CODEWITHSUNDEEP
javascriptphpajax
user1517838
user1517838

Reputation: 97

If statement not working in javascript/ajax

Ok so this is driving me mad. I've got 2 modal forms - login and register. Javascript does the client side validation and then an ajax call runs either a registration php file or a login php file which returns OK if successful or a specific error message indicating what was wrong (incorrect password, username already taken,etc). There is an If Then statement that checks if the return message is OK and if it is then a success message is displayed and the other fields hidden.

The register form works perfectly. I get my OK back and fields get hidden and the success message displays.

The login form however doesn't work. A successful login returns an OK but the if statement fails and instead of a nicely formatted success message I just get the OK displayed without the username and password fields being hidden which is what makes me think the IF is failing although I cannot see why it would.

I've been staring at this code for hours now and all I can see is the same code for both and no idea why one is working and one is not ....

On to the code...Here is the Login javascript:

$("#ajax-login-form").submit(function(){
            var str = $(this).serialize();
            $.ajax({
                type: "POST",
                url: "php/login.php",
                data: str,
                success: function(msg) {
                    $("#logNote").ajaxComplete(function(event, request, settings) {
                        if(msg == 'OK') {
            // Display the Success Message
                            result = '<div class="alertMsg success">You have succesfully logged in.</div>';
                            $("#ajax-login-form").hide();
            $("#swaptoreg").hide();
            $("#resetpassword").hide();
                        } else {
                            result = msg;
                        }
            // On success, hide the form
                        $(this).hide();
                        $(this).html(result).slideDown("fast");
                        $(this).html(result);                       
                    });
                }
            });
            return false;
        });

and here is the register javascript:

$("#ajax-register-form").submit(function(){
            var str = $(this).serialize();
            $.ajax({
                type: "POST",
                url: "php/register.php",
                data: str,
                success: function(msg) {
                    $("#regNote").ajaxComplete(function(event, request, settings) {
                        if(msg == 'OK') {
            // Display the Success Message
                            result = '<div class="alertMsg success">Thank you! Your account has been created.</div>';
                            $("#ajax-register-form").hide();
                        } else {
                            result = msg;
                        }
            // On success, hide the form
                        $(this).hide();
                        $(this).html(result).slideDown("fast");
                        $(this).html(result);
                    });
                }
            });
            return false;
        });

I don't think I need to add the php here since both just end with an echo 'OK'; if successful and since I'm seeing the OK instead of the nicely formatted success message I'm confident that it is working.

Any suggestions?

EDIT: Here's the login php:

<?php 

require("common.php"); 

$submitted_username = ''; 

 $user = stripslashes($_POST['logUser']);
 $pass = stripslashes($_POST['logPass']);

if(!empty($_POST)) 
{ 

    $query = " 
        SELECT 
            id, 
            username, 
            password, 
            salt, 
            email 
        FROM users 
        WHERE 
            username = :username 
    "; 

    $query_params = array( 
        ':username' => $user 
    ); 

    try 
    { 
        $stmt = $db->prepare($query); 
        $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 
        die("Failed to run query "); 
    } 

    $login_ok = false; 

    $row = $stmt->fetch(); 
    if($row) 
    { 
        $check_password = hash('sha256', $pass . $row['salt']); 
        for($round = 0; $round < 65536; $round++) 
        { 
            $check_password = hash('sha256', $check_password . $row['salt']); 
        } 

        if($check_password === $row['password']) 
        { 
            $login_ok = true; 
        } 
    } 

    if($login_ok) 
    { 
        unset($row['salt']); 
        unset($row['password']); 

        $_SESSION['user'] = $row; 

        echo 'OK';  

    } 
    else 
    { 

        echo '<div class="alertMsg error">Incorrect username or password</div>';

        $submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8'); 
    } 
} 

?>

Upvotes: 0

Views: 362

Answers (1)

000
000

Reputation: 27247

if($login_ok) 
    { 
        unset($row['salt']); 
        unset($row['password']); 

        $_SESSION['user'] = $row; 

        echo 'OK';  

    } 
    else 
    { 

        echo '<div class="alertMsg error">Incorrect username or password</div>';

        $submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8'); 
    } 
} 

?> <!------- There is a space here! -->

There is a space after the closing ?> which is being sent to the user. The closing ?> is optional, and it is highly recommended to NOT include it, for just this reason. Get rid of that ?>.

Upvotes: 2

Related Questions