0

I make a simple program to simulate authentication using AJAX and PHP. The following is my code. It will redirect to "/?" but nothing happened. I tried to use checkLogin(); return false; in onclick event but it didn't work.

index.php

<script type="text/javascript" src="validation.js"></script>
<form>
    <p>
        <label>Username <abbr title="Required">*</abbr></label>
        <input id="usernamelogin" type="text" value="" />
    </p>
    <p>
        <label>Password <abbr title="Required">*</abbr></label>
        <input id="passwordlogin" type="text" value="" />
    </p>                
    <p>
        <input id="login" type="submit" value="Login" onclick="checkLogin()" />
    </p>
</form>

validation.js

function checkLogin(){
    var u = document.getElementById("usernamelogin").value;
    var p = document.getElementById("passwordlogin").value;

    if(window.XMLHttpRequest){
        xmlhttp = new XMLHttpRequest();
    }
    else{
        xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
    }

    xmlhttp.onReadystatechange = function(){
        if(xmlhttp.readyState == 4 && xmlhttp.status == 200){
            if(xmlhttp.responseText == u){
                alert(':)');
            }
            else{
                alert(':(');
            }
        }
    }

    xmlhttp.open("GET", "login.php?u=" + u + "&p=" + p, true);
    xmlhttp.send(); 
}

login.php

<?php
    $u = $_GET['u'];
    $p = $_GET['p'];

    $host = 'localhost';
    $user = 'root';
    $pass = '';
    $db = 'db';

    $con = mysql_connect($host, $user, $pass);
    if(!$con) die("Could not connect: " . mysql_error());

    mysql_select_db($db, $con);
    $query = "select username from login where username = '" . $u . "' and password = '" . $p . "'";
    $result = mysql_query($query);
    $row = mysql_fetch_array($result);
    echo $row['username'];
    mysql_close($con);
?>
Improve this question
7
  • Why not using /login.php to be sure it will perform request to the same URL independent from the current URL. Also could you check if any XHR requests are performed using the Developer tools of Chrome or Firebug for Firefox? Commented Mar 20, 2013 at 0:25
  • if you like , i have suggestions 1) mysql_* are depricated 2)this authentication method is very weak! Commented Mar 20, 2013 at 0:25
  • Not an answer to your question, but you didn't sanitize your db inputs which is very dangerous. Certainly not safe for production. Commented Mar 20, 2013 at 0:26
  • @HaralanDobrev I tried /login.php and it didn't work. I'm checking the XHR requests. Commented Mar 20, 2013 at 0:37
  • 1
    @HaralanDobrev Thanks for your help, its status is 200. Turns out it must be onreadystatechange not onReadystatechange. Unbelievable. I use auto complete feature in Notepad++. Commented Mar 20, 2013 at 1:01

2 Answers 2

Reset to default
2

I change the following code

xmlhttp.onReadystatechange

to

xmlhttp.onreadystatechange

and it works. And also use onclick="checkLogin(); return false;" in input type="submit".

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

What you can do is remove the onclick event from the input type="submit" and add it to the form:

<form onsubmit="return checkLogin()">

To let this work, you have to add

return false

to your javascript function, right before you close the function

Improve this answer

1 Comment

Thanks for your answer but it didn't work. The result I get is same as when I put onclick='checkLogin()'; return false; in input type="submit".

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.