PHP to create new .js file for each registered user

[vpetkovic]

Hello everybody,

This is my first post here and I am beginner in PHP world in terms of writing the code to serve my own purposes.

Well I am building a web app and basically it's a calendar which pulls information from .js file. Now I have thinking for the past couple of days how can I accomplish that each user that registers on the site manipulates its own .js file because information from .js file will be shown on calendar.

Let me tell you how it's currently set up:

1. JavaScript file with particular static name is called under the script that is placed on index.php and the data is displayed on the page itself.

So I would love to have is set it up like this:

1. Index page contains login form - Each registered/logged in user will have its own session
2. User registers and based on username/email new .js file is created out of a blank template and it is named based on user's username
3. user is then redirected to the calendar index which contains javascript that cals out that appropriate .js file based on the what user is logged in and displays data to the calendar

I am not sure if that is doable with PHP or not but that's my thinking how it can be done if it's doable. I am open for any kind of suggestions how all this can be put together and if you do have better ideas I would love to hear from you.

[ginerjm]

Wrong.

 

1 - programming is all about writing a program to handle data and produce from one place the desired results.  It is not about writing a custom piece of code for each user.

2 - What you are describing is data that will drive the client's experience.  Store that data in a db and use the user's id to identify it.  User logs in; script gets login (and validates it!!) and then uses that login id to go query the db for all the data pertaining to that user and outputs it to a webpage from a common script using variable data. 

Edited August 5, 2014 by ginerjm

[mogosselin]

Hello vpetkovic! Welcome to the wonderful world of web development

 

It's normal that you think about these kind of 'application designs' (or how you will program and structure your app) when you start up. But, it's not a good way to resolve these kind of problems.

 

Here's a couple of problems I can think of you will face if you continue with this kind of app design:

• You'll end up with a lot of duplications in your JS files (all the same code everywhere, only a bit of it changing)
• If you need to change your JS code, you'll need to change all of the JS files of every users.
• If you have a bug, you'll have a lot of fun trying to find what happens... Is it a bug in the JS file of this user? Are all the users affected? How will I correct this bug everywhere? Will I have to update one or more JS files? 
• If you want to evolve your JS, you'll have problems maintaining all the new and old JS files
• If you want to store events or something like this, you'll need to write code that will parse and change your JS files, which won't be easy nor fun (lots of potential bugs, etc.)

Now, lets say that you want to accomplish something like this in JavaScript:

alert('Hello ...username...');

The text '...username...' should be replaced by the current logged in user.

 

A way to do it (without having to create new JS file for each users), would be something like this:

<?php
  $username = getUserName();  // some kind of function that gets the logged in user's name somewhere (like from a data base)
 ?>
<script>
alert('Hello <?= $username ?>');
</script>

Everything between PHP tags (<?php and <?=) will be executed and 'changed' on the server side, meaning it will become text and then this will be sent to your browser.

 

Lets say that the username is 'Louie', then this will be sent to your browser by the server (after executing the PHP):

<script>
alert('Hello Louie');
</script> 

Then, you browser will take this and execute the code between the <script> tags.

Remember, Javascript is executed by your browser, the PHP is executed by the server hosting the PHP files.

 

Does it make sense to you?

[vpetkovic]

@ginerjm I understand that you are suggesting to goes of db, but currently I am thinking how it can be done with what I have and also know that for what I want to do I need to have some really advanced knowledge and so far I have only calendar that is pulling data form that "data.js" file. I will definitelly explore more what you suggested.

 

@moggoselin thanks for the reply. As I had no idea where to start and what is the best way to acomplish what I want I come up with, logical-to-me-but-probably-wrong idea as it turned out.

So if I understood it correctly, you are suggeting creating dynamic js file on the fly and inputing data from db like @ginerjm suggested?

[mogosselin]

@vpetkovic Exactly. You'll have just one JS file with PHP variables in it. The PHP variable values will probably come from a database. So, if you need to change the logic in the JS file, you'll just have one file to change.

 

One way to do it cleanly would be to initialize the JS variables in the PHP script:

 

<script>

var variable1 = '<?= $var1 ?>';

var variable2 = '<?= $var2 ?>';

...

</script>

<script src="your_js_file_here.js"></script>

 

Then, all you need to do in your JS file is to use the variable1, variable2, etc... 

 

Note that it could be not the 'super clean' solution in JavaScript to have that kind of global variables, but I'm not that experienced with JS. But I guess it's a start

[Jacques1]

Literally inserting PHP values into a JavaScript context is a very, very bad idea. There's a huge risk that you end up with unwanted code injections. In best case, the script simply crashes, in the worst case, people will actively exploit this bug to perform a cross-site scripting attack.

 

For example, if mogosselin doesn't escape $var1 and $var2 at all, then obviously you can inject a single quote to break out of the string and inject arbitrary code into the script element. But even if he escapes the values with something like addslashes(), there are still ways to inject code:

<?php

$user_input = '
    </script>
    <script>
        alert(String.fromCharCode(89,111,117,32,104,97,118,101,32,98,101,101,110,32,88,83,83,101,100,46));
    </script>
    <script>
';

?>
<script>
    // We escape all quotes with addslashes(), so everything should be fine, right? Except that it's not.
    var foo = '<?= addslashes($user_input) ?>';
</script>

Do you know every crazy syntax rule of HTML and JavaScript? I don't. So it's best to avoid this arms race altogether.

 

Instead, separate JavaScript and PHP. This is generally a good idea.

• Create a single static JavaScript file with the main logic.
• Create a PHP script which serves the user-specific data as JSON.
• In the main JavaScript file, make an Ajax request to the PHP script to load the data. If you're not using a JavaScript framework like jQuery yet, now is the time.

[vpetkovic]

Thank you for help all of you and @Jackues1ill pay attention more on security as well.

[Jacques1]

Cool.