[PHP/JQuery-Ajax]Need some advices

[Acnathon]

Hi guys!
I was bored so i started to work on a website, using PHP/JQuery-Ajax.
I dont know yet where or how the site will be used but right now im just working on it for fun and to learn :

Okay the questions now:

1. Having HTML codes inside a PHP function affects in any way the website?
Heres what i mean:

function registerForm() {
    echo "<form method='post' id='register_form'>";
    echo "<input type='text' required='required' name='username' placeholder='Username'>";
    echo "<input type='password' required='required' name='password' placeholder='Password'>";
    echo "<input type='email' required='required' name='email' placeholder='E-Mail'>";
    echo "<input type='submit' value='Submit'>";
    echo "</form>";
    echo "<div id='register_result'></div>";
}

Then i have a switch:

switch ($_GET['action']) {
    case "home":
        frontpage();
        break;
    case "register":
        registerForm();
        break;
    default:
        frontpage();
}

Is there another/better way doing this?

2. Navigation using JQuery

  $("#register_menu").click(function(){
    $.get("modules/main.php?action=register", function(result){
      $("#main_content").hide().html(result).fadeIn("slow");
      $("#register_form").submit(function(event){
        $.post("modules/register.php", $(this).serialize(), function(data){
            $("#register_result").hide().html(data).fadeIn("slow");
        });                
        return false;
    });
    });
  });

I have one .js file to handle navigation in this way.
Any other/better way doing this?

3. I found an encryption/decryption function that uses a key to encrypt/decrypt strings and i thought i could use it for username/password/whatever encryption.
What do you think about it?

function encrypt($magickey,$string) {
$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($magickey), $string, MCRYPT_MODE_CBC, md5(md5($magickey))));
return $encrypted;
}

function decrypt($magickey,$encrypted) {
$decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($magickey), base64_decode($encrypted), MCRYPT_MODE_CBC, md5(md5($magickey))), "\0");
return $decrypted;
}

I still have a few more questions but this is enough for now :blush:
Thanks in advance!

 

[WizCoder]

1. It's not necessarily bad to output html using PHP codes but it is considered bad practice. What I think you should do is open and close using php if you want to write html codes, it works the same way slightly confusing to some.

 

[jMerliN]

You PHP pages shouldn't be generating HTML because you're almost certainly not caching things properly. If you have a log-in form, just make it a static HTML file and let your HTTPD handle caching. Have the POST action hit a small PHP script that just checks auth and returns the result. Then you can either POST against it with a form (if the user doesn't have JS enabled) or you can XHR against it. You can also check in the script if it was an XHR request and if so, just return some JSON. If it was a form submit, send a 3xx redirect either back to the login page or to the index page after a successful log-in.

 

[Insaneburn]

PHP shouldn't contain any HTML / other languages, simply because you don't want to overload the PHP server with HTML script (which is interpreted by the browser).
You should do something like

function thisIsAFunction()
{
?>
<form action="#".....
<?php
}

Either way this is not a good programming practice, you should read a bit more about frameworks which is a heaven for developers.

Cheers

 

[TimeBomb]

PHP shouldn't contain any HTML / other languages, simply because you don't want to overload the PHP server with HTML script (which is interpreted by the browser).

...What? Elaborate? I've never heard of that reasoning before.

 

[s-p-n]

1.) Why is there html inside of php strings when you can just make an htm file?
2.) Why are you using a rule in switch/case that is exactly the same as default?
3.) Why are you using switch/case where the code is based on a variable amount of data located outside of the PHP script? You can use Apache or your favorite file-server instead.
4.) You are declaring functions inside of repeatable anonymous functions, where it's much more efficient and intuitive to declare each function only once.
5.) You are nesting callbacks in JavaScript. That leads to spaghetti code very quickly, which is hard to read to anyone who didn't write the code, or possibly even the same coder shortly after looking away from your code.
6.) Encryption, Encoding, and Hashing are three totally different things. Look into the differences between the three, and which tool is used for different kinds of data. For example, a hashing algorithm is better for passwords and other data which never need be recovered/fetched by the server, but do need to be verified.

 

[Acnathon]

Thanks for the advices! Ill take a look at the sugested things.

6.) Encryption, Encoding, and Hashing are three totally different things. Look into the differences between the three, and which tool is used for different kinds of data. For example, a hashing algorithm is better for passwords and other data which never need be recovered/fetched by the server, but do need to be verified.

ATM im planning to use it on a log system. (so only those with the right key can read the log files).

Thanks again for all. Ill post if i run into anything thats unclear for me.