API tools faq
paste
Guest User

Untitled

a guest
Aug 6th, 2018
135
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.97 KB | None | 0 0
raw download clone embed print report
  1. PHP Sessions w/ AJAX: Login Process
  2. $("#login_form_header").submit(function(event){
  3.  
  4. event.preventDefault();
  5.  
  6. $.ajax({
  7. url: 'xhr/login.php',
  8. data: $(this).serialize(),
  9. type: 'post',
  10. dataType: 'json',
  11. success: function(result){
  12. if (result.success){
  13. window.location = "logged.php";
  14. return false;
  15. };
  16. },
  17. error: function(e){console.log("Could not retrieve login information")}
  18. });
  19.  
  20. return false;
  21. });
  22.  
  23. <?PHP
  24.  
  25. # Start the user session
  26. if(!isset($_SESSION)) {
  27. session_start();
  28. };
  29.  
  30. # Make sure form data was passed to the script
  31. IF (isset($_POST['username']) && isset($_POST['password'])){
  32.  
  33. # Connect to the database
  34. REQUIRE('../../../../db_oystrr.php');
  35.  
  36. # Define variables
  37. $given_username = $_POST['username'];
  38. $given_password = $_POST['password'];
  39. $given_username = stripslashes($given_username);
  40. $given_password = stripslashes($given_password);
  41. $given_username = mysql_real_escape_string($given_username);
  42. $given_password = mysql_real_escape_string($given_password);
  43. $matched_username = "";
  44. $matched_password = "";
  45.  
  46.  
  47. # See if there is matching info in the database
  48. $sql = 'SELECT username, pass FROM users WHERE username="'.$given_username.'"';
  49. $result = mysql_query($sql);
  50. while($row = mysql_fetch_assoc($result)){
  51. $pass_hash = *********;
  52. if ($pass_hash == $row['pass']){
  53. $matched_username = $row['username'];
  54. $matched_password = $row['pass'];
  55. };
  56. };
  57.  
  58.  
  59. # If there was a match
  60. IF ($matched_username != "" && $matched_password != ""){
  61.  
  62. # If there is only one result returned
  63. $session_sql = 'SELECT * FROM users WHERE username="'.$matched_username.'" AND pass="'.$matched_password.'";';
  64. $session_result = mysql_query($session_sql);
  65. $returned_row = mysql_fetch_assoc($session_result);
  66. $user_check = mysql_num_rows($returned_row);
  67.  
  68. IF(count($user_check) > 0 && count($user_check) < 2){
  69.  
  70. # Set our session values
  71. $_SESSION['id'] = $returned_row['id'];
  72. $_SESSION['last_login'] = $returned_row['last_login'];
  73. $_SESSION['username'] = $returned_row['username'];
  74. $_SESSION['signup_date'] = $returned_row['signup_date'];
  75.  
  76. session_write_close();
  77.  
  78. # Set users last login date and time and re-hash their password to this login
  79. $this_login = **********;
  80. $hashed_password = **********;
  81. $update_sql = '************';
  82. mysql_query($update_sql);
  83.  
  84. echo json_encode(array("success"=>"user logged in", "session"=>$_SESSION));
  85. }ELSE
  86. echo json_encode(array("error"=>"More than one user with the same information. What did you do?!"));
  87. }ELSE
  88. echo json_encode(array("error"=>"Invalid login provided."));
  89. }ELSE
  90. echo json_encode(array("error"=>"You must enter a username and Password."))
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!