Ajax Login Script

[kurosagi01]

Hey guys i need some help with this login page of mine which implements the use of Ajax.
I have followed this tutorial:
http://www.91weblessons.com/php-ajax-login-validation-tutorial/
Now assuming if i have declared my variables correctly because when i enter the login details it echos "correct" but if i didn't it echo "enter correct details" or leave the text blank it ask me to fill the spaces.
The issue is its not parsing through to the index.php script correctly,i have to refresh the page for it to take me to the index page.
Any help or advice be great here's what my codes look like:
login.php:

<?php
session_start();
if(isset($_SESSION['LOGIN_STATUS']) && !empty($_SESSION['LOGIN_STATUS'])){
header('location:index.php');
}
?>

<head>

<title>PHP Ajax Login Validation Tutorial | 91 Web Lessons</title>

<script type="text/javascript" src="js/jquery-1.4.1.min.js"></script>
<script type="text/javascript">
function validLogin(){
var username=$('#username').val();
var pwd=$('#pwd').val();

var dataString = 'username='+ username + '&pwd='+ pwd;

$.ajax({
type: "POST",
url: "processed.php",
data: dataString,
cache: false,
success: function(result){
var result=trim(result);
$("#flash").hide();
if(result=='correct'){
window.location='list.php';
}
else{
$("#errorMessage").html(result);
}
}
});
}

function trim(str){
var str=str.replace(/^\s+|\s+$/,'');
return str;
}
</script>
</head>
<body>


<div id="wrapper">
<table align="center" class="login_box">
<tr><td colspan="2" id="errorMessage"></td></tr>
<tr>
<td>UserName</td>
<td><input type="text" name="username" id="username"></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="pwd" id="pwd"></td>
</tr>
<tr id="button_box">
<td>&nbsp</td>
<td><input type="button" name="submit" value="Submit" class="button" onclick="validLogin()"></td>
</tr>
<tr><td colspan="2" id="flash"></td></tr>
</table>
</div>



</body>
</html>

processed.php:

<?php
session_start();
include_once('johndb.php');
$message=array();
if(isset($_POST['username']) && !empty($_POST['username'])){
$username=mysql_real_escape_string($_POST['username']);
}else{
$message[]='Please enter username';
}

if(isset($_POST['pwd']) && !empty($_POST['pwd'])){
$pwd=mysql_real_escape_string($_POST['pwd']);
}else{
$message[]='Please enter password';
}

$countError=count($message);

if($countError > 0){
for($i=0;$i<$countError;$i++){
echo ucwords($message[$i]).'<br/><br/>';
}
}else{
$query="select * from signup where username='$username' and pwd='$pwd'";

$result=mysql_query($query);
$checkUser=mysql_num_rows($result);
if($checkUser > 0){
$_SESSION['LOGIN_STATUS']=true;
$_SESSION['username']=$username;
echo 'correct';
}else
{
echo ucwords('please enter correct user details');
}
}
?>

index.php:

<?php
session_start();
if(!isset($_SESSION['LOGIN_STATUS'])){
header('location:login.php');
}
?>
<html>
<head>
<title>PHP Ajax Login Validation Tutorial | 91 Web Lessons</title>
</head>
<body>
<div id="container">
<!--top section start-->

<div id='tutorialHead'>

<div class="tutorialLink"><a href="list.php" title="List"><h1>List</h1></a></div>

<div class="logout"><a href="logout.php" title="logout"><h1>Logout</h1></a></div>

</div>

<div id="wrapper">
<div class="user_intro"><h1>Welcome <?php echo $_SESSION['username'];?></h1></div>
</div>

</body>
</html>

logout.php:

<?php
session_start();
session_destroy();
header('location:login.php');
?>

 

[arskatb]

No encryption of the received password?

 

[kurosagi01]

The only encryption i got is it display the stars instead of actual text when entered.

 

[ste2425]

$("#flash").hide();
if(result=='correct'){
window.location='list.php';
}

What is list.php?

In your login page your redirecting to list.php after a successful ajax call. Maybe that's causing problems?

 

[kurosagi01]

To be honest the index.php was a test page,i have managed to get to direct it to the list.php which is my intended page. However instead of automatically directing me to the list page it only echos "correct" and i have to refresh my browser to display the list page.

 

[ste2425]

Excuse me but i have never used PHP before however, when making an AJAX call with AngularJS and NodeJS server side you cannot perform redirects server side due to it being an ajax call. Im assuming that your redirect is client side. I know window.location is a JavaScript thing but didn't know it there was something similar to PHP

If you stick a break point on the window.location. Is it being hit? is the result variable the value your expecting? Can there be caching issues or issues with the browser prevent the redirect?

 

[Disparia]

Don't see from a glance where it's failing, but a quick tip:

if( !isset($_SESSION['LOGIN_STATUS']) ) {
    header('location:login.php');
    exit;
}

When using header() in this fashion you'll want to stop processing by exit. Header() will send an http header but the processing will continue and output sent to the requestor. In your example the worst is that you'll throw a undefined index notice ( echo $_SESSION['username']; ), but if you had somewhat important information information on that page it could be captured by anyone, not just those that have an account.