-1

I'm having issues when submitting the form. Whenever i submit the form, it refreshes the page and does not perform any action whether the username and password are true or not. However, if i don't use ajax and simply use the PHP it works like a charm.

I'm new to ajax so i'm not able to figure out what's the issue here

Here's the php part: 

include('AdminPanel/connect.php');

session_start();

$email = $_POST['txt_email'];
$password = $_POST['txt_pass'];
$info = mysqli_query($con,"select count(*) from signup where Email = '$email' 
and Password = '$password'");

$row = mysqli_fetch_array($info);
if ($row[0] > 0)
{

    $_SESSION['txt_email']=$email;
    echo "success";

}
else
{
    echo "Email or Password is incorrect";
}

?>

Ajax part:

$(document).ready(function() {
$('#lgnfrmmm').submit(function(e) {
e.preventDefault();
$.ajax({
   type: "POST",
   url: 'query.php',
   data: $(this).serialize(),
   success: function(data)
   {
      if (data === 'success') {
        window.location = 'index.php';
      }
      else {
        $('#msg').html(data);
      }
   }
   });
   });
   });

HTML:

<form  action="#" method="post" id="lgnfrmmm">

<input class="log_email_field" placeholder="Email" type"text" 
name="txt_email" id="txt_email" autocomplete="off"/>
<input class="log_pass_field" placeholder="Password" type="password" 
name="txt_pass" id="txt_pass" />

<div class="panel22 pink">
<button class="btnlogin" name="btn_log" type="submit">Log-in</button>
</div>

</form>
<p id="msg"></p>
Sam Jaffry
  • 29
  • 4
  • Your script is wide open to [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI_` or `PDO` API's – RiggsFolly Jul 18 '18 at 09:09
  • Plain text passwords are a major security risk. PHP provides [`password_hash()`](http://php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://php.net/manual/en/function.password-verify.php) please use them. And here are some [good ideas about passwords](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet) – RiggsFolly Jul 18 '18 at 09:10
  • Why is there an `e.preventDefault()` at the start? – Gobbin Jul 18 '18 at 09:13
  • try to see if you got an js error when you click on send, if so, the e.preventdefault could get ignored and the page would just reload because of the # – Remling Jul 18 '18 at 09:13
  • Your script doesn't refresh a page. Try to clean cache maybe, if it's refreshing on your browser (Ctrl+F5). – MrSmile Jul 18 '18 at 09:34

2 Answers2

0

I never use the $(this).serialize() method cuz it never worked for me
Try this.

$(document).ready(function() {
 $('.btnlogin).click(function() {
  var email = $("#txt_email").val();
  var pass = $("#txt_pass").val();
  var data = "txt_email=" + email + "&txt_pass=" + pass; 
  $.ajax({
   type: "POST",
   url: 'query.php',
   data: data,
   success: function(data) {
    if (data == 'success') {
     window.location.href = 'index.php';
    } else {
     $('#msg').html(data);
    }
   }
  });
 });
});

and use this for php part

<?php
include('AdminPanel/connect.php');

session_start();

$email = $_POST['txt_email'];
$password = $_POST['txt_pass'];
$info = mysqli_query($con,"select count(*) from signup where Email = '$email' 
and Password = '$password'");

if (mysqli_num_rows($info) > 0)
{

    $_SESSION['txt_email']=$email;
    echo "success";

}
else
{
    echo "Email or Password is incorrect";
}

?>
j.edgar
  • 13
  • 7
0

You can solve this issue by send post request by this way :

$.post('query.php', {txt_email: "EMAIL_VALUE", txt_pass : "PASSWORD" }, 
function (result) {
 if (result=== 'success') {
        window.location = 'index.php';
      }
      else {
        $('#msg').html(result);
      }
}

Note : Plain text passwords is wrong way to pass the password or save it , try to use password_hash()

Fawaz Al Romy
  • 64
  • 4