Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: best practice login (secure data) via ajax - POST JSON AJAX

  1. #1
    Join Date
    Jan 2012
    Posts
    74
    Thanks
    10
    Thanked 0 Times in 0 Posts

    Default best practice login (secure data) via ajax - POST JSON AJAX

    best practice login (secure data) via ajax - IS IT POST JSON AJAX?

    To submit via JavaScript plain - not jQuery... ajax JSON request to the server type=POST(secure log in request) required web form?

    how do it without a web form ... where put the JSON sent string var and by how/what get in php?

    ajax3.send(jsonStringhere); // ??? how get the in php??? WHAT $_get["what is here in post ajax no web form"]

    Code:
    function loginProcess() {
    var userID = document.getElementById( "name" ).value;
    var email = document.getElementById( "email" ).value;
    var password = document.getElementById( "password" ).value;
    
    ajax3 = new XMLHttpRequest();
    
    //1st way
    ajax3.open("GET","loginProcess.php?userID="+userID+"&email="+email+"&password="+password,false); 
    ajax3.addEventListener("readystatechange", processResponse, true); 
    ajax3.send();
    
    changeDisplay("loginRegisterDiv");
    
    
    //2nd way JSON post type here
    
    //???
    
    }
    Last edited by lse123; 01-01-2013 at 09:39 AM.

  2. #2
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 517 Times in 503 Posts
    Blog Entries
    5

    Default

    First off, **nothing** will be secure without an ssl connection. There's no point in trying.

    Once you're secure, it's very straightforward: compose your data (wherever you get it from, be it a form or something else) in javascript, stringify it into a JSON string, and then send a POST request via ajax. The JSON string will be available to PHP in the $_POST variable.

    Using GET will work also, but a login request "changes state" of the web app, so POST is the appropriate method to send it.

  3. #3
    Join Date
    Jan 2012
    Posts
    74
    Thanks
    10
    Thanked 0 Times in 0 Posts

    Default

    yes, thanks but to send the stringfied json eg called strJSON , what ajax statement use for post request?

    this is correct: ajax3.send(strJSON); // if yes how get(the post) with php...?
    i need one statement in js and one in php... send and get respectively...
    btw ... how thank a reply?

  4. #4
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 517 Times in 503 Posts
    Blog Entries
    5

    Default

    What you're doing now should work just fine (the results will be in PHP's $_GET superglobal). This is a good basic example for post requests - it's very similar, except that you need to set a request header, and you pass the parameters differently.

    for example, an easy way to create a JSON string is to simply stringify a plain JS object:
    Code:
    var myobj = {  name:'Joe Somebody',email:'email@example.com' };
    
    var jsonstring = JSON.stringify( myobj );
    However, this seems to be an extra step. You'll need to use json_decode() on the PHP side to read the info. Is there any reason you do not want to post the key : value pairs normally?

    To "thank" someone, click the "Thanks" button at the bottom of the post.

  5. #5
    Join Date
    Jan 2012
    Posts
    74
    Thanks
    10
    Thanked 0 Times in 0 Posts

    Default ARE THEY BOTH $_POST["name"]; // to access the first var, both, in individual and in

    when use in php: json_decode(hereWhatVariableToInsert)
    what var to insert... how is represented in php the post var i am sending...in the two cases of js below

    ARE THEY BOTH $_POST["name"]; // to access the first var, both, in individual and in JSON???

    first no JSON

    var parameters="name="+namevalue+"&age="+agevalue
    mypostrequest.open("POST", "basicform.php", true)
    mypostrequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
    mypostrequest.send(parameters)

    second JSON

    var myobj = { name:'Joe Somebody',email:'email@example.com' };
    var jsonstring = JSON.stringify( myobj );
    mypostrequest.open("POST", "basicform.php", true)
    mypostrequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
    mypostrequest.send(jsonstring)



    Quote Originally Posted by traq View Post
    What you're doing now should work just fine (the results will be in PHP's $_GET superglobal). This is a good basic example for post requests - it's very similar, except that you need to set a request header, and you pass the parameters differently.

    for example, an easy way to create a JSON string is to simply stringify a plain JS object:
    Code:
    var myobj = {  name:'Joe Somebody',email:'email@example.com' };
    
    var jsonstring = JSON.stringify( myobj );
    However, this seems to be an extra step. You'll need to use json_decode() on the PHP side to read the info. Is there any reason you do not want to post the key : value pairs normally?

    To "thank" someone, click the "Thanks" button at the bottom of the post.
    Last edited by djr33; 12-30-2012 at 05:59 AM. Reason: fixed markup code

  6. #6
    Join Date
    Jan 2012
    Posts
    74
    Thanks
    10
    Thanked 0 Times in 0 Posts

    Default

    Content-type IN SECOND VERSION should be json mime?

  7. #7
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 517 Times in 503 Posts
    Blog Entries
    5

    Default

    Edit:

    On thing I forgot to mention - the example I linked to does not use semicolons to end each javascript statement (it simply uses newlines). This is very bad practice and can cause hard-to-track errors. You should always end statements with semicolons.

    in your second example, you're not giving the json string a name (key) - I'm not sure it would be accessible at all. You'd need to do
    Code:
    var postjson = 'jsonstring='+encodeURIComponent( jsonstring );
    mypostrequest.send( postjson );
    and then
    PHP Code:
    <?php
    $myarray 
    json_decode$_POST['jsonstring'] );

    print 
    $myarray['name'];
    print 
    $myarray['email'];
    //  etc...
    In your first example (non-JSON), you'd have access to the values directly in the POST superglobal:
    PHP Code:
    <?php
    print $_POST['name'];
    print 
    $_POST['email'];
    //  etc...
    The content-type should not be json, no. It should be application/x-www-form-urlencoded, as in the example I linked to.

