dcsimg
www.webdeveloper.com
Results 1 to 10 of 10

Thread: Php ajax login problem

  1. #1
    Join Date
    May 2014
    Posts
    44

    Php ajax login problem

    Hello,
    I have the next error in my code:
    Code:
    <br />
    <b>Notice</b>:  Undefined index: sLoginUserName in <b>/Applications/XAMPP/xamppfiles/htdocs/KEA/XmlPhp/FriApr17-2015/ajax.php</b> on line <b>7</b><br />
    <br />
    <b>Notice</b>:  Undefined index: sLoginUserPassword in <b>/Applications/XAMPP/xamppfiles/htdocs/KEA/XmlPhp/FriApr17-2015/ajax.php</b> on line <b>9</b><br />
    {"status":"error"}
    I don't know how to solve it so please help me because I'm totally blocked with this.
    My code:
    index.php
    http://paste.ofcode.org/8apSFyVfNxUCNH2A2VfmDh

    ajax.php
    http://paste.ofcode.org/cmXLqgFcnP4gzT3Uq48JMh

    SQL
    http://paste.ofcode.org/MJFM2QE8eeHHNwp4qcEkqi

    Host is local host.

  2. #2
    Join Date
    Apr 2015
    Location
    Austria
    Posts
    32
    Hello,

    in the index.php try to use this code for the ajax-call: (untested)

    Code:
    $.get( "ajax.php", { sLoginUserName: sLoginUserName, sLoginUserPassword: sLoginUserPassword} )
      .done(function( jData ) {
          if(jData.status == "success")
            {
              $("#wdw-login").hide();
              $("#wdw-welcome").show();
              $("#lblUserName").text(jData.userName+" and ID : "+jData.id);
            }
            else
            {
              $("#wdw-login").effect("shake");
            }
      });
    BTW: this isn't a good idea to build your SQL Query-string: (SQL-Injection, see here)
    PHP Code:
    $sql "SELECT * FROM customers WHERE user_name = '$sLoginUserName' AND  PASSWORD = '$sLoginUserPassword'"
    For instance you can build the query-string like that:
    PHP Code:
    $sql sprintf("SELECT * FROM customers WHERE user_name = '%d' AND  PASSWORD = '%d';",
                     
    $sLoginUserName$sLoginUserPassword); 
    Software is like sex: it's better when it's free.
    - Linus Torvalds

  3. #3
    Join Date
    May 2014
    Posts
    44
    Quote Originally Posted by __flodu__ View Post
    Hello,

    in the index.php try to use this code for the ajax-call: (untested)

    Code:
    $.get( "ajax.php", { sLoginUserName: sLoginUserName, sLoginUserPassword: sLoginUserPassword} )
      .done(function( jData ) {
          if(jData.status == "success")
            {
              $("#wdw-login").hide();
              $("#wdw-welcome").show();
              $("#lblUserName").text(jData.userName+" and ID : "+jData.id);
            }
            else
            {
              $("#wdw-login").effect("shake");
            }
      });
    BTW: this isn't a good idea to build your SQL Query-string: (SQL-Injection, see here)
    PHP Code:
    $sql "SELECT * FROM customers WHERE user_name = '$sLoginUserName' AND  PASSWORD = '$sLoginUserPassword'"
    For instance you can build the query-string like that:
    PHP Code:
    $sql sprintf("SELECT * FROM customers WHERE user_name = '%d' AND  PASSWORD = '%d';",
                     
    $sLoginUserName$sLoginUserPassword); 
    Hi
    I tried the code but not work and the same for the sql if I put in the way you gave me the code stop working at all.

  4. #4
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,878
    Are you using the very latest XAMPP?

    When asking for help, please copy and paste from external sites and wrap code elements in their respective forum tags.

    A brief look at your page for your SQL handling, you have some serious security gaps and you should not use $_GET or rather the GET method for loging in, you should always POST to a server, even with Ajax, Use the POST method for sending data like login information.
    STOP using $ prefix on JavaScript variable names...
    Please remember to wrap any code you have in forum tags:-

    [CODE]...[/CODE] [HTML]...[/HTML] [PHP]...[/PHP]

    If you can't think outside the box, you will be trapped forever with no escape...

  5. #5
    Join Date
    May 2014
    Posts
    44
    Hi I have the last xampp version and I cannot use post because my professor wants get. For the forum tags I'm sorry bur when I tried to click on the icon for the link it didn't work for some reason.
    Quote Originally Posted by \\.\ View Post
    Are you using the very latest XAMPP?

    When asking for help, please copy and paste from external sites and wrap code elements in their respective forum tags.

    A brief look at your page for your SQL handling, you have some serious security gaps and you should not use $_GET or rather the GET method for loging in, you should always POST to a server, even with Ajax, Use the POST method for sending data like login information.

  6. #6
    Join Date
    Apr 2015
    Location
    Austria
    Posts
    32
    I tested the following code on my own server and it works:
    Code:
    $(document).ready(function(){
    	sLoginUserName = "username";
    	sLoginUserPassword = "password";
    	$.get( "ajax.php", { sLoginUserName: sLoginUserName, sLoginUserPassword: sLoginUserPassword} )
    	  .done(function( jData ) {
    	      console.log(jData);
    	  });
    });

    And for the SQL statement, it was my mistake use this:
    PHP Code:
    $sql sprintf("SELECT * FROM customers WHERE user_name = '%s' AND  PASSWORD = '%s';",
            
    mysql_real_escape_string($sLoginUserName), mysql_real_escape_string($sLoginUserPassword)); 
    Software is like sex: it's better when it's free.
    - Linus Torvalds

  7. #7
    Join Date
    May 2014
    Posts
    44
    Maybe is a problem with my localhost I'll will try on the server because on local host I have issues.
    By the way thanks

  8. #8
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,878
    Quote Originally Posted by Jakub View Post
    Hi I have the last xampp version and I cannot use post because my professor wants get. For the forum tags I'm sorry bur when I tried to click on the icon for the link it didn't work for some reason.
    You can type the tags out.

    Your professor should know that GETting as a way of logging in is a security risk.

    If you are using AJAX then theres little point in using AJAX because the point of AJAX is that it is a background process for POSTing and GETting when you want to query a database on the server.
    STOP using $ prefix on JavaScript variable names...
    Please remember to wrap any code you have in forum tags:-

    [CODE]...[/CODE] [HTML]...[/HTML] [PHP]...[/PHP]

    If you can't think outside the box, you will be trapped forever with no escape...

  9. #9
    Join Date
    May 2014
    Posts
    44
    The professor told us the opposite about the post and the get. So I don't know, but for now because my project will be evaluated from him I use get.
    Quote Originally Posted by \\.\ View Post
    You can type the tags out.

    Your professor should know that GETting as a way of logging in is a security risk.

    If you are using AJAX then theres little point in using AJAX because the point of AJAX is that it is a background process for POSTing and GETting when you want to query a database on the server.

  10. #10
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,878
    POST sends data to the server as a data stream.

    GET sends a public URL to a server.

    Which one do you think is more readily cache-able?
    STOP using $ prefix on JavaScript variable names...
    Please remember to wrap any code you have in forum tags:-

    [CODE]...[/CODE] [HTML]...[/HTML] [PHP]...[/PHP]

    If you can't think outside the box, you will be trapped forever with no escape...

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles