Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 504
  • Last Modified:

Login Submit - No Page Refresh

My current login page if the login is incorrect the page refreshes and says that the username/pass is incorrect.  I want to do this so that it doesn't refresh the page.

<?php
  define("_VALID_PHP", true);
  require_once("init.php");
  
  if ($user->logged_in)
      redirect_to("/client/dashboard");
	  
	  
  if (isset($_POST['doLogin']))
      : $result = $user->login($_POST['username'], $_POST['password']);
  
  /* Login Successful */
  if ($result)
      : redirect_to("/client/dashboard");
  endif;
  endif;
?>
<?php include("header.php");?>
<div id="msgholder-alt"><?php print $core->showMsg;?></div>
    <div class="box">
      <form action="" method="post" id="login_form" name="login_form">
        <table width="100%" border="0" cellpadding="3" cellspacing="0" class="display">
          <tr>
            <th width="200"><strong>Username:</strong></th>
            <td><input name="username" type="text" size="45" maxlength="20" class="inputbox" /></td>
          </tr>
          <tr>
            <th><strong>Password:</strong></th>
            <td><input name="password" type="password" size="45" maxlength="20" class="inputbox" /></td>
          </tr>
          <tr>
            <td><input name="submit" value="Login Now" type="submit" class="button"/></td>
          </tr>
        </table>
        <input name="doLogin" type="hidden" value="1" />
      </form>
    </div>

Open in new window

0
Nathan Riley
Asked:
Nathan Riley
1 Solution
 
leakim971PluritechnicianCommented:
Put this in the head section of your page  :

<script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
<script type="text/javascript">
$(document).ready(function() {
    $("#logindropdown img").click(function() {
          var u = $("#logindropdown input[name='username']").val();
          var p = $("#logindropdown input[name='password']").val();
          $.post("simple_login_to_attack.php", {username:u, password:p}, function(result) {
              if(result=="ok") location.href = "/client/dashboard";
              else alert("bad login/password");
          });
    })
})
</script>

Open in new window


with simple_login_to_attack.php:
<?php
  define("_VALID_PHP", true);
  require_once("init.php");
  if ($user->logged_in) die("ok");
  $result = $user->login($_POST['username'], $_POST['password']);
  if ($result) die("ok");
  die("fail");
?>

Open in new window

0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now