Script Protection

[bdmovies]

I'm using

 

<?php
# No Direct Access
defined('_include') or die('Direct access not allowed on this page.');
?>

 

To protect my includes.

 

However, several of my pages are needed for AJAX calls, and if I use the above referenced code on those pages, it will die.

 

How could I pass a constant of say _ajax along with the form to the php page needed for the PHP?

 

Could I do something like

 

<?php
if($_POST['ajax'] == "_ajax") {
   define('_ajax', true);
}
defined('_ajax') or die('Direct access not allowed on this page.');
?>

 

Or is there a better way?

 

[tomfmason]

I think the best method would be to keep your first code, make a single point of entry and then dispatch the requests as needed. An observant person could pick up on the fact that the ajax calls only work if ajax is posted.

[bdmovies]

So send all of my ajax needs to "ajax.php" and define my constant there, and then include my individual ajax pages?

 

ajax.php:

define my constant

include('pagewheremyajaxhappens.php')

 

Something like that?

[tomfmason]

I normally take an approach more like:

 

<?php
//define here
//include additional code
class Ajax {
    private $action_prefix = "ajax_";

    public function dispatch($action){
        if(!empty($action) && !stristr($action, $this->action_prefix) && in_array($this->action_prefix . $action,  get_class_methods($this))){
            //now we call the requested action
            $this->{$this->action_prefix . $action}();
        } else {
            //invalid action
        }
    }

    private function ajax_foo() {
        //do something amazing here
    }
}

$ajax = new Ajax();
$ajax->dispatch($_GET['action']);
?>

[bdmovies]

Interesting. I am just now starting to tap OOP, Right now I'm using it predominately for database relations. Could you explain a bit of what exactly is happening in your class?

 

If I am reading this right (and I'm only about 50% I am) I could create a private function for all of my ajax pages. Right now I've got a folder called "ajax" with about 20 different files in it. Could I move those 20 pages into 20 different functions inside my Ajax class?

[PC Nerd]

most likely.

 

However you might want to have them each as a class, whos parent is an AJAX class, so it knows how to handle connections by default - withought your scripts having to handle that.  Its a nice Idea that I hadnt even thought of till I read it.  I was going to go with bdmovies idea.

[tomfmason]

However you might want to have them each as a class, whos parent is an AJAX class, so it knows how to handle connections by default - withought your scripts having to handle that.  Its a nice Idea that I hadnt even thought of till I read it.  I was going to go with bdmovies idea.

 

That is pretty much exactly what I was meaning. ie.

 

ajaxbase.php

<?php
//check for your defined variable
class AjaxBase {
    private $action_prefix = "ajax_";
    public function dispatch($action){
        if(!empty($action) && !stristr($action, $this->action_prefix) && in_array($this->action_prefix . $action,  get_class_methods($this))){
            //now we call the requested action
            $this->{$this->action_prefix . $action}();
        } else {
            //invalid action
        }
    }
}
?>

 

foo.php

<?php
//check for your defined variable
include dirname(__FILE__) . '/ajaxbase.php';
class AjaxFoo extends AjaxBase {
    private function ajax_bar() {
        //something amazing
    }
}
?>

 

index.php

<?php
//defines here
if(empty($_GET['page']) || empty($_GET['action'])) {
    //invalid action
} else {
    $file = dirname(__FILE__) . '/' .  basename($_GET['page'] . '.php');
    $class = 'Ajax' . ucfirst(basename($_GET['page']));
    if(file_exists($file)) {
        include $file;
        $ajax = new $class;
        $ajax->dispatch($_GET['action']);
    } else {
        //invalid action
    }

}
?>

 

now index.php?page=foo&action=bar would call the ajax_bar function of the AjaxFoo class.