你好,我有一个有用户名和密码的登录表单。
我有一个后端PHP脚本,正确处理数据和json_encode响应。
我有一个JQuery JS脚本使用Ajax,似乎不处理表单验证,但似乎有一些东西泄漏的一些地方,导致Ajax窒息。
我希望你能告诉我是什么出了问题。
<?php
#
# General purpose script to verify user login
# Will be combined with jquery/AJAX to allow access based on
# role
#
set_include_path(get_include_path() . PATH_SEPARATOR . "/home/best9721/public_html/lib");
include("t_const.php");
include("t_verify.php");
#
# Check that there is no SESSION Variables
#
if(isset($_SESSION)) {
session_destroy();
}
#
# Cleanup POST variables
#
$username = strip_tags($_POST['username']);
$userpass = strip_tags($_POST['password']);
#
# Connect to DB
#
try {
$dbh = new PDO("mysql:host=localhost;dbname=$DB_TEST", $MASTER_TEST, $MASTER_TEST_PSW);
#
# Check and see if inputted username is in the DB to start with
#
$stmt = $dbh->prepare("SELECT * FROM user_auth where userid = :userid");
$stmt->execute( array (
':userid' => $username,
)
);
$authdata = $stmt->fetch(PDO::FETCH_ASSOC);
if(empty($authdata)) {
$response['error'] = true;
$response['msg'] = "You do not have access to this section";
print json_encode($response);
exit;
}
#
# Check and see if they have access
#
$stmt = $dbh->prepare("SELECT auth_level FROM user_access where userid = :userid");
$stmt->execute( array (
':userid' => $username,
)
);
$role = $stmt->fetchAll(PDO::FETCH_COLUMN);
$auth_role = $_POST{'auth'};
if(!has_access($role, $auth_role) or !isset($role)) {
$response['error'] = true;
$response['msg'] = "You do not have privileges for this section.";
print json_encode($response);
exit;
} else {
$response['url'] = $url[$auth_role];
}
#
# Now check and see if their account is locked
#
if( $authdata['account_status'] == "closed") {
$response['error'] = true;
$response['msg'] = $authdata["reason_acct_locked"];
print json_encode($response);
exit;
}
#
# Check if Passwords match - final check
#
if(sha1($_POST['password']) != $authdata['userpsw']) {
$response['error'] = true;
$response['msg'] = "Invalid User Credentials";
print json_encode($response);
exit;
} else {
$response['msg'] = 'OK';
print json_encode($response);
exit;
}
}
#
# There was an error
#
catch(PDOException $e)
{
$response['error'] = true;
$response['msg'] = $e->getMessage();
print json_encode($response);
exit;
}
?>
和auth_user.js
$(document).ready(function() {
$("#loginForm").validate({
errorLabelContainer: "#errorMessage",
wrapper: "li",
rules: {
username: "required",
password: "required"
},
messages: {
username: "Please enter your username.",
password: "Please enter your password."
},
submitHandler: function() {
$.ajax({
type: 'POST',
url: 'auth_user.php',
dataType: 'json',
success: function(data) {
alert(data.msg);
},
error: function() {
alert("There was a problem processing this form");
}
});
return false;
}
});
});
~
警报总是弹出- "您无权访问此部分"
感谢您的协助
在ajax调用中,您不向服务器发送任何数据。您可以在传递的对象中使用data属性发送它:
$.ajax({
type: 'POST',
url: 'auth_user.php',
dataType: 'json',
// data attribute
data : {"username":"myUsername", "password": "myPassord"},
// **
success: function(data) {
alert(data.msg);
},
error: function() {
alert("There was a problem processing this form");
}
});