How can I change the login section to avoid the "white screen" (bare server response) problem?
dj's code instantly sent ("submit") changepwd data to server side, parsed by the macro from takeback.
In your code the form instantly submitted password to server, and instantly got the changepwd result, which is simply a plain string "OK (1)".
Seems page XHR response and page refresh happens at same time, that's may why your problem appears with a chance.
Additionally, dj's code should get a responce "ok" (not "OK (1)"), then recognizes changepwd success, otherwise fails with only "user or password don't match".
In takeback I did not use a form, (this is not standard, I'm going to correct it with a form and override its submit() function, just like HFS default tpl)
by clicking "Okay" the password data is sent to server via XHR, returning that "OK (1)", and dealt by an alert().
You can have a look of my code, then adapt it to password form's submit():
function changePwd(newpass) {
var xhr = new XMLHttpRequest();
xhr.open('POST', '?mode=section&id=ajax.changepwd');
xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
xhr.onreadystatechange = function() {
if (xhr.readyState === 4 && xhr.status === 200) {
console.log(xhr.responseText);
var code = ( xhr.responseText.split('(')[1] == undefined ? -1 : xhr.responseText.split('(')[1].split(')')[0] );
if (code == "1") {
alert('{.!Complete! Use your new password next time!.}');
beforeRedirect();
} else {
if (code == "0") {
alert("{.!You cannot change your password!.}");
} else if (code == "3") {
alert("{.!Failed: Old password you input is wrong!.}");
} else if (code == "4") {
alert("{.!Macro is detected in your input. Please do not attack..}");
} else if (xhr.responseText.trim() == "bad session") {
alert("{.!Bad session. Try to refresh the page..}");
} else {
alert('{.!Unknown error.}: \n'+xhr.responseText.trim());
}
}
}
};
xhr.send("token={.cookie|HFS_SID_.}" + "&old=" + sha256(oldpwd.value) + "&new="+btoa(unescape(encodeURIComponent(newpass))));
}
Or adapt dj's changepwd ajax.
Takeback's changepwd ajax is updated too, have a look as well.