0

I'm pretty new to AJAX so forgive me if this is a dumb question:

I would like to update a div with the content of a php-file which lies within a protected folder so it only can be included within a php-file but not adressed from the browser. Since JavaScript is client-side this would mean I couldn't call it, right?

For example I got my index.php with the following code (jQuery included):

<script>
$("#content").load("includes/login.php");
</script>

Where #content refers to a div. This works fine but as includes should not be accessible it becomes problematic.

Then I thought I could put something like a "wrapper.php" in the accessible area which then includes the specific php-files depending on which variables you give it.

Is this the correct way to approach this or am I doing it wrong?

Broco
  • 217
  • 2
  • 18
  • 1
    Your approach is right go on. – Jason OOO Mar 17 '14 at 16:46
  • Yes, you could use a wrapper to do it, but wouldn't that completely go against the point of the includes being inaccessible to begin with? – Kevin B Mar 17 '14 at 17:22
  • Well, the includes folder is inaccessible by client side, e.g. you cannot get content like www.example.com/includes/login.php, you only have access to example.com. Server-side-scripts CAN include files from /includes because, well, they're server-side. – Broco Mar 17 '14 at 18:30

2 Answers2

0

I think the idea of a "wrapper.php" is right. If you want to use it for many files you could do something like this, checking if it is an AJAX call to prevent direct load of the file:

// wrapper.php
<?php
// Check if it is AJAX
if (isset($_SERVER['HTTP_X_REQUESTED_WITH'])
AND strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest') {
    $filename = $_GET['f'];
    include 'includes/'.$filename.'.php';
}

And then:

$("#content").load("wrapper.php?f=login");

But be carefull with this, because it may be insecure.

Mariano Córdoba
  • 1,097
  • 1
  • 13
  • 29
  • Ok, that was how I wanted it to do, but you're right, I could just go example.com/wrapper.php and have the content loaded without the surrounding index.php, right? So I guess i just have to put a variable into index.php like $wrappedcall=1 and in wrapper.php test if $wrappedcall is 1 and if not just do nothing. Would that be ok? – Broco Mar 17 '14 at 18:34
  • I updated my answer. You could use a variable like `$wrappedcall` or you can check if it is an AJAX call, thus the file will never be loaded directly. – Mariano Córdoba Mar 17 '14 at 18:53
-1

If you want to be lazy, you could just load the entire page via load and parse the content to fetch #content

jQuery will split the argument by the space and use the second element as a selector for the entire page content.

$("#content").load("full/path/to/login #content");

No haters, I said it's a lazy method.

Ian Brindley
  • 2,197
  • 1
  • 19
  • 28