I'm currently working on a AJAX login system, but it doesn't send any response back. It only sends a response back when I exit("error here") the script, but I want to return a JSON response.
My form:
<div id="account" class="modal" role="dialog">
<div class="modal-dialog">
<form method="post" id="login-form">
<div class="modal-content">
<div class="modal-header">
<h4 class="modal-title">Sign in</h4>
</div>
<div class="modal-body">
<p>
Email address:<br />
<input type="email" class="form-control" placeholder="Email address" name="user_email" id="user_email" />
</p>
<p>
Password:<br />
<input type="password" class="form-control" placeholder="Password" name="password" id="password" />
</p>
</form>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
<button type="submit" class="btn btn-default" name="btn-login" id="btn-login">LOGIN</button>
</div>
</div>
</form>
</div>
</div>
My JavaScript:
$("#btn-login").click(function(e) {
alert('submit');
var data = $("#login-form").serialize();
alert(data);
$.ajax({
url: 'ajax.php',
type: 'POST',
data: data,
success: function(response) {
var data = response.responseText;
var resp = $.parseJSON(data);
if (resp.error) {
alert('error: ' + response);
} else {
alert('success: ' + response);
}
}
});
event.preventDefault();
});
My PHP:
if(isset($_POST['user_email']) && is_ajax()) {
$engine->expireLoginAttempts();
$engine->expireLoginBan();
if(!$engine->isLoginBanned()) {
$email = strip_tags($_POST['user_email']);
$password = strip_tags($_POST['password']);
if($engine->doLogin($email,$password)) {
$engine->expireBan();
if($maintenanc['value'] == '1' && !$engine->isStaff()) {
echo json_encode(array(
'success' => '0',
'message' => 'You can\'t login using a regular account because the site is currently under maintenance.'
));
} elseif($engine->isBanned() && !$engine->isOwner()) {
// Account banned; notify and give a timestamp + reason
$stmt = $engine->runQuery("SELECT timestamp, expiration, reason FROM banned WHERE user_id=:user_id");
$stmt->execute(array(':user_id'=>$_SESSION['user_id']));
$userRow = $stmt->fetch(PDO::FETCH_ASSOC);
$blockdate1 = strtotime('+' . $userRow['expiration'], strtotime($userRow['timestamp']));
$blockdate2 = date('d-m-Y H:i:s', $blockdate1);
echo json_encode(array(
'success' => '0',
'message' => 'This account is suspended until ' . $blockdate2 . ' because of the following reason: ' . $userRow['reason'] . '.'
));
} else {
echo json_encode(array(
'success' => '1',
'message' => $_SESSION['user_name'];
));
}
} else {
// Create login attempt if the account exists and the ip is different from the register ip
$stmt = $engine->runQuery("SELECT user_email, user_id, user_ip FROM users WHERE user_email=:email");
$stmt->execute(array(':email'=>$email));
$userRow = $stmt->fetch(PDO::FETCH_ASSOC);
if($stmt->rowCount() == 1 && $userRow['user_ip'] !== $_SERVER["REMOTE_ADDR"]) {
$engine->createLoginAttempt($userRow['user_id'], $_SERVER["REMOTE_ADDR"]);
}
// Bruteforce attack suspected, bans the ip after 10 attempts from an unknown ip
$attemptban = $engine->runQuery("SELECT * FROM loginattempt WHERE ip=:ip");
$attemptban->execute(array(':ip'=>$_SERVER["REMOTE_ADDR"]));
if($attemptban->rowCount() > 4) {
if($engine->loginban()) {
$engine->deleteLoginAttempts($_SERVER["REMOTE_ADDR"]);
}
}
echo json_encode(array(
'success' => '0',
'message' => 'Emailaddress and/or password invalid.'
));
}
}
}
Does anybody know what I'm doing wrong? I've tried exiting the json_encode, putting exit() after each json_encode but none seem to work.. Any help is greatly appreciated!
