1

how can I return a variable from a PHP query to AJAXA. I want the user to be redirected to the user panel using javascript after successfully entering the login and password. The query in PHP was successfully written but Ajax does not return any results.

Code Javascript: 

$(document).ready(function() {
  $("#btn-login").click(function() {
    const loginAuth = $("#login-auth").val();
    const passAuth = $("#pass-auth").val();
    $.ajax({
      type: "POST", //Request type
      url: "http://localhost/game/login.php",
      data: {
        loginAuth: loginAuth,
        passAuth: passAuth
      },
      cache: false,
      success: function(data) {
        console.log(data);
      }
    });
  });
});

Code PHP: 

<?php
require ('connect.php');

session_start();

// If form submitted, insert values into the database.

if (isset($_POST['loginAuth'])) {

  // removes backslashes

  $username = stripslashes($_REQUEST['loginAuth']);

  // escapes special characters in a string

  $username = mysqli_real_escape_string($con, $username);
  $password = stripslashes($_REQUEST['passAuth']);
  $password = mysqli_real_escape_string($con, $password);

  // Checking is user existing in the database or not

  $query = "SELECT * FROM `users` WHERE login='$username'
    and password='" . md5($password) . "'";
  $result = mysqli_query($con, $query) or die(mysql_error());
  $rows = mysqli_num_rows($result);
  if ($rows == 1) {
    $_SESSION['username'] = $username;

    // Redirect user to index.php

    $arr = 'udało się';
    header("Location: panel.php");
  }
  else {
    $arr = false;
    header("Location: panelLogin.php");
  }
}
else {
}

echo json_encode($arr);
?>

Thank you very much for every help.

Praveen Kumar Purushothaman
  • 164,888
  • 24
  • 203
  • 252
Rafał Podraza
  • 65
  • 5
  • `header("Location: panelLogin.php");` is going to make your AJAX request follow that redirect, not redirect your page. You need to return some sort of data so your Javascript knows to redirect the browser to the page. Ie: `echo json_encode(['state' => true]);` – Jaquarh Dec 15 '18 at 13:17
  • I cannot emphasize as to how unsafe this is. You should use a prepared statement for this and not use MD5 to hash/store passwords with. Use `password_hash()` and `password_verify()`. Also, you're mixing different mysql apis with `mysql_error()` and won't work should your query fail. It should be `mysqli_error($con)`. You should also read [this Q&A](https://stackoverflow.com/q/5741187/1415724) on `real_escape_string()`. – Funk Forty Niner Dec 15 '18 at 13:45

1 Answers1

1

you cannot redirect the user from the php script that is being called from ajax call.

because it will redirect but not on your browser instance but the ajax one.

you need to redirect it from javascript.

so you can do

echo "true";

instead of

header("Location: panel.php");

and echo "false"; // in case login failed

as an example but you can print some json text and use more informative messages

and you can check these values from ajax success function then you can do

window.location.href = "the url you want to redirect to";
HSLM
  • 1,692
  • 10
  • 25
  • Thank you very much. Everything works. And what will the session matter look like if I want to show user data using the GET method, will the data be displayed correctly, and is it a safe method? – Rafał Podraza Dec 15 '18 at 13:39
  • yes, sure you still have access to session data. but I didnt get your second part of the question! what do you mean is it a save method? to get the user data by GET method ? – HSLM Dec 15 '18 at 13:47