0

The Problem:

I am currently making a game that requires access to database values to execute a PHP file with ajax. The PHP file works when I put the link in the browser, but not when called by ajax. This is because the session variables are not being passed.

I can not change the index.html to index.php in my Node game because that causes many issues, so I need a way to pass the variables from my database to my javascript without using direct PHP code in my javascript.

The Code:

Here is my PHP Code:

mysql.php 

function __construct() 
{ 

$this->dns= 'mysql:dbname=cashball_accounts;host=localhost;charset=utf8'; 
$this->username= 'myUser'; 
$this->password= 'myPass'; 
$this->db = new PDO($this->dns, $this->username, $this->password); 
} 


public function setCashAmount($cash_amount, $id) 
{ 
$sql = "UPDATE users SET cash_amount = :cash_amount - 0.05 WHERE id = :id"; 
$stmt = $this->db->prepare($sql); 
$stmt->bindParam(':cash_amount', $cash_amount, PDO::PARAM_STR); 
$stmt->bindParam(':id', $id, PDO::PARAM_STR); 
$result = $stmt->execute(); 
return $result; 
} 

} 
?>

subtract5.php

<?php
header('Access-Control-Allow-Origin: http://cashballz.net:3000', false);
include 'mysql.php'; 
session_start(); 

$cash_amount = $_SESSION['cash_amount'];
$userid = $_SESSION['id'];
$_SESSION['cash_amount'] -= 0.05;

$mysql = new Mysql(); 

$result = $mysql->setCashAmount($cash_amount,$userid); 
if($result) 
{ 
echo "5 cents have been subtracted!"; 
} 
else 
{ 
session_start(); 
session_unset(); 
session_destroy(); 
}
?>

My JS Code:

    $.ajax({
    type: "POST",
    url: 'http://cashballz.net/game/5game/subtract5.php',
    data: {}, 
    success: function (data) {
        alert(data);
    }
});

The Conclusion:

So when I put the link in the browser, the PHP code is fine and executes perfectly, but when I call it from AJAX the file is executed, but the session variables are undefined.

What do I do?

(I could pass the variables into the JS file and put them as data under AJAX, but I don't know how to pass the session variables without being able to have an index.php.

All of my node files are in a different folder that doesn't include PHP, and the PHP files are in one folder back with all the other PHP files.

Thanks for the help.

Aram Grigoryan
  • 740
  • 1
  • 6
  • 24
Patrick
  • 111
  • 12
  • "session variables are not being passed." Are these on different domains (seeing CORS)? Have you looked at authentication modules for node? A token approach maybe? Like JWT? https://www.npmjs.com/package/njwt – ficuscr Jun 27 '18 at 18:35
  • They are on the same domain, but the node is running on a server on that domain (port 3000). I was thinking of making a global file to run the variables throughout the whole script but i don't know what to use for it and if it will work – Patrick Jun 27 '18 at 19:05
  • I'm a little confused by the question. Do you want to share a cookie between PHP and Node? Maybe read up a bit and narrow down your question. This might be a good read: [Sharing data between php and node.js via cookie securely](https://stackoverflow.com/questions/5879132/sharing-data-between-php-and-node-js-via-cookie-securely) – ficuscr Jun 27 '18 at 19:09
  • Is it possible to just add this line to my config: AddHandler php5-script .php .html so i can just add php to the html file in Node without changing it's extension? – Patrick Jun 27 '18 at 19:51
  • Yes you can interpret your HTML files with PHP. Sounds like bad design if you can't just change the name in your application. Again though, not really understanding what you are asking, I'd remind you I can manipulate the DOM in a web browser. Is what you are envisioning secure? Never trust those darn users. – ficuscr Jun 27 '18 at 20:01
  • I can't change the index.html to index.php because it is in node, so i need a way to write php in the index.html to pass the session variable – Patrick Jun 27 '18 at 20:12

0 Answers0