I have a button of type button within a form with method post and submit button. I want to upon clicking the button (not submit) to pass value of username input to php but it does not work what is the issue please help
Note : input username gets a value button retrieveQ is clicked and invokes the post method written in head then at the end of it getQuestion in php is called and value of user through a database is echo into innerhtml of another textbox
DATABASE and everything works fine I just want the $_POST['uname'] to get me the input of username box
<?php
include ('comp424.php');
session_start();
if(isset($_SESSION['users'])!="")
{
header("Location: home.php");
}
include_once 'comp424.php';
if(isset($_POST['btn-retrieveP']))
{
//SQL INJECTION
$uname = mysqli_real_escape_string($connection,strip_tags($_POST['username']));
$upass = mysqli_real_escape_string($connection,strip_tags($_POST['pass']));
$salt = '';
$key="ab01$%";
$res= mysqli_query($connection,"SELECT * FROM users WHERE username='$uname'");
$row=mysqli_fetch_array($res);
$salt = $row['salt'];
$hashPass = hash ('sha512', $salt . $key . $upass);
$count = mysqli_num_rows($res);
// if uname/pass correct it returns must be 1 row
if($count == 1 && $hashPass == $row['password'] )
{
if(isset($_POST["captcha"])&&$_POST["captcha"]!=""&&$_SESSION["code"]==$_POST["captcha"])
{
//Captcha code entered correctly
$_SESSION['user'] = $row['userid'];
header("Location: home.php");
}
else
{
?>
<script>alert('You have entered wrong captcha');</script>
<?php
}
}
else
{
?>
<script>alert('You have entered wrong username or password!');</script>
<?php
}
}
//php function to retrieve Question for the username
function getQuestion()
{
include ('comp424.php');
$unamePR = mysqli_real_escape_string($connection,strip_tags($_POST['username']));
global $question;
$question='sss';
$unamePR = mysqli_real_escape_string($connection,strip_tags($user));
$resPR= mysqli_query($connection,"SELECT * FROM users WHERE username='$unamePR'");
$rowPR=mysqli_fetch_array($resPR);
$countPR = mysqli_num_rows($resPR);
if ($countPR ==1){
$question = mysqli_fetch_array(mysqli_query($connection,"SELECT securityQuestion FROM users WHERE username='$unamePR'"));
$question = $question['securityQuestion'];
}else{
$question='No question is associated with the given Username!';
}
echo $_POST['uname'];
}
?>
<!DOCTYPE html >
<html >
<head>
<meta content="text/html; charset=utf-8" />
<title>Comp424 Password Retrieval</title>
<link rel="stylesheet" href="style.css" type="text/css" />
<script src="http://ift.tt/2eBd7UN"></script>
<script>
$(document).ready(function () {
$("#btn-retrieveQ").click(function () {
alert("ssss");
var username = $('#uname').val();
$.post("passwordRetrieval.php", {uname: username}, function(data){
alert("data sent and received: "+data);
});
document.getElementById("question").innerHTML= "<?php getQuestion(); ?> ";
});
});
</script>
</head>
<body>
<center>
<div id="login-form">
<form method="post">
<table align="center" width="50%" border="0">
<tr>
<td>
<input type="text" id="uname" name="uname" placeholder="Your Username" required />
</td>
</tr>
<tr>
<td>
<button id="btn-retrieveQ" type="button">Retrieve Question</button>
</td>
</tr>
<tr>
<td>
<p id="question">Type Your Username to Retrive Your Question</p>
</td>
</tr>
<tr>
<td>
<input type="text" name="answer" placeholder="Your Answer" />
</td>
</tr>
<tr>
<td>
<input type="password" name="pass" id="password" placeholder="Your New Password" />
</td>
</tr>
<tr>
<td>
<input name="captcha" type="text" placeholder="Enter Captcha Below">
</td>
</tr>
<tr>
<td>
<img src="captcha.php" />
</td>
</tr>
<tr>
<td>
<button type="submit" name="btn-retrieveP">Retrieve Password</button>
</td>
</tr>
</table>
</form>
</div>
</center>
</body>
</html>
Aucun commentaire:
Enregistrer un commentaire