Difficulty with jQuery's AJAX response from PHP

Question

I am fairly new to AJAX. I am trying to get a simple login script to work. This is using jQuery 1.6.4. In the AJAX below, when the user clicks a button, it sends the email address and password to login.php. That all seems to work fine. The trouble is with the success function. When the email and password are correct, it should return true. It should return false when it does not work. Using Firebug, I see that it works with console.log. It also works correctly if I write alert(response);. However, the conditional always evaluates to false even when response is equal to true. I've tried both if(response=="true") and if(response==="true"), putting the variable outside the function, and a few other things without success. Would anyone have any ideas on how to fix this?

Thank you for any help or ideas, Jason.

AJAX:

$("#firstpage").live('pageinit', function (evt) {
$('#button').click(function(){       
var $form = $('#login'),
$inputs = $form.find("input"),
serializedData = $form.serialize();
$.ajax({
  type: 'POST',
  url: 'php/login.php',
  data: serializedData,
  success: function(response){
    console.log("Response: "+response);
    if(response=="true") 
    {
$('#firstpage #wrong').text("Login script is working");
} else {
$('#firstpage #wrong').text("Your email and password combination did not match.");
}

    },      
  dataType: 'json'
});
});  
});

If it helps, this is my login.php script.

$email = $_POST['email'];
$password = $_POST['password'];
require_once("DB.php");
$connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!"); 
mysql_select_db($db) or die ("Unable to select database!"); 

$query = "SELECT * FROM member WHERE email='$email' AND password='".md5($_POST['password'])."'";
$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error()); 

$num_rows = mysql_num_rows($result);
if($num_rows>0){
$output = true;
} else {
$output = false;
}
echo json_encode($output);

I don't see how the answer could be `"true"`. Maybe `true` but not `"true"`. Please have a look at the browser's inspector (type F12) to see what's really in the response. — Denys Séguret, Jul 04 '12 at 16:57
I would ensure you're getting a `String "true"` vs a `Bool true`. In PHP change to `$output = "success"` and in Javascript change to `response === "success"` or something a little more intentful so you can narrow down the issue. — potench, Jul 04 '12 at 16:59
@user1502099 You really need to read up on sql injection, switch to mysqli / PDO and use something better than `md5` for your password hashing. — jeroen, Jul 04 '12 at 17:04
@jeroen What would you recommend instead of MD5? I'll check out mmysqli and pdo; I haven't used them before. — Jason T. Bedell, Jul 04 '12 at 17:19
@Jason T. Bedell At least sha256 with a unique salt, see for more information here: http://stackoverflow.com/questions/2235158/sha1-vs-md5-vs-sha256-which-to-use-for-a-php-login — jeroen, Jul 04 '12 at 17:37

score 1 · Accepted Answer · answered Jul 04 '12 at 17:02

1

The response is an object because you have "dataType: 'json'". jQuery will try and convert the responseText to JSON. If you need to check the data the server returned, try using

if (response === true) {

}

or simply

if (response) {

}

or just have jQuery return the string by removing the datatype: 'json'

answered Jul 04 '12 at 17:02

SMathew

3,993
1
18
10

Wow. You guys are fast.I changed it response === true and it worked. It sounds like the php solution could have worked too. I didn't realize I was mixing up the boolean and string values. Thank you so much. – Jason T. Bedell Jul 04 '12 at 17:11
anytime! btw, @jeroen is right, if you are using this code in production you should take his advice :) – SMathew Jul 04 '12 at 17:20
bcrypt along with a salt is what I would recommend. Also while you are at it, your server should return a 401 (Unauthorized) header when auth fails. jQuery will then call the 'error' callback if you provide one – SMathew Jul 04 '12 at 17:33
Thanks. I'll see what I can find about bcrypt. Works with PHP? – Jason T. Bedell Jul 04 '12 at 17:49
It should, I haven't done this in php but http://www.php.net/manual/en/function.crypt.php should work. just use the blowFish algorithm. Save the generated salt in a separate column and the hashed password in another column in the db. you could rename the password column to hashed_password or something meaningful – SMathew Jul 04 '12 at 18:08
The method to authenticate should be.. 1. retreive the user from the db where the email matches (email has to be unique). 2. Reconstruct the password using the salt and the user provided input and equate to the hashed_password. This is getting off-topic isn't it? :) – SMathew Jul 04 '12 at 18:11
sorry, I meant reconstruct the hashed password – SMathew Jul 04 '12 at 18:21

score 0 · Answer 2 · answered Jul 04 '12 at 17:01

0

Don't use quotations with an exactly-equals sign ===. Use

if (response === true)

Because your PHP script returns true, not "true".

I'm not avid with PHP, but try removing the quotes around true.

answered Jul 04 '12 at 17:01

Polyov

2,281
2
26
36

Difficulty with jQuery's AJAX response from PHP

2 Answers2