How to regenerate a token's input after ajax request, so i don't need to reload the page,
here's my php code to generate a token
<?php
class Token {
public static function generate() {
return $_SESSION['token'] = base64_encode(openssl_random_pseudo_bytes(32));
}
public static function check($token){
if(isset($_SESSION['token']) && $token === $_SESSION['token']){
unset($_SESSION['token']);
return true;
}
return false;
}
}
?>
and here's my jQuery code to send an ajax request
function load() {
$('#load-data').load('process/karyawan/load.php');
}
function insert(){
$('form').submit(function(e){
e.preventDefault();
var form = $(this);
$.ajax({
type: form.attr('method'),
url: 'process/karyawan/insert.php',
data: form.serialize(),
success: function(result){
load();
}
}
});
});
}
and here's my form
<form action="" method="post">
<div class="kiri">
<div class="inp">
<input type="text" name="nama_karyawan" placeholder="Nama Karyawan" class="form-control nama_karyawan">
</div>
<div class="inp">
<textarea class="form-control" name="alamat_karyawan" rows="5" placeholder="Alamat Karyawan"></textarea>
</div>
</div>
<div class="kanan">
<div class="inp">
<input type="password" name="password" placeholder="Password" class="form-control">
</div>
<div class="inp">
<input type="text" name="telepon_karyawan" class="form-control" placeholder="Telepon Karyawan">
</div>
<div class="inp">
<input name="akses" class="form-control" value="Admin" readonly>
<div class="error-msg err05"></div>
</div>
<div class="inp">
<input type="submit" name="insert" value="Simpan" class="btn btn-success col-sm-12">
<input type="hidden" name="token" value="<?=Token::generate();?>">
</div>
</div>
</form>
And here's my load.php file
<?php
session_start();
require_once('../../classes/Config.php');
require_once('../../classes/Database.php');
require_once('../../classes/Query.php');
require_once '../../classes/ErrorHandler.php';
require_once '../../classes/Validator.php';
require_once '../../classes/Token.php';
$connection = new Database($host, $username, $password, $database);
$main = new Query($connection);
$table = 'karyawan';
$selectData = $main->select($table);
while($fetchData = $selectData->fetch_object()){
if(#$_SESSION['owner']){
$delete = '<i class="fa fa-trash"></i>';
$button = '<td class="text-center">'.$delete.'</td>';
}else{
$button = null;
}
echo '<tr>
<td class="text-center">'.$fetchData->id_karyawan.'</td>
<td class="text-center">'.$fetchData->nama_karyawan.'</td>
<td class="text-center">'.$fetchData->alamat_karyawan.'</td>
<td class="text-center">'.$fetchData->telepon_karyawan.'</td>
<td class="text-center">'.$fetchData->akses.'</td>
'.$button.'
</tr>';
}
?>
For first request the code is running well, but for the second request I think it wouldn't be running well anymore because I've unset the token.. can someone give me an advice to regenerate a token after ajax request ? thank you
Because you're unset your token, the next validation will fail. You have to regenerate a new one after check and update your HTML token' field.
First, in your JS insert(), add "json" datatype.
Then, in your success function, update the field.
function insert(){
$('form').submit(function(e){
e.preventDefault();
var form = $(this);
$.ajax({
type: form.attr('method'),
url: 'process/karyawan/insert.php',
data: form.serialize(),
dataType: "json", // NEW
success: function(result){
$("input[name=token]").val(result.token); // NEW
load();
}
}
});
});
}
And in your update.php :
session_start();
// check and to stuff...
// then
$new_token = Token::generate(); // generate a new token
echo json_encode(['token' => $new_token]); // send to JS
die;
Related
I am trying to get my jQuery to work with CSS animations/class changes and working with an ajax post for this logon forum. I am having trouble reworking the JQuery animation script and incorporating the Ajax port for username and password. It does not seem to be posting the login information.
