Member Avatar for nickles
nickles 13 Newbie Poster

Hi,
I've built a login box that uses ajax to verify a user's account. If something is wrong (ie. password and username don't match) it spits an error message out underneath the password field. I have two questions:
1. How can I get the box to resize automatically to fit the text output?
2. Am I doing this properly (positioning the box/sizing the box/using proper techniques)?
Thanks

login.php

<?PHP

include("include/session.php");
global $session;

if($session->logged_in == true || $session->checkCookie() == true)
{
	header('Location: main.php');
	exit;
}
?>
<html>
	<head>
		<style type="text/css"></style>
		<title>Signifer Login</title>
		<script type="text/javascript" src="ajax/login.js"></script>
	</head>

	<body>
		<div id="container" style="position: absolute; top: 50%; 
						margin-top: -175px; left: 0; width: 100%;">
			<div id="login" style="text-align: center; width: 300px;
						border: 1px solid black; margin-left: auto;
						margin-right: auto;	height: 100px;">
				Login below or <a href="register.php">Register</a><br />
				<form id="loginForm" method="POST" action="loginValidator.php" name="loginForm">
				Username: <input type="text" name="user" maxlength="30" /><br />
				Password: <input type="password" name="pass" maxlength="30" /><br />
				<div id="status" style="font-weight: bold; color: red;"></div>
				Remember Me: <input type="checkbox" name="remember"/>
				<input type="button" value="Login" onclick="submitForm(document.getElementById('loginForm'),'loginValidator.php','status')" />
				</form>
			</div>
		</div>
	<div>
</html>

login.js

function getXMLHTTPObject()
{
	var xmlHttp=null;
	try
	{
		//Most Browsers
		xmlHttp=new XMLHttpRequest();
	}
	catch (e)
	{
		//Internet Explorer
		try
		{
			xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
		}
		catch (e)
		{
			xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
		}
	}
	return xmlHttp;
}

function processajax(serverPage, obj, getOrPost, str)
{
	xmlhttp = getXMLHTTPObject();
	if (getOrPost == "get")
	{
		xmlhttp.open("GET", serverPage);
		xmlhttp.onreadystatechange = function()
		{
			if (xmlhttp.readyState == 4 && xmlhttp.status == 200)
			{
				obj.innerHTML = xmlhttp.responseText;
			}
		}
		xmlhttp.send(null);
	}
	else
	{
		xmlhttp.open("POST", serverPage, true);
		xmlhttp.setRequestHeader("Content-Type","application/x-www-form-urlencoded; charset=UTF-8");
		xmlhttp.onreadystatechange = function()
		{
			if (xmlhttp.readyState == 4 && xmlhttp.status == 200)
			{
				obj.innerHTML = xmlhttp.responseText;
			}
		}
		xmlhttp.send(str);
	}
}

function submitForm(theform, serverPage, objID)
{
	var file = serverPage;
	var username = document.forms[0].elements[0].value;
	var password = document.forms[0].elements[1].value;
	var remember = document.forms[0].elements[2].value;
	var str = str = "username=" + escape(username) + "&password=" + escape(password) + "&remember=" + escape(remember);
	
	obj = document.getElementById(objID);
	processajax (serverPage,obj,"post",str);
}

loginValidator.php

<?PHP
require_once("include/Database.php");
require_once("include/Session.php");

function validLogin($user, $pass)
{
	global $database;
	
	$query = "SELECT User_Id FROM ".TBL_USERS." WHERE Login_Name = '$user' and Password = '$pass'";
	
	$result = $database->query($query) or die(mysql_error());
	if (!$result || mysql_num_rows($result)!=1)
	{
		return false;
	}

	return true;
}

function login()
{
	if(!$_POST['username'] || strlen(trim($_POST['username'])) == 0)
	{
		echo "No username entered.";
		exit;
	}
	
	if(!$_POST['password'] || strlen(trim($_POST['password'])) == 0)
	{
		echo "No password entered.";
		exit;
	}
	
	global $database,$session;
	
	$ipaddress = $_SERVER['REMOTE_ADDR'];
	
	$username = mysql_real_escape_string($_POST['username']);
	$password = mysql_real_escape_string($_POST['password']);
	
	if(validLogin($username,$password) == false)
	{
		$database->addLoginAttempt($username, $ipaddress, false);
		echo 'Username/Password was incorrect. Please try again or <a href="register.php">register</a>.';
		exit;
	}
	else if($database->isBanned($username))
	{
		$database->addLoginAttempt($username, $ipaddress, false);
		echo "Your username is banned.";
		exit;
	}
	else if($database->isBanned($_SERVER['REMOTE_ADDR']))
	{
		$database->addLoginAttempt($username, $ipaddress, false);
		echo "Your IP Address is banned.";
		exit;
	}
	
	$remember = false;
	if($_POST['remember'] && $_POST['remember'] == 1)
	{
		$remember = true;
	}
	
	$session->login($username, $remember);
	return true;
}

if(login())
{
	header('Location: main.php');
}
?>
  • 1 Contributor
  • 0 Replies
  • 69 Views
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.