A simple ajax login part 5: setting up the php part 2
In my last tutorial I had started setting up the php for the login script, to see it visit Fairway Web Design. So lets start from where we left off. For convenience I shall include the whole script again.
<?php
session_start();
include "config.php";
//establish variables
$username=mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);
if ($username&&$password){
//Change here if your table is called something other than members
$query = mysql_query("select * from members where username='$username'");
$numrows=mysql_num_rows($query);
$json=array();
if ($numrows!=0)
{
//code to login
while($row = mysql_fetch_assoc($query)){
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
//check to see if they match
if($username==$dbusername&&$password==$dbpassword)
{
$_SESSION['username']=$dbusername;
if(!isset($_POST["ajax"])){
$json["redirect"]=$_SERVER['HTTP_REFERER'];
} else {
//Edit here to redirect somewhere other than home
$json["redirect"]="home.php";
}
} else
//error for checking to see if they match
$json["error"]="Incorrect Password";
}
//error for checking the existence of a user
else
$json["error"]="That User Doesn't Exist!";
}else {
//error for checking if the form has been filled out
$json["error"]="Please enter a username and password!";
}
header("Content-type:application/json");
echo json_encode($json);
die();
Remember that I'm taking the if statements in blocks so that I deal with the statement and the error in one go which is why it isn't in the same order. The next section is as follows:
//Change here if your table is called something other than members
$query = mysql_query("select * from members where username='$username'");
$json=array();
$numrows=mysql_num_rows($query);
if ($numrows!=0)
{
}
//error for checking the existence of a user
else
$json["error"]="That User Doesn't Exist!";
}
Firstly in this section I get all of the information out if the members table where the database user name equals the user name that the user entered and this is then stored in the $query variable. Next I establish the $json variable which simply equals and array so that whatever information is stored in the $json variable ends up in that array whether it is an error or it redirecting. The $numrows variable checks to see if there query finds any rows in the database. The reason this is done is that if it doesn't come back with any results then there are no users by the entered username. The ! Before the equal sign in the if statement means that if $numrows doesn't equal zero then go ahead as the username exists else it echo out the error.
//code to login
while($row = mysql_fetch_assoc($query)){
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if($username==$dbusername&&md5($password)==$dbpassword)
{
else
//error for checking to see if they match
$json["error"]="Incorrect Password";
}
This next section is used to determine if the password they have entered is correct. Firstly I set up a while loop to get all of the information about the user from the database. Next I assign the username and password from the database to the $dbusername and $dbpassword respectively. Then it's simply a question of checking to see if the user entered user name and password match. It's really important to remember to put md5() around the user entered password as when we set up the register form we used md5 to encrypt the password so you need to encrypt the user entered one as otherwise it won't match the password stored in the database. Then if the information doesn't match it puts out the error message.
$_SESSION['username']=$dbusername;
if(!isset($_POST["ajax"])){
$json["redirect"]=$_SERVER['HTTP_REFERER'];
} else {
//Edit here to redirect somewhere other than home
$json["redirect"]="home.php";
}
This final piece of the if statements is the code to be executed if all of the information is correct. Firstly we set the user $_SESSION['username'] to the user name from the database however you could just as easily set it to the one that they entered. The if(!isset($_POST["ajax"])) section is a fail safe in case ajax isn't enabled on the server and then it simply redirects you to the page you were just on. If it's unclear the $_SERVER['HTTP_REFERER']; command sends you back to the page you were just on. If ajax is enabled then it will redirect you to the home page that we set up in the 'setting up the html' tutorial. How that the if statements are dealt with we move on to the final few lines.
header("Content-type:application/json");
echo json_encode($json);
die();
This final section changes the content type so that it can encrypt the json properly so that it can be actually be used by the ajax.
That just about wraps it up for this tutorial in the next tutorial I shall start on the ajax and jquery. For more tips on how to become a better web designer visit Fairway Web Design.
<?php
session_start();
include "config.php";
//establish variables
$username=mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);
if ($username&&$password){
//Change here if your table is called something other than members
$query = mysql_query("select * from members where username='$username'");
$numrows=mysql_num_rows($query);
$json=array();
if ($numrows!=0)
{
//code to login
while($row = mysql_fetch_assoc($query)){
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
//check to see if they match
if($username==$dbusername&&$password==$dbpassword)
{
$_SESSION['username']=$dbusername;
if(!isset($_POST["ajax"])){
$json["redirect"]=$_SERVER['HTTP_REFERER'];
} else {
//Edit here to redirect somewhere other than home
$json["redirect"]="home.php";
}
} else
//error for checking to see if they match
$json["error"]="Incorrect Password";
}
//error for checking the existence of a user
else
$json["error"]="That User Doesn't Exist!";
}else {
//error for checking if the form has been filled out
$json["error"]="Please enter a username and password!";
}
header("Content-type:application/json");
echo json_encode($json);
die();
Remember that I'm taking the if statements in blocks so that I deal with the statement and the error in one go which is why it isn't in the same order. The next section is as follows:
//Change here if your table is called something other than members
$query = mysql_query("select * from members where username='$username'");
$json=array();
$numrows=mysql_num_rows($query);
if ($numrows!=0)
{
}
//error for checking the existence of a user
else
$json["error"]="That User Doesn't Exist!";
}
Firstly in this section I get all of the information out if the members table where the database user name equals the user name that the user entered and this is then stored in the $query variable. Next I establish the $json variable which simply equals and array so that whatever information is stored in the $json variable ends up in that array whether it is an error or it redirecting. The $numrows variable checks to see if there query finds any rows in the database. The reason this is done is that if it doesn't come back with any results then there are no users by the entered username. The ! Before the equal sign in the if statement means that if $numrows doesn't equal zero then go ahead as the username exists else it echo out the error.
//code to login
while($row = mysql_fetch_assoc($query)){
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if($username==$dbusername&&md5($password)==$dbpassword)
{
else
//error for checking to see if they match
$json["error"]="Incorrect Password";
}
This next section is used to determine if the password they have entered is correct. Firstly I set up a while loop to get all of the information about the user from the database. Next I assign the username and password from the database to the $dbusername and $dbpassword respectively. Then it's simply a question of checking to see if the user entered user name and password match. It's really important to remember to put md5() around the user entered password as when we set up the register form we used md5 to encrypt the password so you need to encrypt the user entered one as otherwise it won't match the password stored in the database. Then if the information doesn't match it puts out the error message.
$_SESSION['username']=$dbusername;
if(!isset($_POST["ajax"])){
$json["redirect"]=$_SERVER['HTTP_REFERER'];
} else {
//Edit here to redirect somewhere other than home
$json["redirect"]="home.php";
}
This final piece of the if statements is the code to be executed if all of the information is correct. Firstly we set the user $_SESSION['username'] to the user name from the database however you could just as easily set it to the one that they entered. The if(!isset($_POST["ajax"])) section is a fail safe in case ajax isn't enabled on the server and then it simply redirects you to the page you were just on. If it's unclear the $_SERVER['HTTP_REFERER']; command sends you back to the page you were just on. If ajax is enabled then it will redirect you to the home page that we set up in the 'setting up the html' tutorial. How that the if statements are dealt with we move on to the final few lines.
header("Content-type:application/json");
echo json_encode($json);
die();
This final section changes the content type so that it can encrypt the json properly so that it can be actually be used by the ajax.
That just about wraps it up for this tutorial in the next tutorial I shall start on the ajax and jquery. For more tips on how to become a better web designer visit Fairway Web Design.
Source...