0

I am new in web programming. currently I've been trying to make a login/register website. here is my HTML code:

<!DOCTYPE html>
<html>
<head>
<link href="test.css" type = "text/CSS" rel = "stylesheet" >
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js"></script>
<script type="text/javascript" src="scrpt.js"></script>
</head>
<body>
<form>
    <label> First Name: </label>
    <br>
    <input class = "inp" type = "text" name = "fname" id = "fname"> </input>
    <br>
    <label> Last Name: </label>
    <br>
    <input class = "inp"  type = "text" name = "lname" id = "lname"> </input>
    <br>
    <label> Email: </label>
    <br>
    <input class = "inp"  type = "text" name = "email" id = "email">     </input>
    <br>
    <label> Username: </label>
    <br>
    <input  class = "inp" type = "text" name = "usrname" id = "usr">     </input>
    <br>
    <label> Password: </label>
    <br>
    <input  class = "inp" type = "password" name = "psw" id = "psw"> </input>
    <br>
    <input type = "submit" id = "submit" >  </input>
    <br>
    <label> Login: </label>
    <br>
    <input class = "inp" type = "text" name = "login" id = "log"> </input>
    <br>
    <label> Password: </label>
    <br>
    <input  class = "inp" type = "password" name = "logPsw" id = "logPsw"> </input>
    <br>
    <input type = "submit" id = "logSub" >  </input>
</form>

</body>
</html>

here is my JavaScript code:

$(document).ready(function(){
$("#submit").click(function(){
    var fn = $("#fname").val();
    var ln = $("#lname").val();
    var email = $("#email").val();
    var usr = $("#usr").val();
    var psw = $("#psw").val();
    $.ajax(
    {
    type: "POST",
    url: "register.php", 
    data: {
        fname: fn,
        lname: ln,
        email: email,
        usr: usr,
        psw: psw
    },
    success: function(result){

    }
    }
    );
});

$('#logSub').click(function(){
    var login = $("#log").val();
    var psw = $("#logPsw").val();
    $.ajax(
    {
        type: "POST",
        url: "login.php",
        data: {
            login: login,
            password: psw
        },
        success: function(result){
            alert(""+result);
        }

    }
    );
});
});

and here is my PHP code:

<?php

$servername = "localhost";
$username = "root";
$password = "";
$dbname = "admin_db";

$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}



$login = $_POST['login'];
$psw = $_POST['password'];


$sql = "select * from user where userName = \"$login\" and password = \"$psw\"";

$result = $conn->query($sql);

if ($result->num_rows > 0) {
    echo "Yes";
}
else{
    echo "No Such Account";
}
$conn->close();

?>

The problem here is that if I enter an incorrect login/password, it should alert "No Such Account", but 1 out of 5 attempts it doesn't. First it does, second it does and after third attempt it just doesn't say anything and then after fourth attempt it continues to work fine. Can you give me the reason?

P.S I tried to surf every post here and on other forums but none of them seem helpful so if this post is a duplicate please just tell me and I will delete it.

GeorgeDopeG
  • 175
  • 2
  • 14
  • 1
    your code is **vulnerable** to sql injection; – hassan Mar 19 '17 at 15:59
  • echo your `$sql` query in every time you are login in, and check what happens when you got no such account; – hassan Mar 19 '17 at 16:01
  • @hassan what does vulnerable to sql injection mean? – GeorgeDopeG Mar 19 '17 at 16:02
  • 1
    [sql injection](http://php.net/manual/en/security.database.sql-injection.php) , and [`how to protect your self`](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php); – hassan Mar 19 '17 at 16:10

1 Answers1

0

The main reason of the problem is that as there is no specific action and method set to form, it automatically submits with 'GET' method so sometimes it submits it faster than the ajax.

GeorgeDopeG
  • 175
  • 2
  • 14