-2

I want to make an alert with code below but it returns me

Warning: Undefined array key "note" in ...\function.php on line 69.

I don't know much about Ajax so don't laugh if it's ridicules. Please help me, Thank you.

This is my script code:

var text = document.getelementsByClassName('text')[0];
var xhttp = new XMLHttpRequest();
xhttp.open('GET','function.php?note='+str,true);
xhttp.send();
xhttp.onreadystatechange = function() {
  if(xhttp.readyState == 4 && xhttp.status == 200) {
    text.innerHTML = xhttp.responseText;
  }
}

and my function.php code:

function entrance() {

    global $connect;
    if (isset($_POST['Esubmit'])) {
        $sql = "SELECT * FROM work WHERE username=? AND password=?";
        $result = $connect->prepare($sql);
        $result->bindvalue(1,$_POST['username']);
        $result->bindvalue(2,MD5($_POST['password']));
        $result->execute();
        if ($result->rowcount()){
            //do something
        } else {
            $note = $_REQUEST["note"];
            echo $note = "something";
            return false;
        }
    }
}

html code:

<?php entrance();?>

<form method="post" class="form1">
                <input type="text" name="username" placeholder="username" ><hr>
                <input type="password" name="password" placeholder="*****" ><br><br>
                <input type="submit" name="Esubmit" value="sign in" class="submit"><br><br>
                <p class="text"></p>
</form>

Once again, many thanks.

mary
  • 19
  • 5
  • 1
    You seem to be missing a call to [`xhttp.open()`](https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/open). Other than that though, what is your question? – Phil Aug 17 '21 at 05:21
  • sorry it was my mistake in adding the codes here. even with that it doesn't work. thanks Phil. – mary Aug 17 '21 at 05:49
  • 1
    I don't see how this request would trigger the above PHP code since `isset($_POST['Esubmit'])` would ever be true. You're making a GET request and not a POST request, and there's no `Esubmit` in the request either way. – M. Eriksson Aug 17 '21 at 06:05
  • I changed GET to POST but it didn't change. thanks Magnus. – mary Aug 17 '21 at 06:31
  • 1
    That alone wouldn't do anything since you're still not sending `Esubmit`. How is the JS triggered? When are you calling it and how? Is it a form? Event listener? Function call? Please add more details and _all_ relevant code (including any form/html and event bindings, the context for the posted JS etc). The posted code and your error doesn't match at all atm. Something tells me that you're using some form, which you don't prevent from submitting "normally" when trying to make the Ajax request. – M. Eriksson Aug 17 '21 at 06:33
  • 1
    So how is your JS related to that form? Also, md5/sha1 are _not_ suitable for password hashing. Use [password_hash()](https://www.php.net/manual/en/function.password-hash.php) and [password_verify()](https://www.php.net/manual/en/function.password-verify.php) instead. Read how to use them [here](https://stackoverflow.com/questions/30279321/how-to-use-phps-password-hash-to-hash-and-verify-passwords) – M. Eriksson Aug 17 '21 at 06:47
  • 1
    It looks like you have stored the password as plain text in the db. You should use `password_hash` to generate a secure hash which is stored and `password_verify` to validate what the user submits when they login. `MD5` has been broken for years - there are vast md5 hash dictionaries that can return many passwords effortlessly – Professor Abronsius Aug 17 '21 at 06:50
  • I've written js cod in both file.js and index.php but there is no difference. and about password thank you for your advice i'll do that. – mary Aug 17 '21 at 06:54

1 Answers1

0

What I could understand from your question was.

  1. You want a response from php file after login, yes?.
  2. And for this alert functionality and logging in you are using Ajax not form submit.

HTML code:

    <h1> Login using simple Ajax with alert </h1>

<form class="form1">
                <input type="text" name="username" id="username" placeholder="username" ><hr>
                <input type="password" name="password" id="password" placeholder="*****" ><br><br>
                <input type="button" name="Esubmit" value="sign in" class="submit" onclick="sendform()"><br><br>
                <p id="text"></p>
</form>

Script :

<script>
function sendform(){
  console.log("login button is clicked");
  var text = document.getElementById("text");
var uname = document.getElementById("username").value;
var pword = document.getElementById("password").value;
$.post("function.php", { username : uname, password : pword, Esubmit : "login"},
function ( data , status ) {
  if ( status == "success" ) {
    console.log(data);
  text.innerHTML = data;
}
});
}
</script>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script src="https://code.jquery.com/jquery-3.5.1.min.js"></script>

PHP code function.php

    <?php

//global $connect;
if (isset($_POST['Esubmit'])) {
    /*$sql = "SELECT * FROM work WHERE username=? AND password=?";
    $result = $connect->prepare($sql);
    $result->bindvalue(1,$_POST['username']);
    $result->bindvalue(2,MD5($_POST['password']));
    $result->execute();
    if ($result->rowcount()){//login success?
        echo "You have successfully logged in...";
    } else {
        echo "The login credentials don't match..!";
    }*/
    if ($_POST['username'] == 'khurram' && $_POST['password'] == 'khurram.123'){
      echo "You have successfully logged in...";
  } else {
      echo "The login credentials don't match..!";
  }
}
?>

Points to remember

  1. Ajax request and response is about to make a clean request and on that request get a response in your case where is Esubmit ..?
  2. You can echo out plain text/ html from requested page
  3. You need to properly maintain the request response and don't get confused between GET and POST request.
  4. 2 requests to the server won't work in your case, you want $_POST['username'] as well as $_GET['notes'] how?
Mohammed Khurram
  • 616
  • 1
  • 7
  • 14