I am working on a login form, where user types in his email, which is validated through AJAX and after that the password is verified through AJAX as well. Here is the code, JS code-
//AJAX for email input field
function emailCheck(email) {
return $.ajax({
type: "POST",
url: "ajax_index.php",
data: "email=" + email
});
}
//AJAX for password input field
function passwordCheck(password, email) {
return $.ajax({
type: "POST",
url: "ajax_index.php",
data: {password: password, email: email}
});
}
PHP code -
//receives POST request from email field
if (isset($_POST['email'])) {
$email = mysqli_real_escape_string($dbconn, $_POST['email']);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo -1;
} else {
$query = "SELECT * from users WHERE email = '$email'";
$query_result = mysqli_query($dbconn, $query) or die(mysqli_error($dbconn));
$result_rows = mysqli_num_rows($query_result);
echo $result_rows;
}
}
//receives POST from password field
if (isset($_POST['password'], $_POST['email'])) {
$email = mysqli_real_escape_string($dbconn, $_POST['email']);
$password = mysqli_real_escape_string($dbconn, $_POST['password']);
$query = "SELECT email, password from users WHERE email = '$email'";
$query_result = mysqli_query($dbconn, $query) or die(mysqli_error($dbconn));
$result_rows = mysqli_num_rows($query_result);
$row = mysqli_fetch_assoc($query_result);
if (password_verify($password, $row['password'])) {
echo 1;
}
else {
echo 0;
}
}
As you can see, for the password field, I have to get both the $_POST['password']
and $_POST['email']
, so that I can verify the password against that email. But this invokes both handlers, the one for only email field and the one for both email and password which the one I only want to run. So, how I can solve this problem? Thank you.
So, silly problem, I just had to put the handler for password field inside the handler for email field in a conditional block. So it works if I change to this -
if (isset($_POST['email'])) {
if(isset($_POST['password'])) {
$email = mysqli_real_escape_string($dbconn, $_POST['email']);
$password = mysqli_real_escape_string($dbconn, $_POST['password']);
$query = "SELECT email, password from users WHERE email = '$email'";
$query_result = mysqli_query($dbconn, $query) or die(mysqli_error($dbconn));
$result_rows = mysqli_num_rows($query_result);
$row = mysqli_fetch_assoc($query_result);
if (password_verify($password, $row['password'])) {
echo 1;
}
else {
echo 0;
}
}
else {
$email = mysqli_real_escape_string($dbconn, $_POST['email']);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo -1;
} else {
$query = "SELECT * from users WHERE email = '$email'";
$query_result = mysqli_query($dbconn, $query) or die(mysqli_error($dbconn));
$result_rows = mysqli_num_rows($query_result);
echo $result_rows;
}
}
}
Or as Sasikumar said, using an extra variable will work as well.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.