I'm developing my own PHP framework (which is working quite well, by the way), and now I'm developing a login system. This is no problem, I've got it already working perfectly, I have a database, a registration, login form, logout, etc.
But right now, when you fill up the login form and click "login", ajax is sent, the server (php) verifies the user (username and password) and sends a response back. Now the response is just a number:
0 - Login correct.
1 - Username incorrect.
2 - Username correct, but password isn't.
This works perfectly for its purpose, but I'm sure this is not the correct/professional way, I just invented this. So I'd like to know which would be the right response from a login verification.
For example, many webs use a json response with the "error code", and message, but I don't really know how it works. Also, will this really affect? Or it doesn't matter? What's the real use of this? Security? Mixing with other libraries and services? Or is my current system already fine?
/****** UPDATE ******/
You guys are telling me I shouldn't say that the username/email is right but password isn't. Okay, you are right, I agree and I will correct it, and thanks for your participation and help.
Nevertheless, that's not the question, and the answers should help someone else with my same doubt: the response.
I found this, very useful: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status
And this function (PHP >5.4): http_response_code( $code_number);
Technically it would be:
function my_ajax_function( )
{
//try login
if (login_correct)
http_response_code(200); // 200 = OK
else
http_response_code(401); // 401 = Unauthorized
// ajax response is independent of the http response
die("whatever I want");
}