PHP Coding

[SBSP]

Lets say i have

index.php
and forms.php

in forms.php i have.\

<?php
function CallLoginForm()
 {
 <form>
Username: <input type="text" name="firstname"><br>
Password: <input type="text" name="lastname">
</form>
 }

function CallRegisterForm()
 {
 <form>
Username: <input type="text" name="firstname"><br>
Password: <input type="text" name="lastname">
Confirm Password: <input type="text" name="lastname">
</form>
 }
?>

and Index.php

<?php
if (!empty($_GET["LOGINFORM"]){CallLoginForm();}
if (!empty($_GET["REGISTERFORM"]){ CallRegisterForm();}
?>

Is it a bad idea to do the above ????
I have already started with a website which i want to host for my self,
I got coding so much that i didnt realize the amount of lines, the forms.php is already sitting at 1200 Lines.

Do you think this will have a performance impact ?

 

[guest2013-1]

1200 lines for a forms.php? eish

Yes, it's a bad idea to do what you just did. Means that someone needs to edit a massive file to add a new form.

I would have gone with a function (or class) that generates forms for you, you'll have stuff like input type definitions so you do a $formcreator->add('input','text','value'); or something that will spit out input boxes/labels and push that into a form

Maybe 30 lines of code that.

 

[creeper]

Simplify it. Use frameworks like phpcake or zend.

 

[biometrics]

Simplify it. Use frameworks like phpcake or zend.

Or CodeIgniter.

 

[guest2013-1]

Or just write something simple that won't bloat the overall website unnecessarily if you just want to generate forms...like I suggested

Why increase the size/footprint of your site if you just want forms?

 

[rward]

Or just write something simple that won't bloat the overall website unnecessarily if you just want to generate forms...like I suggested

Why increase the size/footprint of your site if you just want forms?

Follow this, a framework is overkill.

 

[bvonfintel]

Or CodeIgniter.

+1 - A framework without all the size/footprint of the other frameworks

 

[SBSP]

I'm now creating a function which will allow you to pass parameters to create a form.

Thanks, for the help, I'm not familiar with frameworks, + I'm a control freak, i want to make use of my own code, Call it reinventing the wheel i you like

 

[guest2013-1]

I'm now creating a function which will allow you to pass parameters to create a form.

Thanks, for the help, I'm not familiar with frameworks, + I'm a control freak, i want to make use of my own code, Call it reinventing the wheel i you like

Not reinventing. Just like making adjustments to your jeans so they fit you nicely, doesn't mean you entirely off the path.

I'm always one for customizing/writing for the project. Using frameworks is a sure-fire way of staying inflexible and bloated

 

[Other Pineapple Smurf]

Or just write something simple that won't bloat the overall website unnecessarily if you just want to generate forms...like I suggested

Why increase the size/footprint of your site if you just want forms?

Agree and frameworks do not cut that much out when it comes to forms. In the 7 years I've been coding PHP, I find forms to still be code intensive regardless of the framework or lack there off.

 

[chan0o]

Hey SBSP,

Would recommend you use the POST method instead of the GET method for sending passwords.
Glad you cleaned up the thousand line script

 

[SBSP]

Hey SBSP,

Would recommend you use the POST method instead of the GET method for sending passwords.
Glad you cleaned up the thousand line script

Thanks

But im specifically sending variable from one form to another using a form so $_GET is not relative.
The above mentioned $_GET variable values are not actually used, its just there to show forms
so if i wanted to show both forms i would link

index.php?LOGINFORM=TRUE&REGISTERFORM=TRUE

So "TRUE" is just there to make it !empty

Both will then end up on the page.

as for sending passwords if i needed to send a password from one to another i would actually prefer to use $_GET instead of $_POST.

Cus i can encrypt the variable value I.E index.php?USERNAME=FDGHSDFHSDF&PASSWORD=DFH%$^#$%.
Probably not so stong since the link may not include illigal characters.

But at least it can be encrypted, where as $_POST cant, unless you start incorperating Java.

In any case i make use of a combination of a cookie and the current session ID which i both encrypt and match, if they dont match session gets destroyed.

 

[SBSP]

@chan0o

Sorry i just released, i'm sounding a it rude, Not my Intention Thanks for the concern, Cheers!

 

[guest2013-1]

Thanks

But im specifically sending variable from one form to another using a form so $_GET is not relative.
The above mentioned $_GET variable values are not actually used, its just there to show forms
so if i wanted to show both forms i would link

index.php?LOGINFORM=TRUE®ISTERFORM=TRUE

So "TRUE" is just there to make it !empty

Both will then end up on the page.

as for sending passwords if i needed to send a password from one to another i would actually prefer to use $_GET instead of $_POST.

