PHP & jquery working together to allow only the logged user to submit a form

Hello,
I’m working with PHP & a jquery script so I’m hoping I hit the right forum.
I have a basic PHP & the Jquery script working but i like to add one more functionality to the script. As it sits right now the script submits a form without refreshing the page but only allow the user to submit the form if he/she is logged in. the session variable i like to check is–> $_SESSION[‘userID’].

Any thoughts how i can do this?



<?php
if (session_id() === "") { session_start(); }
if(!isset($_SESSION['userID']))  echo "you need to be logged in";
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
	<title>Submit  Form with out refreshing page Tutorial</title>
	<!-- Meta Tags -->
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<!-- CSS -->
	
	<!-- JavaScript -->
	<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js"></script>
	<script type="text/javascript">
		$(function() {
		$(".submit").click(function() {
			var name = $("#name").val();
			var username = $("#username").val();		
			var dataString = 'name='+ name + '&username=' + username;
			if(name=='' || username=='' )
			{ 	$('.success').fadeOut(200).hide();
				$('.error').fadeOut(200).show(); 	
			}
			else
			{	$.ajax({
					type: "POST",
					url: "email.php",
					data: dataString,
					success: function()
					{	$('.success').fadeIn(200).show();
						$('.error').fadeOut(200).hide();		
				   }
				});
			}
			return false;
			});
		});
		</script>
		<style type="text/css">
			.error{	color:#d12f19; 	font-size:12px; 	}
			.success{	color:#006600; 	font-size:12px; }
		</style>
</head>

<body id="public">
	<div style="height:30px"></div>

	<div id="container">
		<div style="height:30px"></div>
		<div class="info" style="padding-left:20px">
			<h2>Submit Form Values with jQuery and Ajax</h2>
		</div>
		<form autocomplete="off" enctype="multipart/form-data" method="post"  name="form">	
			<label>Full Name </label>
				<div> <input id="name" name="name" type="text" class="field text medium" value=""  maxlength="255" 	tabindex="1" /> </div>
			<label >User-ID </label>
				<div> <input id="username" name="username" type="text" class="field text medium" value="" maxlength="255"	tabindex="3" />	</div>
			<div class="buttons">
				<input  type="submit" value="Submit" style=" background:#0060a1; color:#FFFFFF; font-size:14px; border:1px solid #0060a1; margin-left:12px" class="submit"/>
				<span class="error" style="display:none"> Please Enter Valid Data</span>
				<span  class="success" style="display:none"> Registration Successfully</span>
			</div>
		</form>
		<div style="height:20px"></div>
	</div><!--container-->
</body>
</html>



<?php
$name = $_POST['name'];
$email = $_POST['email'];

if(!empty($name) && !empty($email))
{	echo "done";  }
else
{	echo "fail";	}
?>


I’m not sure I understand what you really want to do so here’s what I understood so far and a couple of questions:

  • So far, you write to the page “you need to be logged in” but the rest of the script is still possible to use while a user is not logged in

Here’s the questions :

  • Do you want the script to be secured? I mean that even if the user is not logged in and call the PHP script by hand, it won’t work? Or is the script doesn’ need to be secured? Like if it’s just displaying something, it doesn’t really matter.
  • Or may you just want to hide the button or the form completely
  • OR all of the above?

So, if you want to really secure your PHP script, you’ll need to add something like:

<?php 
if(!isset($_SESSION['userID'])) die('You are not supposed to be here!');
$name = $_POST['name']; 
$email = $_POST['email']; 

if(!empty($name) && !empty($email)) 
{    echo "done";  } 
else 
{    echo "fail";    } 
?>

If you want to hide the form, something like this should work:

		
<?php if(!isset($_SESSION['userID'])) { ?>
<form autocomplete="off" enctype="multipart/form-data" method="post"  name="form">	
			<label>Full Name </label>
				<div> <input id="name" name="name" type="text" class="field text medium" value=""  maxlength="255" 	tabindex="1" /> </div>
			<label >User-ID </label>
				<div> <input id="username" name="username" type="text" class="field text medium" value="" maxlength="255"	tabindex="3" />	</div>
			<div class="buttons">
				<input  type="submit" value="Submit" style=" background:#0060a1; color:#FFFFFF; font-size:14px; border:1px solid #0060a1; margin-left:12px" class="submit"/>
				<span class="error" style="display:none"> Please Enter Valid Data</span>
				<span  class="success" style="display:none"> Registration Successfully</span>
			</div>
</form>
<?php } else { ?>
Please login to use this form!
<?php } ?>

Maybe you’ll have to hide your JS too