Normal form submission (without AJAX)

Closed
Advanced Security - PHP Register/Login System Advanced Security - PHP Register/Login System August 12, 2018
Login to reply
Milos Stojanovic Support Agent
4 months ago
Closed due to inactivity.
Milos Stojanovic Support Agent
4 months ago

Hey,

You can create the form however you want, but you need to have the following things on your mind:

1) AS is designed to work with AJAX, so you will always get a JSON response from any default AS forms like login, register, etc. If you want to use your non-AJAX forms you will need to modify this behavior.

2) If a form has method="POST" attribute, then you need to provide a CSRF token too. You can find more info in CSRF Protection and Forms article.

3) Passwords are being hashed with the sha512 algorithm on the client side before they are being sent to the server. You can see the code inside "assets/js/app/login.js" file and other js files for forms with password input fields.

You can always remove this hashing on the client side and it is not required if you are using HTTPS. 

- Milos

Maxim Levtov
4 months ago

After some testing is seems hashing my inputted password does not return the correct hash when using my own login page. Why is this? I think its because when using AJAX it hash's it before it POSTS it. How do I do that? Do I need to client side hash if I'm using an SSL?

Maxim Levtov
4 months ago

This is at the top of my login page:


require dirname(__FILE__) . '/../ASEngine/AS.php';

if (app('login')->isLoggedIn()) {

    redirect('../index.php');

}

if (isset($_POST['testlogin'])) {

  app('login')->userLogin($_POST['username'], $_POST['password']);

}


And my form looks like this:

<form method="POST">

<input type="text" name="username">

<input type="password" name="password">

<button type="submit" name="testlogin">Login</button>

</form>


Is this the correct way to do it? If so why do I keep getting "{"status":"error","errors":{"username":"","password":"Wrong username\/password combination."}}". I am 100% sure the details are correct because I'm using the default admin login. "admin, admin123".

Maxim Levtov
4 months ago

Hey,

How would I go about submitting the login form without AJAX. I'm integrating my own login page and I don't want to use AJAX. Can you please give me an example of the HTML form. What would I put in the forms attributes?


Thanks!