0

Tell me how to configure authorization. Php I know basically, since I don’t work with it, but I need to implement this task. I would like that when clicking on the button authorization passes and goes to another page. I do not fully understand how to check the data in the database and compare it with user data and, if there is a coincidence, re-direct to another page. Did you go the right way? How can I solve my problem?

authdb.php

<?php
$dbname = "dictdb";
$username = "root";
$userpass = "";
$charset = "utf8";
$options = [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION];

$userdata = [
    "logVal" => trim($_POST["logVal"]),
    "passVal" => trim($_POST["passVal"])
];

$db = new PDO("mysql:host=$dbhost;dbname = $dbname;charset=$charset", $username, $userpass, $options);
if (!empty(trim($_POST["logVal"])) && !empty(trim($_POST["passVal"]))) {
    $query = "SELECT * FROM  `dictdb`.`user` WHERE `login` = :logVal AND `password` = :passVal";
    $user_data = $query-fetchAll();

if ($user_data[password] == :passVal) {
echo "ok";
};

?>

auth.php

$(document).ready(function () {
    $("button.btn-auth").on("click", function () {
        $.ajax({
            url: '/src/php/auth.php',
            type: "POST",
        });
    });
});
Aleksf
  • 71
  • 5
  • **Never store passwords in clear text or using MD5/SHA1!** Only store password hashes created using PHP's [`password_hash()`](https://php.net/manual/en/function.password-hash.php), which you can then verify using [`password_verify()`](https://php.net/manual/en/function.password-verify.php). Take a look at this post: [How to use password_hash](https://stackoverflow.com/q/30279321/1839439) and learn more about [bcrypt & password hashing in PHP](https://stackoverflow.com/a/6337021/1839439) – Dharman May 27 '20 at 10:25

1 Answers1

-1

First things first, you are doing a table search that will return only 1 row, so change your fetchAll to fetch -

// change this - $user_data = $query-fetchAll(); to
$user_data = $query-fetch(PDO::FETCH_ASSOC);
//This part is also incorrect - if ($user_data[password] == :passVal) as there is no $user_data[password] and will return an error... Change to -
if ($user_data[passVall] == :passVal)

You are then posting to the wrong page, your PHP login data will never run - //url: '/src/php/auth.php' should be - url: '/src/php/authdb.php',

In your authdb.php page, return the $user_data to your auth.php page if login was successful -

 if ($user_data[password] == :passVal) {
  return $user_data;
  //direct user back to your auth page -
  include( '../auth.php' ); //check correct path...
 };

Now do with the returned data as you wish, I would personally have loaded the returned data in my authdb.php page to a session though.

Your post part is incorrect, you can do something to this effect - 

 $.post("../authdb.php", {
    logVal: logVal,
    passVal: passVal
 },
    function (data) {
     if (data == '0') {
        alert("Incorrect or Invalid Password entered.");

        return false;
     } else {
        alert("Sign In successful.");
 }

In your authdb.php file, after checking the passwords etc match -

if ($user_data[passVal] == :passVal) {
 echo count($user_data); //Will return 0 if failed, 1 if success
    die;
};
AlwaysConfused
  • 450
  • 4
  • 13
  • @Dharman, I thought that I gave enough comments and reference to correct pages which reference to PHP or Javascript accordingly, not sure what you are asking. – AlwaysConfused May 27 '20 at 09:23
  • It looks like PHP code, but it is not the right syntax. – Dharman May 27 '20 at 09:28
  • I see, this is PHP and Javascript/Ajax, as per the OP's code submitted. – AlwaysConfused May 27 '20 at 14:46
  • OP didn't submit a working PHP code. The code in question is not a valid PHP code and yours isn't either. Just check your "PHP" again. Put it in an IDE and you will see that the syntax is not even close to being correct. You haven't fixed anything and you only introduced more syntax errors. – Dharman May 27 '20 at 14:59