help with login from not submitting
I have a form which uses JQuery and evaluates the data against info in a MySQL DB and allows or denys access. Works fine until I tried to add another PHP session variable, and then I just get the 'validating' message without any result. the part which causes it to break is $_SESSION['editor_name'] = $row['editor_name']
I thought it may be b/c I wasn't placing that in the JQuery, but I tried adding a hidden field to the form with the ID of editor_name and adding to the POST data such as this, but it was a no-go. Any ideas on a fix or debugging is greatly appreciated.
- $.post("login.php", {username:$('#username').val(),password:$('#password').val(),editor_name:$('#editor_name').val()} ,function(data)
The login form contains the following code.
- <?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" dir="ltr">
<head>
<meta http-equiv="Content-type" content="text/html; charset=ISO-8859-1" />
<title>
ETSI Editor Candidate Test
</title>
<link href="style.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="js/niceforms.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js"></script>
<script language="javascript">
// Developed by Roshan Bhattarai
// Visit http://roshanbh.com.np for this script and more.
// This notice MUST stay intact for legal use
$(document).ready(function()
{
$("#login_form").submit(function()
{
//remove all the class add the messagebox classes and start fading
$("#msgbox").removeClass().addClass('messagebox').text('Validating....').fadeIn(1000);
//check the username exists or not from ajax
$.post("login.php", {username:$('#username').val(),password:$('#password').val()} ,function(data)
{
//alert(data);
if(data==1) //if correct login detail
{
$("#msgbox").fadeTo(200,0.1,function(data) //start fading the messagebox
{
//add message and change the class of the box and start fading
$(this).html('Success!..Logging in.....').addClass('messageboxok').fadeTo(900,1,
function()
{
//redirect to secure page
document.location='EditorExam.php';
});
});
}
else
{
$("#msgbox").fadeTo(200,0.1,function(data) //start fading the messagebox
{
//add message and change the class of the box and start fading
$(this).html('You have entered an incorrect login<br /> please try again!').addClass('messageboxerror').fadeTo(900,1).delay(5000).fadeTo(900,0);
});
}
});
return false; //not to post the form physically
});
//now call the ajax also focus move from
$("#password").blur(function(data)
{
$("#login_form").trigger('submit');
});
});
</script>
</head>
<body>
<div id="LoginContainer">
<h1 class="login">ETSI Editor Candidate Login</h1>
<div id="form_align">
<form enctype="multipart/form-data" method="post" action="" id="login_form" class="niceform">
<fieldset>
<legend>Please enter your email address and password to login to your test.</legend>
<img class="logo" src="ETSI_logo.png" alt="ETSI Logo"></img>
<div class="loginwrapper">
<label for="username">Username:<span class='red_small'> (email address) </span></label><br />
<input type="text" name="username" id="username" size="20"><br /><br />
<label for="password">Password:<span class='red_small'> (you should have been given this)</span> </label><br />
<input type="password" name="password" id="password" size="20"><br /><br />
<div class="buttondiv">
<input class="button" type="submit" name="submit" value="Login" /><span id="msgbox" style="display:none"></span>
</div>
</div><!--end login wrapper-->
</form>
</fieldset>
</div>
</div><!--end container div-->
</body>
</html>
and the PHP login code
- <?php
session_start();
$db_user = "user";
$db_pass = "pass";
$db = "DB";
mysql_connect('localhost',$db_user,$db_pass);
mysql_select_db($db);
$username = mysql_real_escape_string($_POST['username']);
$password =(md5($_POST['password']));
$sql = "SELECT username,password,editor_name
FROM Editor_Candidates
WHERE
password = '$password'
AND
username='$username'";
$dat = time() + 3600;
$sql_update ="UPDATE Editor_Candidates
SET login_timestamp = DATE_ADD(NOW(), INTERVAL 2 HOUR)
WHERE username = '$username'
AND password = '$password'";
$query = mysql_query($sql) or die("Query Failed: $sql - " . mysql_error());
$num_rows = mysql_num_rows($query);
$row = mysql_fetch_array($query) or die(mysql_error());
//echo $row['editor_name'];
if ($num_rows == '1')
{
$_SESSION['editor_name'] = $row['editor_name']
$_SESSION['username'] = $username;
$_SESSION['sid'] = session_id();
// Make it more secure by storing the user's IP address.
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
// Now give the success message.
// $_SESSION['username'] should print out your username.
echo '1';
} else
{
echo '0';
}
?>