Home/ Questions/Q 7945997
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T01:01:26+00:00

It is all working fine in my login-script. I get the right responses in

  • 0

It is all working fine in my login-script. I get the right responses in my div (id=login_reply) and the session starts. But whenever I refresh the page, the login_reply is gone. How am I able to keep the login_reply? Thank you!

Here is the php: 

if (isset($_POST['username'], $_POST['password']))
{
    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string(md5($_POST['password']));

    $check = mysql_query("SELECT * FROM `userbase` WHERE `user_name` = '$username'");
    if (mysql_num_rows($check) > 0)
    {
        while ($row = mysql_fetch_assoc($check))
        {
            $user_id = $row['user_id'];
            $user_name = $row['user_name'];
            $user_email = $row['user_email'];
            $user_password = $row['user_password'];

            if ($password == $user_password)
            {
                $_SESSION['user_id'] = $user_id;
                if (isset($_SESSION['user_id']) && $_SESSION['user_id'] != '')  
                    echo "Welcome back '$user_name'!";
                else
                {
                    echo 'no';
                }

            }
            else
                echo 'no';
        }
    }
    else
        echo 'no';  
}

Here is the jQuery

$(document).ready(function()
{

$('#login').click(function()
{
    var username = $('#username').val();
    var password = $('#password').val();

    $.ajax(
    {
        type: 'POST',
        url: 'php/login.php',
        data: 'username=' +username + '&password=' + password,
        success: function(data)
        {
            if (data != 'no')
            {
                $('#logform').slideUp(function()
                {
                    $('#login_reply').html(data).css('color', 'white');
                });
            }
            else                    
                $('#login_reply').html('Invalid username or password').css('color', 'red');
        }
    });
    return false;
});
});
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The problem is that JS is just client side scripting language – it is processed only on clients browser.

    If You want to login using AJAX, okay, but You have to store the values of logged in user into the session (or cookies). Then on every page load You will check whther that session or cookies are set and exists and if they does, You will write down the HTML corresponding to that of jQuery after logging in…

    In other words, here is what You will do:

    1. Page load – user not logged in
    2. User fill in login credentials and clicks “log in”
    3. You check whether that user exists and if he does, You save $_SESSION['username'] (for example)
    4. Within AJAX You fill that $('#login_reply')
    5. User clicks on some link within Your website
    6. You check whether You have a value (or index is set) in $_SESSION['username']
    7. If it is, by PHP You will fill the #login_reply div, if it is not, You will show the login form…

    Hope this helps…

    EDIT1: You also should implement the login functionality in a way that there is no JS working (disabled) on client browser so normal POST should be taken into count…

    EDIT2: I also want to point out some general programming mistakes…

    Here is Your code with my comments added:

    if (isset($_POST['username'], $_POST['password']))
{ // <-- This is a .NET style of writing the brackets that I don't like much and I guess PHP don't like .NET either :-)
    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string(md5($_POST['password']));

    $check = mysql_query("SELECT * FROM `userbase` WHERE `user_name` = '$username'"); // <-- mysql_* method calls should be replaced by PDO or at least mysqli
    // Also the query could be improved
    if (mysql_num_rows($check) > 0)
    {
        while ($row = mysql_fetch_assoc($check)) // <-- why calling while when You expect ONLY one user to be found?
        {
            $user_id = $row['user_id'];
            $user_name = $row['user_name'];
            $user_email = $row['user_email'];
            $user_password = $row['user_password']; // <-- What are these last 4 lines good for? This is useless...

            if ($password == $user_password) // <-- this condition SHOULD be within the SQL query...
            {
                $_SESSION['user_id'] = $user_id;
                if (isset($_SESSION['user_id']) && $_SESSION['user_id'] != '')  // <-- this condition is useless as You have just set the session variable... 
                // ALSO, if You use brackets with else it is good to use brackets also with if
                    echo "Welcome back '$user_name'!";
                else
                {
                    echo 'no';
                }

            }
            else
                echo 'no';
        }
    }
    else
        echo 'no';  
}

    And here is my rewritten code (still using mysql_*, sorry for that):

    if (isset($_POST['username'], $_POST['password'])) {
    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string(md5($_POST['password']));

    $check = mysql_query("SELECT * FROM `userbase` WHERE `user_name` = '{$username}' AND `user_password` = '{$password}' LIMIT 1"); // <-- We check whether a user with given username AND password exists and we ONLY want to return ONE record if found...
    if ($check !== false) {
        $row = mysql_fetch_assoc($check);

         $_SESSION['user_id'] = $row['user_id'];

         echo "Welcome back '{$row['user_name']}'!";
    } else {
        echo 'no';
    }
} else
    echo 'no';
}
    • 0