All geek questions in one place

Ajax php message not authenticated

I have a sample script that will authenticate my users to access the page. My problem is when I send the values ​​that the js file reflects that the data has been serialized, but when it is sent to the php file to check if the database record exists, users still access the page, whether the login is correct or wrong. For some reason, it seems like I'm not accepting the value of `$ _POST ['pass'] and my $ _POST ['user_email']. But if I manually print the user's email address and password in the php file to replace the variables, it will work.

HTML form

<form class="login" id="login-form" name="login-form" method="post">
    <p class="title">LOGIN</p>
    <input type="text" placeholder="Email" id="user_email" name="user_email" autofocus/>
    <i class="fa fa-user"></i>
    <input type="password" placeholder="Password" id="pass" name="pass" />
    <i class="fa fa-key"></i>
     <button>
      <i class="spinner" style="outline:none;"></i>
      <span class="state">Log in</span>
    </button>
  </form>

My js file to post values. I added console.log to check what values ​​were made using script

$('document').ready(function()
{ 
    var working = false;
    $('.login').on('submit', function(e) {
        e.preventDefault();
        if(working)return
        working = true;
        var $this = $(this),
        $state = $this.find('button > .state');
        $this.addClass('loading');
        $state.html('Authenticating');

        var data = $("#login-form").serialize();
        console.log(data);

        $.ajax({

            type : 'POST',
            url  : 'login_process.php',
            data : data,
            success :  function(response) {                     
                    console.log(response);
                    if(response=="ok"){
                        setTimeout(function() {
                            $this.addClass('ok');
                            $state.html('Welcome');

                            setTimeout(function() {
                                $state.html('Log in');
                                $this.removeClass('ok loading');
                                working = false;
                            }, 4000);

                            setTimeout(function() {
                                window.location.href = "/Home.aspx";
                            }, 4000);  
                        }, 3000);           
                        //$("#btn-login").html('<img src="btn-ajax-loader.gif" /> &nbsp; Signing In ...');
                        //setTimeout(' window.location.href = "home.php"; ',4000);
                    } else {
                        console.log('ERROR IN LOGINING IN');    
                    }
              }
            });
            return false;
    });
});

PHP 'login_process'

<?php
    session_start();
    require_once 'dbconfig.php';
    if(isset($_POST['pass']))
    {
        $user_email = urldecode(trim($_POST['user_email']));
        $user_password =trim($_POST['pass']);
        //$password = md5($user_password);
        $password = $user_password;
        try {   

            $stmt = $db_con->prepare("SELECT * FROM tbl_users WHERE user_email=:email");
            $stmt->execute(array(":email"=>$user_email));
            $row = $stmt->fetch(PDO::FETCH_ASSOC);
            $count = $stmt->rowCount();

            if($row['user_password']==$password){
                echo "ok"; // log in
                $_SESSION['user_session'] = $row['user_id'];
            }
            else{
                echo "email or password does not exist."; // wrong details 
            }
        }
        catch(PDOException $e){
            echo $e->getMessage();
        }
}
?>
+4
1

Type make dataType: "json" , json json_encode() ti debug result

-1

Source: https://habr.com/ru/post/1655531/

More articles:


All Articles