<form class="login" action="" method="post" autocomplete="false">
<div class="group">
<input id="user" type="username" name="user" class="input" placeholder="Username" required autofocus>
</div>
<div class="group">
<input id="password" type="password" name="password" class="input" data-type="password" placeholder="Password" required>
</div>
<div class="group">
<button>
<i class="spinner"></i>
<span class="state">Log in</span>
</button>
</div>
<div class="hr"></div>
</form>
Here is the jQuery
var working = false;
$('.login').on('submit', function(e) {
e.preventDefault();
if (working) return;
working = true;
var $this = $(this),
$state = $this.find('button > .state');
$this.addClass('loading');
$state.html('Authenticating');
$.ajax({
type: "POST",
data: $(this).serialize(),
cache: false,
url: "login.php",
success: function(data) {
if (data.status == 'success') {
this.addClass('ok');
$state.html('Welcome back!');
setTimeout(function() {
window.location = "/index.php"
}, 4000);
} else if (data.status == 'error') {
setTimeout(function() {
$state.html('Log in');
$this.removeClass('ok loading');
}, 3000);
}
},
});
});
After using Diego's suggestion and piping the out to the console log I was able to determine that the php function was not returning anything. Adding an echo in with corresponding results resolved my issue along with using 'data' in the if statement instead of 'data.status'.
I have been having this problem for the last two days now. I have two files on my local host.
http://localhost/project/sign-in.php and
http://localhost/project/form-handle/index.php
When a user lands on sign-in page a session variable is created
<?php
ob_start();
session_start();
$token = strtoupper(uniqid());
$_SESSION['token-string'] = $token;
I then put the session value in a hidden field
<input type='hidden' name='token-string' value='<?php echo $token; ?>'>
So far, so good. However, when I send the form values to http://localhost/project/form-handle/index.php
and return the value of the token string session, its different from what is in the hidden field. I am using jquery ajax to send the request.
Here is how I check for it in the form-handle page:
<?php
ob_start();
session_start();
if(isset($_SESSION['token-string'])){
$token = $_SESSION['token-string'];
echo $token;
}
?>
The value returned is totally different! Its important to know also that the wrong value returned is a string generated by the function
strtoupper(uniqid());
Am I doing something wrong here?
Here is the jQuery that submits the form
$('#service-login').click(function (evt) {
evt.preventDefault();
var form = $('#Ads-Login');
var data = form.serialize();
var url = 'form-handle/index.php';
var method = form.attr('method');
$.ajax({
type: method,
url: url,
data: data,
success: function (response) {
alert(response);
},
error: function () {
}
})
});
The html form is here
<form action="" method="post" id="Ads-Login">
<div class="form-group">
<input type="email" name="email" id="" class="form-control" placeholder="Email Address">
</div>
<div class="form-group">
<input type="hidden" name="token-string" value="<?php echo $token; ?>">
<input type="password" name="Password" id="" class="form-control" placeholder="Account Password">
<a class="btn btn-white dark-grey-text font-bold ml-0" href="" id="service-login"><i class="fa fa-play mr-1"></i> Login</a>
</div>
</form>
I have a form that is posting data to a php api file. I got the api working and it creates an account but want to use AJAX to send the data so I can make the UX better. Here is what the PHP sending script is expecting:
<form id="modal-signup" action="/crowdhub_api_v2/api_user_create.php" method="post">
<div class="modal-half">
<input type="text" placeholder="First Name" name="user_firstname"></input>
</div>
<div class="modal-half">
<input type="text" placeholder="Last Name" name="user_lastname"></input>
</div>
<div class="modal-half">
<input type="Radio" placeholder="Gender" value="male" name="user_gender">Male</input>
</div>
<div class="modal-half">
<input type="Radio" placeholder="Gender" value="female" name="user_gender">Female</input>
</div>
<div class="modal-half">
<input type="date" placeholder="DOB" name="user_dateofbirth"></input>
</div>
<div class="modal-half">
<input type="text" placeholder="Zip Code" name="user_zip"></input>
</div>
<input class="end" type="email" placeholder="Email" name="user_email"></input>
<input type="password" placeholder="Password" name="user_password"></input>
<input type="submit"></input>
</form>
PHP
$user_firstname = $_REQUEST['user_firstname'];
$user_lastname = $_REQUEST['user_lastname'];
$user_email = $_REQUEST['user_email'];
$user_password = $_REQUEST['user_password'];
$user_zip = $_REQUEST['user_zip'];
$user_dateofbirth = $_REQUEST['user_dateofbirth'];
$user_gender = $_REQUEST['user_gender'];
$user_phone = $_REQUEST['user_phone'];
$user_newsletter = $_REQUEST['user_newsletter'];
How would I send this via ajax? I found this script that says it worked, but it did not create a user. I imagine its sending the data not the right way.
