Authenticate login PHP and Angular

Question

Sorry for php newbie question. I have authentication.service.js in my application, where I encode user's password and send it to the web api (which is php using lumen framework). I have do it like this:

function Login(credentials, callback) {debugger;
   $http.post('http://localhost/credentials/' + credentials, {cache: false})
    .then(function (response) {
        callback(response.data);
    });
}

so actually it looks like: http://localhost/credentials/somesecretpassword

How should I work with it from php side? Currently I have call this: $app->post('/credentials/{password}', 'AdminController@getCredentials'); But I'm not sure how it should work!, how do I check if password exists! Is it possible to do it that way or I shouldn't return credentials like this??

Thanks

Answer 1

First of all, you should never send credentials in the URL (query string) because any proxy servers or cache servers might store the URL.

If you want to, you should change it to $http.post('http://localhost/credentials?credentials=' + credentials, {cache: false})

And then get it out in php with $_GET['credentials']; ...

What you should do

Send the credentials with post : $http.post('http://localhost/credentials', {credentials: credentials}, {cache: false});

and in PHP:

$data = json_decode(file_get_contents('php://input'), true);
$credentials = $data['credentials'];

Good luck!