tags:

views:

36

answers:

3
    $(document).ready(function() {

  $("form#login_form").submit(function() {  

     var login_username     = $('#login_username').attr('value');  
     var login_password     = $('#login_password').attr('value');  
        type: "POST",  
         $.ajax({  
            url: "login.php",  
            data: "username="+ login_username +"& password="+ login_password,  
            success: function(data){
                alert(data);
                if (data == "ok"){  
                     $('form#login_form').hide(function(){$('div.success').fadeIn();});  
                    }
               }
         });  
     return false;  
     });

Login.php:

<?php
    include("settings.php");
    $query = "select * from users where username = '{$_POST['login_username']}' and password = md5('{$_POST['login_password']}')";  
    $query = mysql_query($query, $connection);
        if ( mysql_num_rows($query) == 1 )
        {       
            print "ok";
            $array = mysql_fetch_array($query);
            if ( $_POST['stay'] ) { $time = time()+2592000; }
            else { $time = 0; } 
        }
        else {  print "no"; }
        mysql_close($connection);
    ?>

My problem: In the alert the message always "no" whether username/password is correct, however on the site "ok" appears when username/pw is correct.

I have read the other questions in connection with this problem, but I couldn't solve the response problem from login.php with Json. Could you help me how should I response to the ajax calling? ( with a code if it is possible) Thank you very much, and sorry for questioning again.

A: 

See the "data" line:

   $(document).ready(function() {

  $("form#login_form").submit(function() {  

     var login_username     = $('#login_username').attr('value');  
     var login_password     = $('#login_password').attr('value');  
        type: "POST",  
         $.ajax({  
            url: "login.php",  
            data: {"username": login_username, "password": login_password},  
            success: function(data){
                alert(data);
                if (data == "ok"){  
                     $('form#login_form').hide(function(){$('div.success').fadeIn();});  
                    }
               }
         });  
     return false;  
     });

And escape your POST parameters when using them in a database query!

Matt S
A: 

You are looking for login_username and login_password, but from jQuery you are sending username and password, I'd change your data to this:

data: {"login_username": login_username, "login_password": login_password},

In your PHP, you should escape the posted string though, like this:

$query = sprintf("select * from users where username = '%s' and password = md5('%s')",
                 mysql_real_escape_string($_POST['login_username']),
                 mysql_real_escape_string($_POST['login_password']));
Nick Craver
Firstly, thanks for your comments really, but I have to be the noob, but i changed the data line to yours, and the $query = .. right exactly to yours. But still in the alert, ( I print it out) whatever i write in the 2 inputs, the message always like: select * from users where username = "" and password = md5("")..and thats why it doesnt go in the right part of the if, does it. However on the site the $query appears correctly with the given username/pw, and ok appears too :(((
@rdanee - is the `type: "POST",` inside your `$.ajax({ })`, I assumed it was a posting error, but this needs to be inside, otherwise it's a GET not a POST.
Nick Craver
Thank you all for your kind attention, especially yours Nick :) I was mindless, sorry. Thanks again!
A: 

Maybe your query is returning more than 1 row. Or no rows

Gutzofter