I currently have a html login page which has two textfields for e-mail address and password. The HTML contains a form and a button which triggers some javascript to check the data input is valid. If the data is valid, then the data is posted to a php application.This php application gives a response dependent on whether the …

via PHP Website Development » Search Results » ajax:

HTML, Javascript, PHP Login Page

I currently have a html login page which has two textfields for e-mail address and password. The HTML contains a form and a button which triggers some javascript to check the data input is valid. If the data is valid, then the data is posted to a php application.
This php application gives a response dependent on whether the login details were valid/invalid.
Here is my php:
if(isset($_POST[‘username’]) && isset($_POST[‘password’]))
//connect to database
$dbh = connect();
$user = mysql_real_escape_string($_POST[‘username’]);
$usertype = mysql_real_escape_string($_POST[‘usertype’]);
$pass = md5($_POST[‘password’]);
$query = “”;
if(eregi(“^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]2,3)$”, $user))
if($usertype == “SupportStaff”)
$query = “SELECT staffId, fName, lName, gender, email FROM SupportStaff WHERE email = ‘$user’ AND password = ‘$pass’”;
else
$date = $_POST[‘currdate’];
$query = “SELECT athleteId, fName, lName, gender, email FROM Athletes WHERE email = ‘$user’ AND password = ‘$pass’”;

//make query
$result = mysql_query( $query ) or die (“didn’t query”);

//see if there’s an EXACT match
$num = mysql_num_rows( $result );
if ($num == 1)
$row = mysql_fetch_assoc($result);
if($usertype == “Athlete”)
$user = str_replace(“@”,”at”,$user);
$user = str_replace(“.”,”dot”,$user);
$user .= “Entries”;
$query = mysql_query(“SELECT * FROM $user WHERE date = ‘$date’”);
$exists = false;
if(mysql_num_rows( $query ) == 1)
$exists = “true”; //to see if questionnaire is complete
else
$exists = “false”;

$row[‘complete’] = $exists;
}
echo json_encode($row);
} else
echo ($user.” “);
echo ($pass);
echo (“&result=invalid”);

}else
mysql_close($dbh);
echo (“&result=false”); //invalid e-mail address

mysql_close($dbh);
}
?>If it echos &result=false OR &result=invalid then I would like the user to be served up with the login page again displaying an error message or something similar, if it is successful (echo json_encode($row)) then it should take to home.html (i.e. the homepage)…What is the best way to achieve this?
…………………………………..

Either use Ajax or redirect server side after doing the desired processing.
If you go for the Ajax route (which would be sensible if you are already doing client side scripting), you may want to take a look at jQuery’s Ajax functionality. Specifically, post will probably meet your requirements.
I’m sure you know, but I should emphasise that client side validation alone is not sufficient to secure your site. Client side validation should be viewed as a way of improving the user experience, not as a form of security. People could easily bypass any client side validation by making requests to the server manually.
…………………………………..

Is there any good reason why you need a separate php file for your login code? Assuming your login form is on a page called login.php, you could have all your login code in that same file; your form should then have