Php Or Javascript For Login

Dear friends I want to know whether PHP or Javascript which is the better one for making login and logout programs that is validation programs. Actually I know how to make login programs in PHP and its not having any problem but I don't know about Javascript programing for validation so I am not able to compare it with PHP so please let me know the difference and one more thing which I would like to know is that if javascript is better for validation program then please help me with some codes also. Thanks in advance dear friends for the help.

Well PHP and javascript are different. PHP works on the server side where as javascript works on client side web browser. PHP is responsible for all the database connection and user validation process. Javascript just works on client side and will help you to check validation of the data like whether the user filled in all the required fields, whether he entered data properly etc.. You can't do anything beyond that. So, you must design your login page using PHP. And it is best idea to use javascript to validate the fields at the client side. It will save bandwidth and quicken the process. Just remember that PHP is server side scripting language, and javascript is client side scripting language.

Either way you need to validate using PHP. I can easily disable any javascript validation just by changing a setting in my browser to turn javascript off, bypassing validation completely. So you definitely need to validate in PHP. The advantages of Javascript validation are two fold:Firstly if you had 1000 people using the form at the same time, and each one put some wrong data (let's say they didnt put an email address in) then that means that your form gets sent to the server 1000 times. Not that good! it means that your server needs to do 1000 sets of work only to tell the user to enter an email address and try again. If, however, you used javascript then the data doesnt get sent to the server at all, all the validation happens in their browser on their machine. So if 1000 of them put in a wrong email address but 5 put it all in correctly then the 1000 who did it wrong get a message that its wrong and your server doesnt need to do a thing, all it has to do is deal with the 5 people that got it right.So the bottom line is that Javascript can lighten the load for your server as the data only gets sent if it is valid. In a login script this is only useful to detect if they left a field blank, you cant use javascript to check if a username/password is correct, that is very insecure. (unless you use PHP to do the checking and JS to return the result. but still its not best) The second advantage is for the user. How annoying is it to fill in a form and hit submit and then wait a few seconds before the page says you did it wrong? On the other hand how much better is it that as you type if you miss something out a little bit of red text appears saying "You need to fill this in" so, so, so much easier, more professional and quicker. You can do this with javascript.Think of when you sign up to a website and the page automatically says it is free or taken with red/green text before you even click the submit button. That is javascript, usually known as AJAX which is basically Javascript talking to a PHP page and asking if that username is already in the database. the PHP simply replies yes or no and you get your message about success or failure. Very smooth and efficient!

I would choose PHP to do the validation. As mentioned, people can just turn off js and that would render the validation useless.

Hi!I would like to mention that JavaScript can be used for server side scripting as well as client side scripting, though most people use it only for client side scripting. Netscape's Enterprise server was quite popular for server side Javascript development, though Jaxer seems to have taken over in popularity now. The benefit of using server side Javascript is that you can use the same language for writing both the client side and the server side code. Apart from that, we have the ECMA standard upon which Javascript is based - this provides a vendor neutral implementation of Javascript, be it on the server side or on the client side. Standards usually leave some room for ambiguity so do expect differences between the solutions provided by different vendors. Chances are that we will see the Mozilla Firefox vs Microsoft Internet Explorer scenario re-enacted between two other players in the industry.

When you put Java and PHP together, you can have a type of AJAX... now that would be an ideal script for log in.Instead of refreshing the entire page when a wrong user name or password is entered, it can also avoid brute username and password hacking attempts. Running java, as we all know, as many benefits such as reducing the resource of server cpu. And we also know that java can't run when a browser has it turned off. So any script that is server side would be the way to go, in my opinion.

Just to clear it up, Buffalo means javascript, not java applets. Javascript+php are, as he quite rightly said, called AJAX and are very useful. I dont know if Java (apps) and PHP can work together.

I would choose PHP to do the validation. As mentioned, people can just turn off js and that would render the validation useless.

I would suggest using both. If you have a form that requires an email address then you can use JS to make sure it is in the format xxxxxxxxx@xxxxxxxxx.xxx and use PHP to do the exact same thing. This way if a user types in something wrong, then clicks the next textbox JS can grey out the "submit" button so it doesnt work, and give them an error, which is faster and better than submitting the form and then getting an error message. If someone wants to disable your JS script then they just harm themselves because PHP will check the exact same thing and *then* give them the exact same error with all the hassle of waiting for a new page to load only to be told to try again.

So to a normal user it is more useful and faster and to a malicious one it is just annoying

Using both javascript and PHP for validation is a good practice for performance and security. Javascript improves the performance while php deals with security. And using AJAX along with PHP is better option and is a common practice for all websites now.

Flex is also a nice language for forms. Based loosely on XML and Flash you can basically write a flash based form (needs the flash plugin) with instant updates for notifications etc.... Plus it is pretty secure since it's code cant be viewed, all the user sees is a flash app (i think....) Not as universal as Javascript though. Ajax is definitely something to look into if you are going to be developing a lot of interactive websites with forms and user interaction.

Flex is also a nice language for forms. Based loosely on XML and Flash you can basically write a flash based form (needs the flash plugin) with instant updates for notifications etc.... Plus it is pretty secure since it's code cant be viewed, all the user sees is a flash app (i think....)

Though I don't have any knowledge about flex, I had seen a login page of flex and User Interface and functionality is amazing. But the only problem is most users don't have or turned off flash, which will be a problem if we depend of flex. Yes, you're right, its not as universal as javascript because of that reason.

Thankyou dear friends, I have really really benefited by this discussion by you friends, Obviously now I have understood the base difference between PHP and JavaScript and now I know how to use it with PHP in a better and fruitful manner.

I think PHP is better choice for login script.1. javascript may fail in some computers where it is not javascript capability2. javascript is only client side, so possibility of loosing security (some one may play with cookie)

I wanted to touch base with another method of logging in...via htaccess.But that would be for another topic, another time.I agree with getube. By controlling the content and how its viewed (whether javascript enabled or disabled by a local user) using any means of Server Side scripting would be the best way to control and secure the login process.

to add my two cents to the topic, even though javascript saves bandwidth by validating forms in html and leaves less work for php on the server, but remember that you also loose bandwidth and performance by outputting that javascript too but in overall I guess it's still a better practice, to use both at these times, there are plenty sites which has only javascript validation which is really stupid. :PYou output lots of javascript code to the browser to every user, which doesn't do anything if lets say 88% of users always fill the form in the right way without any errors..