dongshuzhuo5659 2017-05-25 16:51
浏览 52
已采纳

如何使jQuery / Ajax日志返回“错误的凭据”错误?

I'm making a dynamic PHP page with MySQL that has users log in. I recently changed the login, to jQuery/AJAX to make it more smooth and not lose the current page users are in. The thing is that when I miss my log in credentials it doesn't how any message and I want it to do so.

Here is my form :

<form id="ajax-login-form" action="session/login.php" method="post" role="form" autocomplete="off">
                <div class="form-group">
                    <label for="username">Login</label>
                    <input type="text" name="u" id="username" tabindex="1" class="form-control" placeholder="Log in" value="" autocomplete="off">
                </div>

                <div class="form-group">
                    <label for="password">Password</label>
                    <input type="password" name="p" id="password" tabindex="2" class="form-control" placeholder="Password" autocomplete="off">
                </div>
                <div class="form-group">
                    <div class="row">
                        <div class="col-xs-5 pull-right">
                            <input type="submit" name="login-submit" id="login-submit" tabindex="4" class="form-control btn btn-success" value="Log In">
                        </div>
                    </div>
                </div>
            </form>

My jQuery/Ajax :

$(document).ready(function () {
//From insert
$("#login-submit").click(function () {
    var $form = $('#ajax-login-form');
    $form.submit(false);
    $.post($form.attr("action"), $form.serializeArray(), function (info) {
        $("#result").html(info)
    })
    location.reload();
});
});

And finally my php code

<?php
session_start();
$lig = mysql_connect("localhost", "root","") or
die ("Problema na ligação ao servidor MYSQL");
mysql_select_db("demo", $lig);

$u=$_REQUEST['u'];
$p=$_REQUEST['p'];

$sql="select numuti,nome,nomeutilizador,codtipo,reset from utilizadores where nomeutilizador='$u' and password=md5('$p')";
$res=mysql_query($sql);
if (mysql_num_rows($res) == 1)
{
    $lin = mysql_fetch_array($res, MYSQL_ASSOC);
        $_SESSION['user'] = $lin['nomeutilizador'];
        $_SESSION['nivel'] = $lin['codtipo'];
        $_SESSION['reset'] = $lin['reset'];
        //$_SESSION['foto']  = $lin['imagem'];
        $_SESSION['nome']  = $lin['nome'];
        $_SESSION['cod']= $lin['numuti'];
}else{
echo "<div class='alert alert-danger'>
            <strong><center>Login Inválido, Tente Novamente</center></strong>
            </div>";
}
?>

This is probably a duplicate question, but I couldn't find a reliable answer to my issue, I tried making the errors with divs as you can see in my login.php page.

  • 写回答

2条回答 默认 最新

  • duansha8764 2017-05-25 18:04
    关注

    Basics

    If you are using old mysql_connect function vulnerable to SQL injections you do not need any other security .. your system will be permeable.

    First you need to do is switch to better methods like PDO.

    jQuery

    I recommend to use submit() function instead of click() and ajax() instead of post() to better manipulation with data.

    $(document).ready(function () {
    
      $('#ajax-login-form').submit(function(e) {
          var form = this;
    
          e.preventDefault();
          var username = $("#username").val();
          var password = $("#password").val();
    
          $.ajax({
              type: 'POST',
              url: 'Your-login-url',
              data: {
                  username: username,
                  password: password
              },
              success: function(data) {
                  // do your PHP login and echo 1 if authentication was successfull
                  if(data === 1) {
                      form.submit();
                  } else {
                  // show alert or something that user has wrong credentials ...
                      $("#error_notif").show();
                  }
              }
          });
      });
    
    });
    

    HTML

    Another thing is error notification. I like to add error div right into the form or form container but set it as hidden. You can show it after jQuery Ajax ends with 0.

    <div id="error_notif">You used wrong credentials.</div>
    
    <style>
    #error_notif {
       display:none;
    }
    </style>
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 matlab数字图像处理频率域滤波
  • ¥15 在abaqus做了二维正交切削模型,给刀具添加了超声振动条件后输出切削力为什么比普通切削增大这么多
  • ¥15 ELGamal和paillier计算效率谁快?
  • ¥15 file converter 转换格式失败 报错 Error marking filters as finished,如何解决?
  • ¥15 ubuntu系统下挂载磁盘上执行./提示权限不够
  • ¥15 Arcgis相交分析无法绘制一个或多个图形
  • ¥15 关于#r语言#的问题:差异分析前数据准备,报错Error in data[, sampleName1] : subscript out of bounds请问怎么解决呀以下是全部代码:
  • ¥15 seatunnel-web使用SQL组件时候后台报错,无法找到表格
  • ¥15 fpga自动售货机数码管(相关搜索:数字时钟)
  • ¥15 用前端向数据库插入数据,通过debug发现数据能走到后端,但是放行之后就会提示错误