Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- PHP Sessions w/ AJAX: Login Process
- $("#login_form_header").submit(function(event){
- event.preventDefault();
- $.ajax({
- url: 'xhr/login.php',
- data: $(this).serialize(),
- type: 'post',
- dataType: 'json',
- success: function(result){
- if (result.success){
- window.location = "logged.php";
- return false;
- };
- },
- error: function(e){console.log("Could not retrieve login information")}
- });
- return false;
- });
- <?PHP
- # Start the user session
- if(!isset($_SESSION)) {
- session_start();
- };
- # Make sure form data was passed to the script
- IF (isset($_POST['username']) && isset($_POST['password'])){
- # Connect to the database
- REQUIRE('../../../../db_oystrr.php');
- # Define variables
- $given_username = $_POST['username'];
- $given_password = $_POST['password'];
- $given_username = stripslashes($given_username);
- $given_password = stripslashes($given_password);
- $given_username = mysql_real_escape_string($given_username);
- $given_password = mysql_real_escape_string($given_password);
- $matched_username = "";
- $matched_password = "";
- # See if there is matching info in the database
- $sql = 'SELECT username, pass FROM users WHERE username="'.$given_username.'"';
- $result = mysql_query($sql);
- while($row = mysql_fetch_assoc($result)){
- $pass_hash = *********;
- if ($pass_hash == $row['pass']){
- $matched_username = $row['username'];
- $matched_password = $row['pass'];
- };
- };
- # If there was a match
- IF ($matched_username != "" && $matched_password != ""){
- # If there is only one result returned
- $session_sql = 'SELECT * FROM users WHERE username="'.$matched_username.'" AND pass="'.$matched_password.'";';
- $session_result = mysql_query($session_sql);
- $returned_row = mysql_fetch_assoc($session_result);
- $user_check = mysql_num_rows($returned_row);
- IF(count($user_check) > 0 && count($user_check) < 2){
- # Set our session values
- $_SESSION['id'] = $returned_row['id'];
- $_SESSION['last_login'] = $returned_row['last_login'];
- $_SESSION['username'] = $returned_row['username'];
- $_SESSION['signup_date'] = $returned_row['signup_date'];
- session_write_close();
- # Set users last login date and time and re-hash their password to this login
- $this_login = **********;
- $hashed_password = **********;
- $update_sql = '************';
- mysql_query($update_sql);
- echo json_encode(array("success"=>"user logged in", "session"=>$_SESSION));
- }ELSE
- echo json_encode(array("error"=>"More than one user with the same information. What did you do?!"));
- }ELSE
- echo json_encode(array("error"=>"Invalid login provided."));
- }ELSE
- echo json_encode(array("error"=>"You must enter a username and Password."))
Add Comment
Please, Sign In to add comment