help with sendrequest and php

tomagucci

Hi all, well I am trying to debug some php that I purchased and am running into a little bit of a snag. I am trying to figure out how sendrequest works but am having a very hard time.

So here is the situation, there is a small login form, this is just to check the validity of the username/pw entered. So after the form is filled out onSubmit it runs a js function to check the entered fields. Here is the js function that is called.

<script type="text/javascript">

         function chk_minilogin(frm)
         {

            document.getElementById('err_miniusername').innerHTML = "";
            document.getElementById('err_minipassword').innerHTML = "";
            if(frm.username.value.search(/\S/)==-1)
            {
               document.getElementById('err_miniusername').innerHTML = "Please enter username";
               frm.username.focus();
               return false;
            }
            if(frm.password.value.search(/\S/)==-1)
            {
               document.getElementById('err_minipassword').innerHTML = "Please enter your password";
               frm.password.focus();
               return false;
            }
            frm.mode.value = 'check_login';
            sendRequest('check_login.php','mode=check_login&username='+frm.username.value+'&password='+frm.password.value,'POST');
            return false;
         }
      </script>

So this is all pretty straight forward. I get really lost at the check_php.login which looks like this

<?php include("includes/config.php");
    if(isset($_REQUEST['mode'])&&($_REQUEST['mode']=='check_login'))
    {
       $chkmailRS = mysql_query("SELECT * FROM ".USER." WHERE username = '".$_REQUEST['username']."'");
       if(mysql_num_rows($chkmailRS)>0)
       {
          $chkmailROW = mysql_fetch_array($chkmailRS);
          if($chkmailROW['guest']=='Y')
          {
             echo "Invalid Username/Password";
             echo "^4";
          }
          else
          {
             if($chkmailROW['password']==$_REQUEST['password'])
             {
                setcookie("cakeuserId" , $chkmailROW['userId'],time()+1800);
                setcookie("cakeusername" , $_REQUEST['username'],time()+1800);
                echo "^5";
             }
             else
             {
                echo "Invalid Username/Password";
                echo "^4";
             }
          }
       }
       else
       {
          echo "Invalid Username/Password";
          echo "^4";
       }
    }
    ?>

this is still pretty straight forward. Where I get lost is at the echo parts. I dont understand what echo "^5" is. What happens after the user logs in with the correct username is that it takes them back to index.php which I dont want. I want it to just refresh the same page. I guess ⁴ just does nothing and if I enter in any other values for where the echo is, nothing happens as well. I dont understand how sendrequest is interpreting the ⁵ or ⁴ values. Is this specific to something? I have an action on the form and just to test it out I set it to redirect to google but thats completely overlooked when the form is submitted. So yeah if anyone could shed some light on this situation that would be great. I have been lost for like 5 hrs.

thanks,
Chris

NogDog

One possibility is that nothing is done with those echoed values, and all that matters is that those cookies get set. 😕

bradgrafelman

Also note that the code you posted is vulnerable to SQL injection attacks and/or just plain SQL errors. User-supplied data should never be placed directly into a SQL query string. Instead, it must first be sanitized with a function such as [man]mysql_real_escape_string/man (for string data).

tomagucci

yeah I figured as much about the sql injection. From my limited knowledge of php I have come to understand that I made a mistake in going with the people I did. I will add the escape string function in. But about the php, the echo seems to serve a purpose bec if its ^5, it will direct it back to the index page, but if its ⁴ the js function will be run again, I tested it with an alert function in there. Is there a better way to do this? I dont even understand how the "Invalid username/pw" shows up. It echos that string but I dont see how it is implemented into the script. I mean the document.getelementbyid("err_miniusername").innerHTML is the error div and later on the text will show up where the err_miniusername is, but I really dont understand how or why.

tomagucci

its weird because in the php I cant put like header("Location......") either, it does nothing. Which really confuses me and I dont understand why. Is it because its using sendrequest and therefore it cant modify the current page? Im so lost, cant figure out any of this. Also would just adding this be enough to prevent the sql injection? Sorry I really am totally new to php and web development. Lol thats why I bought this site. and im pretty sorry I did.

<?php include("includes/config.php");
if(isset($_REQUEST['mode'])&&($_REQUEST['mode']=='check_login'))
{
	stripslashes('username');
	stripslashes('password');
	mysql_real_escape_string('username');
	mysql_real_escape_string('password');
	$chkmailRS = mysql_query("SELECT * FROM ".USER." WHERE username = '".$_REQUEST['username']."'");
	if(mysql_num_rows($chkmailRS)>0)
	{
		$chkmailROW = mysql_fetch_array($chkmailRS);
		if($chkmailROW['guest']=='Y')
		{
			echo "Invalid Username/Password";
			echo "^4";
		}
		else
		{
			if($chkmailROW['password']==$_REQUEST['password'])
			{
				setcookie("cakeuserId" , $chkmailROW['userId'],time()+1800);
				setcookie("cakeusername" , $_REQUEST['username'],time()+1800);

			echo "^5";

		}
		else
		{
			echo "Invalid Username/Password";
			echo "^4";
		}
	}
}
else
{
	echo "Invalid Username/Password";
	echo "^4";
}
}
?>

aks_it

I think this is ajax posting, sendrequest function post the form and then its callback function do the rest of work. Any library r u using for this. please paste the sendReq and ajax callback function for more information

aks_it

Since this is ajax request thats why your header("location ") doesn't work.

tomagucci

haha yeah actually thats right. I found the ajax response. is that the right use of mysql_real_escape_string?

aks_it

yeah, you can use mysql_real_escape_string , addslashes.

But in my opinion you should use any database abstraction layer instead of writing query directly.