Login still directs even if incorrect credential with AngularJS and PHP

Question

The PHP code needs to fetch data from the table, decode it as JSON and then send it to AngularJS.

Angular JS redirects if the login credentials are correct.

However even if the credentials are incorrect, the user is still redirected (true statement always passes).

PHP Code:

 <?php
    $data = json_decode(file_get_contents("php://input"));

    $username = $data->username;
    $password = $data->password;

     /*
   * Collect all Details from Angular HTTP Request.
   */ require_once("connection.php");
    //must read from table
    $connection = connectToMySQL();
    //complete from here

    $query = "SELECT count(*) FROM tbl_admin WHERE username = '$username' AND password = '$password'";
    $result = mysqli_query($connection ,$query);
    $row = mysqli_fetch_row($result);
    $count = $row[0];

    if($count == 1)
    {
        echo true;
    }
    else 
    {
        echo false;
    }

?>

AngularJS Controller:

app.controller('loginCtrl', function ($scope, $http, $location) {
   /*
    * This method will be called on click event of button.
    * Here we will read the email and password value and call our PHP file.
    */
    $scope.checkCredentials = function (credentials) {
        $http.post('model/getAdmin.php',credentials).success(function(data){
            console.log("true");
            $location.path("/memberList");
      })
      .error(function(err){
          $log.error(err);
          console.log("false");
      });
    }
});

HTML Form Code

<form class="form-group" id="customForms" ng-controller="loginCtrl">
        <label> Username </label> 
        <input id="customFormsInput" class="form-control" ng-model="credentials.username" type="text" placeholder="Username goes here" required/>
        <br> 
        <label> Password </label>
        <input id="customFormsInput" class="form-control" ng-model="credentials.password" type="password" placeholder="Password goes here" required/>
        <br> <br>
        <button class="btn btn-primary" type="submit" ng-click="checkCredentials(credentials)"> Submit </button>
        <br>
            {{responseMessage}}
            <!-- Shows message depending on login type -->
    </form>

Answer 1

You have to add if-else condition to your success callback since you are always sending 200 response even if you are sending false from your PHP code:

$scope.checkCredentials = function (credentials) {
  $http.post('model/getAdmin.php',credentials).success(function(data){
        console.log("true", data);
        if (data == true) {    // Or in whatever form you are receiving true/false
            $location.path("/memberList");
        } else {
            $log.error(err);
            console.log("false");
        }
  })
}

If you want to make your older code working i.e. with success & error callbacks in Angular then you need to send a non-200 response code along with false from your PHP code like:

if($count == 1)
{
    echo true;
}
else 
{
    http_response_code(406);       // not acceptable response code
    echo false;
}

(The second solution is recommended)

I've never worked on PHP, so make sure http_response_code(406); is written correct.