skip to Main Content

EDIT: I now understand that in order to redirect i need to use ajax depending on the response i get from php thanks to ADyson. Best answer,thanks dude and thanks everyone for their help.

I’ve been trying to make a simple login form on PHP sending POST request variables to PHP and authenticating with MySQL. I have tried everything such as configuring xampp, putting htaccess file in the same folder, tried various ajax syntax but it’s still not working. I made it so simple so I can debug easily. The problem is the success function is firing but the post variables aren’t being sent to the location header won’t go to register.php. Here is the code:

PHP

<?php
    require_once 'dbconnect.php';

    if (isset($_POST['nickname']) && !empty($_POST['nickname'])) {
        $nickname = $_POST['nickname'];
    }

    if (isset($_POST['password']) && !empty($_POST['password'])) {
        $password = $_POST['password'];
    }

    $sql = "SELECT nickname,password FROM users WHERE nickname = '$nickname' and password = '$password'";

    $result = mysqli_query($mysqli, $sql);
    $count = mysqli_num_rows($result);

    if ($count == 1) {

        header('location:register.php');

    } else {
        header("HTTP/1.1 500 Internal Server Error");
    }
?>

JS

$("#submitBtn").on("click",function(){
    $.ajax({
        type:"POST",
        url:"dologin.php", 
        data:{nickname:"alex",password:"123"},
        success:function(){
        alert("skata");
    }});
});

2

Answers


  1. What you can do is take data from the php file

    success:function(data){
    console.log(data);
    }

    Please also check whether query is returning you exactly one row ? I also don’t know whether or not your dbconnect.php works.

    Login or Signup to reply.
  2. * WARNING *

    Before considering this answer as a good way to implement a login page, you should consider the fact that you have not implemented any methods of securing said page from a wide range of attacks, many of which will allow for hackers and bots to execute arbitrary code in your database and/or in other parts of the site using XSS.

    All a hacker would have to do is define ‘password’ to be an SQL injection that modifies the database and you can possibly reveal your entire database’s contents to the hacker.

    Also, plaintext passwords are not a good way to store login data, instead use a password hash.

    You may also consider using nonce to prevent XSRF attacks and also some sort of brute force password hacking / DoS protection mechanism would be wise.


    With that being said, here’s a way to make your password form work

    You can’t do a redirection as part of an ajax request that can interact with the request that makes the ajax call. The two contexts are different.

    What you CAN do is return a value from the PHP script like this:

       <?php 
           require_once 'dbconnect.php';
    
        if(isset($_POST['nickname']) && !empty($_POST['nickname'])) { $nickname =  $_POST['nickname']; }
    
        if(isset($_POST['password']) && !empty($_POST['password'])) { $password = $_POST['password']; }
    
        $sql = "SELECT nickname,password FROM users WHERE nickname = '$nickname' and password = '$password'";
    
        $result = mysqli_query($mysqli,$sql); $count = mysqli_num_rows($result);
    
        if($count==1){
             print_r("true");
        } else{
            print_r("false");   
         } ?>
    

    combined with a way of parsing the output

    $("#submitBtn").on("click",function(){
        $.ajax({
            type:"POST",
            url:"dologin.php", 
            data:{nickname:"alex",password:"123"},
            success:function(result){
                if (result == "true") {
                    window.location.href = "register.php";
                }
    
        }});
    });
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search