1

I've been working on a login form, that uses Jquery and Ajax to submit to a PHP file that processes the request then sends back a response. I think that somewhere, somehow the PHP script may be incorrect, because the form always comes back true allowing the person to login even when I purposely feed an incorrect password.

Here is the html code:

    <div id="login">
    <span class="error">Uh oh! Something went wrong please try again!</span>
    <span class="success">Congrats! You've been logged in, redirecting you to your homepage</span>
    <form action="process/core/login.php" method="post">
    <p>Email: <input type="text" name="email" <?php if($_POST['email'] != '') { echo 'value="'. $_POST['email'] .'"'; }?> /></p>
    <p>Password: <input type="password" name="pword" /></p>
    <p><input type="submit" value="Login" id="login-btn" /></p>
    </form>
</div>

<script>
function redirect(){
    window.location = "home.php"
}

$("#login-btn").click(function(){
    $.ajax({
        type:       "post",                                     // type of post
        url:        "process/core/login.php",                   // submitting file
        data:       $("form").serialize(),                      // data to submit
        success: function() {
            $(".success").show("slow");                         // sucess function
            setTimeout('redirect()', 3000);
        },      
        error: function() {
            $('.error').show("slow");                           // error function
        }
    });
return false;
});
</script>

Here is the PHP script:

<?php
session_start();

require '../../lib/core/connect.php';

if(!empty($_POST['email']) && !empty($_POST['pword'])) {

    $userInfo = mysql_query("SELECT * FROM users WHERE email = '". mysql_real_escape_string($_POST['email']) ."'");
    $userInfo = mysql_fetch_assoc($userInfo);

    if($_POST['email'] == $userInfo['email'] && md5($_POST['pword']) == $userInfo['pword']) {

        if($userInfo['active'] == 1) {

            $_SESSION['AuthEmail']=$userInfo['email'];
            $_SESSION['AuthUid']=$userInfo['uid'];
            $_SESSION['AuthName']=$userInfo['fname'] . ' ' . $userInfo['lname'];
            $_SESSION['AuthActive']=$userInfo['active'];
            $_SESSION['AuthType']=$userInfo['type'];

            return true;
            print 'success';
        } else {
            return false;
            print 'fail not active';
        }
    } else {
        return false;
        print 'Email and or password didn\'t match';
    }

} else {
    return false;   
    print 'Didn\'t enter one of the required values';
}
?>

Somewhere I have an error, I even changed all of the PHP script values to return false and somehow the success message in the ajax still fired successfully. Any help would be greatly appreciated, I've searched the entire forum finding related topics but found nothing that got real in depth with errors.

Thanks

Improve this question
1
  • 1
    By the way, your prints below return values won't ever trigger . . . Commented Jan 27, 2012 at 22:01

2 Answers 2

Reset to default
2

I think you need to actually have thrown an exception for an error handler to be called http://php.net/manual/en/language.exceptions.php false is not an error it's simply not true.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Perhaps filling out response data with success/error code might be a good solution too? I did not know about the exception possibility and i cannot decide which solution is more correct. Any ideas? Maybe it is just the same as bool returning vs. exception throwing dilemma.
I think either way is valid, and I can't really think of any reason off hand of why to use one over the other. An exception should be thrown if the error is recoverable by some other code I suppose (so you can use a try catch with it) and you would get a stack trace with an exception as opposed to just writing something up. Perhaps someone else will chime in with a reason to do it one way or another.
I have some past PHP experience but generally just use BlazeDS/Java and Flex on the client side, so my assumption here about the error handler not being triggered unless it's actually an exception is from working with that setup not with PHP or JQuery, from that perspective we generally handle error situations by throwing an error then on the client side it makes more sense since we get either a fault event or a success event.
1

The ajax success callback will fire when a HTTP 200 is returned from the server (in other words, when a proper response is returned). So this means that no matter which code path is executed in your PHP code, the success callback will still be called, and the user will be redirected.

You can either modify the success callback to check the response and act appropriately (preferred), or throw an exception on the server for the return false scenarios.

Improve this answer

1 Comment

You are exactly right, I ended up finding that no matter what the success function fires unless it can not actually execute the ajax request. What I didn't realize is that I needed to use the return data to differentiate between results. I ended up changing the PHP script to simply echo a string 'true' or 'false' and then on the client side compared the data depending on the return from the php script and that gave me the results I was looking for. Thanks for answer!!!

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.