0

I have this JQuery POST code to post data to a .php page for updating DB. Which works fine on a different website (which I wrote), and I just simply copy-pasted the same code and changed some values.

Now the problem occurs at posting the data fetched from inputs to the .php file.

I console logged in every possible place, Didn't understand why is the data not posted to the .php file.

Code goes as:

<form action="backend_functions/logincheck.php" method="post" id="logincheck" ></form>
<div class="form-group mt-4">
    <label>Email Address</label>
    <input type="text" id="login_form_email" form="logincheck" class="form-control" placeholder="Enter your email address" />
</div>
<div class="form-group">
    <label>Password</label>
    <input type="password" id="login_form_password" form="logincheck" class="form-control" placeholder="Enter your password" />
</div>
<div class="btn-group mt-3 w-100">
    <button type="button" id="login_submit_btn" class="">Log In</button>        
</div>

                        
<script src="https://code.jquery.com/jquery-3.5.1.min.js"></script>
<script>

  $("#login_submit_btn").on('click',function() {
    console.log("button pressed");
    $(this).attr("disabled", true);
    let login_form_email = $("#login_form_email").val();
    let login_form_password = $("#login_form_password").val();
    console.log("value got at beggining - "+login_form_email);
    if(!login_form_email || !login_form_password) {
        $(".login_form_error_message_2").css("display","block");
        setTimeout(function(){
            $(".login_form_error_message_2").css("display","none");
        }, 2000);
        $(this).attr("disabled", false);
    } else {
        console.log("onelse");
        $.post(
                'backend_functions/logincheck.php',
              {
                 login_form_email: login_form_email,
                 login_form_password: login_form_password,
              },
             function(result){
                 console.log(result);
                 if(result == 'error') {
                    $(".login_form_error_message").css("display","block");
                    setTimeout(function(){
                        $(".login_form_error_message").css("display","none");
                    }, 2000);
                    console.log("error returned");
                 } else {
                    console.log("success");
                 }
             }
          );
             
    $(this).attr("disabled", false);
  }
});
</script>

.php file: (query is just for testing.)

<?php include("../db.php"); 
    $login_form_email = $_POST['login_form_email'];
    $login_form_password = md5($_POST['login_form_password']);
    
    $date = date_default_timezone_set('Asia/Kolkata');
    $date = date('Y-m-d H:i:s');
    $date = date('Y-m-d');
    
    $sql = "UPDATE subadmin SET name = '$login_form_email'
            WHERE id = '8'";
    
    if ($con->query($sql) === TRUE) {
   echo $login_form_email.'success';
} else { echo $login_form_email.'fail'; }
?>

DB.php

<?php
    $servername = "localhost";
    $dbusername = "dbuser";
    $dbpassword = "dbpass";
    $dbname = "dbname";
    $conn = new mysqli($servername, $dbusername, $dbpassword, $dbname);

    define('HOST','localhost');
    define('USERNAME', 'dbuser');
    define('PASSWORD','dbpass');
    define('DB','dbname');
    $con = mysqli_connect(HOST,USERNAME,PASSWORD,DB);
    $con->set_charset('utf8mb4');
    $db = new PDO('mysql:host=localhost;dbname=dbname','dbuser','dbpass');

    $admin = 'vdofymail@gmail.com';
    //vdofymail@gmail.com
    session_start();
?>

Now the console log looks like this:

enter image description here

as you see, I get 2x (success) in the console, one is from the script and the other is from.php file which should be concatenated with the posted var, .i.e., $login_form_email

Can someone explain what am I doing wrong, that it is not posting data to the backend file?

Network Payload for .php file (seems like data is posting.. I guess)

enter image description here

FYI, I have tried static replacing the $login_form_email in the .php file to see if there is any wrong in there, worked fine.

It's just that, data is not posted.

Any help is greatly appreciated.

Ambiguous Turtle
  • 97
  • 2
  • 19
  • **Danger**: You are using [an unsuitable hashing algorithm](http://php.net/manual/en/faq.passwords.php) and need to [take better care](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet) of your users' passwords. – Quentin Dec 10 '21 at 17:24
  • @Quentin you mean the md5, yes, I understood. thanks. – Ambiguous Turtle Dec 10 '21 at 17:25
  • `result == 'error'` will never be true. The PHP script echoes either `$login_form_email.'success'` or `$login_form_email.'fail'`, not `error`. – Barmar Dec 10 '21 at 17:34
  • @Barmar I know that `result == 'error'` will not work here, it's from my original code, didn't comment it out. And I did `console.log(result)` right after `function(result){` on post. – Ambiguous Turtle Dec 10 '21 at 17:36
  • Change the button to `type='button'`. Otherwise the form gets submitted, and the inputs don't have any names. – Barmar Dec 10 '21 at 17:37
  • 1
    Or use `event.preventDefault()` to prevent form submission. – Barmar Dec 10 '21 at 17:39
  • Your script is open to [SQL Injection Attack](http://stackoverflow.com/questions/60174). Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187) You should always use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI_` or `PDO` API's instead of concatenating user provided values into the query. Never trust ANY user input! – RiggsFolly Dec 10 '21 at 17:39
  • @RiggsFolly Understood – Ambiguous Turtle Dec 10 '21 at 17:39
  • 1
    Check the Network tab of DevTools to see what parameters are being sent to the server. – Barmar Dec 10 '21 at 17:39
  • @Barmar I think the `preventDefault` may have been circumnavigated by the fact that `action="backedn_functions/logincheck.php"` has a typo in it, intentional or accidental I will never know – RiggsFolly Dec 10 '21 at 17:41
  • It was accidental, please ignore the type, and @Barmar I have added the screenshot of the network -payload for the .php file. seems like the data is being posted. (added the screenshot to question) – Ambiguous Turtle Dec 10 '21 at 17:45
  • Everything looks right. Something at the PHP script must be overwriting `$_POST`, but it's not in the code yo uposted. – Barmar Dec 10 '21 at 17:48
  • @Barmar I've just added the db.php file code to the question, this is the only missing piece. Please take a look at it. – Ambiguous Turtle Dec 10 '21 at 17:51
  • Put `var_dump($_POST);` at the beginning of the PHP script to see what it has. – Barmar Dec 10 '21 at 17:55
  • @Barmar got `array(0) { }` in console.. – Ambiguous Turtle Dec 10 '21 at 17:56
  • Do you have `auto_prepend_file` configured in php.ini? – Barmar Dec 10 '21 at 17:57
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/240021/discussion-between-vdofy-videos-and-barmar). – Ambiguous Turtle Dec 10 '21 at 17:59

1 Answers1

0

Turns out the .htaccess code is messing up JQuery .post.

Had to comment out this (which I added this for removing .php extensions from URL):

# browser requests PHP
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^\ ]+)\.php
RewriteRule ^/?(.*)\.php$ /$1 [L,R=301]

Can someone please how this code in .htaccess is the reason why JQuery .post function was not able to post data?

Don't Panic
  • 13,965
  • 5
  • 32
  • 51
Ambiguous Turtle
  • 97
  • 2
  • 19
  • Check this: https://stackoverflow.com/questions/13628831/apache-301-redirect-and-preserving-post-data – Robert Dec 10 '21 at 18:59