0

Ok so this is driving me mad. I've got 2 modal forms - login and register. Javascript does the client side validation and then an ajax call runs either a registration php file or a login php file which returns OK if successful or a specific error message indicating what was wrong (incorrect password, username already taken,etc). There is an If Then statement that checks if the return message is OK and if it is then a success message is displayed and the other fields hidden.

The register form works perfectly. I get my OK back and fields get hidden and the success message displays.

The login form however doesn't work. A successful login returns an OK but the if statement fails and instead of a nicely formatted success message I just get the OK displayed without the username and password fields being hidden which is what makes me think the IF is failing although I cannot see why it would.

I've been staring at this code for hours now and all I can see is the same code for both and no idea why one is working and one is not ....

On to the code...Here is the Login javascript:

$("#ajax-login-form").submit(function(){
            var str = $(this).serialize();
            $.ajax({
                type: "POST",
                url: "php/login.php",
                data: str,
                success: function(msg) {
                    $("#logNote").ajaxComplete(function(event, request, settings) {
                        if(msg == 'OK') {
            // Display the Success Message
                            result = '<div class="alertMsg success">You have succesfully logged in.</div>';
                            $("#ajax-login-form").hide();
            $("#swaptoreg").hide();
            $("#resetpassword").hide();
                        } else {
                            result = msg;
                        }
            // On success, hide the form
                        $(this).hide();
                        $(this).html(result).slideDown("fast");
                        $(this).html(result);                       
                    });
                }
            });
            return false;
        });

and here is the register javascript:

$("#ajax-register-form").submit(function(){
            var str = $(this).serialize();
            $.ajax({
                type: "POST",
                url: "php/register.php",
                data: str,
                success: function(msg) {
                    $("#regNote").ajaxComplete(function(event, request, settings) {
                        if(msg == 'OK') {
            // Display the Success Message
                            result = '<div class="alertMsg success">Thank you! Your account has been created.</div>';
                            $("#ajax-register-form").hide();
                        } else {
                            result = msg;
                        }
            // On success, hide the form
                        $(this).hide();
                        $(this).html(result).slideDown("fast");
                        $(this).html(result);
                    });
                }
            });
            return false;
        });

I don't think I need to add the php here since both just end with an echo 'OK'; if successful and since I'm seeing the OK instead of the nicely formatted success message I'm confident that it is working.

Any suggestions?

EDIT: Here's the login php:

<?php 

require("common.php"); 

$submitted_username = ''; 

 $user = stripslashes($_POST['logUser']);
 $pass = stripslashes($_POST['logPass']);

if(!empty($_POST)) 
{ 

    $query = " 
        SELECT 
            id, 
            username, 
            password, 
            salt, 
            email 
        FROM users 
        WHERE 
            username = :username 
    "; 

    $query_params = array( 
        ':username' => $user 
    ); 

    try 
    { 
        $stmt = $db->prepare($query); 
        $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 
        die("Failed to run query "); 
    } 

    $login_ok = false; 

    $row = $stmt->fetch(); 
    if($row) 
    { 
        $check_password = hash('sha256', $pass . $row['salt']); 
        for($round = 0; $round < 65536; $round++) 
        { 
            $check_password = hash('sha256', $check_password . $row['salt']); 
        } 

        if($check_password === $row['password']) 
        { 
            $login_ok = true; 
        } 
    } 

    if($login_ok) 
    { 
        unset($row['salt']); 
        unset($row['password']); 

        $_SESSION['user'] = $row; 

        echo 'OK';  

    } 
    else 
    { 

        echo '<div class="alertMsg error">Incorrect username or password</div>';

        $submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8'); 
    } 
} 

?>
Improve this question
5
  • 3
    Most likely msg == 'OK' is false because of some spaces, just console.log('>>' + msg + '<<') to verify. And note, javascript if works (or someone would have noticed) Commented Sep 20, 2013 at 19:15
  • lol...yeah .. pretty sure it would have been picked up by now if there was a problem with javascript if. Thanks for your suggestion. I had looked for spaces and couldn't find any. Even copy pasted the echo 'OK' from register to login.php so that I knew they were identical. But you agree? nothing wrong with the code itself? Commented Sep 20, 2013 at 19:20
  • Yup! random space after the ok...grrrrrrrr! Any idea why echo 'OK'; in one php script returns just an OK and in another returns an OK with an extra space? Commented Sep 20, 2013 at 19:28
  • 1
    Would you mind posting the php? Commented Sep 20, 2013 at 19:32
  • Edited and added the php Commented Sep 20, 2013 at 20:03

1 Answer 1

Reset to default
2 
if($login_ok) 
    { 
        unset($row['salt']); 
        unset($row['password']); 

        $_SESSION['user'] = $row; 

        echo 'OK';  

    } 
    else 
    { 

        echo '<div class="alertMsg error">Incorrect username or password</div>';

        $submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8'); 
    } 
} 

?> <!------- There is a space here! -->

There is a space after the closing ?> which is being sent to the user. The closing ?> is optional, and it is highly recommended to NOT include it, for just this reason. Get rid of that ?>.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks Joe! That was it. Closing ?> now removed in all php files. Working perfectly.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.