stackoom
  简体   繁体   中英

Weird ajax remember me login bug

 原文  2014-01-07 02:44:52       php/ jquery/ ajax

Question

This just came up: when I attempt to log in via ajax, for some strange reason Username field is not set is printed but the username is clearly set. 

   <?php
require_once (dirname(__FILE__) . '/../../inc/inc.all.php');
$username;
$password;
$remember;
$token;

if (!isset($_POST['username'])) {
    echo "Username field must be set!";
    die();
}
$username = $_POST['username'];

if (!isset($_POST['password'])) {
    echo "Password field must be set";
    die();
}
$password = md5($_POST['password']);

$remember = $_POST['remember'];

if (!isset($_POST['token'])) {
    echo "There was a problem logging you in securly, Prehaps you are trying to log in from a different window?";
    die();
} else {
    $token = $_POST['token'];
}

// Validate token
if (!isset($token) || $token != $_SESSION['token']) {
    echo "Invalid token: There was a problem logging you in securley, Prehaps you are trying to log in from a different window?";
    die();
}

// Log the user in
$sql = "SELECT ID FROM cs_users WHERE username = '{$username}' AND password = '{$password}'";
$query = $db -> query($sql);
if ($query -> num_rows) {
    list($id) = @array_values($query -> fetch_assoc());
    if ($remember) {
        $expire = time() + 60 * 60 * 24 * 180;
        echo $id.'<br>'.$username.'<br>'.$password.'<br>';
        setcookie("id", $id, $expire);
        setcookie("username", $username, $expire);
        setcookie("password", $password, $expire);
        header("LOCATION:{$_SERVER['PHP_SELF']}");
    } else {
        $_SESSION['id'] = $id;
        $_SESSION['username'] = $username;
        $_SESSION['password'] = $password;
    }
    echo true;
} else {
    echo "Invalid username/password";
    die();
}
?>

In the above code, if I change _POST to _GET and access the page via login.php?username=mrkirby153&password=admin&remember=true&token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx it still says that the field is unset. (Yes I know there are some major security "breaches" in my code. I am working on fixing it.)

var_dump($_POST) : array(0){}

Html form 

<div id="login">
        <div id="login-err"></div>
        <label for="username">Username: </label>
        <input type="text" name="username" id="loginUsername" placeholder="Username">
        <label for="password">Password: </label>
        <input type="password" name="password" id="loginPass" placeholder="Password">
        <input type="button" name="loginBttn" id="loginSubmit" class="btn btn-success" value="Log in" onclick="userLogin()">
        <br>
        <label for="remember">Remember me?</label>
        <input type="checkbox" name="remember" id="loginRemember">
        <br>
        <a href="forgot">Forgot login credentials?</a>
        <input type="hidden" name="token" id="loginToken" value="<?php echo $token?>">
    </div>

Method used to ajax: 

function userLogin() {

    var username = $("#loginUsername").val();
    var password = $("#loginPass").val();
    var remember = $("#loginRemember").is(':checked');
    var token = $("#loginToken").val();
    alert(username);
    $(".ajax-loader").fadeIn("slow");
    $("#login").slideUp("slow");

    $.ajax({
        type : "GET",
        url : "internal/CloudShop/ajax/login.php",
        dataType : "html",
        data : "username=" + username + "&password=" + password + "&remember=" + remember + "&token=" + token,
        success : function(result) {

            if (result != "1") {
                $("#login-err").html(result);
                $("#login").slideDown("slow");
            } else
                location.reload();
            $(".ajax-loader").fadeOut("slow");
        }
    });

}

Sitenote: It still sets the cookie though and I'm logged in if i refresh the page

2 answers

solution1
 0  2014-01-07 03:51:05

Try changing your data parameter to: 

data : { username: username,
         password: password,
         remember: remember ? 'true' : 'false',
         token: token
       },

jQuery will then encode the parameters properly.

The reason your form is being submitted twice is presumably because the normal form submission is happening after userLogin() returns. Change your submit button to: 

<input type="button" name="loginBttn" id="loginSubmit" class="btn btn-success" value="Log in" onclick="userLogin(); return false;">

Returning false from the submit button disables the default action.

solution2
 0 ACCPTED  2014-01-19 18:45:57

I fixed it myself. After setting the cookie, I was executing header("LOCATION:{$_SERVER['PHP_SELF']}"); which would re-call the login form again but without any $_POST data

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Symfony2 ajax login remember me functionality Codeigniter app bug: login credential are remembered even if remember me is not checked How to integrate remember me after successful login using jquery ajax? Writing Remember Me for login Login programmatically + remember me php login script - remember me MTA & HTML Login & Remember Me Symfony force login and remember me codeigniter remember me for login by session Setting remember on ajax laravel login
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM