Jump to content

GHOST message !


ajoo

Recommended Posts

Hi all !

I have an ajax page which is working great when it is in the root folder. It is triggered when a certain values dips below a predefined value while a valid user is logged in. The page is simply a form with a drop down and a text box and a message bar at the bottom. The message displays appropriate success or false messages. Everything works good.

However I wanted to move the ajax.php into the includes folder outside of the webroot and I did so. The form still works great but the message bar returns my messages embedded somewhere inside entire index.html loaded so far. There are no errors or access errors. The message returned is equated to an empty string at the beginning inside the ajax.php and then populated with the appropriate message which is echoed back.

I simply cannot make out where it is picking up the entire index.HTML from and more importantly why ?

Please help.

Thanks.

Link to comment
Share on other sites

Hi Requinix,

:confused: What's that supposed to mean please! ? ?

Ok So I know somewhat the issue that is. It's happening because I had to change the action value of my form to pass through a GET value as variable to my index file where as earlier it was the ajax.php itself. To be more clear, earlier I had action = "ajax.php ", but now with the file in the includes folder outside the root, it's index.php?page=ajax.

But with the file outside the root, i need this. Correct? So please enlighten me how may I fix this to get only the desired output returned?

You think i am worrying too much about security ? Like it's ok to let the files be in the root and not move them outside it?

Thanks !

Link to comment
Share on other sites

It means that you may have given some information but you didn't give the sorts of details that make it possible to actually answer your question.

So generic answer:

If your file needs to be web accessible then you can't move it out of the web root and expect it to keep working. Either keep it where it is, or find a way to instruct your web server and/or PHP that it should send specific requests to that otherwise-inaccessible file.

Link to comment
Share on other sites

Hi requinix,

Thanks for clarifying that.

In my previous reply I have mentioned that I am able to access the ajax file in includes (outside the root) using a get variable. If I was just to go by the success or failure message returned by the ajax function, I would be good because the ajax call does what it's supposed to do and works great. However the issue is that the return value received by this method is the complete index.html while I just wanted a custom message to be returned signalling failure or success. I have no clue how I may be able to return just the message and not the whole index.html. I was hoping you would be able to show me how that could be done or not. ( my custom messages are also returned embedded in the index.html)

Thanks.

Link to comment
Share on other sites

HI Requinix,

 I meant a pointer in the right direction. Since the get variable tactic is returning the wrong result and I have no clue, as of now, how to proceed maybe you can tell me what else I could try. 

Thanks !

Link to comment
Share on other sites

Well I moved the ajax.php outside the root simply because I think that would be a safer place for the code or at least as much as can be moved there. I may be wrong. There are some mixed responses on this on the net.

What would you suggest ? See I am unsure and so I am asking.

Thanks.

 

Link to comment
Share on other sites

It's... no, moving it outside the root isn't going to change anything for the better. If the script needs to be run at user request, like yours, then moving it outside the root is irrelevant.

The only reason for files to be outside the root is so that the user can't plug in some URL into their browser and execute files they aren't supposed to. But here, you want the user to execute ajax.php. So not only is there no point to moving it, you're actually hurting yourself in the process.

Leave it where it was. It's fine.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.