    Have you been trying out your code? Are you getting the results you expect?

  8. #8
    Join Date
    Jan 2012
    Posts
    74
    Thanks
    10
    Thanked 0 Times in 0 Posts

    Default

    encodeURIComponent

    this needed for post requests... isn't only for get requests?

    i try now to make it...

    btw where is the THANK Button?

  9. #9
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 517 Times in 503 Posts
    Blog Entries
    5

    Default

    no, it's necessary for post as well (what would happen if one of your POST values had an unencoded ampersand in its value?

    the thanks button is on the grey bar directly below the post, on the left side.

  10. #10
    Join Date
    Jan 2012
    Posts
    74
    Thanks
    10
    Thanked 0 Times in 0 Posts

    Default

    ONLY FIRST WAY AJAX WORKS PHP GIVES TRUE THE OTHERS PHP GIVES FALSE...WELL?
    Code:
    function loginProcess() {
    var userID = document.getElementById( "name" ).value;
    var email = document.getElementById( "email" ).value;
    var password = document.getElementById( "password" ).value;
    
    ajax3 = new XMLHttpRequest();
    
    //1st way  GET NOT SECURE
    ajax3.open("GET","loginProcess.php?userID="+userID+"&email="+email+"&password="+password,false); 
    ajax3.addEventListener("readystatechange", processResponse, true); 
    ajax3.send();
    
    changeDisplay("loginRegisterDiv");
    
    
    //2nd way POST JSON   --  for secure really needed SSL
    /*var myobj = { "userID":userID,"email":email,"password":password }; // p454
    var jsonstring = JSON.stringify( myobj );
    var postjson = "jsonstring="+encodeURIComponent( jsonstring );
    
    ajax3.open("POST", "loginProcessJSON.php", true);
    ajax3.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
    ajax3.addEventListener("readystatechange", processResponse, true); 
    ajax3.send(postjson);
    
    changeDisplay("loginRegisterDiv");*/
    
    
    //3rd way POST plain   --  for secure really needed SSL
    
    /*var post1 = "userID="+userID+"&email="+email+"&password="+password;
    
    ajax3.open("POST", "loginProcess.php", true);
    ajax3.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
    ajax3.addEventListener("readystatechange", processResponse, true); 
    ajax3.send(post1);
    
    changeDisplay("loginRegisterDiv");*/
    }
    Code:
    <?php  // loginProcess.PHP
    session_start();  
    
    $_SESSION["userID"]="";
    
    $userID = $_REQUEST['userID'];
    $password = $_REQUEST['password'];
    $email = $_REQUEST['email'];
    
    if ($_GET['userID']=="logout") {
    	$_SESSION["userID"]="0000000000000000000000000000000";
    	return;
    }
    
    if ((isset($_GET['userID'])) && (isset($_GET['password'])) && (isset($_GET['email']))) 
    {
    
    if (($userID=="cust1") && ($password=="ju") && (($email=="9@es.com") || ($email=="9%40es.com"))) 
    {
    	$_SESSION["userID"]=$_GET['userID'];
    	echo "true";
    	return;
    } else {
    	echo "false";
    	return;
    }
    } else {
    	echo "false";
    	return;
    } 
    ?>
    Code:
    <?php  // loginProcessJSON.PHP
    session_start();  
    	//http://stackoverflow.com/questions/8517071/send-json-data-via-post-ajax-and-receive-json-response-from-controller-mvc
    	
    $yourJSONString = $_POST["jsonstring"];	
    
    $array = json_decode($yourJSONString, true);	
    
    $userID = $array['userID'];
    $password = $array['password'];
    $email = $array['email'];	
    	
    $_SESSION["userID"]="";
    
    if ($_GET['userID']=="logout") {
    	$_SESSION["userID"]="0000000000000000000000000000000";
    	return;
    }
    
    if ((isset($_GET['userID'])) && (isset($_GET['password'])) && (isset($_GET['email']))) 
    {
    
    if (($userID=="cust1") && ($password=="ju") && (($email=="9@es.com") || ($email=="9%40es.com"))) 
    {
    	$_SESSION["userID"]=$_GET['userID'];
    	echo "true";
    	return;
    } else {
    	echo "false";
    	return;
    }
    } else {
    	echo "false";
    	return;
    } 
    ?>

Similar Threads

  1. Resolved Getting two values from AJAX json array
    By auriaks in forum JavaScript
    Replies: 12
    Last Post: 04-13-2011, 10:38 PM
  2. Resolved Ajax/jQuery Post Data not working ?
    By bennyy007 in forum JavaScript
    Replies: 0
    Last Post: 08-10-2009, 02:20 PM
  3. Read out of tables with JSON and AJAX
    By DiNettio in forum Looking for such a script or service
    Replies: 1
    Last Post: 01-07-2009, 09:30 AM
  4. AJAX Routine and JSON
    By lgman in forum Dynamic Drive scripts help
    Replies: 0
    Last Post: 08-21-2007, 05:05 PM
  5. JSON and AJAX both mythical heroes??
    By shachi in forum The lounge
    Replies: 3
    Last Post: 08-13-2006, 07:30 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •