Its an AJAX login script
HTML:
<form class="ajax-submit" method="POST" action="https://example.com/api/accounts">
<div class="form-group">
<input type="text" class="form-control" name="uname" placeholder="Username or Email" value="">
</div>
<div class="form-group">
<input type="password" class="form-control" name="password" placeholder="Password" value="">
</div>
<div class="form-group">
<button class="btn btn-primary btn-block" type="submit">
Login
</button>
</div>
</form>
Nothing interesting here really, its just a form that gets submitted over AJAX.
This is the action file (https://example.com/api/accounts):
if($DB->AuthUser($email, $password)){
$success = true;
}else{
$success = false;
}
if($success){
$json->success = true;
$json->redirect = "https://example.com/?in-development";
}else{
$json->success = false;
$json->messages->password = "Wrong email or password";
}
As you can see, the session data is set in the DB class ($DB->AuthUser function) which is a third file (don't know if this can cause something).
public function AuthUser($field, $password)
{
session_start();
$stmt = $this->conn->prepare("SELECT * FROM user_profiles WHERE (`email` = ? OR `username` = ?) LIMIT 1");
$stmt->execute(array($field, $field));
$row = $stmt->fetch();
if(empty($row))
{
return false;
}
if(password_verify($password, $row['password'])){
//set session data
$_SESSION['user'] = $row;
return true;
}else{
return false;
}
}
Here is the JS:
var formData = new FormData(this);
$.ajax({
url: $(this).attr('action'),
type: 'POST',
data: formData,
cache: false,
processData: false,
contentType: false,
dataType: 'json',
success: (function( data ) { ... }
Everything works, except session data not saving over the request (it does save without the AJAX request, but I don't want to drop it)