My JS Code(Just example, maybe there is some syntax error)
$(document).on('click','#btnEdit',function(e){
var id = $("#inp_id").val(), ps = $("#inp_ps");
$.ajax({
type: 'POST',
url: 'http://example.php',
data: {act:'#LogIn',id:id,ps:ps},
success: function(response){
if($.trim(response) === "success"){
alert("Login Successful");
}
else{
alert("Invalid ID or Password");
}
}
});
});
Inside the php
if($_POST[act] == "#LogIn"){
$userid = Encrypt($_POST[id],$key1);
$userps = hashPS($_POST[ps],$salt);
//query...
if(result > 0){
$_SESSION['id'] = Encrypt($userid,$key2);
$_SESSION['token'] = //random code;
}
}
My question:
Is there any way to make the code secure? Because i think the attackers can just write their own script and send data to the php for getting and id.
Or maybe it is just a bad idea using ajax to login and register.