Can't login to hosted website because of Javascript

Question

I've tried to host my website to a provider but it looks like it doesn't want to login there.. On the localhost it works just fine, but uploaded at a provider it looks like it doesn't want to perform the login operation...I can successfully sign-up, change password, so basically I have database connection, but I just can't login to the website... Is it something I should modify? Here's my code:
If I'm entering for example https://example.com/login.php?enterID=123&password=123 in the website link,I can get a good response, but it looks like it doesn't allow me to login to the website.. Login.php:

<?php
        include "mysql-connect.php";
        
        //get Info from login.html
        $ID = $_GET['enterID'];
        $PW = $_GET['password'];
        $stmt = $connect->prepare("SELECT PW, userType, nickName FROM users WHERE ID = ?");
        $stmt->bind_param("s",$ID);
        $valid = $stmt->execute();
        if (!$valid){
            die("Could not successfully run query.". $connect->connect_error);
        }
        $result = $stmt->get_result();
        if ($result->num_rows==0){
            //display message of no such student/teacher/admin
            echo "Failed to find an account with the input ID.";
        } else {
            $row = $result->fetch_assoc();
            if ($PW == $row['PW']) {
                $type = $row['userType'];
                $nick = $row['nickName'];
                //save data, record cookie for 6hours
                setcookie("type", $type, time() + 21600, '/');
                setcookie("userID", $ID, time() + 21600, '/'); 
                setcookie("nickName", $nick, time() + 21600, '/'); 
                //login success - Request.responseText to checklogin.js
                echo $type;

            } else {
                //display message of password error
                echo "The input password does not match the account password.";
            }
        }
        $connect->close();
?>

checklogin.js:

function login() {
    var enterID = document.getElementById("enterID").value;
    var password = document.getElementById("password").value;
    if ((password != "") && (enterID != "")) {
        var Request = new XMLHttpRequest();
        var info = "?enterID=" + enterID + "&password=" + password;
        Request.open("GET", "php/login.php" + info, true);
        Request.send();
        Request.onload = function() {
            var respond = Request.responseText;
            if (respond == "admin") {
                window.location.href = "page/admin-system-management.php";
            } else if (respond == "student"){
                window.location.href = "page/student-dashboard.php";
            } else if (respond == "teacher"){
                window.location.href = "page/teacher-dashboard.php";
            } else{
                document.getElementById("errorMessage").innerText = respond;
            }
        }
    } else {
        document.getElementById("errorMessage").innerText = "Please fill in all the fields.";
    }
}

function redirect() {
    var Request = new XMLHttpRequest();
    Request.open("GET", "php/redirect.php", true);
    Request.send();
    Request.onload = function() {
        var respond = Request.responseText;
        if (respond != "not logged.") {
            if (respond == "admin") {
                window.location.href = "page/admin-system-management.php";
            } else if (respond == "student"){
                window.location.href = "page/student-dashboard.php";
            } else if (respond == "teacher"){
                window.location.href = "page/teacher-dashboard.php";
            }
        }
    }
}

Redirect.php:

<?php
    if (isset($_COOKIE["type"])){
        setcookie("type", $_COOKIE["type"], time() + 21600, "/");
        setcookie("userID", $_COOKIE["userID"], time() + 21600, "/");
        setcookie("nickName", $_COOKIE["nickName"], time() + 21600, "/");
        echo $_COOKIE["type"];
    } else {
        echo "not logged.";
    }
?>

TImeoutAndRedirect function:

function TimeoutAndRedirect(Type) {
    var Request = new XMLHttpRequest();
    Request.open("GET", "../php/redirect.php", true);
    Request.send();
    Request.onload = function() {
        var respond = Request.responseText;
        if (respond == "not logged.") {
            alert("Your login period has expired! Please login again!");
            window.location.href = "../login.html";
        } else if (respond != Type) {
            alert("You cannot access this page using your account!");
            if (respond == "admin") {
                window.location.href = "../page/admin-system-management.php";
            } else if (respond == "student"){
                window.location.href = "../page/student-dashboard.php";
            } else if (respond == "teacher"){
                window.location.href = "../page/teacher-dashboard.php";
            }
        }
    }
}

How do you know it's javascript? You're going too have to do some troubleshooting here. Open up the browser's developer console, and see if there's anything in the Console, and examine the Network requests if they exist. — aynber, Jan 22 '21 at 16:57
@aynber I only have fetch finished loading: get css external files, and that's it — Robinson-Constantin Chera, Jan 22 '21 at 17:00
Add `console.log(respond)` to see what/if you get a response back. Also shouldn't use plain text passwords. — user3783243, Jan 22 '21 at 17:02
@user3783243 I'll schange from plain text passwords to protected ones, it's just a test — Robinson-Constantin Chera, Jan 22 '21 at 17:03
You rely on whether the login.php returns "student", "teacher" or "admin". Please double check whether the return is exactly equal to them. — Ken Lee, Jan 22 '21 at 17:04
@user3783243 I've added console.log(respond) before the end of the function but i can t see something there — Robinson-Constantin Chera, Jan 22 '21 at 17:09
What I've found is that Request.onload = function() it's not even executing and I don't understand why... — Robinson-Constantin Chera, Jan 22 '21 at 17:28
You should add that information to the question. Also, use the developer console, you can add breakpoints and see where it fails — user3783243, Jan 22 '21 at 17:41
@KenLee If I'm entering the login.php?enterID=123&password=123 I can get the user type, but the problem is that login it's not checking this on hosting... On Edge I can see that this request was canceled and I don't understand why.. — Robinson-Constantin Chera, Jan 22 '21 at 17:45
@user3783243 can it be because I'm using https instead of http? — Robinson-Constantin Chera, Jan 22 '21 at 17:51
You need to use the developer console. It will tell you everything you are asking (or mostly everything) — user3783243, Jan 22 '21 at 17:53
@user3783243 the developer console it's empty, I only get: XHR failed loading: GET "/login.php?enterID=123&password=123" — Robinson-Constantin Chera, Jan 22 '21 at 17:56
Instead of using `onload` check for the status of `XMLHttpRequest.readyState`, https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/readyState and ensure that it is 4 (i.e. DONE). In your case `Request.readyState==4` — sativay, Jan 22 '21 at 17:59
you are using XMLHttpRequest to do the job, which can be asynchronous. (Hence in a server query it can return empty because there is no readyState check in your codes). I would suggest you to use jquery ajax instead. — Ken Lee, Jan 22 '21 at 18:46
Again, register it;s working via XHR, only login it's not working :( — Robinson-Constantin Chera, Jan 22 '21 at 19:11
**Never store passwords in clear text or using MD5/SHA1!** Only store password hashes created using PHP's [`password_hash()`](https://php.net/manual/en/function.password-hash.php), which you can then verify using [`password_verify()`](https://php.net/manual/en/function.password-verify.php). Take a look at this post: [How to use password_hash](https://stackoverflow.com/q/30279321/1839439) and learn more about [bcrypt & password hashing in PHP](https://stackoverflow.com/a/6337021/1839439) — Dharman, Jan 22 '21 at 20:03
@KenLee I've posted also the timeoutandredirect() which it's using XHTTP, how can I rethink it? — Robinson-Constantin Chera, Jan 23 '21 at 08:25

Can't login to hosted website because of Javascript

0 Answers0