Jquery Ajax and PHP form submission

Question

I've been working on a login form, that uses Jquery and Ajax to submit to a PHP file that processes the request then sends back a response. I think that somewhere, somehow the PHP script may be incorrect, because the form always comes back true allowing the person to login even when I purposely feed an incorrect password.

Here is the html code:

    <div id="login">
    <span class="error">Uh oh! Something went wrong please try again!</span>
    <span class="success">Congrats! You've been logged in, redirecting you to your homepage</span>
    <form action="process/core/login.php" method="post">
    <p>Email: <input type="text" name="email" <?php if($_POST['email'] != '') { echo 'value="'. $_POST['email'] .'"'; }?> /></p>
    <p>Password: <input type="password" name="pword" /></p>
    <p><input type="submit" value="Login" id="login-btn" /></p>
    </form>
</div>

<script>
function redirect(){
    window.location = "home.php"
}

$("#login-btn").click(function(){
    $.ajax({
        type:       "post",                                     // type of post
        url:        "process/core/login.php",                   // submitting file
        data:       $("form").serialize(),                      // data to submit
        success: function() {
            $(".success").show("slow");                         // sucess function
            setTimeout('redirect()', 3000);
        },      
        error: function() {
            $('.error').show("slow");                           // error function
        }
    });
return false;
});
</script>

Here is the PHP script:

<?php
session_start();

require '../../lib/core/connect.php';

if(!empty($_POST['email']) && !empty($_POST['pword'])) {

    $userInfo = mysql_query("SELECT * FROM users WHERE email = '". mysql_real_escape_string($_POST['email']) ."'");
    $userInfo = mysql_fetch_assoc($userInfo);

    if($_POST['email'] == $userInfo['email'] && md5($_POST['pword']) == $userInfo['pword']) {

        if($userInfo['active'] == 1) {

            $_SESSION['AuthEmail']=$userInfo['email'];
            $_SESSION['AuthUid']=$userInfo['uid'];
            $_SESSION['AuthName']=$userInfo['fname'] . ' ' . $userInfo['lname'];
            $_SESSION['AuthActive']=$userInfo['active'];
            $_SESSION['AuthType']=$userInfo['type'];

            return true;
            print 'success';
        } else {
            return false;
            print 'fail not active';
        }
    } else {
        return false;
        print 'Email and or password didn\'t match';
    }

} else {
    return false;   
    print 'Didn\'t enter one of the required values';
}
?>

Somewhere I have an error, I even changed all of the PHP script values to return false and somehow the success message in the ajax still fired successfully. Any help would be greatly appreciated, I've searched the entire forum finding related topics but found nothing that got real in depth with errors.

Thanks

Answer 1

我认为您实际上需要抛出一个异常才能将错误处理程序称为http://php.net/manual/en/language.exceptions.php false不是错误，这根本不是事实。

Answer 2

The ajax success callback will fire when a HTTP 200 is returned from the server (in other words, when a proper response is returned). So this means that no matter which code path is executed in your PHP code, the success callback will still be called, and the user will be redirected.

You can either modify the success callback to check the response and act appropriately (preferred), or throw an exception on the server for the return false scenarios.