Hi all,
I have a really annoying problem with php and ajax. I wrote out an ajax engine for a dynamic login using help from w3schools.

The web page basically send the username/pass to the engine, the engine calls a php page to run the login check against the db and if it returns 1 row then it means a successful login or else it means a failed login. Hope you are with me so far...

Anyway, the code for the engine is as follows:

Code:

var xmlHttp;

function checklogin(user,pass,element)
{
    temp = element; //declare global

    //no header request functionality
    xmlHttp=GetXmlHttpObject()
    if (xmlHttp==null){
        alert ("Sorry, your browser does not support HTTP Request. Exiting function.");
        return;
    } 

    var url="ajax/" + element + ".php"; //use dynamic file
    url=url+"?u="+user; //val user
    url=url+"&p="+pass; //val pass
    url=url+"&sid="+Math.random(); //id for ajax
    xmlHttp.onreadystatechange=stateChanged;
    xmlHttp.open("GET",url,true);
    xmlHttp.send(null);
}

function stateChanged(){ 
    if (xmlHttp.readyState==4 || xmlHttp.readyState=="complete")
        document.getElementById(temp).innerHTML=xmlHttp.responseText; //dynamic write
} 

function GetXmlHttpObject(){ 
    var objXMLHttp=null
    
    if (window.XMLHttpRequest)
        objXMLHttp=new XMLHttpRequest()
    else if (window.ActiveXObject)
        objXMLHttp=new ActiveXObject("Microsoft.XMLHTTP")
    return objXMLHttp
}

As you can see, im passing the username, the password and the span field where the msg will be displayed if the login is succesful or not. The name of the php page is the same as this field ID too. Problem is, i can get the field to display 'failed', 'success' or whatever when the check is done, but i cannot bloody get the page to redirect if successful! The way i see it is the http request is only sending the data to the field but not executing it. I have tried all JS scripts like 'location.href', 'location.reload' and all the rest but with no success. When i try to do a 'header(location...' using the php page if a row is found, it loads the page into the existing page!!!! arrrrggghh! This is the same for all other php redirect types. One more interesting thing is the in the php page, i cannot set session variables! Why is that?

here is the php processing page..

Code:

<?
    ob_start();
    include "../config/global.php";

    $user = mysql_real_escape_string($_GET['u']);
    $pass = mysql_real_escape_string(md5($_GET['p']));
    $sql = "select * from tbl_users u where u.user_name = '$user' and u.password = '$pass'";

    $row = mysql_query($sql) or die("Query failed!");

    if(mysql_num_rows($row) == 1)
    {
        $result = mysql_fetch_array($row);
        if ($result['enable'] == "Y" || $result['enable'] == "y") // is user is active
        {
            $_SESSION['user_id'] = $result['user_id'];
            $_SESSION['site_id'] = $result['site_id'];
            $_SESSION['user_name'] = $result['user_name'];
            $_SESSION['user_category'] = $result['user_category'];
            header("Location: http://redev.localhost");
        }
        else
        {
            echo "no";
        }
    }
    else
    {
        echo "failure";
    }
    
    unset($user,$row,$pass);
?>

Please help me out with this one, it's killin' me. Thanks in advance guys.

OK lets clear some things up for you.

AJAX works similar to RCP (remote procedure calls) so when AJAX calls your php daemon it expects a response.

Now your php daemon is actually trying to be a controller which in this enviroment it simply cannot do (I'll even go as far as to state that your session vars will not be set either). This means you cannot redircet from your daemon or set vars that youn would expect to be available on your front end php site.

What you need to do
Return from your login check (true or false) and within your javascript AJAX code catch this response and parse your html entity as needed.

So

Code:

if(xmlHttp.responseText == "true"){
  document.getElementById(temp).innerHTML = "whatever"; 
}else{
   window.location = "http://redev.localhost"
}

Of course as I mentioned the chances of your sessions been set (unless you return them to AJAX which then sets them again) will be very slim if any at all (in fact i'm sure of it). So you will always need to login.

You can get all this passed back to your AJAX code to chop up and reset using Jscript which should appear seemless but you wont be able to do it from your php daemon.

Ibbo

Wow, thankyou for the insight ibbo... You learn something new everyday!
I knew that there was something about the ajax sessions vs. php sessions but i couldn't pinpoint it.
Thankyou very much for your help.
Cheers!