0

Howdy I have a login form that has username and password.

I have a backend PHP script that process that data correctly and json_encode the response.

I have a JQuery JS script using Ajax that does not seems to handle form validation, but there seems to be something leaking some where that is causing the ajax to choke.

I would appreciate some insight has to what is breaking.

       <?php
    #
    #       General purpose script to verify user login
    #       Will be combined with jquery/AJAX to allow access based on
    #       role
    #
    set_include_path(get_include_path() . PATH_SEPARATOR . "/home/best9721/public_html/lib");
    include("t_const.php");
    include("t_verify.php");
    #
    #       Check that there is no SESSION Variables
    #
    if(isset($_SESSION)) {
        session_destroy();
    }
    #
    #       Cleanup POST variables
    #
            $username = strip_tags($_POST['username']);
            $userpass = strip_tags($_POST['password']);
    #
    #       Connect to DB
    #
    try {
            $dbh = new PDO("mysql:host=localhost;dbname=$DB_TEST", $MASTER_TEST, $MASTER_TEST_PSW);
    #
    #       Check and see if inputted username is in the DB to start with
    #
            $stmt = $dbh->prepare("SELECT * FROM user_auth where userid = :userid");
            $stmt->execute(  array (
                                    ':userid' => $username,
                                   )
                           );
            $authdata = $stmt->fetch(PDO::FETCH_ASSOC);
            if(empty($authdata)) {
               $response['error'] = true;
               $response['msg'] = "You do not have access to this section";
               print json_encode($response);
               exit;
            }
    #
    #       Check and see if they have access
    #
            $stmt = $dbh->prepare("SELECT auth_level FROM user_access where userid = :userid");
            $stmt->execute(  array (
                                ':userid' => $username,
                                  )
                          );
            $role = $stmt->fetchAll(PDO::FETCH_COLUMN);
            $auth_role = $_POST{'auth'};
            if(!has_access($role, $auth_role) or !isset($role)) {
                  $response['error'] = true;
                  $response['msg'] = "You do not have privileges for this section.";
                  print json_encode($response);
                  exit;
            } else {
                   $response['url'] = $url[$auth_role];
            }
    #
    #               Now check and see if their account is locked
    #
            if( $authdata['account_status'] == "closed") {
                   $response['error'] = true;
                   $response['msg'] = $authdata["reason_acct_locked"];
                   print json_encode($response);
                   exit;
             }
    #
    #               Check if Passwords match - final check
    #
             if(sha1($_POST['password']) != $authdata['userpsw']) {
                  $response['error'] = true;
                  $response['msg'] = "Invalid User Credentials";
                  print json_encode($response);
                  exit;
             } else {
                  $response['msg'] = 'OK';
                  print json_encode($response);
                  exit;
             }
    }
    #
    #       There was an error
    #
    catch(PDOException $e)
    {
        $response['error'] = true;
        $response['msg'] = $e->getMessage();
        print json_encode($response);
        exit;
    }
    ?>

and auth_user.js

        $(document).ready(function() {
       $("#loginForm").validate({
           errorLabelContainer: "#errorMessage",
           wrapper: "li",
           rules: {
                  username: "required",
                  password: "required"
           },
           messages: {
                  username: "Please enter your username.",
                  password: "Please enter your password."
           },
           submitHandler: function() {
                 $.ajax({
                    type: 'POST',
                    url: 'auth_user.php',
               dataType: 'json',
                success: function(data) {
                             alert(data.msg);
                       },
                  error: function() {
                             alert("There was a problem processing this form");                
                       }
                      });
                      return false;
           }
       });
    });

~

Alert always brings up - "You don't have acess to this section"

Thanks for the assistance.

Improve this question

1 Answer 1

Reset to default
1

In your ajax call in you don't send any data to the server. you can send it with the data attribute in the passed object:

 $.ajax({
           type: 'POST',
           url: 'auth_user.php',
           dataType: 'json',
           // data attribute
           data : {"username":"myUsername", "password": "myPassord"},
           // **
           success: function(data) {
                     alert(data.msg);
           },
           error: function() {
                      alert("There was a problem processing this form");                
           }
  });
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I don't thin that thi sis the problem. I think the issue is with the PDO class and JQuery and/or ajax. If I process the form without ajax it works fine, but with it in the suthdata in the php is null.
Well you were correct ,but now I am just echoing the data - not even getting to the success function just displaying the response code, but it looks to be non-json compliant....

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.