3

Hello please I don't know what I am doing wrong here. I am trying to use ajax for a login page. The ajax is working but the successful response is not from the file I specified. I need it to read response from the login_validate.php but I am getting response from the dbconnect.php which shouldn't work like that.

this is the index.php which is the ajax page

jQuery(document).ready(function(){
 jQuery(".login").submit(function(e){
    e.preventDefault();
    var formData = jQuery(this).serialize();
    $.ajax({
        type:"POST",
        url:"login_validate.php",
        data:formData,
        success: function(response){
            /** alert (response);
         }, error: function(jqXHR, textStatus, errorThrown){
                alert('error');
         } **/       
            if(response == "True")
            {
                //alert('Yes');
                //$.jGrowl("Loading File Please Wait......", { sticky: true });
                $.jGrowl("Welcome... Redirecting", { header: 'Login Successful' });
                var delay = 3000;
                setTimeout((function(){ window.location = 'welcome.php'  }), delay);

            }else{
                //alert('No');
                $.jGrowl("Invalid Login Details", { header: 'Access Denied' });
            }
        }
    });
    return false;
});

});

this is the dbconnect.php

<?php
// connect to database
$hostname = "localhost";
$username = "root";
$password = "";
$dbname = "cbt2";


 $conn = new mysqli($hostname, $username, $password, $dbname);
 // check connection
 if ($conn->connect_error) {
    die ('Error connecting to database' . $conn->connect_error);
 } else {
    echo "Connection Successful";
 }
 ?>

this is the login_validate.php

<?php
require 'admin/dbconnect.php';
require 'admin/core.php';

if(loggedin())
{
    header('location:welcome.php');
}
if (isset($_POST['loginbtn'])){
    $name=$_POST['username'];
    $pass= $_POST['password'];

    $qry="SELECT * FROM student WHERE username='$name' AND password='$pass' LIMIT 1";
    $qrycheck=$conn->query($qry);
    if ($qrycheck->num_rows > 0){
        while($fetch = $qrycheck->fetch_assoc()){
            $class=$fetch['class'];
            $fullname=$fetch['fullname'];
            $username=$fetch['username'];
            $dept=$fetch['dept'];
            $id=$fetch['id'];

            $_SESSION['stdid']=$id;
            $_SESSION['user']=$username;
            $_SESSION['name']=$fullname;
            $_SESSION['class']=$class;
            $_SESSION['dept']=$dept;

        }
        echo "True";
    } else {
        echo "False";
    }
}
?>

So the successful response I am getting is the echo 'Connection Successful' and it should be echo 'True'

godot
  • 3,422
  • 6
  • 25
  • 42
Amjos.com
  • 83
  • 10
  • remove the echo statements from the connection script – Professor Abronsius Jul 10 '18 at 13:48
  • Your script is wide open to [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI_` or `PDO` API's – RiggsFolly Jul 10 '18 at 13:51

2 Answers2

3

remove your else statement from dbconnect.php

<?php
// connect to database
$hostname = "localhost";
$username = "root";
$password = "";
$dbname = "cbt2";




$conn = new mysqli($hostname, $username, $password, $dbname);
 // check connection
 if ($conn->connect_error) {
    die ('Error connecting to database' . $conn->connect_error);
 } 
 ?>

When connection is successful your dbconnect.php echoes "Connection successful" which is read first by ajax, and it is not what are you waiting for. It is not even recommended to echo or log every single time when connection to database is successful.

UPDATE:

also update your login_validate.php:

<?php
require 'admin/dbconnect.php';
require 'admin/core.php';


if (isset($_POST['username'], $_POST['password'])){
    $name=$_POST['username'];
    $pass= $_POST['password'];

    $qry="SELECT * FROM student WHERE username='$name' AND password='$pass' LIMIT 1";
    $qrycheck=$conn->query($qry);
    if ($qrycheck->num_rows > 0){
        while($fetch = $qrycheck->fetch_assoc()){
            $class=$fetch['class'];
            $fullname=$fetch['fullname'];
            $username=$fetch['username'];
            $dept=$fetch['dept'];
            $id=$fetch['id'];

            $_SESSION['stdid']=$id;
            $_SESSION['user']=$username;
            $_SESSION['name']=$fullname;
            $_SESSION['class']=$class;
            $_SESSION['dept']=$dept;

        }
        echo "True";
    } else {
        echo "False";
    }
}
?>

when you're calling php file from ajax, there you don't need to redirect somewhere, it should just return something. Also I think it is redundant to check if $_POST['loginbtn'] is set or not.

godot
  • 3,422
  • 6
  • 25
  • 42
1

The reply to the AJAX call will be everything that is output from your PHP script(s)

So you need to remove the echo "Connection Successful"; from here

<?php
// connect to database
$hostname = "localhost";
$username = "root";
$password = "";
$dbname = "cbt2";


 $conn = new mysqli($hostname, $username, $password, $dbname);
 // check connection
 if ($conn->connect_error) {
    die ('Error connecting to database' . $conn->connect_error);
 //} else {
    //echo "Connection Successful";
 }
 ?>
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149