0

I am try to make login system this will check user name and password via php and ajax.i am showing what i have done.

Html

  <div class="container">
  <div id="show-error" style="display:none;" class="alert alert-warning"></div>
  <form  class="form-signin">
    <h2 class="form-signin-heading">Please sign in</h2>
    <input type="text" id="user" class="form-control" placeholder="Email address"  required autofocus>
    <input type="password" id="pass" class="form-control" placeholder="Password"  required>
    <a class="btn btn-lg btn-primary btn-block" onclick="submitfom();" >Sign in</a>

  </form>

JavaScript

function submitfom() {
$.ajax({
          type: "POST",
          url: "checking.php",
          data: {user: $("#user").val(),pass: $("#pass").val()},
       success: function(data){$('#show-error').css("display","inline");$('#show-error').html(data);},
       });
}

PHP

session_start();
include('../../../config.php');
     if((isset($_POST['user'])) && (isset($_POST['pass'])) ){
     $user = $_POST['user'];
     $pass = $_POST['pass'];
     $query = mysql_query("SELECT user FROM admin_user WHERE user ='".$user."' ");
     $query2 = mysql_query("SELECT pass FROM admin_user WHERE pass ='".$pass."' ");

       $result= mysql_num_rows($query);
       $result2= mysql_num_rows($query2);

        if((!empty($result)) && (!empty($result2))){
        $_SESSION['admin']=$user;
      echo "Welcome ". $_SESSION['admin'];
       header('Location: ../../index.php');
        }

        else {echo "Please Write correct <strong>username and password</strong>";}
     }
       else "Some thing miss";

Every thing work fine but now i just need when user write correct username and password than i just need redirection.I am using header location function but actually i am send form values via ajax that's why my redirection not working.i don't know why please help.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Affan Ahmad
  • 451
  • 4
  • 9
  • 22
  • 2
    **Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Nov 29 '13 at 22:35
  • 1
    **Danger**: You are using [an unsuitable hashing algorithm](http://php.net/manual/en/faq.passwords.php) (in this case that's "no hashing algorithm at all") and need to [take better care](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet) of your users' passwords. – Quentin Nov 29 '13 at 22:36
  • Do the redirection in your JavaScript success method based on a returned Boolean. Make the php page return a simple json structure. Eg. {success=true, message=blah}. Your existing solution is more old school form post. – Mike Causer Nov 29 '13 at 22:37
  • @Quentin - Have you considered that the OP might have made a simplified example to demonstrate the problem? While it's good practice do do what you suggest, it's not necessary to see what's going on and greatly simplifies the question and answers. – ChrisF Nov 29 '13 at 22:49
  • @Quentin - thanks for security guide line now i am just try for get quick result.i improve code soon. – Affan Ahmad Nov 29 '13 at 22:57

3 Answers3

2

Using a location header to redirect will "work". It will tell the browser to get the data for the Ajax response from the new URL.

If you want to send the user to a new page, then you have to return some data to the browser, detect it, and then set location to a new value with JavaScript.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
2

Can you do the redirect in javascript?

Adding the done and fail methods to the jQuery ajax call, (assuming version > 1.8) 

done: function(data){
   window.location.replace("../../index.php");
},
fail: function(){
   $('#show-error').css("display","inline");
   $('#show-error').html(data);
}
Daniel Billingham
  • 1,391
  • 5
  • 15
  • 25
1

When the ajax authorization success use window.location="<URL>" in the javascript success callback.

Noampz
  • 1,185
  • 3
  • 11
  • 19