Http get Request always must fired twice to work? Help pls

anon22300522 · February 6, 2017, 8:49am

So here is the right Solution:

Here some Infor if someone dont want to read the whole Thread:

Dont use HTTP GET Methode with Login Credentials like i did in my first Solution
Use HTTP POST instead to send the User Credentials as JSON in the Request Body
Dont use a Timeout like i did in my first Solution to wait for the Response. You dont need that with a HTTP POST cause you can work with the Response String/JSON in the HTTP POST Method.

So if you got two Variables credentials.email and credentials.password you can send them with post to your login.php or api.php like this:

var url = 'http://YourUrlOrApi/login.php';
this.http.post(url, credentials).subscribe((rsp) => {
//Work with the resonse text. You also can get it as json
  this.accessgranted = rsp.text();
  let access = (this.accessgranted === 'access');
  observer.next(access);
  observer.complete();
});

With this Methode the request looks like this if you cant imagine it:
EDiT: Please use https:// instead of http://

So yeah the Credentials are send in json as POST.
So this is how i use them now in my login.php file:
(If you can find security holes please correct me ill edit it then)

$request_body = file_get_contents('php://input');
$data = json_decode($request_body, true);
$mEmail = $data['email'];
$mPasswort = $data['password'];
$mEmail = trim($mEmail);
$mPasswort = trim($mPasswort);

So you only have to Check now if the user exists with sql and do this if the user exist:
echo "access";

Because in the POST Methode before we checked if we get access as response:

  this.accessgranted = rsp.text();
  let access = (this.accessgranted === 'access');

Ok so the user have access with the right email and password and you can carry on with your application.
Hope it helps! Thanks to @mich356c and @rapropos for the help to get into this very detailed!

vejja · February 6, 2017, 10:36am

A quick one here on security.

The only way to ensure data privacy is to use https. Do not ever use http if you have security in mind.

It is absolutely true that sending credentials in the URL of a GET request should definitely be banned (because of leakage through browser history).

However, whether you use GET or POST, whether you pass the credentials via headers or body, or whether you use cookies or JWTs - ultimately does not make a difference. You are sending authentication data in clear text over the wire.

Only SSL encryption can help protect your data.

anon22300522 · February 6, 2017, 10:41am

Ok thanks for that. Added that info above the picture of my solution.

jayeshlahare · November 27, 2017, 6:34am

its happening because HTTP OPTIONS executed first, and you have you restrict unwanted HTTP method before executing your Logic, always use isset method,see example below

if(isset($_POST))
{
$name = $_POST[“name”];
$country = $_POST[“country”];

$sql = 'INSERT INTO user values("' . $name . '","' . $country . '")';
    
        if ( $conn->query($sql)=== TRUE) 
        {
            $outp =  "Inserted " .  $name . "  and  "  . $country;
            echo json_encode($outp);
        } else {
            echo json_encode("Error: " . $sql . "<br>" . $conn->error);
        }
    }

here it will insert row in table only when its POST METHOD.

Topic		Replies	Views
Seems HTTP POST Request firing multiple times ionic-v3	4	1316	July 19, 2021
Can't make http request ionic-v1	0	1747	October 25, 2014
Post requests are fired twice ionic-v3	1	301	July 19, 2021
$http get works only one time.. why? ionic-v1	4	738	January 11, 2017
$http triggered twice ionic-v1	1	967	March 12, 2016

Http get Request always must fired twice to work? Help pls

Related topics