Home/ Questions/Q 8706313
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T03:35:07+00:00

I’m making a login system, and when I send a request from an AJAX

  • 0

I’m making a login system, and when I send a request from an AJAX connection, the session is not getting set.
Sending the connection:

function onSubmit(form){
    var username = form.username.value;
    var password = form.password.value;
    if(username == ''){
        document.getElementById('error').innerHTML='<font color="red"><b>Please enter a username</b></font>';
        return;
    }
    if(password == ''){
        document.getElementById('error').innerHTML='<font color="red"><b>Please enter a password</b></font>';
        return;
    }
    if(username != '' && password != ''){
        document.getElementById('error').innerHTML='';
        showDiv('loadinglogin');    
        var dataString = 'username='+username+'&password='+password;
    $.ajax({  
      type: "POST",  
      url: "util/login.php",  
      data: dataString,  
      success: function(msg) {  
        if(msg == "ok"){
            document.getElementById('error').innerHTML='<font color="green"><b>Login good, redirecting</b></font>';
            hideDiv('loadinglogin');    
            window.location = "test.php";
        }else{
            document.getElementById('error').innerHTML='<font color="red"><b>Invalid login</b></font>';
            hideDiv('loadinglogin');    
        }
      }  
    }); 



    }
}

Setting the session/handle login:

<?php
include('database.php');
session_start();
function in_db($u,$p){
    $p = md5($p);
    $p = sha1($p);
    $p = sha1($p);
    $p = md5($p);
    $sql = "SELECT * FROM `users` WHERE `username` = '$u' AND `password` = '$p'";
    $result = mysql_query($sql) or die(mysql_error());  
    while($row = mysql_fetch_object($result))
    { 
        return true;    
    }
    return false;
} 
if(isset($_POST['username']) && isset($_POST['password']) && !isset($$_SESSION['user']) && !isset($$_SESSION['pass'])){
    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);
    if(in_db($username,$password)){
        $_SESSION['user'] = $user;
        $_SESSION['pass'] = $pass;
        print("ok");
    }else{
        print("bad");
    }
}else{
    print("bad");
}
?>

Not sure if I’m doing somthing wrong :/

EDIT: I pulled this from ERROR_LOG

[18-Oct-2012 07:27:00 UTC] PHP Warning: session_start() [function.session-start]: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and ‘-,’ in /util/login.php on line 2

PHP.ini

register_globals = off
allow_url_fopen = off

expose_php = Off
max_input_time = 60
variables_order = "EGPCS"
extension_dir = ./
upload_tmp_dir = /tmp
precision = 12
SMTP = relay-hosting.secureserver.net
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=,fieldset="


; Only uncomment zend optimizer lines if your application requires Zend Optimizer support

;[Zend]
;zend_optimizer.optimization_level=15
;zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-3.3.3
;zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-3.3.3
;zend_extension=/usr/local/Zend/lib/Optimizer-3.3.3/ZendExtensionManager.so
;zend_extension_ts=/usr/local/Zend/lib/Optimizer_TS-3.3.3/ZendExtensionManager_TS.so


; -- Be very careful to not to disable a function which might be needed!
; -- Uncomment the following lines to increase the security of your PHP site.

;disable_functions = "highlight_file,ini_alter,ini_restore,openlog,passthru,
;             phpinfo, exec, system, dl, fsockopen, set_time_limit,
;                     popen, proc_open, proc_nice,shell_exec,show_source,symlink"
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Put session_start(); at very beginning of your file, before include().

    • 0