What is the best way to handle Ajax vs. Full page requests with PHP ?
I mean if I click a button that calls Ajax function and loads necessary info into a div and changes the URL.
How do I make that link work if the user copy it and use later to reach the same page.
In some of the apps I separate it with a hash. Something like a router and my code goes something like this:
var preRoute = document.URL.split('#');
if(preRoute[1] != undefined) {
//ajax call
} else {
//default page
}
you can try Jquery Adress http://www.asual.com/jquery/address/,
demo here
http://www.asual.com/jquery/address/samples/state/
or
http://vietcode.vn
You could check the headers. jQuery for example will add the following key/value to the header: X-Requested-With: XMLHttpRequest for ajax calls. See also this question
Using: jquery pjax - https://github.com/defunkt/jquery-pjax
you can detect on server side if you get X-PJAX request header
And a great feature of this plugin is the history manipulation and ease of use.
Related
I want any other server request goes through my server just like link in Gmail and i checked it there data-saferedirecturl="".
So how to use data-saferedirecturl in PHP automatcally in our website?
Exapmple:
Link
All links in Gmail are interpreted in the browser.
The data-saferedirecturl tag is added automatically.
So the href shows the link that you will be clicking in the bottom of your browser but sends you to a google-originated URL like https://www.google.com/url?hl=en-GB&site.com/324dd3.
This way the third party don't have access to sensitive data.
There are different ways to achieve this.
You can point all the redirects to the same page with the safe URL as a GET parameter (remember to use urlencode):
Link
Then in handler.php something like:
$desturl = isset($_GET["safeurl"]) ? $_GET["safeurl"] : false;
if($desturl != false){
//do something
header("location: ".$desturl);
}
If you want to use data-saferedirecturl you have to use some JavaScript, and intercat somehow with your server (ex. ajax calls).
Example (using jQuery):
HTML:
Link
JavaScript:
$(".test").click(function(e){
e.preventDefault();
let url = $(this).data("saferedirecturl");
// do ajax or check somehow the URL
location.href = url;
})
For security purposes, I want to stop the users from being able to view or send anything to the php pages I am going to use for ajax purposes.
So is there any way by which I can check whether a page has been called because of an ajax request or the page has been opened?
Does self=top consider ajax request or not?
/* AJAX check */
if(!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
/* special for ajax here */
}
else
{
//its a page request
}
this will only work when using JS frameworks that send this header :-by Bergi
No, you will need an other security model.
Of course you could set custom http headers (like X-Requested-With) or such when you are doing Ajax requests (many libraries do that automatically), and tell them apart from normal "view" requests. But everything can be faked, so there can be no security through determining that.
Even if you do stop people not using a ajax request, what's stopping people from changing the ajax request in the first place?
This would add little to none added security in my opinion especially with the ease this can be done with firebug for example.
I need to retrieve the actual URL that the user see's in their browser. I have an Ajax request running at page load. Hence, the regular $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"] expression returns the request URL of the Ajax request instead of the actual URL in the browser.
Any idea how to get this?
You could pass it up from javascript in your ajax request, using window.location.href.
Also, it's likely that $_SERVER['HTTP_REFERER'] will contain the browser's current location.
You could also try using $_SERVER['HTTP_REFERER'];. This might work, not 100% sure though.
You can't do that with server-side code, as there is no server-side variable that refers to what the client sees. The only thing you CAN see (and then again, it depends on the browser the user's using, some don't pass this info) is the HTTP_REFERRER variable. This however, is only set when a page calls another, not when users first access your site.
See this for more details.
A possible solution however, might be to use javascript function to send the browser's top URL to the server using an AJAX query, and to fire it client-side whenever a user loads the pages) you want to get this info for.
Edit: Damn, too slow, already answered!
Pass a hidden input that has the browser value set with your ajax request. Unless someone is being malicious, it should suffice.
If you do an Ajax-request, you could pass the address available through Javascripts window.location.href variable as a POST-variable with the request.
With jQuery it would be something like:
$.ajax({
url: 'your-url.php',
type: "POST",
data: { url: window.location.href },
success: function (data) {
// Do something on success
}
});
With such a request you could access the URL on the server-side with a simple:
<?php
$url = $_POST["url"];
?>
Actual Website Link in php
<?php
echo $actual_link = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
?>
Server-side languages can't see what happens after they've rendered and outputted the page.
My code structure is like this:
some php code here...
html
head
script
some ajax code here
/script
after running the ajax code, I want to redirect/refresh the page. How can I do it?
Thanks,
Try window.location.reload() in the ajax request success callback.
you can do it with JavaScript; place in AJax callback function:
window.location.reload(); //for refresh
window.location = "http://www.google.com/"; //redirect
Use JavaScript:http://www.tizag.com/javascriptT/javascriptredirect.php
Using window.location="URL" you can send the client to "URL".
But keep in mind that this will not work for people with JavaScript disabled (but so will you AJAX-code).
The best thing to do is to follow the ajax with a javascript redirect using document.location.href='page.html' as you're already relying on running some code in the browser.
Well it depends on what JavaScript version the browser has, but the latest versions should support:
window.location.reload(false);
Have that run on the callback from your AJAX routine.
I would like to create a basic URL rewrite using frames.
I don't have access to .htaccess to do mod_rewrite.
Is there a way using PHP, jQuery, JavaScript etc. to detect which URL has been clicked on and then open URL in new frame?
Ex: user clicks on /index.php?12345 it will open in framed window /pages/12345/index.html and if they click on /index.php?54321 URL will open in framed window /pages/54321/index.html
I don't think I really understand what you mean. Usually url rewrite works like this:
User clicks on http://example.com/content/example
Which is the rewritten to http://example.com/index.php?cat=content&page=example
You can somewhat fake this effect by making your links into http://example.com/index.php/content/example the webserver will still request the page index.php, in which you can then read the part after index.php (but before a query string) with
$_SERVER['PATH_INFO']
and then parse that to get what you need.
PHP.net on $_SERVER['PATH_INFO']
Contains any client-provided pathname
information trailing the actual script
filename but preceding the query
string, if available. For instance, if
the current script was accessed via
the URL
http://www.example.com/php/path_info.php/some/stuff?foo=bar,
then $_SERVER['PATH_INFO'] would
contain /some/stuff.
A PHP solution would be something along these lines:
if (!empty($_REQUEST)) {
$page = array_pop($_REQUEST);
if (is_numeric($page)) {
header("Location: pages/$page/index.html");
exit;
}
}
If I've really understand what you want, I think it's easy.
When the user clicks it calls a JQuery function which sends the content of the link to PHP with AJAX. After that, PHP analyses the link, gets the content of the page (with include()) and sends that to JQuery via JSON.
Such jquery might help,
jQuery(function($){
//this prevents all link elments' default behaviour
//when you click they won't navigate the page
$("a").click(function(){
//you get the links href
var actual_url = $(this).attr("href");
var new_url = "";
//[write your code here for converting actual url to new one]
//and open the new url in the frame you want
window.parent.yourFrameName.location = new_url;
//necessary for preventing default behaviour
return false;
});
});
Sinan.
Best solution is to use jquery to check if link was visited and then change link's target to _blank.
You could use plugin from this site:
link text and then execute such code:
$('a').visited(function () {
$(this).attr('target','_blank');
});
I think it is what are you looking for.