Witam.
postanowiłem napisać logowanie opartym o jquery i teraz się zastanawiam czy to będzie dobry pomysł pod względem bezpieczeństwa.
php:
/*Funkcja zapisująca ciasteczka */
function docookie($setuid, $setusername) {
return $info;
}
$user = $_GET['Username'];
$password = trim($_GET['Password']);
$query = $pdo->prepare("SELECT `user`, `password`, `pass_pass`, `id_user` FROM `users` WHERE `user` = :user AND `password` = :password LIMIT 1");
$query->bindValue(':user', $user, PDO::PARAM_STR);
$query->bindValue(':password', SafePassword($password), PDO::PARAM_STR);
$query->execute();
$fetch = $query->fetch();
$status = "error";
$message = "".LANG_AJAX_LOGIN_NIEPODANO.".";
$status = "error";
$message = ''.LANG_AJAX_LOGIN_NIEMA.'.';
}elseif(empty($password)){ $status = "error";
$message = "".LANG_AJAX_HASLO_NIEPODANO.".";
}else{
$maxran = 1000000;
$rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . $random_num . $datekey));
docookie($fetch['id_user'], $user);
$status = "success";
$message = 'Zalogowano poprawnie.'.$code;
}
JS:
var SignIn = function() {
$('#LoginButton,#LoginButtonTop').on('click', function (){
var form = $('#login').serialize(),
responseMsg = $('#messageLogin,#messageLoginTop');
responseMsg.hide().addClass('response-waiting').text('czekaj...').fadeIn(200);
$.ajax({
type: 'GET',
url: "/ajax.php?p=login",
data: form,
processData: false,
contentType: false,
success: function(data){
var responseData = jQuery.parseJSON(data),
klass = '';
switch(responseData.status){
case 'error':
klass = 'response-error';
break;
case 'success':
klass = 'response-success';
break;
}
responseMsg.fadeOut(200,function(){
$(this).removeClass('response-waiting').addClass(klass).html(responseData.message).fadeIn(200,function(){
if(responseData.status == 'error'){
setTimeout(function(){
responseMsg.fadeOut(200,function(){
$(this).removeClass(klass);
});
},3000);
}else { setTimeout('go_to_private_page()', 3000); }
});
});
}
});
return false;
});
}