0

I am trying to create a Ajax functions that made a decision based on a return var from PHP. The main issue I have is the return var will display correctly when I print it to an html class, but the decision within ajax still produces the same result of false.

Below is the PHP form:

<form class="LogInForm" method="post" action="Auth.php" >
    <div class="form-group">
        <input type="email" class="form-control" name="email" placeholder="Email Address" value="<?php echo $_SESSION['email'];?>">
    </div>
    <div class="form-group">
        <input type="password" class="form-control" name="pw" placeholder="password">
    </div>                          
    <button type="submit" class="btn btn-default btn-block">Submit</button>

And below is the jquery script:

    $('.LogInForm').on('submit', function(e){
    var values = $(this).serialize();
    // get value of action attribute   
    var desination = $('.RemoveProd').prop('action');           
    // get current location url         

    // prevent page from leaving to desination
    e.preventDefault(); 

    $.ajax({
          url: desination,
          type: 'post',
          data: values, 
          success: function(data){
              if(data == 1){;
                    alert("True");
                  $('.Test').html(data);
              }
              else{
                  alert("False");
                  $('.Test').html(data);
              }
            },
          error: function(){
          } 
    });

});

The PHP Function:

function Auth()
    {
        //start session and compture login info
        $pass = md5($_POST['pw']);
        $user = $_POST['email'];

        //connect to DB
        $conn = Connect();

        //Select all queries
        $select = "SELECT Email, Password FROM customers WHERE Email ='".$user."' AND Password = '".$pass."'";
        $results = $conn->query($select);

        //search in db for user and passwrod, also store quires in var to store in sessions.
        if ($results->num_rows > 0) {
            $bool = true;               
        }
        else{
            $bool= false;
        }
        echo $bool;
    }

What happens is if I don't put in the right password if alerts me False and under the submit button tell me what the data is (which is null). When I put in the correct password, it still alerts me False but the data displays under the submit button as 1.

Also note when I bypass the Ajax function The PHP function works correctly.

Update I was able to get this working. All i did was move the php file Auth.php to another directory and it seem to fixed the issue. I know it wasn't a file path issue. I thank you all for your time and thank you for answering and pointing me in the right direction with security vulnerabilities.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
KyleM
  • 1
  • 1
  • You set the ajax url as `var desination = $('.RemoveProd').prop('action'); `, where is the element that has the class `RemoveProd` ? If there's no such element, then you're not passing the url to ajax... – DouglasCamargo Oct 04 '16 at 21:42
  • Tried to compare your response as a string? `if(data === '1')` – Marcel Dieterle Oct 04 '16 at 21:42
  • 1
    Side note: `$pass = md5($_POST['pw']);` Not a good way to do password authentication. Check out `password_verify()` and `password_hash()` – Rasclatt Oct 04 '16 at 21:42
  • 1
    Side note: this->`$select = "SELECT Email, Password FROM customers WHERE Email ='".$user."' AND Password = '".$pass."'";` is an sql injection waiting to happen. Look into bind parameters/values. – Rasclatt Oct 04 '16 at 21:45
  • This approach is seriously exposed to [SQL injection](https://en.wikipedia.org/wiki/SQL_injection). You should look into using [PDO](http://php.net/manual/en/book.pdo.php) – Wesley Smith Oct 04 '16 at 21:53
  • http://stackoverflow.com/questions/14708269/when-should-i-return-true-false-to-ajax-and-when-should-i-echo-true-false – The Alpha Oct 04 '16 at 22:09
  • @MarcelDieterle I tired to make it a string instead and getting the same results. The interesting thing is i have this code on another page with the same code just instead of alerting me, it redirect users to different pages based on response from php function and it works correctly. – KyleM Oct 05 '16 at 13:23
  • @Rasclatt I will deffently look into SQL injections and also the use of the 'password_verify()' and hash. – KyleM Oct 05 '16 at 13:23

2 Answers2

0

Javascript == is false if the values are of different types. I suspect the value you're getting back through AJAX is being read as the string "1" instead of the integer 1 (or the boolean TRUE). Try changing your comparison to:

if(data == '1')...
Martin
  • 348
  • 1
  • 9
-1

i have tested this, its working correct

$('.LogInForm').on('submit', function(e){
    var values = $(this).serialize();
    // get value of action attribute
    var desination = $('.RemoveProd').prop('action');
    // get current location url

    // prevent page from leaving to desination
    e.preventDefault();

    $.ajax({
        url: desination,
        type: 'post',
        data: values,
        success: function(data){

            //remember the returned value is a type string if not changed or maybe it a raw integer from php
            if(parseInt(data.trim().replace(/\D*/g,'')) == 1){
                alert("True");
                $('.Test').html(data);
            }
            else{
                alert("False");
                $('.Test').html(data);
            }
        },
        error: function(e){
            //check the logged error for more details
            console.log(e)
        }
    });

});
Dennisrec
  • 333
  • 2
  • 22