Cus i can encrypt the variable value I.E index.php?USERNAME=FDGHSDFHSDF&PASSWORD=DFH%$^#$%.
Probably not so stong since the link may not include illigal characters.

But at least it can be encrypted, where as $_POST cant, unless you start incorperating Java.

In any case i make use of a combination of a cookie and the current session ID which i both encrypt and match, if they dont match session gets destroyed.

Huh?

That makes no sense. Why do you prefer using GET in a form post at all? It's got a limitation based on how long a URL can be in the browser, plus offers no protection (and actually gets LOGGED in apache) for the user logging into the system by exposing their password.

method="POST" in your form and a quick $_POST variable grab in the recipient form is far far FAR FAR FAR better than anything you have currently if THAT is the way you're doing things.

AND OF COURSE you can encrypt!!!! (WITHOUT USING JAVASCRIPT!)

How the hell do you think people like FACEBOOK authenticates??!?!?!?!


ARRRRGH!!1!!!

 

[guest2013-1]

<form method="POST" action="somewhere.php">
<input type="password" name="pass">
</form>

PHP (pseudo)

<?

$pass = md5_encrypt($_POST["pass"]);
$sql = "select * from users where password = '".$pass."';"

//run sql

?>

ENCRYPTED and PROTECTED

HOWEVER: method="GET" in your form will result in me being able to see this:

somewhere.php?pass=i_like_it_up_the_bum_by_hackers

 

[SBSP]

Lol thats just me never get the message across properly its my Trademark by the way

We are talking about 2 different things here!
since when can you use $_GET to retrieve a value from a <form> ?

$_GET - You get a value from variable in the URL
$_POST - you get a value from a form posted from the previous page.

<?

$pass = md5_encrypt($_POST["pass"]);
$sql = "select * from users where password = '".$pass."';"

//run sql

?>

the above
All form stuff so using $_GET is out of context , and you are encrypting the value after it was received.
So if i could dispaly the value of as in echo $pass; i will know the password then just log in with it.

When i mean incorporating Java i mean.

this

<form method="POST" action="somewhere.php">
<input type="password" name="pass">
</form>

when you enter the password into the "pass" password box it should manipulate the HTML part of it to actually encrypt the value of "pass" then send the form.

And yes you are right the value in the link is limited to stregth in both the chars that can be used and the lenght of it.

But many systems send you an email and you are able to go to a once off page and view internal content cus the variable in the link is encrypted. (Maybe i'm confusing this with a live cooki on my computer from a previous session)

So in a nut shell $_POST is not as secure as people think, I recon $_GET is better as long as you make use of an irreversible encryption algorithm, Preferably your own and not a standard one created by PHP developers .

If i say how did i get to the number 65756876456846
65756876456845 + 1 = 65756876456846
65756876456844 + 2 = 65756876456846 ect ect.

Sorry i'm not good with explaining things

 

[_kabal_]

what?????

edit: GET is not more secure than POST, in that neither are secure.

honestly, using GETS for form posts is WRONG 99% of the time. there are times when you could use it.

You have a select box, with status's, and a grid below. using GET's is fine there

eg. /my-invoices?status=PAID

using gets means you have double urls.

/signup - fill in form

/signup-process - uses form values.

instead, the correct way is

/signup -> GET -> fill in form
/signup -> POST -> use form values



and as far as usage goes, the ONLY difference is the "method" attribute of the form tag

 

[SBSP]

@Kabal finally now i know what you guys are on about!!!
I couldn't understand what the hell is wrong with you people!

http://www.w3schools.com/php/php_get.asp
To everyone else I AM SORRY! My Bad!

<form action="welcome.php" method=[B][/B]"get"[B][/B]>
Name: <input type="text" name="fname">
Age: <input type="text" name="age">
<input type="submit">
</form>

AND

<form action="welcome.php" method=[B][/B]"post"[B][/B]>
Name: <input type="text" name="fname">
Age: <input type="text" name="age">
<input type="submit">
</form>

I actually forgot there i said it, that you can use get to post a form.


when i use $_GET i manually make links like so

<a href="http://www.index.php?Apology=Sorry Dudes!">Click me</a>

I NEVER use method get to post form information.
Infact i NEVER EVER use $_GET to retrieve/transfer sensitive (from one page to another) information either, i rather use a SQL query to extract what i need.

and i said IF i ever needed to i would prefer to use $_GET, but i don need to transfer , i only need to once
also i never ever use $_POST to transfer information that i need except for when logging in, cus i have to.

further i always use an encrypted cookie in conjunction with a session ID.

Would anyone be interested to flaw my "Self Built" login system ?
I would actually find it helpfull if someone can ? cus i'm sure i'm not 100% safe

 

[guest2013-1]

You live you learn dude. Be glad I'm not your senior cause I'd have smacked you upside the head by now

 

[Jolive]

PHP