How to secure this jquery+php+ajax login procedure ?
$('#myform').submit( function()
{
$(this).ajaxSubmit( {
type:'POST', url:'login.php',
success: function(msg)
{
**** login ok : how to call the welcome.php ***
},
error: function(request,iderror)
{
alert(iderror + " " + request);
}
});
return false;
})
<form id="myForm" action="" >
Name : <input type='text' name='login' size='15' />
<div>Password : <input type='password' name='passe' size='15' /
></div>
<input type="submit" value="login" class="submit" />
</form>
Login.php check the parameters and reply by echo "ok" or echo "ko"
Logically if the answer is ok we must call a welcome.php module BUT,
if someone read the client code, he will see the name of the module
and can hack the server.
May I wrong ? how to secure this code ?