Ajax
$(function () {
$('#modal-signup').on('submit', function (e) {
e.preventDefault();
$.ajax({
type: 'post',
url: '/api_v2/api_user_create.php',
data: $('form').serialize(),
success: function () {
alert('form was submitted');
}
});
});
});
First, let's get ajax in order:
$(function () {
$('#modal-signup').on('submit', function (e) {
e.preventDefault();
$.ajax({
type: 'post',
//same url as the form
url: '/crowdhub_api_v2/api_user_create.php',
data: $('form').serialize(),
//we need a variable here to see what happened with PHP
success: function (msg) {
//output to the page
$('#output').html(msg);
//or to the console
//console.log('return from ajax: ', msg);
}
});
});
});
Somewhere on the form page, add a div with id output:
<div id="output></div>
Finally, in api_user_create.php, there is an error:
$user_gender = $_REQUEST['user_gender'];
//these last two do not exist on the form
$user_phone = $_REQUEST['user_phone'];
$user_newsletter = $_REQUEST['user_newsletter'];
I'd recommend some error-checking on the PHP side, like this
if(!empty($_REQUEST)){
//For developing, you may want to just print the incoming data to see what came through
//This data returns into the msg variable of the ajax function
print_r($_POST);
//once that's good, process data
if(isset($_REQUEST['user_gender'])){
$user_gender = $_REQUEST['user_gender'];
}
//etc... as before
} else {
echo 'no data received';
}
This is a part of the code from a form requesting data to check if the email alredy exist. The thing is, the program is supposed to return 0 if there is no any mail like this. It dont work properly, because the program keep sending the data, even if the mail is not correct.
If you want more info, or i am missing something let me know. Thanks in advance.
$(document).ready(function () {
$("#enviar").click(function(e) {
e.preventDefault();
var error = false;
consulta = $("#email2").val();
$.ajax({
type: "POST",
url: "compruebaEmail.php",
data: "b="+consulta,
dataType: "html",
error: function(){
alert("error petición ajax");
},
success: function(data){
if(data==0){
$("#error").html("Email incorrecto");
error = false;
}else{
$("form").unbind('submit').submit();
}
}
});
if (error){
return false;
}
});
});
And here is my compruebaEmail.php
<?php require_once('connections/vinoteca.php'); ?>
<?php
mysql_select_db($database_vinoteca, $vinoteca);
$user = $_POST['b'];
if(!empty($user)) {
comprobar($user);
}
function comprobar($b) {
$sql = mysql_query("SELECT * FROM usuarios WHERE email = '".$b."'");
$contar = mysql_num_rows($sql);
if($contar == 0){
echo 0;
}else{
echo 1;
}
}
?>
And here goes the POST
<form method="POST" name="form1" action="validarUsu.php">
<div class="row">
<span class="center">Email</span>
</div>
<div class="row">
<input type="text" name="email" id="email2" value="" size="32" />
</div>
<div class="row">
<span class="center">Contraseña</span>
</div>
<div class="row">
<input type="password" name="password" id="id2" value="" size="32" />
</div>
<div class="row">
<span id="error"> </span>
</div>
<div class="row">
<input type="submit" value="Acceder" id="enviar" size="20">
</div>
<div class="row">
Recuperar contraseña
</div>
</form>
The problem is you're returning false from your Ajax function. You need to return false from your click function. Give this a try:
$("#enviar").click(function() {
var error = false;
consulta = $("#email2").val();
$.ajax({
type: "POST",
url: "compruebaEmail.php",
data: "b="+consulta,
dataType: "html",
error: function(){
alert("error petición ajax");
},
success: function(data){
if(data==0){
$("#error").html("Email incorrecto");
error = true;
}
}
});
if (error)
return false;
});
