I am making a simple login for my website and I am using ajax to interact with database. I wanted to make it a bit safe so I search for security for ajax so I search for AJAX authentication
and read a question in SO regarding this. Found this and links to this. Unfortunately I dont really understand what it does or how it works. I am hoping someone would clarify this for me. In layman's term.
$(document).on('click', '#login', function() {
var UserName = $('#username').val();
var PassWord = $('#password').val();
console.log(UserName);
if (UserName) {
if (PassWord) {
$.ajax({
type: 'POST',
url: 'ajax/Login.php',
dataType: "json",
data: {
username: UserName,
password: PassWord
},
beforeSend: function(xhr) {
xhr.setRequestHeader("Authorization", "Basic " + btoa(UserName + ":" + PassWord));
},
success: function(data) {
if (data.error == true) {
$("#dialog").html(data.message);
$("#dialog").dialog({
title: "Login"
});
$("#dialog").dialog("open");
} else {
window.location = 'pages/dashboard.php';
}
//window.location = 'pages/dashboard.php';
},
error: function(data) {
alert('Login Error');
//window.location='../login.php';
}
});
} else {
$("#dialog").html("Password is empty!");
$("#dialog").dialog({
title: "Owner Information"
});
$("#dialog").dialog("open");
}
} else {
$("#dialog").html("Username is empty!");
$("#dialog").dialog({
title: "Login"
});
$("#dialog").dialog("open");
}
});
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
<input type="text" name="un" id="username" />
<input type="password" name="pw" id="password" />
<input type="button" id="login" value="Login " name="login1" style="background-color:#feaa38;width: 100px" />
This code above is my code plus the additional code I got from the link. This below is the additional code.
beforeSend: function(xhr) {
xhr.setRequestHeader("Authorization", "Basic " + btoa(UserName + ":" + PassWord));
},
I want to know.
- What does ajax authentication do.
- Do I really need it.
- How do i know it is working.
- What does it really do.
</div>