There is such a problem, if the username and password are not correct, then the wrong username and password are displayed in the block, but if the password is correct, then in the same block, a duplicate of the site appears, why so, if in the php code I wrote a redirect?

<p>Вход на сайт</p> <form method="POST"> <div><label><span>Логин</span><input class="login" name="login" type="text"></label></div> <div><label><span>Пароль</span><input class="password" name="password" type="password"></label></div> <input type="submit" class="auth" name="auth" value="Войти"> </form> <div id="wrongLogin"></div> <div class="registr"><a href="?action=registr">Или зарегистрируйтесь</div> <script> var auth = document.querySelector('.auth'); auth.addEventListener('click', function(e) { e.preventDefault(); var forma = e.target.parentElement; var login = forma.elements.login.value; var pass = forma.elements.password.value; xmlhttp=new XMLHttpRequest(); xmlhttp.onreadystatechange=function() { if (this.readyState==4 && this.status==200) { wrongLogin.innerHTML=this.responseText; } } xmlhttp.open("POST","./",true); xmlhttp.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded') xmlhttp.send("log="+login+"&password="+pass); }) </script>

php file

 function login($login, $password) { $newLogin = str_replace(";","",$login); $newLogin2 = str_replace(")","",$newLogin); $newLogin3 = str_replace("'","",$newLogin2); $sqlPass = "SELECT `id`, `login`, `password`, `avatar`, `link_vk`, `reputation` FROM users WHERE login = :log"; $resPass = $this->db->prepare($sqlPass); $resPass->bindValue(':log', trim($newLogin3), PDO::PARAM_STR); $resPass->execute(); $allRes = $resPass->fetchAll(); if(count($allRes) == 0) { die('<p>Неверный логин или пароль</p>'); } $needPassword = $allRes[0]['password']; $userId = $allRes[0]['id']; $userLogin = $allRes[0]['login']; $userAvatar = $allRes[0]['avatar']; $userVk = $allRes[0]['link_vk']; $userRep =$allRes[0]['reputation']; $hash = $needPassword; if (password_verify($password, $hash)) { $salt = 'slovo'; $tokenstr = strval(date('s')) . $salt; $token = md5($tokenstr); $sql = "UPDATE users SET token ='" . $token . "' WHERE login = :log2"; $queryToket = $this->db->prepare($sql); $queryToket->bindValue(':log2', trim($newLogin3), PDO::PARAM_STR); $queryToket->execute(); setcookie ("user", $token, time()+604800); $_SESSION['token'] = $token; $_SESSION['user'] = $userLogin; $_SESSION['id'] = $userId; $_SESSION['avatar'] = $userAvatar; $_SESSION['vkontakte'] = $userVk; $_SESSION['reputation'] = $userRep; output_add_rewrite_var('token', $token); header('Location: ./index.php?token='.$_SESSION['token']); } else { die('<p>Неверный логин или пароль</p>'); }

    1 answer 1

    You redirect the request that you are sending by Ajax, so this is what you have and displays a duplicate of the site. You need to do something like this.

    With the correct login instead

     header('Location: ./index.php?token='.$_SESSION['token']);

    you need to put the status of 200, although it will default to 200

     header("HTTP/1.1 200 OK");

    but instead

     die('<p>Неверный логин или пароль</p>');

    to send

     header('HTTP/1.0 401 Unauthorized');

    and in js, respectively, to catch

     xmlhttp.onreadystatechange = function() { if (xmlhttp.readyState == 4) { if(xmlhttp.status == 200) { window.location.reload(false); } else { wrongLogin.innerHTML='<p>Неверный логин или пароль</p>'; } } };