PHP generated HTML output adds \r\n characters and additional spaces for jQuery $.post request

Question

I have a login system that I am implementing, and when I use a PHP script called from jQuery $.post it adds \r\n, some spaces, and then \r\n again (as viewed with firebug).

I'm trying to get the word "Success" returned (or others if the login had issues) so I can then determine the status of the login request. I could always strip slashes and trim the output before comparing, but I'd rather not have to if I can fix the cause.

The output from this PHP is "Success\r\n \r\n" not simply "Success" :

<?php
// session_destroy();
$lname = $_POST['lname'];
$passhash = $_POST['pass'];

include 'includes/dbiconnect.php';

$loginStatus = "NA";
$query = "SELECT `txt_LOGINNAME`, `txt_PASSHASH`, `txt_PILOTNAME`, `bool_SYSADMIN` FROM `tbl_staff_details` WHERE `txt_LOGINNAME` = '{$lname}' AND `bool_CURRENT` = 1";
$result = mysqli_query($db_link,$query) or die('cannot open DB for login!');

if (is_null($result)) {
    $result_row_num = 0;
} else {
$result_row_num = mysqli_num_rows($result);
$loginDetail = mysqli_fetch_assoc($result);
}

switch (true) {
    case ($result_row_num == 0):
    $loginStatus = "Not Found";
        break;
    case ($result_row_num > 1):
        $loginStatus = "Too Many";
        break;
    case ($loginDetail['txt_LOGINNAME'] == $lname):
        // The Default:
        $loginStatus = "Incorrect Password";
        // Deviate from default only if PW Hashes match
        if ($passhash == $loginDetail['txt_PASSHASH']) {
            session_start();
            $_SESSION['FullName'] = $loginDetail['txt_PILOTNAME'];
            $_SESSION['SysAdmin'] = $loginDetail['bool_SYSADMIN'];
            $_SESSION['LoginName'] = $loginDetail['txt_LOGINNAME'];
        $_SESSION['lastActivity'] = time();
            $loginStatus = "Success";
        } // if
} // switch

mysqli_close($db_link);
print "{$loginStatus}";
?>

The Javascript that handles this is (including some 'alert statements to help me visualise the input/output):

case (passwordentered != "" && usernameentered != ""):
    $("#errorField").val("I can work with this");
        var passwordhash = CryptoJS.SHA256(passwordentered);
        var str_hash = passwordhash.toString(CryptoJS.enc.Hex);
        alert(passwordhash);
        $.post( 'validatelogin.php' , {lname : usernameentered, pass : str_hash},
            function(output) {
                alert(output);
                switch (output) {
                    case "Success":
                        $("#errorField").val("Login Was Successful");
                        window.location("./daysheets.php");
                        break;
                    case "Incorrect Password":
                        $("#errorField").val("ERROR: Incorrect Password");
                        break;
                    case "Not Found":
                        $("#errorField").val("ERROR: User Not Found");
                        break;
                    case "Too Many":
                        $("#errorField").val("ERROR: Not Unique");
                    default:
                        var loginerror = output + ", Login Err";
                        $("#errorField").val(loginerror);
                }
        });
        break;

If someone can tell me where/why the additional characters are appended to the output when the jQuery gets it it would be appreciated.

Regards

Braedon

Answer 1

2 suggestions:

1. Since it's plain words, set header('Content-type: text/plain');
2. Try removing the closing ?> from both this file and from includes/dbiconnect.php. It's possible that there are trailing character returns in either or both of those files, which is what you're seeing.

Answer 2

If there are any whitespaces before or after the opening PHP tags, this would be output to the browser. You can use jQuery's trim function or return a json array.

<?php
echo json_encode($loginStatus);
?>

You could also move your switch function to the PHP file and output the login status message.