I want to create a dynamic login on my website using ajax (with jquery). Now everything is done, and everything works well. My problem is, that i dont know, if everything works secure (enough) to use it, like it's now.
My ajax script:
//LOGIN
$(function(){
var mail;
var password;
$("body").on("click", ".sign-in", function(event){
mail = $('#login-mail').val();
password = $('#login-password').val();
//ajax
$.ajax({
type: "POST",
async: true,
url: '/index.php',
data: { 'mail': mail,'password': password},
success: function (msg)
{
if($(msg).filter('.logged-in').html() == 'success'){
window.location.replace('/timeline.php')
}else{
$('input').css('border','0.1rem solid #EB5757');
$('.login-failed').html('Falsche E-Mail oder / und Passwort !');
}
},
error: function (err)
{ alert(err.responseText)}
});
});
});
The logic behind this: Ajax sends the user and pass to a PhP page:
if(isset($_POST["mail"]) && isset($_POST["password"])){
//$mU->hashPassword($_POST['password']);
if($mU->loginUser($_POST["mail"],$_POST["password"]) == true)
echo '<div class="logged-in">success</div>';
}
$mU->loginUser($_POST["mail"],$_POST["password"]) == true when true, everything is fine. Then the Script "echos" success. In my ajax success function, jquery checks the content of the div.
I hope you know what i mean, because its very hard to explain my "problem". Is my Script secure ? What can I do better (security) ?
Aucun commentaire:
Enregistrer un commentaire