I'm working on a webapp who use a noSQL solution to store users account informations.
I've created a simple form to create users account and another one to login them, but I have some problem to login the users.
I'm testing the code and actually my first impression is that the wrapper file who call the php class I've made to deal with the noSQL db files not pass the $_POST variables to the class (usually I don't use to create my projects in an oop style). This problem will not affect the login form if I debug and test directly the class on the login.php page who contain the login form. What's wrong with the code.
This is the loginuser.php file that hold the login class:
#kiraDB is the database class
require_once 'kiraDB.php';
class loginUser{
#public $email;
#private $password;
#I've disabled the construct to try find where is the error in the code
#function __construct($email){
# $this->email = filter_var($email, FILTER_SANITIZE_EMAIL);
# $this->password = filter_var($password, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
#}
public function login($email,$password){
$db = new kiraDB('usersdb');
$loadUser = $db->select('users',$email);
$data = json_decode($loadUser,true);
$v = $this->checkPassword($password,$data['password']);
if($v == true){
echo 'true';
} else { return false;}
}
private function checkPassword($password, $hashedPassword){
$this->hashedPassword = $hashedPassword;
if(password_verify($password, $this->hashedPassword)){
return true;
} else { return false; }
}
}
This is the wrapper that is called by an ajax request to fetch and check the user login details like username and password. This wrapper script is stored in a path inside the system folder, the folder is named ajax.
require_once '../../system/loginuser.php';
if(isset($_POST['username'])){
$loginUser = new loginUser();
$loginDetails = $loginUser->login($_POST['username'],$_POST['password']);
if($loginDetails == true){
echo 'login';
} else { echo 'no login'; }
}
This is the ajax part of the login process (file main.js):
$('#login-btn').on('click', function(e){
e.preventDefault();
var username = $('#username').val();
var password = $('#password').val();
console.log(username);
console.log(password);
$.ajax({
url: 'system/ajax/doLogin.php',
type: 'POST',
data: {email: username, password: password},
success: function(response){
console.log(response);
$('#login-response').show();
$('#login-response').append(response);
}
});
});
This is the basic html page who hold the form.
<?php
session_start();
ob_start();
require_once 'system/loginuser.php';
$l = new loginUser();
$t = $l->login('te@te','971ab3760a');
#if(password_verify('971ab3760a', $t)){
#json_decode + password verify?
echo $t;
#echo 'password ok';
#} else {
#echo 'password err'; }
# $2y$10$.wXuhKmpC3mTCmiLqQvg5uat4rfe2skfFBw6TUmDwjnBcTMCNnz1S
# 971ab3760a
ob_end_flush();
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>test login</title>
<meta name="description" content="" />
<meta name="keywords" content="" />
<meta name="author" content="" />
<link rel="stylesheet" href="css/bootstrap.min.css">
<script src="js/jquery-3.2.1.min.js" type="text/javascript"></script>
<script src="js/tether.min.js" type="text/javascript"></script>
<script src="js/bootstrap.min.js" type="text/javascript"></script>
<script src="system/main.js" type="text/javascript"></script>
<link href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css" rel="stylesheet" integrity="sha384-wvfXpqpZZVQGK6TAh5PVlGOfQNHSoD2xbE+QkPxCAFlNEevoEH3Sl0sibVcOQVnN" crossorigin="anonymous">
<link rel="stylesheet" href="css/main.css" type="text/css">
</head>
<body>
<div class="container">
<div class="row justify-content-center">
<div class="col-sm-6" id="login-box">
<div class="alert alert-success" id="login-response" role="alert"></div>
<label for="username">Username</label>
<input type="text" class="form-control" id="username" placeholder="Username">
<label for="password">Password</label>
<input type="password" class="form-control" id="password">
<button type="button" class="btn btn-primary" id="login-btn" name="login-btn">Login</button>
</div>
</div> <!-- end row -->
</div> <!-- end container -->
</body>
</html>