0

Problem: When i click Login, it always Login Fail. But if i open HTML file with PHP only, it works fine. So the problem is Ajax i think. Im using Xampp with PHP 7

This is HTML file

<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8">
    <title></title>
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
    <script src="Login.js" ></script>
  </head>
  <body>
    <div class="err" id="errDialog">

    </div>
    <form action="" method="post" id="login_form">
      Username
      <input type="text" name="username" id="username" >
      Password
      <input type="text" name="password" id="password" >
      <input type="submit" name="login" id="login" value="Login">
    </form>
  </body>
</html>

This is Javascript file

$(document).ready(function() {
  $('form').submit(function(event) {
    event.preventDefault();
    var form = $(this);
    $.ajax({
        url: './Login.php',
        type: 'POST',
        dataType: 'script',
        data: form.serialize(),
      })
      .done(function(response) {
        if (response == 1) {
          $('#errDialog').html("Login success")
        } else {
          $('#errDialog').html("Login fail")
        }
      })

This is PHP file

$con = mysqli_connect('localhost', 'root', '', 'login');
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}
if (isset($_POST['login'])) {

    $username = mysqli_real_escape_string($con, $_POST['username']);
    $password = mysqli_real_escape_string($con, $_POST['password']);

    $query = "select * from members where username='$username' AND password='$password'";

    $run_query = mysqli_query($con, $query);

    $num_rows = mysqli_num_rows($run_query);

    if ($num_rows == 1) {
        $_SESSION['sesUsername'] = $username;
        echo 1;
    } else {
        echo 0;
    }
}

Problem solved. I change Submit type from Input to Button. Delete isset('#login') part, its not necessary. And rewrite javascript ajax for button click event.

hung11
  • 1
  • 1
  • 3
    Have you tried removing `dataType: 'script'`? When you look at the browser's console, do you see errors? Are the request and response good? – Michael Mar 02 '16 at 22:39
  • Should `dataType` be set to `script`? Try removing the `dataType` to use the default. – Cyclonecode Mar 02 '16 at 22:39
  • what do you get if you echo the query just before it is executed? Put some debug statements in the ajax callback - does the sql look valid ? – Professor Abronsius Mar 02 '16 at 22:39
  • I agree that `dataType: 'script'` is probably the cause. Have you tried logging the `response` value to the console? – Fernando Salas Mar 02 '16 at 22:44
  • [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). – Jay Blanchard Mar 02 '16 at 22:47
  • Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). – Jay Blanchard Mar 02 '16 at 22:47
  • Hi, i removed the dataType:'script'. In console it shows POST XHR and login fail only – hung11 Mar 02 '16 at 22:53
  • Everything works fine, but it seems like php and ajax dont understand each other. ajax dont read echo, and php dont get values. Im so confused about this. – hung11 Mar 02 '16 at 23:07
  • The problem is that `$(this).serialize()` doesn't include the submit button, so `if (isset($_POST['login']))` fails. See the question I linked to for solutions. – Barmar Mar 02 '16 at 23:13
  • Thanks vm. Problem solved. – hung11 Mar 02 '16 at 23:58

0 Answers0