[Madhya]

i have made a login form on a light box using a javascript function. Now i want to store a value on session variable, so to check if the user has logined , and not to show him login lightbox again and again on his navigations on the page.. My javascript function is:

<script language="javascript" type="text/javascript">  
    function createlightbox()  
    {  
        document.getElementById('light').style.display='block';  
        document.getElementById('fade').style.display='block'  
    }  
    function closelightbox()  
    {  
        document.getElementById('light').style.display='none';  
        document.getElementById('fade').style.display='none'  
    } 
     function checksession()  
    {  if (admin=="admin")
    {closelightbox();}
    else
    {createlightbox();}  
    } 

function check(form)
{
 /*the following code checkes whether the entered userid and password are matching*/
 if(form.name.value == "admin" && form.password.value == "admin")
  {
    closelightbox();
     var admin = <?php $_SESSION['Admin']= "admin"; ?>

  }
 else
 {
  document.getElementById("error").style.display='block';/*displays error message*/
  }
}      
</script>  

And i m calling the checksession function in my forms onsubmit event as

<form id="Admin" onreset="checksession()">

The problem is, on every reset or submit of form, even on the page changes, the login form is shown. Why it is not checking the check session funtion. Please tell me any fault i m making

[Atli]

You need to understand the difference between server-side and client-side code. The way many PHP developers put PHP code into their HTML/CSS or Javascript code sometimes makes it look like all these technologies are actually working together, however this is not the case. The PHP code is executed on the server and is used to create HTML/CSS and Javascript code, which is then sent to the browser where it is executed.

Before the HTML/CSS and Javascript is even rendered and executed, all the PHP code has finished it's job. A call to a Javascript function that contains a line of PHP will not execute that PHP code, it will execute whatever that line of PHP code generated during it's initial execution, before the Javascript even made it into the browser.


With that in mind, consider line #25 of your code. The PHP code on that line will be executed on the server before the Javascript is called in the browser. The Javascript code surrounding that line is nothing but meaningless text, as far as PHP is concerned, and the conditions in the Javascript IF statements have no effect on whether or not that line is executed. Which means that the $_SESSION["Admin"] element will ALWAYS be set the "admin", however since you did not specify that anything should be printed, no value will be assigned to the Javascript "admin" variable. (Just look at it in the browser's View Source window. You'll see no PHP, or anything, assigned to that variable.)


And speaking of the Javascript "admin" variable. There is another problem you need to look into. In your checksession() function you reference a admin variable, but at that point in the code no variable with that name exists. The variable of that name you try to set on line #25, inside the check() function, is prefixed with the var keyword, making it a local variable. That means it will only exist within that scope; that it will not be accessible outside the function it is defined within.

Consider these two snippets:

function onload() {
	// Having the "var" keyword, this "message" variable
	// will only exist within the "onload" function.
	var message = "Hello, world!";
}

function printMessage() {
	// Which means that the "message" variable I try to
	// use here doesn't exist, and this will either throw
	// and error or print "undefined".
	document.write(message);
}

// This "message" variable, however, is declared *above*
// the scope of both functions, which means it will be
// available in both of them.
var message;

function onload() {
	// So if I leave the "var" keyword out here, it will
	// use the aforementioned "message" variable.
	message = "Hello, world!";
}

function printMessage() {
	// And now this "message" reference will call that same
	// variable, and if "onload()" has been called before
	// this function is, it will print "Hello, world!"
	document.write(message);
}

[Madhya]

Thank you so much. You have cleared my mind, on how these things work. As i m a new in these things. One thing please if you now tell me where should now i place that session code. As i am making the login form, and lightbox in javascript, validating it in javascript. When the login is validated, i want then the session should be started.
Please if you can give me a suggestion.

[Atli]

There isn't really any place in that code you posted where your session code can be placed. Remember, all Javascript happens client-side, but you need that session code to be executed server-side. And there is no direct way for client-side code to call server-side code. PHP code is only executed on the server, when a new request is made. - Which means that you need to send a new request in order for PHP to set the session variable.

But first of all, you should not be validating this in Javascript. Or rather, you shouldn't only be validating this in Javascript. You can of course do validation in Javascript but being client-side you can't trust it. A user can easily manipulate or bypass your Javascript code, which is why all validation should be done server-side. - This fits splendidly with the above. You're going to need to do a new request anyways to set the session variable, so you might as well just include the validation in the server-side code that is executed during that request.

There are two ways to do that. The traditional way in which data is sent to PHP for validation and processing is via a normal HTML <form>. They are submitted, the data is sent in a new request to PHP where it is processed, and the page is refreshed with the new data. People have been doing this forever and there are about a billion tutorials that can teach you have to do this. It's also fairly simple.

However you can also use AJAX, if you don't want the page to have to be refreshed. Using AJAX, you send the form data to a PHP page using the Javascript XMLHttpRequest API, where it is validated and processed like normally, and the result of that returned back to Javascript, all without the user being any the wiser. Then you can simply update the page via Javascript based on the response you received from the AJAX request. - This is a bit more complicated though, naturally.