StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>The problem is that JS is just client side scripting language - it is processed only on clients browser.</p> <p>If You want to login using AJAX, okay, but You have to store the values of logged in user into the session (or cookies). Then on every page load You will check whther that session or cookies are set and exists and if they does, You will write down the HTML corresponding to that of jQuery after logging in...</p> <p>In other words, here is what You will do:</p> <ol> <li>Page load - user not logged in</li> <li>User fill in login credentials and clicks "log in"</li> <li>You check whether that user exists and if he does, You save <code>$_SESSION['username']</code> (for example)</li> <li>Within AJAX You fill that <code>$('#login_reply')</code></li> <li>User clicks on some link within Your website</li> <li>You check whether You have a value (or index is set) in <code>$_SESSION['username']</code></li> <li>If it is, by PHP You will fill the #login_reply div, if it is not, You will show the login form...</li> </ol> <p>Hope this helps...</p> <p><strong>EDIT1</strong>: You also should implement the login functionality in a way that there is no JS working (disabled) on client browser so normal POST should be taken into count...</p> <p><strong>EDIT2</strong>: I also want to point out some general programming mistakes...</p> <p>Here is Your code with my comments added:</p> <pre><code>if (isset($_POST['username'], $_POST['password'])) { // <-- This is a .NET style of writing the brackets that I don't like much and I guess PHP don't like .NET either :-) $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string(md5($_POST['password'])); $check = mysql_query("SELECT * FROM `userbase` WHERE `user_name` = '$username'"); // <-- mysql_* method calls should be replaced by PDO or at least mysqli // Also the query could be improved if (mysql_num_rows($check) > 0) { while ($row = mysql_fetch_assoc($check)) // <-- why calling while when You expect ONLY one user to be found? { $user_id = $row['user_id']; $user_name = $row['user_name']; $user_email = $row['user_email']; $user_password = $row['user_password']; // <-- What are these last 4 lines good for? This is useless... if ($password == $user_password) // <-- this condition SHOULD be within the SQL query... { $_SESSION['user_id'] = $user_id; if (isset($_SESSION['user_id']) && $_SESSION['user_id'] != '') // <-- this condition is useless as You have just set the session variable... // ALSO, if You use brackets with else it is good to use brackets also with if echo "Welcome back '$user_name'!"; else { echo 'no'; } } else echo 'no'; } } else echo 'no'; } </code></pre> <p>And here is my rewritten code (still using mysql_*, sorry for that):</p> <pre><code>if (isset($_POST['username'], $_POST['password'])) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string(md5($_POST['password'])); $check = mysql_query("SELECT * FROM `userbase` WHERE `user_name` = '{$username}' AND `user_password` = '{$password}' LIMIT 1"); // <-- We check whether a user with given username AND password exists and we ONLY want to return ONE record if found... if ($check !== false) { $row = mysql_fetch_assoc($check); $_SESSION['user_id'] = $row['user_id']; echo "Welcome back '{$row['user_name']}'!"; } else { echo 'no'; } } else echo 'no'; } </code></pre>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload