Skip to content

@wilornel /1The errors on firebug
Created

Embed URL

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
The problem is not here, it is at the file: loginFunc.js
making ajaxRequest worked
GET http://localhost/businessWebsite/ServerUsers.php?usernameID=b 200 OK 48ms loginFunc.js (line 57)
GET http://localhost/businessWebsite/ServerUsers.php?usernameID=bo 200 OK 37ms loginFunc.js (line 57)
GET http://localhost/businessWebsite/ServerUsers.php?usernameID=bob 200 OK 36ms loginFunc.js (line 57)
GET http://localhost/businessWebsite/checkLogin.php?username=bob&pass=asd Aborted loginFunc.js (line 88)
expecting some query?username=bob&pass=asd loginFunc.js (line 89)
expecting not ok loginFunc.js (line 77)
making ajaxRequest worked
//If I go in browser and type in: localhost/checklogin.php?username=bob&pass=asd , the webpage returns "ok"
// Also, you can see that it reaches the echo "ok"; , since it also sets a new Session variable,
// the $_SESSION['userid']; And in login.php, the main page, the $_SESSION['userid']; shows up as bob!
//Keep scrolling to loginfunc.js
<?php
session_start();
$dbhost="localhost";
$dbuser="root";
$dbpass="";
$dbname="test";
//Connect to MySQL
mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname) or die(mysql_error());
$username = $_GET['username'];
$username = mysql_real_escape_string($username);
$password = $_GET['pass'];
//$query = "SELECT password, salt FROM bususers WHERE username ='$username';";
$query = "SELECT * FROM bususers WHERE username ='$username' and password='$password';";
$result = mysql_query($query);
if(mysql_num_rows($result) <1 ){
echo "no such user exist!";
die('error');
}
//$userData = mysql_fetch_array($result, MYSQL_ASSOC);
//$hash = hash('sha256', $userData['salt'] .hash('sha256', $password) );
//if($hash != $userData['password'])//incorrect
//{
//echo "ok";
$password = mysql_real_escape_string($password);
$query = "SELECT * FROM bususers WHERE username='$username' and password='$password'";
$qry_result = mysql_query($query) or die(mysql_error());
$qry_rows = mysql_num_rows($qry_result);
if($qry_rows == 1){
session_regenerate_id ();
$_SESSION['valid'] = 1;
$_SESSION['userid'] = $username;
echo "ok";
}
else
{
echo "not ok";
echo $username;
echo $password;
echo "-" .$query;
echo "-" .$qry_rows;
}
?>
<?php
session_start();
?>
<html>
<head>
<script src="loginFunc.js">
</script>
</head>
<body onload="ajax()">
Login:<form method="post" name="myForm" onsubmit="loginFunction()" method="post" >
Username:<input id="usernameID" type="text" name="username" onkeyup="usernameVer('usernameID','mySpan')";checkIfLog() /><span id="mySpan"></span><span id='mySpan2'></span></br>
Password:<input id="password" type="password" name="password" onkeyup="checkIfLog()" /><br>
<input id="submitLog" type="submit" name="logIn" value="logIn" disabled=true /><br>
<form/>
<p id="thisTest">Change This Text</p>
Register: <br>
<!-- <form name="regform" action="register.php" method="post" action="register.php"> -->
Username: <input type="text" name="usernameR" maxlenght="30" id='user1' onkeyup="usernameVer('user1','regSpan1')" /><span id="regSpan1"></span><br>
Password: <input type="password" name="passwordR1" id='pass1'/><br>
Confirm: &nbsp;&nbsp;&nbsp;<input type="password" name="passwordR2" onkeyup="if((event.keyCode||event.which) != 9){ confirmPass(); }" id='pass2'/><span id="confpass"></span><br>
<input type="submit" name="register" value="register" id="regbutton" disabled=true onclick="registerR()" /><br><span id="regspan"></span>
<!-- </form> -->
</body>
</html>
<!--
<html>
<head>
<script type="text/javascript">
function SomeJavaScriptCode() {
document.getElementById("mySpan").innerHTML = document.getElementById("fname").value.toUpperCase();
}
</script>
</head>
<body>
Enter your name: <input type="text" id="fname" onkeyup="SomeJavaScriptCode()" />
<br/>
<span id="mySpan"></span>
</body>
</html>
-->
// about on line 37, there is a ajaxRequest.responseText that has no value
var store_reguser;
var ajaxRequest;
/* in ajax() I am trying to assign a value to ajaxRequest
to make it possible to do ajax requests */
function ajax()
{
if (window.XMLHttpRequest)
{//Code for IE7+, Firefox, Chrome, Opera, Safari
ajaxRequest=new XMLHttpRequest();
console.log('making ajaxRequest worked');
}
else
{//code for IE6, IE5
ajaxRequest=new ActiveXObject("Microsoft.XMLHTTP");
}
}
/* What this function does is that it checks if the username and password correspond.
It is a simple login function.*/
if(ajaxRequeast=aslkdj){}
function loginFunction()
{
console.log('thefuncisexecuted');
ajaxRequest.onreadystatechange = function(){
if(ajaxRequest.readyState == 4)
{
if(ajaxRequest.responseText == "ok")
{
console.log('passwords match');
logintosite();
}
else
{
//***The error is here //Here
console.log ('expecting not ok ' +ajaxRequest);
document.getElementById('mySpan2').innerHTML = ajaxRequest.responseText;
}
}
}
//sending the username and password to the sever
var usernameID = document.getElementById('usernameID').value;
var password = document.getElementById('password').value;
var queryString2 = "?username=" +usernameID +"&pass=" +password;
ajaxRequest.open("GET", "checkLogin.php" +queryString2, true);
ajaxRequest.send(null);
console.log('you reached it');
}
/* Here, I am trying to see if the input is okay. I use in_ and out because there are two
different inputs ( register and login ) which use this function. I did this just because
of a recommendation on an IRC chat.
What the function does is that it sends the input
to ServerUsers to check if this username exists in the database.*/
function usernameVer(in_, out)
{
//function which will get data from server.
ajaxRequest.onreadystatechange = function()
{
if(ajaxRequest.readyState == 4)
{
var input = document.getElementById(in_).value;
if(input != "")
{
console.log('yeah: ' +ajaxRequest);
if(in_ == 'user1') // <-- If the input is the registration input
{
if(ajaxRequest.responseText == "cross")
// ^-- If the server response is a redcross, it means that the username does not exist in the database
{
console.log('response:' +ajaxRequest.responseText);
document.getElementById(out).innerHTML = "<img src='greencheck.png' height='20' width='20' />"
// ^-- So it is okay for the user to use that username for registration
//Ignore this, it is related to disabling/enabling the registration button
store_reguser = "nodisable";
if(store_regpass == "ok")
{
document.getElementById('regbutton').disabled = false;
}
}
if(ajaxRequest.responseText == "check")
// Same as above, but inverted. So if the username exists on the db, the person cannot register with that username...
{
console.log('expecting a username' +document.getElementById('user1').value);
document.getElementById(out).innerHTML = "<img src='redcross.png' height='20' width='20' />";
//Ignore this --v
store_reguser = "disable";
document.getElementById('regbutton').disabled = true;
}
}else{
if(ajaxRequest.responseText == "check"){
document.getElementById(out).innerHTML = "<img src='greencheck.png' height='20' width='20' />";
}else{
document.getElementById(out).innerHTML = "<img src='redcross.png' height='20' width='20' />";
}
}
}
else
{// If the input is empty, it disables the registration button...
document.getElementById('regbutton').disabled = true;
document.getElementById(out).innerHTML = "";
}
}
}
// Here, it sends the username to the server
var usernameID = document.getElementById(in_).value;
var queryString = "?usernameID=" +usernameID;
ajaxRequest.open("GET", "ServerUsers.php" +queryString, true);
ajaxRequest.send(null);
}
/* Here I check if the first password in the registration form is equal to the second one,
If they are not the same, there is a redcross appearing next to the input and the
registration button is disabled*/
var store_regpass;
function confirmPass(){
var pass1 = document.getElementById('pass1').value;
var pass2 = document.getElementById('pass2').value;
if(pass1 == pass2) // Pretty simple
{
var greencheck = "<img src='greencheck.png' height='20' width='20' />";
document.getElementById('confpass').innerHTML = greencheck;
document.getElementById('regbutton').disabled = false;
//Ignore this --v Trying to make the registration more user friendly
store_regpass = "ok";
console.log ('expecting a username ' +document.getElementById('user1').value);
if (store_reguser == "disable" || !store_reguser || store_reguser == "" || document.getElementById('user1').value == ""){
console.log ('store_reguser');
document.getElementById('regbutton').disabled = true;
}
}
else
{
//Ignore this
store_regpass = "not ok";
var redcross = "<img src='redcross.png' height='20' width='20' />";
//If the passwords do not match, there is a red cross...
document.getElementById('confpass').innerHTML = redcross;
document.getElementById('regbutton').disabled = true;
}
}
/* This function simply checks if the inputs in the login for are filled or not,
If they are filled, the user can try to log in. If they are not, the login
button is disabled. */
function checkIfLog(){
var user = document.getElementById('usernameID').value;
var pass = document.getElementById('password').value;
if(pass == "" || user == "")
{
document.getElementById('submitLog').disabled = true;
}
else
{
document.getElementById('submitLog').disabled = false;
}
}
/* This function is used to register a username and a password to a database. */
function registerR(){
ajaxRequest.onreadystatechange = function(){
if(ajaxRequest.readyState == 4){
if(ajaxRequest.responseText == "ok"){ //If the server return "ok", then the registration WORKED.
document.getElementById('regspan').innerHTML = "Registration was a success! You can now Log in.";
}
else{ //If it returns "not ok", the registration FAILED
document.getElementById('regspan').innerHTML = "Registration Failed.";
console.log('expecting a response other than "ok": ' +ajaxRequest.responseText);
}
}
}
//Sends the values username, password1, and password2 to the server.
var username = document.getElementById('user1').value;
var password1 = document.getElementById('pass1').value;
var password2 = document.getElementById('pass2').value;
var query = "?usernameR=" +username +"&passwordR1=" +password1 +"&passwordR2=" +password2;
ajaxRequest.open("GET", "register.php" +query, true);
ajaxRequest.send(null);
//console.log ('expecting a query' +"register.php" +query);
}
function logintosite(){
window.location = "loggedIn.php";
}
<?php
$dbhost="localhost";
$dbuser="root";
$dbpass="";
$dbname="test";
//Connect to MySQL
mysql_connect($dbhost, $dbuser, $dbpass);
//Select DB
mysql_select_db($dbname) or die(mysql_error());
//Retrieve data from query string
$username = $_GET['usernameID'];
$username = mysql_real_escape_string($username);
//build query
$query = "SELECT * FROM bususers WHERE username='$username'";
$qry_result = mysql_query($query) or die(mysql_error());
$qry_rows = mysql_num_rows($qry_result);
if($qry_rows == 1){
echo "check";
}
else{
echo "cross";
}
//echo date("H:i:s");
//echo "hi";
?>
-- phpMyAdmin SQL Dump
-- version 3.4.5
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Apr 12, 2012 at 04:38 PM
-- Server version: 5.5.16
-- PHP Version: 5.3.8
SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;
--
-- Database: `test`
--
-- --------------------------------------------------------
--
-- Table structure for table `busads`
--
CREATE TABLE IF NOT EXISTS `busads` (
`user` varchar(30) NOT NULL,
`itemname` varchar(100) NOT NULL,
`price` varchar(10) NOT NULL,
`description` varchar(600) NOT NULL,
`photo1` varchar(100) NOT NULL,
`photo2` varchar(100) NOT NULL,
`photo3` int(100) NOT NULL,
`views` int(8) NOT NULL,
`tags` varchar(600) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
-- --------------------------------------------------------
--
-- Table structure for table `buschats`
--
CREATE TABLE IF NOT EXISTS `buschats` (
`id` int(10) NOT NULL,
`from` varchar(30) NOT NULL,
`to` varchar(30) NOT NULL,
`chat` varchar(600) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
-- --------------------------------------------------------
--
-- Table structure for table `bususers`
--
CREATE TABLE IF NOT EXISTS `bususers` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(30) NOT NULL,
`password` varchar(64) NOT NULL,
`salt` varchar(3) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `username` (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=10 ;
--
-- Dumping data for table `bususers`
--
INSERT INTO `bususers` (`id`, `username`, `password`, `salt`) VALUES
(1, 'bob', 'asd', ''),
(2, 'asd', '', '450'),
(5, 'aaa', '1111', 'a6e'),
(6, '', 'a', '5ce'),
(7, 'someone', 'asd', '3e0'),
(8, 'someone1', 'asdasd', '7ad'),
(9, 'linkcool', 'sea', '9ec');
-- --------------------------------------------------------
--
-- Table structure for table `comments`
--
CREATE TABLE IF NOT EXISTS `comments` (
`id` int(200) NOT NULL,
`imgid` int(200) NOT NULL,
`username` varchar(20) NOT NULL,
`album` varchar(20) NOT NULL,
`filename` varchar(500) NOT NULL,
`time` varchar(255) NOT NULL,
`comment` varchar(1000) NOT NULL,
`commenter` varchar(20) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
--
-- Dumping data for table `comments`
--
INSERT INTO `comments` (`id`, `imgid`, `username`, `album`, `filename`, `time`, `comment`, `commenter`) VALUES
(1, 1, 'aaa', '', 'Anime_Warrior_by_chaotixwol.jpg', '1271297992', 'adasdad', 'aaa'),
(2, 1, 'aaa', '', 'Anime_Warrior_by_chaotixwol.jpg', '1271300246', 'asdsd', 'aaa'),
(3, 1, 'aaa', '', 'Anime_Warrior_by_chaotixwol.jpg', '1271649648', 'aaa', 'aaa'),
(4, 3, 'aaa', '', 'AnimeFemaleNinja.jpg', '1272228849', 'comment test', 'linkcool'),
(5, 3, 'aaa', '', 'AnimeFemaleNinja.jpg', '1272230285', 'comment', 'linkcool'),
(6, 3, 'aaa', '', 'AnimeFemaleNinja.jpg', '1272230314', 'asdasd', 'linkcool'),
(7, 3, 'aaa', '', 'AnimeFemaleNinja.jpg', '1272231660', 'asdasd', 'linkcool'),
(8, 3, 'aaa', '', 'AnimeFemaleNinja.jpg', '1272231691', 'asd', 'linkcool'),
(9, 3, 'aaa', '', 'AnimeFemaleNinja.jpg', '1272333012', 'asdsad', 'linkcool'),
(10, 3, 'aaa', '', 'AnimeFemaleNinja.jpg', '1272503480', 'yo aaa t fucking gay avec ta pic', 'linkcool111'),
(11, 3, 'aaa', '', 'AnimeFemaleNinja.jpg', '1272503499', 'wdf?? pk ? :(', 'aaa'),
(12, 3, 'aaa', '', 'AnimeFemaleNinja.jpg', '1272503533', 'ouais check tuf fais la baboune, c fif ca', 'linkcool111'),
(1, 1, 'aaa', '', 'Anime_Warrior_by_chaotixwol.jpg', '1271297992', 'adasdad', 'aaa'),
(2, 1, 'aaa', '', 'Anime_Warrior_by_chaotixwol.jpg', '1271300246', 'asdsd', 'aaa'),
(3, 1, 'aaa', '', 'Anime_Warrior_by_chaotixwol.jpg', '1271649648', 'aaa', 'aaa'),
(4, 3, 'aaa', '', 'AnimeFemaleNinja.jpg', '1272228849', 'comment test', 'linkcool'),
(5, 3, 'aaa', '', 'AnimeFemaleNinja.jpg', '1272230285', 'comment', 'linkcool'),
(6, 3, 'aaa', '', 'AnimeFemaleNinja.jpg', '1272230314', 'asdasd', 'linkcool'),
(7, 3, 'aaa', '', 'AnimeFemaleNinja.jpg', '1272231660', 'asdasd', 'linkcool'),
(8, 3, 'aaa', '', 'AnimeFemaleNinja.jpg', '1272231691', 'asd', 'linkcool'),
(9, 3, 'aaa', '', 'AnimeFemaleNinja.jpg', '1272333012', 'asdsad', 'linkcool'),
(10, 3, 'aaa', '', 'AnimeFemaleNinja.jpg', '1272503480', 'yo aaa t fucking gay avec ta pic', 'linkcool111'),
(11, 3, 'aaa', '', 'AnimeFemaleNinja.jpg', '1272503499', 'wdf?? pk ? :(', 'aaa'),
(12, 3, 'aaa', '', 'AnimeFemaleNinja.jpg', '1272503533', 'ouais check tuf fais la baboune, c fif ca', 'linkcool111'),
(13, 5, 'aaa', '', 'toumajx2[1].jpg', '1328613531', 'oh hi', 'aaa');
-- --------------------------------------------------------
--
-- Table structure for table `friends`
--
CREATE TABLE IF NOT EXISTS `friends` (
`id` varchar(10) NOT NULL,
`friend1` varchar(20) NOT NULL,
`friend2` varchar(20) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
--
-- Dumping data for table `friends`
--
INSERT INTO `friends` (`id`, `friend1`, `friend2`) VALUES
('1', 'linkcool111', 'linkcool'),
('1', 'linkcool', 'linkcool111'),
('2', 'linkcool', 'linkcool'),
('2', 'linkcool', 'linkcool'),
('3', 'aaa', 'linkcool'),
('3', 'linkcool', 'aaa'),
('4', 'linkcool111', 'aaa'),
('4', 'aaa', 'linkcool111'),
('5', 'linkcool', 'linkcool111'),
('5', 'linkcool111', 'linkcool'),
('6', 'aaa', 'abc'),
('6', 'abc', 'aaa'),
('7', 'bob', 'aaa'),
('7', 'aaa', 'bob'),
('8', 'linkcool', 'bob'),
('8', 'bob', 'linkcool'),
('9', 'linkcool111', 'bob'),
('9', 'bob', 'linkcool111'),
('10', 'linkcool111', 'linkcool111'),
('10', 'linkcool111', 'linkcool111');
-- --------------------------------------------------------
--
-- Table structure for table `images`
--
CREATE TABLE IF NOT EXISTS `images` (
`id` int(20) NOT NULL,
`username` varchar(20) NOT NULL,
`number` varchar(20) NOT NULL,
`albumnum` int(20) NOT NULL,
`filename` varchar(500) NOT NULL,
`divideN` varchar(20) NOT NULL,
`rwidth` varchar(10) NOT NULL,
`rheight` varchar(10) NOT NULL,
`description` varchar(500) NOT NULL,
`album` varchar(20) NOT NULL,
`slash` varchar(1) NOT NULL,
`privacy` varchar(7) NOT NULL,
`password` varchar(20) NOT NULL,
`thumbup` varchar(20) NOT NULL,
`thumbdown` varchar(20) NOT NULL,
PRIMARY KEY (`username`,`number`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
--
-- Dumping data for table `images`
--
INSERT INTO `images` (`id`, `username`, `number`, `albumnum`, `filename`, `divideN`, `rwidth`, `rheight`, `description`, `album`, `slash`, `privacy`, `password`, `thumbup`, `thumbdown`) VALUES
(5, 'aaa', '4', 4, 'toumajx2[1].jpg', '12', '600', '600', '', '', '', 'public', '', '', ''),
(4, 'linkcool111', '1', 1, 'ShadowWarrior_RpChar.jpg', '16', '560', '800', '', '', '', 'private', '', '', ''),
(3, 'aaa', '3', 3, 'AnimeFemaleNinja.jpg', '8', '400', '320', 'None', '', '', 'private', 'abcd', '', ''),
(2, 'aaa', '2', 2, 'Metal_Angel.jpg', '22.26', '700', '1113', '', '', '', 'private', '', '', ''),
(1, 'aaa', '1', 1, 'Anime_Warrior_by_chaotixwol.jpg', '8.74', '339', '437', 'this is some cool guy', '', '', 'private', '', '', ''),
(6, 'aaa', '5', 1, 'Alyssa Photo profil.jpg', '60', '3000', '3000', 'Alyssa', 'Family', '/', 'private', '', '', '');
-- --------------------------------------------------------
--
-- Table structure for table `inbox`
--
CREATE TABLE IF NOT EXISTS `inbox` (
`id` varchar(20000) NOT NULL,
`1from1` varchar(20) NOT NULL,
`message` varchar(1000) NOT NULL,
`1to1` varchar(20) NOT NULL,
`date` varchar(20) NOT NULL,
`viewed` varchar(3) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
--
-- Dumping data for table `inbox`
--
INSERT INTO `inbox` (`id`, `1from1`, `message`, `1to1`, `date`, `viewed`) VALUES
('3', 'linkcool', 'poop', 'aaa', '27/04/2010', 'yes');
-- --------------------------------------------------------
--
-- Table structure for table `requests`
--
CREATE TABLE IF NOT EXISTS `requests` (
`id` varchar(10) NOT NULL,
`requester` varchar(20) NOT NULL,
`token` varchar(20) NOT NULL,
`friend` varchar(20) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
--
-- Dumping data for table `requests`
--
INSERT INTO `requests` (`id`, `requester`, `token`, `friend`) VALUES
('0', 'aaa', '29154465929856565743', 'someoneee'),
('0', 'aaa', '23766617836635410106', 'mimigou'),
('1', 'bob', '73781056125419316106', 'abc'),
('1', 'bob', '58222144478756810651', 'mimigou'),
('1', 'bob', '71565925976762310101', 'someoneee');
-- --------------------------------------------------------
--
-- Table structure for table `users`
--
CREATE TABLE IF NOT EXISTS `users` (
`username` varchar(20) NOT NULL,
`password` varchar(50) NOT NULL,
PRIMARY KEY (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
--
-- Dumping data for table `users`
--
INSERT INTO `users` (`username`, `password`) VALUES
('aaa', '698d51a19d8a121ce581499d7b701668'),
('abc', '900150983cd24fb0d6963f7d28e17f72'),
('bob', '202cb962ac59075b964b07152d234b70'),
('linkcool', 'ebca02fd60cd49baecfa4df0077dcd88'),
('linkcool111', '47bce5c74f589f4867dbd57e9ca9f808'),
('mimigou', 'd59f13de6760749a6b319f6f4f80e3b8'),
('someoneee', 'd41d8cd98f00b204e9800998ecf8427e');
-- --------------------------------------------------------
--
-- Table structure for table `vote`
--
CREATE TABLE IF NOT EXISTS `vote` (
`user` varchar(100) NOT NULL,
`id` int(7) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
--
-- Dumping data for table `vote`
--
INSERT INTO `vote` (`user`, `id`) VALUES
('aaa', 5),
('abc', 36);
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.