Jump to content

[SOLVED] How does a user login if javascript disabled

AdRock

By AdRock
in Javascript Help

 Share

Recommended Posts

AdRock Advanced Member

AdRock

Posted
Posted

I have some ajax which uses a php file to check their details against the database and sends a message back to either tell the user they were successful or not. This is fair enough if the user has javascript enabled but what about users htat don't have javascript enabled?

 

How can i set my php so if the user has javascript disableded, they can still login?

 

This is the php for my ajax login

<?php

// Include the init file to connect to database,
// regsiter the sessions and include the functions 
include_once("includes/php/init.php");

// Include the validation classes
require_once('includes/php/validators/ValidateName.php');
require_once('includes/php/validators/ValidatePassword.php');	

$username = check_input(trim($_POST['username'])); //clean user input
$password = check_input(trim($_POST['password'])); //clean user input

$respType = '';
$respMsg = '';
$separator = ',';

// Try and get the salt from the database using the username
$query = "SELECT salt FROM users WHERE username='$username' OR email='$username' LIMIT 1";
$result = mysql_query($query);
$row = mysql_fetch_array($result);

// Using the salt, encrypt the given password to see if it 
// matches the one in the database
$encrypted_pass = md5(md5($password).$row['salt']);

// Try and get the user using the username or email and encrypted pass
$query = "SELECT user_id, username, email, user_level, activated FROM users WHERE (username='$username' OR email='$username') AND password='$encrypted_pass' LIMIT 1";
$result = mysql_query($query);
$row = mysql_fetch_array($result);
$numrows = mysql_num_rows($result);

// Assign the database values to vaariables
$user_id = $row['user_id'];
$username = $row['username'];
$email = $row['email'];
$user_level = $row['user_level'];
$active = $row['activated'];

// Now encrypt the data to be stored in the session
$encrypted_id = md5($row['user_id']);
$encrypted_name = md5($row['username']);
$encrypted_email = md5($row['email']);
$encrypted_user = md5($row['user_level']);

// If there is a record with the login credentials and the account is not activated
if (($numrows == 1) && ($active == 0)) 
{
$respType = 'error';
$respMsg = 'Account not activated.';
}
// Else if the account is active
else if ($numrows == 1)
{
// Update the last login field to current time and date
$query = "UPDATE users SET last_login=now() WHERE username='$username' LIMIT 1";
	$result = mysql_query($query);
// Store the data in the session
$_SESSION['user_id'] = $user_id;
$_SESSION['username'] = $username;
$_SESSION['email'] = $email;
$_SESSION['user_level'] = $user_level;
$_SESSION['encrypted_id'] = $encrypted_id;
$_SESSION['encrypted_name'] = $encrypted_name;
$_SESSION['encrypted_email'] = $encrypted_email;
$_SESSION['encrypted_user'] = $encrypted_user;

$respType = 'success';
$respMsg = '/usercpanel.php';
}
else {
$respType = 'error';
$respMsg = 'Could not verify your login information.';
}

header('Content-Type: text/plain');
print $respType;
print $separator;
print $respMsg;
?>

 

and this is my original page for logging in

 

<?php

function user_login($username, $password)
{
    // Try and get the salt from the database using the username
    $query = "SELECT salt FROM users WHERE username='$username' OR email='$username' LIMIT 1";
    $result = mysql_query($query);
    $row = mysql_fetch_array($result);

    // Using the salt, encrypt the given password to see if it 
    // matches the one in the database
    $encrypted_pass = md5(md5($password).$row['salt']);

    // Try and get the user using the username or email and encrypted pass
    $query = "SELECT user_id, username, email, user_level, activated FROM users WHERE (username='$username' OR email='$username') AND password='$encrypted_pass' LIMIT 1";
    $result = mysql_query($query);
    $row = mysql_fetch_array($result);
    $numrows = mysql_num_rows($result);

    // Assign the database values to vaariables
    $user_id = $row['user_id'];
    $username = $row['username'];
    $email = $row['email'];
    $user_level = $row['user_level'];
    $active = $row['activated'];

    // Now encrypt the data to be stored in the session
    $encrypted_id = md5($row['user_id']);
    $encrypted_name = md5($row['username']);
    $encrypted_email = md5($row['email']);
    $encrypted_user = md5($row['user_level']);

