Say we have a registred user with username = "albert" and password = "albert". Obviously, the password is stored withpassword_hash($_POST['password'],PASSWORD_BCRYPT)
.
To check if the username / password pair matches the records in the database, server side validation is done and works very well.
When online validating the password, I find a difficulty with the remote method of jQueryValidation plugin.
By comparing username and password validations, I think the error comes from the discrepancy between the password value(s) sent by remote method (2 parameters) and my formulation of the sql query (1 parameter).
Can anyone help me see more clearly?
<form id="form_membre_cnx" action="" method="POST">
<div>
<input name="username" id="username_input_cnx" type="text" autofocus>
<label for="username_input_cnx" class="field__label">Username :</label>
</div>
<div class="field__message"></div>
<div>
<input name="password" id="password_input_cnx" type="password">
<label for="password_input_cnx" class="field__label">Password :</label>
</div>
<div class="field__message"></div>
<button type="submit" name="submit_cnx" id="submit_cnx" class="button--full-width btn btn-primary">Log in</button>
</form>
check_matching_username.php:
<?php
require_once('inc/db.php');
$req = $pdo->prepare('SELECT id FROM users WHERE username= ?');
$req->execute([$_POST['username']]);
$user = $req->fetch();
if($user){
echo 'true';
}else {
echo 'false';
}
?>
check_matching_password.php:
<?php
require_once('inc/db.php');
//$req=$pdo->prepare('SELECT * FROM users WHERE (username = :username OR email = :username) AND confirmed_at IS NOT NULL ');
//$req->execute( ['username'=> $_POST['username']]);
$req = $pdo->prepare('SELECT id FROM users WHERE username=? AND password=?');
$req->execute([ $_POST['username'],$_POST['password'] ]);
$user=$req->fetch();
if( password_verify($_POST['password'],$user['password'] ) ){
echo 'true';
}else{
echo 'false';
}
?>
validation.js:
$("#form_membre_cnx").validate({
errorElement: "span"
,errorPlacement: function(error, element) {
error.appendTo( element.parent().next("div.field__message") );
}
,rules:{
username: {
required: true
,remote: {
url: "check_matching_username.php"
,type: "post"
}
}
,password: {
required: true
,remote: {
url: "check_matching_password.php"
,type: "post"
,data: {
username:function(){
return $("#username_input_cnx").val();
}
}
}
}
}
,messages: {
username:{
required: 'This field is required'
,remote: "Unknown username"
}
,password:{
required: 'This field is required'
,remote: "The password is incorrect"
}
}
});