AJAX and PHP -- Page question.

[GetWindowRect]

I'm using AJAX to save user input to my database. The user input form is AJAX'd onto a main page.  The problem I am having is the user can type the AJAX page into the URL and view it (it won't work and doesn't have a design because it lacks my header/footer) and I'm trying to get it to only be accessible if it's being displayed on the page I want it on.

 

I tried using $_SERVER['SCRIPT_NAME'] to check if it was on the page I'm wanting, but this method doesn't work.  I tried creating a variable above the div tag and checking it, but this does not work as well.  Does anyone know a way to accomplish this?

[Ken2k7]

There are a few ways that I know of.

 

1. Use $_SERVER['PHP_SELF'] to match the part of the URL and then an if statement on that. If it's true, use a header() to redirect the person.

 

2. Use define() on a variable and then initialize it when you need a page to access the AJAX page indirectly. And on your main AJAX page, say if (!defined(something)) then header()

 

[vijayfreaks]

Hi..

        May I have your piece of code for that.. so can get idea..?

 

Regards,

Vijay

[GetWindowRect]

As for comparing the URL.  All of the following variables return the same script name.  

$_SERVER['REQUEST_URI']

$_SERVER['SCRIPT_FILENAME']

$_SERVER['SCRIPT_NAME']

$_SERVER['PHP_SELF']

 

My theory is that since I'm using an XMLHttpRequest object to load the page, then display it in a div tag, no matter what I use, the url that will get returned is the page I don't want accessed directly.

 

If I define a variable to test, they will also be able to access the page directly since that variable has been defined.  Unless I'm doing it wrong, it's not working either.

 

//On main page
define("ONPROJECTS",true);

//On AJAX page
if(!defined("ONPROJECTS"))
{
    //redirect
}
else
{
    //display
}

 

 

vijayfreaks:

My piece of code for what?

[Ken2k7]

Well I never used half the $_SERVER globals there so I wouldn't know Thanks for the info.

 

And yeah, so if you want to use the $_SERVER globals, you can just put this on your AJAX page (if I'm right, this is the page you want to prevent direct access):

 

<?php

if ($_SERVER['PHP_SELF']) header("Location: /");
else {
  // do something else
}

?>

 

And what do you want with your main site? Does your main site use a include or require function or what to call upon the AJAX page?

[GetWindowRect]

Sorry for being a little vague in my first post. 

 

I have a page "projects.php".

 

It displays a list of projects a user has created.  Once they click on a project, I load that project's information through AJAX above it.

 

In the project information section, they can either add more data or edit existing data.  Once they click submit, I use javascript to grab all the data in the input fields and use a POST ajax method to a page to save the data, then redirect back to that project. 

 

The way AJAX appears to be working, no matter what URL is in the address bar of the browser, the page name that I'm AJAXing is displayed through different $_SERVER tags.  So every time that page is accessed, it will say it's "editProject.php" regardless of the URL in the browser.

 

The problem with this is that if I say if($_SERVER['PHP_SELF']) or any form of that, it will always be that page, which, in turn, causes that page to either always load or never load.  I guess it normally wouldn't be too big of a deal, but on the editProject.php page, I don't include header/footer/any javascript/etc so if a user decides to go there directly, the functionality doesn't work at all.

 

As for the main page, the links call a javascript function to run the AJAX. I only include/require the header and footer which have the javascript linked through there.

 

Sorry if I'm not making much sense, I'm a bit tired.

[Ken2k7]

Oh well then there you go. If the page requires something for it to load, then make that the condition in the if statement.