JQuery - AJAX Return Value

[Berk]

Hey Guys, So I'm doing a register system and it uses AJAX.

So my JQuery code:

$('#btn-login').click(function() {
        var name = $('#login-username').val(); 
        var password = $('#login-password').val(); 
        $.ajax({
            url : 'system/js/login.php', 
            method: 'POST',
            data: {
                name: name,
                password: password
            },
            beforeSend: function() {
new PNotify({
    title: 'Processing...',
    text: 'Logging you in...',
    type: 'info'
});
            },
            success:function(result) {
                if(result == 'done') {
                new PNotify({
                    title : 'Success!', 
                    text: 'Logged in! Redirecting in a moment...',
                    type:'success'
               
                });
           
var delay = 2000; 
setTimeout(function(){ window.location = 'index.php'; }, delay);
            } 
            else if(result == 'invalid') {
                new PNotify({
                    title: 'Invalid!',
                    text: 'Invalid creedentials... Try again!',
                    type:'error'
                });
            }
            }
        });
    });
    // register 
    $('#btn-signup').click(function(){
        var reg_username = $('#reg_username').val(); 
        var reg_pass = $('#reg_pass').val();
        var reg_r_pass = $('#reg_r_pass').val();
        console.log(reg_username,reg_pass,reg_r_pass);
        $.ajax({
            url : 'system/js/register.php',
            data:{
                reg_username:reg_username,
                reg_pass:reg_pass,
                reg_r_pass:reg_r_pass
            },
            method: 'POST',
            beforeSend:function() {
                new PNotify({
                    title: 'Registering...',
                    text: 'Sending data to database...', 
                    type: 'info'
                });
            },
            success: function(result) {
                console.log(result);
                if(result == "done") {
                    console.error('hi');
                new PNotify({
                    title: 'Registered!',
                    text: 'You are registered successfully. For security reasons, please log in with your creedentials..',
                    type: 'success'
                }); 
            }
            else if(result == 'password') {
                new PNotify({
                    title: 'Your passwords are incorrect!',
                    text: 'Your passwords do not match... Check them carefully!',
                    type: 'error'
                }); 
            }
            else if(result == 'username') {
                new PNotify({
                    title: 'Your username is incorrect!',
                    text: 'Your username is taken... Please choose another one! ',
                    type: 'error'
                }); 
            }

            }
        });
    });

system/js/register.php:

<?php 
include('../config.php'); 
$username = $_POST['reg_username']; 
$password = md5($_POST['reg_pass']); 
$r_password = md5($_POST['reg_r_pass']);

if($password !== $r_password) {
    echo 'password';
    exit;
}
$check_username = mysql_query("SELECT * FROM users WHERE username = '{$username}'"); 

if(mysql_num_rows($check_username) > 0){
    echo 'username'; 
    exit; 
}
$query = mysql_query("INSERT INTO users(username,password,rank) VALUES('{$username}','{$password}','1')");
if($query == 1){
    echo json_encode('done'); 

}
 ?>

So my problem here is, system/js/register.php returns 'done' but this part don't work :

  if(result == "done") {
                    console.error('hi');
                new PNotify({
                    title: 'Registered!',
                    text: 'You are registered successfully. For security reasons, please log in with your creedentials..',
                    type: 'success'
                }); 
            }

How may I solve that? Thanks.

 

[JayC]

What does the console output look like? Trace the javascript in the developer tools

 

[Markshall]

Because you're encoding it, so it's turning it into an array. So you're checking an entire array against a string, that's why it's not matching.

Change

echo json_encode('done');

To just

echo 'done';

PS: prevent yourself from SQL injections. I think I've posted this in every help thread you've posted lol

 

[JayC]

Because you're encoding it, so it's turning it into an array. So you're checking an entire array against a string, that's why it's not matching.

Change

echo json_encode('done');

To just

echo 'done';

PS: prevent yourself from SQL injections. I think I've posted this in every help thread you've posted lol

I've suggested the same thing in regards to the prevention of attacks. You're not validating the size of the username entered or the content, or at the very least removing html entries - you also are selecting all from the users table when u only need max 3 columns.

 

[Berk]

Because you're encoding it, so it's turning it into an array. So you're checking an entire array against a string, that's why it's not matching.

Change

echo json_encode('done');

To just

echo 'done';

PS: prevent yourself from SQL injections. I think I've posted this in every help thread you've posted lol

ikr about sql injection im workin on it
And about json encode i tried only echoing it didnt work aswell

What does the console output look like? Trace the javascript in the developer tools

It just says done

I've suggested the same thing in regards to the prevention of attacks. You're not validating the size of the username entered or the content, or at the very least removing html entries - you also are selecting all from the users table when u only need max 3 columns.

There is only 3 columns lol

 

[JayC]

ikr about sql injection im workin on it
And about json encode i tried only echoing it didnt work aswell


It just says done

There is only 3 columns lol

mysql_query("SELECT * FROM users

That is bad practice
SELECT `username`, `password`, `field3` FROM users

And really you should only use the columns you need. Returns faster results, and makes code easier to follow when u look at a variable you know exactly which table it came from if there's multiple select statements and loops.

