So a project in my class is to create a website that incorporates a database. I'm having trouble getting the login function to work. I've written the login and login-script in php. All that happens when I login is the page just refreshes to "localhost/login.php?" instead of "index.php" Any help is appreciated, thanks in advance.
My login.php
<?php
include 'nav.php';
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>UCF Events</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="css/login.css">
<link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
<script src="http://maxcdn.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js"></script>
<link rel="stylesheet" href="css/navstuff.css">
<?php
include 'setUniversityColors.php';
setColors();
?>
<script>
function call() {
//we will POST to this php file on the server
//it will process what we send and can return back JSON information
var request = $.post("login-script.php",
{
//these are defined in the inputs within our form
//each input is defined by their id attribute in the HTML
email: $("#inputEmail").val(),
password: $("#inputPassword").val()
}
//this function is called when we get a response back from the server
function(json){
//write back what we get in the "message" field to the response div defined in this HTML
//the response div is located right below the "Register" button
$("div.response").html(json.message);
//on success redirect to the index page
if(json.success === "success")
self.location="index.php";
}
//defines that we are expecting JSON back from the server
"json");
}
</script>
</head>
<body>
<?php
displayNav('login.php' ,'Login');
?>
<div class="container">
<form class="form-signin">
<label for="inputEmail" class="sr-only">Email address</label>
<input type="email" id="inputEmail" class="form-control" placeholder="Email address" required autofocus>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" id="inputPassword" class="form-control" placeholder="Password" required>
<button class="btn btn-lg btn-primary btn-block" onClick="call();">Sign in</button>
</form>
</div>
</body>
</html>
My login-script.php
<?php
//sets the following variables:
$mysqluser = 'root';
$mysqlpassword = '';
$mysqldbname = 'db';
//now connect to the database
$mysqli = new mysqli("localhost", $mysqluser, $mysqlpassword, $mysqldbname);
//here we can extract information from the client's POST request
// this was submitted by the jQuery function
//always use mysql_real_escape_string when taking in user input
// this prevents SQL injection
$email = $mysqli->real_escape_string($_POST['UserEmail']);
$password = $mysqli->real_escape_string($_POST['Password']);
$success = " ";
$message = " ";
$sql = "SELECT Password, isAdmin, isSuperAdmin, UserID FROM user WHERE UserEmail='$email'";
//run the query and check if it was successful
$result = $mysqli->query( $sql );
if($result){
//get an associative array from the result
//retrieve specific attribute values by $row['tableAttribute']
$row = $result->fetch_assoc();
//check entered password against the hash
if (password_verify($password, $row['Password'])) {
$message = "Login Successful, redirecting...";
$success = "success";
//start the session and set some identifying variables
//these are save across pages
//we will end the session when the user logs out
session_start();
$_SESSION['UserEmail'] = $email;
$_SESSION['isAdmin'] = $row['isAdmin'];
$_SESSION['isSuperAdmin'] = $row['isSuperAdmin'];
$_SESSION['id'] = $row['UserID'];
} else {
$message = "There was a problem with your user name or password.";
$success = "fail";
}
} else {
$message = "Error accessing database: " . $mysqli->error;
$success = "fail";
}
$return = array('message' => $message, 'success' => $success);
echo json_encode($return);
?>
