I've been trying to find what's causing my code to still get data even if the query is false. It is a simple log in form using ajax.
Here is my code:
$(function() {
$("#submit_login").click(function() {
var username = $("input#username").val();
if (username == "") {
$('#error').html('Please Insert Your Email Address');
return false;
}
var password = $("input#password").val();
if (password == "") {
$('#error').html('Please Insert Your Password');
return false;
}
var dataString = 'username='+ username + '&password=' + password;
$.ajax({
type: "POST",
url: 'login.php',
data: dataString,
dataType: "html",
beforeSend: function(){ $("#submit_login").val('Connecting...');},
success: function(data) {
if (data == 0) {
$('#error').html('Wrong Login Data')
$("#submit_login").val('Sign in!');
} else {
$('#error').html('<b style="color:green;">you are logged. wait for redirection</b>');
document.location.href = 'private.php';
}
}
});
return false;
});
});
Login.php
<?php
session_start();
include("config2.php");
if(isset($_POST['username']) && isset($_POST['password']))
{
// username and password sent from Form
$username=mysqli_real_escape_string($db,$_POST['username']);
$password=md5(mysqli_real_escape_string($db,$_POST['password']));
$results = $mysqli->query("SELECT id FROM users WHERE username='$username' and password='$password'");
$obj = $results->fetch_object();
if ($results)
{
$_SESSION['username'] = $obj->id;
echo $username;
}
}
?>
The thing is, every time an attempt to log in happens, it redirect me to private.php even the username and password are incorrect. This means that the login.php still gets data even though the query return is false or 0.
I'm having a hard time finding out what is causing this and hopefully you guys can help me out! cheers.
