Php ajax login problem

@JakubApr 17.2015

Hello,
I have the next error in my code:

[CODE] Notice: Undefined index: sLoginUserName in /Applications/XAMPP/xamppfiles/htdocs/KEA/XmlPhp/FriApr17-2015/ajax.php on line 7 Notice: Undefined index: sLoginUserPassword in /Applications/XAMPP/xamppfiles/htdocs/KEA/XmlPhp/FriApr17-2015/ajax.php on line 9 {“status”:”error”} [/CODE]

I don’t know how to solve it so please help me because I’m totally blocked with this.
My code:
index.php
~~[url]~~http://paste.ofcode.org/8apSFyVfNxUCNH2A2VfmDh[/url]

ajax.php
~~[url]~~http://paste.ofcode.org/cmXLqgFcnP4gzT3Uq48JMh[/url]

SQL
~~[url]~~http://paste.ofcode.org/MJFM2QE8eeHHNwp4qcEkqi[/url]

Host is local host.

to post a comment

PHP

9 Comments(s) _↴

@__flodu__Apr 17.2015 — #Hello,

in the index.php try to use this code for the ajax-call: (untested)

<i>
 </i>$.get( "ajax.php", { sLoginUserName: sLoginUserName, sLoginUserPassword: sLoginUserPassword} )
 .done(function( jData ) {
 if(jData.status == "success")
 {
 $("#wdw-login").hide();
 $("#wdw-welcome").show();
 $("#lblUserName").text(jData.userName+" and ID : "+jData.id);
 }
 else
 {
 $("#wdw-login").effect("shake");
 }
 });

BTW: this isn't a good idea to build your SQL Query-string: (SQL-Injection, see here)

[code=php]
 $sql = "SELECT * FROM customers WHERE user_name = '$sLoginUserName' AND  PASSWORD = '$sLoginUserPassword'";
 [/code]

For instance you can build the query-string like that:

[code=php]
 $sql = sprintf("SELECT * FROM customers WHERE user_name = '%d' AND  PASSWORD = '%d';",
 $sLoginUserName, $sLoginUserPassword);
 [/code]

@JakubauthorApr 17.2015 — #Hello,

in the index.php try to use this code for the ajax-call: (untested)

<i>
 </i>$.get( "ajax.php", { sLoginUserName: sLoginUserName, sLoginUserPassword: sLoginUserPassword} )
 .done(function( jData ) {
 if(jData.status == "success")
 {
 $("#wdw-login").hide();
 $("#wdw-welcome").show();
 $("#lblUserName").text(jData.userName+" and ID : "+jData.id);
 }
 else
 {
 $("#wdw-login").effect("shake");
 }
 });

BTW: this isn't a good idea to build your SQL Query-string: (SQL-Injection, see here)

[code=php]
 $sql = "SELECT * FROM customers WHERE user_name = '$sLoginUserName' AND  PASSWORD = '$sLoginUserPassword'";
 [/code]

For instance you can build the query-string like that:

[code=php]
 $sql = sprintf("SELECT * FROM customers WHERE user_name = '%d' AND  PASSWORD = '%d';",
 $sLoginUserName, $sLoginUserPassword);
 [/code]

[/QUOTE]

Hi

I tried the code but not work and the same for the sql if I put in the way you gave me the code stop working at all.

@rootApr 17.2015 — #Are you using the very latest XAMPP?

When asking for help, please copy and paste from external sites and wrap code elements in their respective forum tags.

A brief look at your page for your SQL handling, you have some serious security gaps and you should not use $_GET or rather the GET method for loging in, you should always POST to a server, even with Ajax, Use the POST method for sending data like login information.

@JakubauthorApr 17.2015 — #Hi I have the last xampp version and I cannot use post because my professor wants get. For the forum tags I'm sorry bur when I tried to click on the icon for the link it didn't work for some reason.
Are you using the very latest XAMPP?

When asking for help, please copy and paste from external sites and wrap code elements in their respective forum tags.

A brief look at your page for your SQL handling, you have some serious security gaps and you should not use $_GET or rather the GET method for loging in, you should always POST to a server, even with Ajax, Use the POST method for sending data like login information.[/QUOTE]

@__flodu__Apr 17.2015 — #I tested the following code on my own server and it works:

<i>
 </i>$(document).ready(function(){
 sLoginUserName = "username";
 sLoginUserPassword = "password";
 $.get( "ajax.php", { sLoginUserName: sLoginUserName, sLoginUserPassword: sLoginUserPassword} )
 .done(function( jData ) {
 console.log(jData);
 });
 });

And for the SQL statement, it was my mistake use this:

[code=php]
 $sql = sprintf("SELECT * FROM customers WHERE user_name = '%s' AND  PASSWORD = '%s';",
 mysql_real_escape_string($sLoginUserName), mysql_real_escape_string($sLoginUserPassword));
 [/code]

@JakubauthorApr 17.2015 — #Maybe is a problem with my localhost I'll will try on the server because on local host I have issues.

By the way thanks

@rootApr 17.2015 — #Hi I have the last xampp version and I cannot use post because my professor wants get. For the forum tags I'm sorry bur when I tried to click on the icon for the link it didn't work for some reason.[/QUOTE]

You can type the tags out.

Your professor should know that GETting as a way of logging in is a security risk.

If you are using AJAX then theres little point in using AJAX because the point of AJAX is that it is a background process for POSTing and GETting when you want to query a database on the server.

@JakubauthorApr 18.2015 — #The professor told us the opposite about the post and the get. So I don't know, but for now because my project will be evaluated from him I use get.
You can type the tags out.

Your professor should know that GETting as a way of logging in is a security risk.

If you are using AJAX then theres little point in using AJAX because the point of AJAX is that it is a background process for POSTing and GETting when you want to query a database on the server.[/QUOTE]

@rootApr 20.2015 — #POST sends data to the server as a data stream.

GET sends a public URL to a server.

Which one do you think is more readily cache-able?

Also in #PHP _↴

Success!

Help @Jakub spread the word by sharing this article on Twitter...

Tweet This

Php ajax login problem

9 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

Php ajax login problem

9 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

9 Comments(s) _↴

Also in #PHP _↴