0

I want to check the validation of username and password, for wrong value i should get alert saying that "invalid username and password", I am a newbie to javascript and php can anyone guide me with this

function loginValidation()
{
    var username = $('#username').val();
    var password = $('#password').val();
    if ( username == "" || password == "" )
    {
        alert("Invalid entry...!!!");
        return false;
    }
}
Sunil Kumar B M
  • 2,735
  • 1
  • 24
  • 31
user1181925
  • 11
  • 1
    use this function on `` – xkeshav Feb 15 '12 at 11:45
  • I'm not sure I understand this: You'll need to set up a login system and validation on PHP side. That's not something that can be explained in a SO answer - setting up a secure login is a non-trivial task and requires at least some knowledge of PHP. What do you want to do? Or is getting the above JS snippet all you want? – Pekka Feb 15 '12 at 11:49
  • thanks for the reply, i have used that but then it checks for the username and password is blank or not, if it is blank it throws alert. i want to check for wrong username and password – user1181925 Feb 15 '12 at 11:51
  • you cannot check user name and password from javascript for valid value you need to write php code for that – Rashmi Kant Shrivastwa Feb 15 '12 at 11:51
  • @RashmiKantShrivastwa : who said so?? – xkeshav Feb 15 '12 at 11:52
  • @RashmiKantShrivastwa ofcourse you can, if you use json you can trigger functions in your code behind and by the return value of the json you can determine if its correct or not. and thats just one of many options – Teun Pronk Feb 15 '12 at 11:55
  • @diEcho can you tell me how he gets value in javascript from database without going a server call to validate a user for actual validation or authentication – Rashmi Kant Shrivastwa Feb 15 '12 at 11:57
  • @Teun Pronk in every case either you return json a json is created using a php code on server side – Rashmi Kant Shrivastwa Feb 15 '12 at 11:59
  • 2
    @RashmiKantShrivastwa his tags are php jquery and javascript, so he uses those languages. He never said he wanted to use javascript or jquery and nothing else. it seems he is fine if we use php as long as we help him since he is new to it. – Teun Pronk Feb 15 '12 at 12:01

4 Answers4

1

input validation shouldnt be done in the client side code
Reasons
1. user input cannot be trusted (XSS ,SQL injections attacks)
2. javascript can be turned off

user authentication requires a lot of code to check if the user is trying to crack your system..

if you are trying to write some code just to learn some concepts this is how you authenticate an user..
send username and password to the backend (you can do some input validation using Javascript) you can use html forms.. 

 <form method="POST" action="validateLogin.php">
   <input type="text" name="usr" />
   <input type="text" name="pwd" />
   <input type="submit" name="submit" value="Submit"/>
 </form>

you got to do input validation on your server using php.. learn about magic_quotes,input sanitization etc.. 

  //validateLogin.php
  usr = $POST["usr"]
  pwd = $POST["pwd"]
  //check for injection attacks etc etc
  mysql_query = "select * form table where usr=$usr and pwd=$pwd"
  if(mysql_query) //the user is authentic
  //else send him to signup page
vireshas
  • 806
  • 6
  • 19
  • You mean _Input validation should not ONLY be done on the client side_ why waste a roundtrip to the server if the user hits enter by accident? – mplungjan Feb 15 '12 at 12:01
  • @mplungjan sir, Man In The Middle Attack!!.. for something as important as user authentication it is always better to use server side validation.. Never trust a User's data.. Javascript can be used for checking the passwords length, duplicate usersname and stuff but to authenticate and authorize a user, using server side code is always better.. – vireshas Feb 15 '12 at 12:16
  • I agree, but ALSO check client side since in 99% of the errors can be stopped right there first – mplungjan Feb 15 '12 at 12:24
  • @mplungjan yes sir i did mention few validations like **checking duplicate username** and **password length** etc are always JS's job, but authenticating, validating users input should always be done by the server side code.. – vireshas Feb 15 '12 at 12:28
0

Everyone starts off as a newbie, I know how that feels.

What you need to do is to send the input values back to the server using your HTML form. Your form has to look like:

<form method="POST" action="validateLogin.php">
  <input type="text" name="username" />
  <input type="text" name="password" />
  <input type="submit" value="Submit"/>
</form>

Javascript doesn't seem needed at all in your case.

Mark
  • 2,137
  • 4
  • 27
  • 42
0

you have done javascript validation but should be when form submitted. After form submission you need to connect to database and verify wheather user exist or not if it doesnot exist set some variable $error = 'invalid username or password' redirect page to login page with get parameter set with this error 

header("location:http://domainname/login.php?error=invalid username or password")

on login page check 

if(isset($_REQUEST['error'])){ echo '<script type="text/javascript">alert('.$_REQUEST['error'].')</script>';}
Poonam
  • 4,591
  • 1
  • 15
  • 20
-2

see this

HTML

<form name="loginForm" method="post" action="">
    <input type="text" name="username" id="username">
    <input type="password" name="password" id="password">
    <input type="submit" name="submit" id="submit">
</form>

jQuery

$('form').submit(function(e) {
    loginValidation();
    e.preventDefault();
});
function loginValidation()
{
                var username = $('#username').val();
                var password = $('#password').val();
                if (username == "" || password == "" )
                {
                    alert("Invalid entry...!!!");
                    return false;
                }
}​

Working DEMO

xkeshav
  • 53,360
  • 44
  • 177
  • 245
  • Do NOT call anything "submit" in a form!!! Also why not just return loginvalidation in the submit event??? - better version: http://jsfiddle.net/mplungjan/5xU9J/ – mplungjan Feb 15 '12 at 11:56
  • PS: this is also only testing for blank. OP wanted to know how to test for CORRECT values agains his DB – mplungjan Feb 15 '12 at 12:04
  • @mplungjan : where OP said that he wanted to check with DB values?? No tag of `mysql` only title using db – xkeshav Feb 15 '12 at 12:19
  • by the way he wants to check field only for Blank not with any value, so no need of DB here – xkeshav Feb 15 '12 at 12:21
  • Read the comment: _thanks for the reply, i have used that but then it checks for the username and password is blank or not, if it is blank it throws alert. i want to check for wrong username and password_ so DB or at least server. He is a noob and does not know a DB is needed – mplungjan Feb 15 '12 at 12:25
  • @mplungjan - [better version](http://jsfiddle.net/X3pz9/) Try not to use `return false` [when you can](http://fuelyourcoding.com/jquery-events-stop-misusing-return-false/). – Flukey Feb 15 '12 at 12:44
  • @Flukey Why should I avoid that? This is not conclusive: http://stackoverflow.com/questions/1357118/javascript-event-preventdefault-vs-return-false – mplungjan Feb 15 '12 at 12:49
  • As is said in the link I posted, `return false` does three things: `event.preventDefault();`, `event.stopPropagation();` `Stops callback execution and returns immediately when called`. In this scenario, we only need to stop the default behaviour. `return false` is overkill. – Flukey Feb 15 '12 at 12:53
  • @Flukey I used `return false` just for fiddle SIR – xkeshav Feb 15 '12 at 13:19