postanowiłem napisać logowanie opartym o jquery i teraz się zastanawiam czy to będzie dobry pomysł pod względem bezpieczeństwa.
php:
/*Funkcja zapisująca ciasteczka */ function docookie($setuid, $setusername) { return $info; } $user = $_GET['Username']; $query = $pdo->prepare("SELECT `user`, `password`, `pass_pass`, `id_user` FROM `users` WHERE `user` = :user AND `password` = :password LIMIT 1"); $query->bindValue(':user', $user, PDO::PARAM_STR); $query->bindValue(':password', SafePassword($password), PDO::PARAM_STR); $query->execute(); $fetch = $query->fetch(); $status = "error"; $message = "".LANG_AJAX_LOGIN_NIEPODANO."."; $status = "error"; $message = ''.LANG_AJAX_LOGIN_NIEMA.'.'; $status = "error"; $message = "".LANG_AJAX_HASLO_NIEPODANO."."; }else{ $maxran = 1000000; docookie($fetch['id_user'], $user); $status = "success"; $message = 'Zalogowano poprawnie.'.$code; }
JS:
var SignIn = function() { $('#LoginButton,#LoginButtonTop').on('click', function (){ var form = $('#login').serialize(), responseMsg = $('#messageLogin,#messageLoginTop'); responseMsg.hide().addClass('response-waiting').text('czekaj...').fadeIn(200); $.ajax({ type: 'GET', url: "/ajax.php?p=login", data: form, processData: false, contentType: false, success: function(data){ var responseData = jQuery.parseJSON(data), klass = ''; switch(responseData.status){ case 'error': klass = 'response-error'; break; case 'success': klass = 'response-success'; break; } responseMsg.fadeOut(200,function(){ $(this).removeClass('response-waiting').addClass(klass).html(responseData.message).fadeIn(200,function(){ if(responseData.status == 'error'){ setTimeout(function(){ responseMsg.fadeOut(200,function(){ $(this).removeClass(klass); }); },3000); }else { setTimeout('go_to_private_page()', 3000); } }); }); } }); return false; }); }