I was wondering if it's possible for a PHP-based proxy to handle AJAX data.
I'm trying to make one or use a ready-made script.
Thanks!
Yes.
Your client-side javascript can make an AJAX request to a same-domain server side script (e.g. PHP in this example), the PHP script could then make a request to a third-party url, process it however, and then return the result to the original client-side javascript.
If you can provide some additional detail, I, or someone else, may be able to provide a more concrete solution/explanation.
EDIT: See http://developer.yahoo.com/javascript/howto-proxy.html for an excellent explanation of the process.
AJAX Request using PHP as a proxy
AJAX data isn't different from any other kind.
Related
I need to write an AJAX request that is secure, and cannot be accessed through the source code or by any other means. Seeing as AJAX requests are written in javaScript/jQuery which is client-side, the request can easily be viewed. Is there any way to make AJAX requests invisible to users and unhackable?
Is it somehow possible to write AJAX requests with a server-side language such as PHP? From what I know I understand that PHP is a sever-side language, and that you need to write AJAX requests with a client-side language; however is there a way around this?
Thanks in advance :)
Is there any way to make AJAX requests invisible to users
No. Users can always see what your JavaScript asks their browsers to do.
and unhackable?
The same way as any other request. Use SSL where appropriate. Use Auth where appropriate. Keep data in appropriate places. Pass identification tokens instead of real data where appropriate.
Is it somehow possible to write AJAX requests with a server-side language such as PHP?
No. Ajax is, by definition, a request triggered by client side JavaScript.
You might be able to achieve the effect you want by making an HTTP request from the server instead of using Ajax, but that depends on what effect you actually want.
The idea is that I call all of my php scripts via ajax so the php scripts aren't visible when a user views the sourcecode.
Is this a good ideal especially regarding security and performance of my website?
The PHP code that you write will never been seen by the end user - the code is executed by the server and returns everything outside of the PHP tags (<?php ... ?>). The PHP code inside the tags is NOT returned to the browser.
As far as using AJAX is concerned this won't help you with security, your AJAX calls are only as secure or unsecure as standard GET or POST requests to the server. What AJAX may help you with is performance since it allows you to send and recieve data in the background. If your application is data-centric then AJAX will be useful to communicate pure data with the server. If you have a standard hierarchical website design then there's little user for AJAX, just use links to move around and forms to send data.
I need to call a PHP Script and Run (a function) on the Server .. by calling from client side by using Javascript. I know only Ajax Call from Javascript.
Is there any other standardized way to communicate from Javascript to PHP?
Please correct me if i'm wroing. Is XMLRPC an another approach?
Nothing that is well supported or practical.
Ajax is just shorthand for "Making an HTTP request from JavaScript without leaving the page".
PHP is heavily geared towards being a server side web language (so it is optimised for being accessed over HTTP). Browsers are focused on accessing content over HTTP.
No, you use a XmlHttpRequest (that is, I assume you don't want the user to experience any sort of page refresh).
To work cross browser easily I'd recommend using a library like jQuery which handles everything for you, everything is nicely encapsulated and abstracted so you don't need to worry about any of the details. That way calling your script becomes extremely easy.
XMLHttpRequest is the best way, as far as I know, but there are other techniques too. There is the old school way some sites still use. Using hidden iframes and sending request through it.You create an iframe with javascript, append it with 0 width and height and the request the php file. The output must be script that somehow communicates with the parent window script.
I want to write a PHP script that performs a routine task in a web app I use. I am trying to figure out the easiest way to submit a form, click a link, and get some information. What's the easiest way to do this (keeping the session open, etc.).
Javascript would be a better solution than PHP. You can use it in tandem with PHP to submit a form that references the same page, ie. <form method='index.php' action='post'>
If method is GET then you ought to be able to work it out form the URLs of a few real world attempts.
It POST then you are probably SOL unless it's your own web page./app and you know what $_POST it expects ... unless you find a tool to snoop your HTTP traffic and get the POST info from observing a few real wrold examples.
You can use CURL in PHP to simulate submitting data, clicked links, etc., I suppose, but a client-side scripting language like Javascript--as opposed to a server-side language like PHP--is more suited to what you're describing. I'd need more info to give you a specific example.
You will not be able directly emulate those events in PHP as web apps use Javascript on the client side and PHP is a different language and operates on the server side.
Firstly, I would see if there is an open API available for the web app you're wondering about, e.g. Gmail: http://code.google.com/apis/gmail/ . Not all APIs can do what the web app can do, so you'll need to check the documentation to make sure the API does what you want and has an easy way to interface with PHP.
The other option is to essentially reverse engineer how the web app communicates with it's server. Most all web apps operate by sending POST or GET HTTP data in some sort of serialized format like XML, JSON or text. You can use something like the Firebug add-on for Firefox to view POST/GET data. If you know what the server sends to the client and what the client sends to the server, you can essentially write a script using something like CURL to emulate the client in PHP instead of JavaScript. This would take quite a bit of work and probably involves a lot of trail & error.
Is it possible for a web page using Javascript to get data from another website? In my case I want to get it for calculations and graphing a chart. But I'm not sure if this is possible or not due to security concerns. If it is considered a no no but there is a work around I would appreciate being told the work around. I don't want to have to gather this information on the server side if possible.
Any and all help is appreciated.
Learn about JSONP format and cross-site requests (http://en.wikipedia.org/wiki/JSON#JSONP).
You may need to use the "PHP-proxy" script at your server side which will get the information from the websites and provide it to yours Javascript.
The only reliable way is to let "your" webserver act as a proxy. In PHP you can use curl() to fire a HTTP request to an external site and then just echo the response.
You can't pull data from another server due to the same origin policy. You can do some tricks to get around it, such as putting the URL in a <script> tag, but in your case it wouldn't work for just parsing HTML.
Use simple_dom_html, to parse your data server side. it is much easier than doing it in JavaScript anyways.
A simple way you might be able to do this is to use an inline iframe. If the web page you are getting the data from has no headers, or you can isolate the data being pulled in (to say an image or SWF), this might work.
cross-domain javascript used to be impossible, using a (php-)proxy was a workaround for that.
jsonp changes this entirely, it allows to request javascript from another server (if it has an API that supports jsonp, a lot of the bigger webplayers like google, twitter, yahoo, ... do), specifying the callback-function in your code that needs to be triggered to act on the response.
the response in javascript will contain:
a call to a callback-function you defined
the actual payload as a javascript-object.
frameworks like jquery offer easy support for jsonp out of the box.
once you have the raw data you could tie into google chart tools to create graphs on the fly and insert them in your webapp.
Also worth considering is support for XMLHttpRequest Access Control which is support in some modern browsers.
If the service provider that you are trying to access via a web page has this set up, it is a very simple call to XMLHttpRequest and you will get access to the resources on that site without the need for JSONP (especially useful for requests that are not GET, i.e. POST, HEAD etc)