禁止使用JQuery AJAX 403 [英] JQuery AJAX 403 Forbidden

问题描述

我已经创建了一个使用PHP和JQuery的登录页面.问题是，每次JQuery $ .ajax尝试访问user_login.php文件时，我都会遇到 403 Forbidden 错误.

I've created a log-in page that uses PHP and JQuery. The problem is, I'm encountering a 403 Forbidden error every time JQuery $.ajax tries to access the user_login.php file.

以下是我当前的代码:

user_index.php

<!DOCTYPE html>
<html>
<head>
    <title>Foot Steps Philippines -- User Log-in</title>
    <link rel="icon" type="image/png" href="images/favicon.png">
    <link rel="stylesheet" type="text/css" href="styles/user_login_style.css">
    <script type="text/javascript" src="jquery.js"></script>
    <script type="text/javascript" src="user_login.js"></script>
</head>

<body>
<div class="login_wrapper">
    <h3>Log-In</h3>
    <form id="fsp_login_form" name="fsp_login_form" action="user_login.php" method="POST">
        <input type="email" name="fsp_email" id="fsp_email" placeholder="E-mail Address" />
        <input type="password" name="fsp_password" id="fsp_password" placeholder="Password" />
        <input type="submit" name="fsp_login" id="fsp_login" value="Log-In" />
        <h4 id="login_message"></h4>
    </form>
    <div class="links">
        <a href="">Forgot Password?</a>
    </div>
    <div class="note">*To register, please e-mail us at contact@footsteps.ph</div>
    <div class="footer"></div>
    <div class="logo"></div>
</div>
</body>
</html>

user_login.js

$(document).ready(function(){
    $("#fsp_login_form").submit(function(){
            $('#login_message').html("Please wait...");
            var action = $('#fsp_login_form').attr('action');
            var form_data = {
                fsp_email: $('#fsp_email').val(),
                fsp_password: $('#fsp_password').val(),
                is_ajax: 1
            };

            $.ajax({
                type: "POST",
                url: action,
                data: form_data,
                dataType: "text",
                contentType: "application/x-www-form-urlencoded; charset=UTF-8",
                success: function(response) {
                    if ( response == 'success' ) {
                        $('#login_message').html("Login successful!");
                        setTimeout(function(){ window.location.href = 'user_cpanel.php'; }, 2000);
                    }
                    else {
                        $('#login_message').html("Login failed!");
                    }
                },
                error: function(err) {
                    //$('#login_message').html(err.responseText);
                    alert(err.responseText);
                }
            });
        return false;
    });
});

user_login.php

<?php
ob_start();
session_start();
include 'conn.php';

$is_ajax = $_REQUEST['is_ajax'];
$res = "";

if ( isset($is_ajax) && $is_ajax ) {
    $email_address = $_REQUEST['fsp_email'];
    $password = $_REQUEST['fsp_password'];

    // Protect to MySQL injection.
    $email_address = stripslashes($email_address);
    $email_address = mysqli_real_escape_string($conn, $email_address);
    $password = stripslashes($password);
    $password = mysqli_real_escape_string($conn, $password);

    $sql = "SELECT * FROM user_info WHERE email_address = '".$email_address."' AND password = '".$password."'";

    if ( $result = mysqli_query($conn, $sql) ) {
        if ( mysqli_num_rows($result) > 0 ) {
            $client_id = 0;
            $premium = 0;
            while ( $row = mysqli_fetch_array($result) ) {
                $client_id = $row['id'];
                $premium = $row['premium_member'];
            }
            $_SESSION['client'] = $client_id;
            $_SESSION['premium'] = $premium;
            $res = "success";
        }
        else {
            $res = "failed";
        }
        mysqli_free_result($result);
    }
    else {
        $res = "failed";
    }
}
else {
    $res = "failed";
}
mysqli_close($conn);
echo $res;
?>

conn.php *注意:我故意使用了本地主机数据库配置.当我将其上传到网络托管服务器时，我已经对其进行了调整.

conn.php *Note: I intentionally used my localhost database config. I already adjusted it when I uploaded it to my web hosting server.

<?php
$conn = mysqli_connect("localhost", "root", "", "footstep_db");

// Check connection.
if ( mysqli_connect_errno() ) {
    echo "Failed to connect to MySQL: ".mysqli_connect_error();
}
else {
    // nothing to do.
}
?>

所有文件都在同一目录中，并且都具有0644权限. 您对如何解决错误有任何想法吗? 顺便说一句，当我在本地主机上运行时，我的登录页面运行正常.但是使用我的网络托管服务器上传时，它不起作用. 我无权访问我的虚拟主机的PHP配置文件和Apache配置文件，请尽量不要提供需要重新配置PHP和Apache的解决方案.

All files are at the same directory and all have 0644 permission. Do you have any idea guys on how to fix the error? By the way, my log-in page is functioning perfectly when running in localhost. But its not working when uploaded with my web hosting server. I don't have access to my web hosting's PHP config file and Apache config file so as much as possible, please try not to give a solution that requires reconfiguration of PHP and Apache.

谢谢:-)

推荐答案

问题已解决！ 我只是要求我的虚拟主机为我的域创建一个例外. 我认为他们服务器的mod_security设置会导致403禁止错误.

Problem solved! I just ask my web hosting to create an exception for my domain. I think the mod_security setting of their server causes the 403 Forbidden Error.

这篇关于禁止使用JQuery AJAX 403的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！