PHP Inside Javascript?

Question

I have the following bit of code:

function deletet(username){
if(confirm("Do you REALLY want to delete your account?")){
    if(confirm("Are you POSITIVE?")){
        var check = prompt("Enter your password","");
        if(check){
            <?php
                require('functions.php');
                mysqlLogin();
                $password = 
                $username = $_COOKIE['sqlusername'];
                $queyreg = ("SELECT * FROM `users` WHERE username='$username'");
                $row = mysql_fetch_array($queryreg,MYSQL_ASSOC);
                $hash = hash('sha256', $row['salt'] . hash('sha256', $password));
                if($hash == $row['password']){
                    $sql = mysql_query("DELETE FROM `users` WHERE username='$username' AND password='$hash'");
                    if($sql){
                        ?> alert("Account deleted, thank you"); window.location='login.php'; <?php
                    } else {
                        ?> alert("There was an error deleting your account"); return false; <?php
                    }
                } else {
                ?> alert("Passwords don't match!"); return false; <?php
                }
            ?>
            return true;
        } else {
            alert("Please enter your password!");
            return false;
        }   
    } else {
        return false;
    }   
} else {
    return false;
}
}

A few questions.

1. How do I set $password equal to the username variable passed into the function?
2. Why don't I get the confirm() dialog when I call the function?

Answer 1

You need AJAX to handle that, here's a sample using jQuery.
Put this code in one PHP file, ajax.php

       <?php
            require('functions.php');
            mysqlLogin();
            $password = $_GET['password'];
            $username = $_COOKIE['sqlusername'];
            $queyreg = ("SELECT * FROM `users` WHERE username='$username'");
            $row = mysql_fetch_array($queryreg,MYSQL_ASSOC);
            $hash = hash('sha256', $row['salt'] . hash('sha256', $password));
            if($hash == $row['password']){
                $sql = mysql_query("DELETE FROM `users` WHERE username='$username' AND password='$hash'");
                if($sql){
                    echo 'deleted';
                } else {
                    echo 'error';
                }
            } else {
             echo 'false';
            }
        ?>

Then modify your JS code to call ajax.php through AJAX.

function deletet(username){
  if(confirm("Do you REALLY want to delete your account?")){
      if(confirm("Are you POSITIVE?")){
          var check = prompt("Enter your password","");
          if(check){
              jQuery.ajax({
                url: 'ajax.php?password='+username,
                type: 'GET',
                data: '',
                success: function(data) {
                  if (data == 'deleted') {
                    alert("Account deleted, thank you"); window.location='login.php';
                  }
                  else if (data == 'error'){
                    alert("There was an error deleting your account"); return false;
                  }
                  else if (data == 'false'){
                    alert("Passwords don't match!"); return false;
                  }
                }
              });
              return true;
          } else {
              alert("Please enter your password!");
              return false;
          }   
      } else {
          return false;
      }   
  } else {
      return false;
  }
}

Hope this helps.

Answer 2

All PHP is executed before your Javascript is executed. Your script will not work as expected.

If you want to execute PHP after receiving input via Javascript from the user, you will need to use AJAX to initiate a new request to the server.