How to retrieve database data on ionic popup?


#1

Hi guys! I’m developing an ionic v1 application. In that application I have developed Forgot Password feature and I’m using PHP to deal with the server. So far in forgot password feature,

It is checking whether the given email is already a registered account and if NOT a popup will display like this

If it is a registered email I’m updating the password relates to that email by doing random number generating, which is done by PHP code as follows.

<?php header("Access-Control-Allow-Origin: *");
if (isset($_SERVER['HTTP_ORIGIN'])) {
    header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
    header('Access-Control-Allow-Credentials: true');
    header('Access-Control-Max-Age: 86400');    // cache for 1 day
}

// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {

    if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
        header("Access-Control-Allow-Methods: GET, POST, OPTIONS");         

    if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
        header("Access-Control-Allow-Headers:        {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");

    exit(0);
}

$postdata = file_get_contents(“php://input”);

if (isset($postdata)) {
$request = json_decode($postdata);

    $email=$request->em; 
    
    $conn = new mysqli("localhost", "root", "", "xpressrentals");
    
    // To protect MySQL injection for Security purpose
    $email = stripslashes($email);
      
    $email = $conn->real_escape_string($email);       

    $check="SELECT count(*) FROM renter WHERE Email = '$email'";
    $rs = mysqli_query($conn,$check);
    $data = mysqli_fetch_array($rs, MYSQLI_NUM);
    //print_r($data);
    if($data[0] > 0) 
    {
 
        $random = rand(72891,92729);
        $new_password = $random;
        $email_password = $new_password;
        $sql = "UPDATE renter SET Password='$email_password' WHERE Email='$email'";
      if ($conn->query($sql) === TRUE) 
        {
            $outp='{"result":{"created": "0" , "exists": "1" } }';
        } 
    }
    else{   
        
            $outp='{"result":{"created": "1", "exists": "0" } }';
         
        }
   
echo $outp;
    
    $conn->close(); 

}

?>

The controller code is as follows

.controller(‘forgotPasswordCtrl’, function($scope,$http,$ionicPopup,$state,$ionicHistory) {

$scope.requestPassword=function(data){

  var link = 'http://localhost/PHPFiles/forgot_password.php';
  $http.post(link, {em : data.email })
  .then(function (res){ 
    $scope.response = res.data.result; 
    if($scope.response.exists=="1"){
      $scope.title="Message";
      $scope.template="Please check your email. We have sent a new password to your registered email!";
      
      //no back option
      $ionicHistory.nextViewOptions({
        disableAnimate: true,
        disableBack: true
      });
      $state.go('login', {}, {location: "replace", reload: true});
    
    }
    else if($scope.response.exists=="0"){
      $scope.title="Message";
      $scope.template="This email does not have an account!";
    
    }
    else{
      $scope.title="Failed";
      $scope.template="Contact Our Technical Team";
    }
    
    var alertPopup = $ionicPopup.alert({
        title: $scope.title,
        template: $scope.template
    });
    
    
  });

}
})

So this is my PROBLEM

Currently I’m facing a problem to send an email to reset password using the mail() function in PHP.
So I need to know how to retrieve the newly generated password to an ionic poup from the database. Then I can show the generated password to the user without sending a mail.
So what is the relevant code to add to the PHP file and what is the relevant code to add to the controller code to retrieve the password data from the database on an ionic popup?

Waiting for a quick response.
Thank you :slight_smile:


#2

So if I know the email of some user all I have to do is to enter his email address to change his password and also get it presented in the app? Sounds like a bad idea…


#3

No friend, the problem here is my mail() function is not working to send that reset password.
So I need to get that randomly generated password into an ionic popup after he/she enter a REGISTERED EMAIL that is what it’s checking by that function. If the user is entering an registered email.

PS : Registered email means an email which is use to create an account with my app and which is already there in my database :slight_smile:

So did you get a clear idea now? Can you help me to retrieve that password field data to an ionic popup?

Thank you :slight_smile:


#4

In the end, your PHP server doesn’t really know who it’s talking to. It just gets HTTP requests and returns responses. So it would be trivial to take a massive list of email accounts floating around the web and robodial your server. If one of them happens to be a REGISTERED EMAIL, and you somehow do come up with a way to transmit the new password in cleartext so that it would be displayed as a popup in your Ionic app, our blackhat has now both locked your user out of their account and gotten access to it.

Please please rethink this design. Requiring some sort of secondary information (such as a security question) to go along with the email address would be a start, and under no circumstances should the new password be delivered in any means other than email to the address in question.