Im creating login script which are based on javascript and PHP. But I had problem with it.
Whatever I send via form I will be redirected to user.php?u=loginfailed. It doesen't matter whether it is properly email and password (which I have in my database). As you can see page "user.php?u=X" should be open only when email and password are entered correctly. But in my case when I sent correct data and incorrect data it will be the same... To sum up - correct data should redirected me to user.php?u=X and incorrect should display an error message below the form.
What do you think about it?
Index.php
<?php
if(isset($_POST["e"])){
include_once("../db/db_fns.php");
$e = mysqli_real_escape_string($db_conx, $_POST['e']);
$p = md5($_POST['p']);
$ip = preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'));
if($e == "" || $p == ""){
echo "loginfailed";
exit();
} else {
$sql = "SELECT id, username, password FROM users WHERE email='$e' AND activated='1' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$row = mysqli_fetch_row($query);
$db_id = $row[0];
$db_username = $row[1];
$db_pass_str = $row[2];
if($p != $db_pass_str){
echo "loginfailed";
exit();
} else {
$_SESSION['userid'] = $db_id;
$_SESSION['username'] = $db_username;
$_SESSION['password'] = $db_pass_str;
setcookie("id", $db_id, strtotime( '+30 days' ), "/", "", "", TRUE);
setcookie("user", $db_username, strtotime( '+30 days' ), "/", "", "", TRUE);
setcookie("pass", $db_pass_str, strtotime( '+30 days' ), "/", "", "", TRUE);
$sql = "UPDATE users SET ip='$ip', lastlogin=now() WHERE username='$db_username' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
echo $db_username;
exit();
}
}
exit();
}
?>
<script src="../js/main.js"></script>
<script src="../js/ajax.js"></script>
<script src="login.js"></script>
<form id="loginform" onsubmit="return false;">
<div>Email Address:</div>
<input type="text" id="email" onfocus="emptyElement('status')" maxlength="88">
<div>Password:</div>
<input type="password" id="password" onfocus="emptyElement('status')" maxlength="100">
<br /><br />
<button id="loginbtn" onclick="login()">Log In</button>
<p id="status"></p>
<a href="#">Forgot Your Password?</a>
</form>
login.js
function emptyElement(x) {
_(x).innerHTML = "";
}
function login() {
var e = _("email").value;
var p = _("password").value;
if (e == "" || p == "") {
_("status").innerHTML = "Fill out all of the form data";
} else {
_("loginbtn").style.display = "none";
_("status").innerHTML = 'please wait ...';
var ajax = ajaxObj("POST", "index.php");
ajax.onreadystatechange = function() {
if(ajaxReturn(ajax) == true) {
if(ajax.responseText == "loginfailed") {
_("status").innerHTML = "Login unsuccessful, please try again.";
_("loginbtn").style.display = "block";
} else {
window.location = "user.php?u="+ajax.responseText;
}
}
}
ajax.send("e="+e+"&p="+p);
}
}