 

[Weasel]

Output the contents of result just before the if (result == "done") in the console, and post what it says here.

Also, Berk, you've been given advice on safely programming multiple times now. If this isn't just something you make for yourself and eventually will be used by others, stop doing other things and fix up your security first. The fact you're using md5 hashed passwords, with mysql_* functions, no input escaping or SQL injection prevention, this is really a giant online safety hazard for everyone that will use your site. Security should be your top priority. Learn that first, apply it to your project, and after you master decent knowledge on how to program without security issues, continue.

 

[Berk]

Output the contents of result just before the if (result == "done") in the console, and post what it says here.

Also, Berk, you've been given advice on safely programming multiple times now. If this isn't just something you make for yourself and eventually will be used by others, stop doing other things and fix up your security first. The fact you're using md5 hashed passwords, with mysql_* functions, no input escaping or SQL injection prevention, this is really a giant online safety hazard for everyone that will use your site. Security should be your top priority. Learn that first, apply it to your project, and after you master decent knowledge on how to program without security issues, continue.

Thanks for advice, I'm currently working on them and escaping all posts right now. So I have added coded a few functions for securing everything.
For MySQL_* functions, I'm still learning MySQLi and working on it
Same thing goes with md5 too, I'm still learning bcrypt.
 
Also, I'm still having this and current code is:

<?php 
include('../config.php'); 
$username = $_POST['reg_username']; 
$password = md5($_POST['reg_pass']); 
$r_password = md5($_POST['reg_r_pass']);

if($password !== $r_password) {
    echo 'password';
    exit;
}
$check_username = mysql_query("SELECT * FROM users WHERE username = '{$username}'"); 

if(mysql_num_rows($check_username) > 0){
    echo 'username'; 
    exit; 
}
$query = mysql_query("INSERT INTO users(username,password,rank) VALUES('{$username}','{$password}','1')");
echo 'done';

 ?>

 

[MayoMayn]

Thanks for advice, I'm currently working on them and escaping all posts right now. So I have added coded a few functions for securing everything.
For MySQL_* functions, I'm still learning MySQLi and working on it
Same thing goes with md5 too, I'm still learning bcrypt.
 
Also, I'm still having this and current code is:

<?php
include('../config.php');
$username = $_POST['reg_username'];
$password = md5($_POST['reg_pass']);
$r_password = md5($_POST['reg_r_pass']);

if($password !== $r_password) {
    echo 'password';
    exit;
}
$check_username = mysql_query("SELECT * FROM users WHERE username = '{$username}'");

if(mysql_num_rows($check_username) > 0){
    echo 'username';
    exit;
}
$query = mysql_query("INSERT INTO users(username,password,rank) VALUES('{$username}','{$password}','1')");
echo 'done';

 ?>

Bcrypt is even easier than using md5. PDO is still easier and a lot more useful than MySQL

 

[Weasel]

Also, I'm still having this and current code is:

<?php
include('../config.php');
$username = $_POST['reg_username'];
$password = md5($_POST['reg_pass']);
$r_password = md5($_POST['reg_r_pass']);

if($password !== $r_password) {
    echo 'password';
    exit;
}
$check_username = mysql_query("SELECT * FROM users WHERE username = '{$username}'");

if(mysql_num_rows($check_username) > 0){
    echo 'username';
    exit;
}
$query = mysql_query("INSERT INTO users(username,password,rank) VALUES('{$username}','{$password}','1')");
echo 'done';

 ?>

Output the contents of result just before the if (result == "done") in the console, and post what it says here.

 

[MayoMayn]

Here's an updated example using correct practices, PDO and bcrypt:

You must be registered for see links

 

[Berk]

If you meant the posted variables, it registers the value to database, so..

You must be registered for see links

is output

 

[Weasel]

If you meant the posted variables, it registers the value to database, so..

You must be registered for see links

is output

Well obviously it isn't going to work, as what you're showing it's not just outputting "done", for some reason it's also outputting a while HTML script element with content. So result won't be equal to "done" as there's more in it. Not sure how you managed to do this, but use and study @Sentinel his code, look through it, get to understand how it works, etc.

 

[Berk]

Well obviously it isn't going to work, as what you're showing it's not just outputting "done", for some reason it's also outputting a while HTML script element with content. So result won't be equal to "done" as there's more in it. Not sure how you managed to do this, but use and study @Sentinel his code, look through it, get to understand how it works, etc.

Thanks. I either don't know how I did that xD

I'll try it

 

[MayoMayn]

Thanks. I either don't know how I did that xD

I'll try it

If you want I can write some quotes to help you better understand. Otherwise just research the different functions and there'll be a description for each.

 

[Berk]

If you want I can write some quotes to help you better understand. Otherwise just research the different functions and there'll be a description for each.

That would be awesome <3
 
For the register, It returns 405 error and I don't know what is wrong
 
Oh nevermind, figured it