    // If there is a record with the login credentials and the account is not activated
    if (($numrows == 1) && ($active == 0)) 
    {
// Give the user a warning message
return '<b>Account not activated</b>';
    }
    // Else if the account is active
    else if ($numrows == 1)
    {
// Update the last login field to current time and date
$query = "UPDATE users SET last_login=now() WHERE username='$username' LIMIT 1";
    	$result = mysql_query($query);
// Store the data in the session
    	$_SESSION['user_id'] = $user_id;
    	$_SESSION['username'] = $username;
    	$_SESSION['email'] = $email;
    	$_SESSION['user_level'] = $user_level;
    	$_SESSION['encrypted_id'] = $encrypted_id;
    	$_SESSION['encrypted_name'] = $encrypted_name;
    	$_SESSION['encrypted_email'] = $encrypted_email;
    	$_SESSION['encrypted_user'] = $encrypted_user;
        return 'Correct';
    }
    else
    {
// If the login credentials didn't match any record in the database, return an error message to user
return '<b>Invalid account details</b>';
    }
}
    /**
    * login.php is the the page that takes validated values from a form, passing them
    * to the user_login function, to login to the website using sessions.
    */
    // The title of the page
    $title="Login to mycarshare";

    // Include the init file to connect to database,
    // regsiter the sessions and include the functions 
    include_once("includes/php/init.php");

    // If the user is logged in already , redirect them to their edit profile page
    if(is_authed_user() || is_authed_admin()) 
    {
header('Location: editprofile.php');
    }
    // Include the validation classes
    require_once('includes/php/validators/ValidateName.php');
    require_once('includes/php/validators/ValidatePassword.php');

    // Validate the form
    if(isset($_POST['login'])) {
/**
* Variables for checking the user's form values
* Each POST variable is made safe against SQL injection,
* trim any whitespace the user may have entered
  	*/
$username = check_input(trim($_POST['username']));
$password = check_input(trim($_POST['password']));

   	// A array to store errors
    	$errors = array();

    	// Collection of validators
    	$validators = array();

    	$validators[]=new ValidateName($username, "Username");
    	$validators[]=new ValidatePassword($password);

    	// Iterate over the validators, validating as we go
    	foreach($validators as $validator) {
    if (!$validator->isValid()) {
	while ( $error = $validator->fetch() ) {
                     $errors[]=$error;
            	}
            }
    	}
    	/**
* If there are no errors on the form, call the function to log the user in using the varaibles from the form.
* If the user was successfully logged in, redirect them to the login success page
* otherwise display an error for the user.
*/
if(empty($errors)){
    // Try and login with the given username & pass
    $result = user_login($username, $password);

    if ($result == 'Correct') {
    	header('Location: loginsuccess.php');
    }
    else {
    	$login_error = $result;
    }
}
    }

    //include the header html with menu etc
    require_once("header.inc.php");

    echo ( "<h2>Login to mycarshare.co.uk</h2><hr /> ");   

    /**
    * If there was an error loggin in, display the error message
    * Could be that the user doesn't exist in the database
    * the account has not been activated or they have entered
    * some invalid user details that do not match the database
    */
    if (isset($login_error)) { 
echo "There was an error: ".$login_error;
    }

    /**
    * If there are errors and the number of errors is greater than zero,
    * display a warning message to the user with a list of errors
    */
    if ( isset($errors) && count($errors) > 0 ) {
    	echo ( "<h2 class='errorhead'>There has been an error:</h2><p><b>You forgot to enter the following field(s)</b></p>" );
    	echo ( "<ul id='validation'>\n" );
    	foreach ( $errors as $error ) {
    	    echo ( "<li>".$error."</li>\n" );
    	}
echo ( "</ul>\n" );
    }
?>
<form id="registerForm" name="registerForm" action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="post">
    <fieldset>
<legend>Login</legend>
<p><label for="username">Username:</label>
    <input type="text" size="28" maxlength="30" name="username" title="Please enter a username"
    <?php if (isset($_POST['username'])) { ?> value="<?php echo $_POST['username']; ?>" <?php } ?>/>
</p>

     	<p><label for="Password">Password:</label>
    <input type="password" size="28" maxlength="15" name="password" title="Please enter a password" />
</p>

      	<p><label for="Submit"> </label>
    <input type="submit" name="login" class="sendbutton" value="Login" style="width: 105px" />
    <input type="reset" name="reset" class="sendbutton" value="Reset" style="width: 105px" />
    	</p>
    	<p><label for="forgot"> </label>
    <a class="two" href="forgotpassword.php">Forgotten Your Password?</a>
    	</p>
    </fieldset>
</form>
<?php
    // Include the footer html
    include_once("footer.inc.php");
?>

 

Is there a way of detecting if javascript is enabled and if so choose which php file to use or is there a better way?

Link to comment
Share on other sites
AdRock Advanced Member

AdRock

Posted
  • Author
Posted

I was thinking about <noscript> but i only came across it the other day.

 

If i had a the first part of the php script with <noscript> and the rest of it just normal code, would the javascript enabled browser ignore the code between the <noscript> tags?

 

If it will, i can add the whole script for javascript disabled browsers between the <noscript> tags and redirect back to home page after logging in, and have the javascript enabled browser do the rest

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.