text" placeholder="nom" required="" ng-model="NomClient"> 
</label> 
<label class="item item-input">
      <input type="password" placeholder="Password" ng-model="mdp"> 
</label> 
    <button class="button button-block button-positive" ng-click="submit()">Login</button>       
 </ion-content>

app.js

app.controller('loginCtrl', function($scope,$state,$http){
  $scope.submit= function(){
    $http.post(  
                "http://localhost/deb/login.php",  
                {
                'NomClient':$scope.NomClient,
                'mdp':$scope.mdp
                }  
           ).success(function(data){  
           }

  };

login.php

 <?php    
 $connect = mysqli_connect("localhost", "root", "", "tem");  

$data = json_decode(file_get_contents("php://input"));
if(count($data) > 0)  
 {  
$NomClient = mysqli_real_escape_string($con, $data->N);NomClient
$mdp = mysqli_real_escape_string($con,$data->mdp);


$query =("??");
$que = mysqli_query($con, $query);
$count = mysqli_num_rows($que);

if($count==1){
echo 'correct';}
else{
echo 'wrong';
}

}
 ?>

MD5 is not sufficient for password hashing. Use [`password_hash()`](http://us3.php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://us3.php.net/manual/en/function.password-verify.php) instead. — Alex Howansky, May 24 '17 at 14:49

score 0 · Answer 1 · answered May 24 '17 at 12:37

0

You required this query in php like this you insert password convert md5 like as query without query you can remove md5 function .

     $convertmd5 = md5($mdp);
     $query ="SELECT * FROM `youtblname` where NomClient ='$NomClient' and mdp='$convertmd5'";

answered May 24 '17 at 12:37

Khetesh kumawat

681
7
15

it s a simple selection, what I want is check if username and password of user are the same as the one in the database. Thank you – Touria May 24 '17 at 14:30
Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Alex Howansky May 24 '17 at 14:51

NIRAV PAREKH · Answer 2 · 2017-05-25T10:19:27.293

0

$response['status'] = 0;
$response['message'] = '';

$NomClient = $_POST['NomClient'];
$mdp = md5($_POST['mdp']);

$query = 'SELECT * FROM `client` WHERE NomClient = "'.$NomClient.'" AND   mdp= "'.$mdp.'"';

$connect = mysqli_connect("localhost", "root", "", "tem");
if(mysqli_connect_errno()){
    $response['status'] = 0;
    $response['message'] = "Failed to connect to MySQL: ".mysqli_connect_error();
    echo jsone_encode($response);exit;
}

$result = mysqli_query($connect, $query);
$rowcount=mysqli_num_rows($result);
if($rowcount>0){
    $response['status'] = 1;
    $response['message'] = 'Login successful';
}
else{
    $response['status'] = 0;
    $response['message'] = 'Invalid username of password';
}

echo json_encode($response);exit;

edited May 25 '17 at 10:19

answered May 24 '17 at 12:47

NIRAV PAREKH

137
1
2
11

Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Alex Howansky May 24 '17 at 14:51
I never use core php. I use codeigniter and laravel framework. Just because the question is for core php, and need help regarding the query. I helped it out. @AlexHowansky – NIRAV PAREKH May 25 '17 at 09:44
@NIRAV , thank you, i try it, I made some temptation but It doesn't generate anything, any message and I can't log in. – Touria May 25 '17 at 10:08
@SalamSalam I tried out but working fine in my system. Can you please try it again? and If there is minor syntax error, please take of it your self. If any major changes related let me know. – NIRAV PAREKH May 25 '17 at 10:21
@NIRAV! please did you implement also the angularJS code and it worked! Or you just tried the .php file . Thank you – Touria May 25 '17 at 10:34
@SalamSalam only php. Because your angularjs code $http.post() will pass $_POST variables to server. Buy yes, there is closing parenthesis **)** is missing after .success(function(data){} **)** . and Use inspect element->network to inspect the request and response. – NIRAV PAREKH May 25 '17 at 11:16

Authentication using AngularJs and PHP

2 Answers2