Question

我正在尝试构建用户身份验证系统。为了保护页面，我首先使用userIsLoggedIn（）函数检查登录状态，如果没有登录，则显示登录表单。登录表单数据使用ajax发布到accessControl.php脚本。 ajax请求启动但永远不会完成。在Chrome devtool中，ajax请求显示为待处理。

这有什么问题......

如果我用简单的POST请求替换ajax部分，那么php脚本可以正常工作并进行必要的更改。

（请推荐一些很好的资源来学习Ajax。）

在受保护的页面上：

if(!userIsLoggedIn()){
    require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/loginForm.php';
    exit();
}

表格：

<form class="form-signin" id="logInForm">
                <p id="returnMsg"></p>
                <input type="text" name="username" id="username" class="form-control" placeholder="Username" required autofocus>
                <input type="password" name="password" id="password" class="form-control" placeholder="Password" required >
                <input type="hidden" name="tokenLogInForm" id="tokenLogInForm" value="<?php if(isset($_SESSION['tokenLogInForm'])) { echo htmlout($_SESSION['tokenLogInForm']); } ?>">

                </form>
                <button class="btn btn-lg btn-primary btn-block" id="logInButton">
                    Log in</button>

jQuery脚本：

$(document).ready(function(){
    $("#logInButton").click(function(e){

            var logInFormData = $("#logInForm").serialize();

            $.ajax({
                type: 'post',
                data: logInFormData,
                url: 'http://localhost/includes/accessControl.php',
                beforeSend: function(){
                    $("#logInFromSpinner").show();
                },
                conplete: function(){
                    $("#logInFromSpinner").hide();
                },
                success: function(data, status) {
                    console.log(data);
                },
                error: function(jqXHR, textStatus){
                    console.log(textStatus);
                }

            });
    });
});

accessControl.php脚本：

<?php
if(session_status() === PHP_SESSION_NONE) {
    session_start();
}
if(!isset($_SESSION['tokenLogInForm']) && empty($_SESSION['tokenLogInForm'])) {
    $_SESSION['tokenLogInForm'] = base64_encode(openssl_random_pseudo_bytes(32));
    session_regenerate_id(TRUE);
} 

function userIsLoggedIn()
{
    if(isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest')
    {   
        $userName = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_SPECIAL_CHARS);
        $passWordRaw = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_SPECIAL_CHARS);
        $passWord = md5($passWordRaw . 'M@there__ing@<7^9>');
        if(databaseContainsUser($userName, $passWord))
        {   
            if(session_status() === PHP_SESSION_NONE) {
                session_start();
            }
            session_regenerate_id(TRUE);
            $_SESSION['loggedIn'] = TRUE;
            $_SESSION['userName'] = $userName;
            $_SESSION['passWord'] = $passWord;
            $_SESSION['tokenLogInForm'] = base64_encode(openssl_random_pseudo_bytes(32));
            return TRUE;
        }
        else
        {
            if(session_status() === PHP_SESSION_NONE) {
                session_start();
            }
            session_regenerate_id(TRUE);
            unset($_SESSION['loggedIn']);
            unset($_SESSION['userName']);
            unset($_SESSION['passWord']);
            if(isset($_COOKIE[session_name()])) {
                setcookie(session_name(), '', time()-86400, '/');
            }
            session_destroy();
            echo 'The specified Username and Password was incorrect.';
            $_SESSION['tokenLogInForm'] = base64_encode(openssl_random_pseudo_bytes(32));
            return FALSE;
        }
    }


    if(isset($_POST['actionLogOut']) && $_POST['actionLogOut'] == 'logOut')
    {
        if(session_status() === PHP_SESSION_NONE) {
            session_start();
        }
        session_regenerate_id(TRUE);
        unset($_SESSION['loggedIn']);
        unset($_SESSION['userName']);
        unset($_SESSION['passWord']);
        $_SESSION = [];
        if(isset($_COOKIE[session_name()])) {
            setcookie(session_name(), '', time()-86400, '/');
        }
        session_destroy();
        $_SESSION['tokenLogInForm'] = base64_encode(openssl_random_pseudo_bytes(32));
        header('Location: ' . $_POST['goto']);
        exit();
    }
    if(session_status() === PHP_SESSION_NONE) {
        session_start();
    }
    session_regenerate_id(TRUE);
    if(isset($_SESSION['loggedIn']))
    {
        return databaseContainsUser($_SESSION['userName'], $_SESSION['passWord']);
    }
}


function databaseContainsUser($userName, $passWord)
{   
    include $_SERVER['DOCUMENT_ROOT'] . '/includes/dbCon.php';
    try
    {   
        $sql = 'SELECT COUNT(*) FROM admins WHERE username = :userName AND
        password = :passWord';
        $s = $dbConnect->prepare($sql);
        $s->bindValue(':userName', $userName);
        $s->bindValue(':passWord', $passWord);
        $s->execute();
    }
    catch(PDOException $e)
    {
        $error = 'Error searching User.';
        include $_SERVER['DOCUMENT_ROOT'] . '/includes/error.php';
        exit();
    }
    $row = $s->fetch();

    if($row[0] > 0)
    {
        return TRUE;
    }
    else 
    {
        return FALSE;
    }
}

Answer 1

您的代码中有错误。替换＆＃34;充实＆＃34;完整的。其余的东西看起来很好。

更改后，您的Javascript将如下所示

 $(document).ready(function(){
  $("#logInButton").click(function(e){

        var logInFormData = $("#logInForm").serialize();

        $.ajax({
            type: 'post',
            data: logInFormData,
            url: 'http://localhost/includes/accessControl.php',
            beforeSend: function(){
                $("#logInFromSpinner").show();
            },
            complete: function(){
                $("#logInFromSpinner").hide();
            },
            success: function(data, status) {
                console.log(data);
            },
            error: function(jqXHR, textStatus){
                console.log(textStatus);
            }

        });
});
});

如何在php函数中检测ajax调用

1 个答案: