0

I use remote method in jquery validation.I got perfect result ..bt it return echo value after submit the form.

its my form

<form method="post" id="backendloginForm">

<div>
    <span id="unameerror" style="color:#F30"></span>
    <input type="text" class="form-control" id="luname" name="luname" placeholder="Username" />
</div>
<div>
    <span id="passerror" style="color:#F30"></span>
    <input type="password" class="form-control" id="lpass" name="lpass" placeholder="Password" />
</div>
<div>
    <button type="submit" class="btn btn-default submit" name="login">Log in</button>
    <a href="#toregister" class="to_register">Forget password?</a>
</div>
<div class="clearfix"></div>
<div class="separator">

</div>

its my js

$(document).ready(function() {

$("#backendloginForm").validate({

    onkeyup: false,

    rules: {
        luname: {
            required: true,
            remote: {
                url: "mykcpa/Backend-Controller.php",
                type: "post",
                dataType: "json",
                data: {
                    luname: function(){ return $("#luname").val(); }
                },
            }
        },
        lpass: {
            required: true,
            remote: {
                url: "mykcpa/Backend-Controller.php",
                type: "post",
                dataType: "json",
                data: {
                    sluname: function(){ return $("#luname").val(); },
                    slpass: function(){ return $("#lpass").val(); }
                },
            }
        },
    },

    messages: {
        luname: {
            required: "(Please enter your username)",
            remote: "(Username does not exists)",
        },
        lpass: {
            required: "(Please enter your password)",
            remote: "(Your password is wrong)",
        }
    },

    errorPlacement: function(error, element) {
        if(element.attr("name") == "luname"){
            error.appendTo($('#unameerror'));
        }
        if(element.attr("name") == "lpass"){
            error.appendTo($('#passerror'));
        }
    }

});

});

its my php code

In Model 

function login_check_username()
{
    $luname=$_REQUEST['luname'];

    $lget=mysql_query("select * from users where username='$luname'");
    $num=mysql_num_rows($lget);

    return $num;
}

//for login password check
function login_check_password()
{
    $sluname=$_REQUEST['sluname'];

    $slget=mysql_query("select * from users where username='$sluname'");
    $sel=mysql_fetch_array($slget);
    $ppp=$sel['password'];

    return $ppp;
}

In Controller

if(isset($_REQUEST['luname']))
{
    $num=$obj->login_check_username();
    if($num==1)
    {
        echo json_encode(TRUE);
    } 
    else
    {
        echo json_encode(FALSE);
    }
}

//for login password check
if(isset($_REQUEST['sluname']) && ($_REQUEST['slpass']))
{
    $sspass=$_REQUEST['slpass'];
    $mpass=md5($sspass);
    $ppp=$obj->login_check_password();
    if($mpass==$ppp)
    {
        echo json_encode(TRUE);
    } 
    else
    {
        echo json_encode(FALSE);
    }
}

this works perfect...bt after submit page not redirect to home page...I got true message....that I dont want...

plzz help me....how to hide true message after submit the form

Fatal Error
  • 1,024
  • 6
  • 12
Siddhu
  • 37
  • 8
  • Your query are open to sql injection. You need to redirect using JS, try this http://stackoverflow.com/questions/4744751/how-do-i-redirect-with-javascript – Sameer Kumar Jain May 04 '16 at 07:08
  • I think your `form` is getting posted. Use `submitHandler` event to prevent the default `form post` and submit through `ajax` - `submitHandler: function(form) { $(form).ajaxSubmit(); }` - **[`Source`](https://jqueryvalidation.org/validate/#submithandler)** – Guruprasad J Rao May 04 '16 at 07:12
  • submitHandler event .......it works........thanks for that.. – Siddhu May 04 '16 at 08:19

1 Answers1

0

You should really introduce SQLInjection protection Here is an example

 $username = mysqli_real_escape_string($mysqli, $username);
 $password = encryptpassword(mysqli_real_escape_string($mysqli, $password));
 $firstname = mysqli_real_escape_string($mysqli, $firstname);
 $lastname = mysqli_real_escape_string($mysqli, $lastname);
 $email = mysqli_real_escape_string($mysqli, $email);
 $phone = mysqli_real_escape_string($mysqli, $phone);

  $mysqli = new mysqli("xxx", "xxx", "xxx", "xx");
    if($mysqli->connect_errno > 0){ die('Unable to connect to the database'); }

$stmt = $mysqli->prepare("INSERT INTO accounts (username, password, firstname, lastname, email, phone, active, hostingplan, domain, domain2) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->bind_param("ssssssssss", $username, $password, $firstname, $lastname, $email, $phone, $active, $hosting_plan, $domain, $domain2);
$stmt->execute();


$stmt = $mysqli->prepare("SELECT username, email_confirm_code FROM accounts_confirm WHERE email_confirm_code = ?");
$stmt->bind_param("s", $email_confirm_code);
$stmt->execute(); 
$stmt->bind_result($username, $confirmcode); 
$stmt->fetch(); 
$stmt->reset();
$stmt->close();
Steven Koelsche
  • 108
  • 7