If all you want is canceling the submitting event, then :
Either :
1 - Add the event arg to your click handler :
$("#enviar").click(function(event){
2 - use event.preventDefault(); when you want to cancel the submit message :)
or change the "return false;" location so that it will be triggered in the "click" handler scope and note the "success" scope e.g with a boolean that would represent if there is an error (EDIT : that is Styphon' solution)
Documentation here : http://api.jquery.com/event.preventdefault/
Here is my html
<div id="stylized" class="myform">
<form action="index.php" method="post" class="formPadd">
<div align="right">
<fieldset class="FloatLeft">
</fieldset>
<fieldset class="FloatRight" style="padding-right:14px;">
<div style="height:40px; line-height:30px; text-align:center;">
<label>Username:</label><br>
<input class="inputbox" type="text" style="text-align:center; padding-right:14px;" name="uname" value maxlength="50">
</div><br><br>
<div style="height:30px; line-height:30px; text-align:center;">
<label align="center">Password:</label>
<input class="inputbox" type="password" name="pass" style="text-align:center; padding-right:14px;" value maxlength="50"><br><br>
</div><br>
<div>
<button id="login" class="ui-button ui-widget ui-state-default ui-corner-all ui-button-text-only" role="button" aria-disabled="false">
<span class="ui-button-text">Login</span>
</button>
</div>
</fieldset>
</div>
</form>
</div>
</div>
and heres my php
<?PHP
include("db.classes.php");
$g = new DB();
$g->connection();
if($_POST)
{
$un = $g->clean($_POST["username"]);
$pw = $g->clean($_POST["password"]);
$g->login($un, $pw);
}
$g->close();
?>
and here's my db.classes
ublic function login($un, $pw)
{
$result = mysql_query("select username, password from admin where username='$un' and password='$pw'");
$data = $this->getResults($result);
$uName = $data["username"];
$password = $data["password"];
if($uName === $un && $password === $pw)
{
echo ('Correct');
}
else
{
echo 'Incorrect username/password';
}
}
And here's my ajax request
$( "#login" ).button().click(function( event ) {
event.preventDefault();
var un = $("input[name=uname]").val();
var pw = $("input[name=pass]").val();
var dataString = 'username='+ un + '&password='+ pw;
$.ajax({
type: "POST",
url: "processLogin.php",
data: dataString,
success: function(){
if (data === 'Login') {
window.location.replace('list.php');
}
else {
alert('Invalid Credentials');
}
}
});
});
I have already checked if my sql staments if they are to blame but they are fine. I think my problem is somewhere in the ajax request but i can't seem to point it out.
You need to narrow down where the problem is exactly, but the first thing I would change, is the way you build your query string in javascript. I am not sure if a data string gets encoded correctly if you send it directly, so I would use jQuery to make sure it does (in case your password contains funny characters for example).
Apart from that you are not using the data sent back from your ajax request in your javascript:
$.ajax({
type: "POST",
url: "processLogin.php",
data: $('form.formPadd').serialize(),
// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ serialize your form
success: function(data){
// ^^^^ get the data
if (data === 'Correct') {
// ^^^^^^^ this is what you echo in php
window.location.replace('list.php');
} else {
alert('Invalid Credentials');
}
}
});
You would also have to change the names of the form fields or the POST variables in php so that they match again.
As a side-note, if you are going to redirect to another page in javascript, there is not much point in using ajax in the first place.