Jump to content

Ajax called files inside templates folder


manlio
 Share

Recommended Posts

Hi! I have a stupid question.

Usually I leave ajax called files outside PW, but in the case I wanna leave them in the templates folder which is the best approach to use?

Is it safe to create a unique template that can be associated for every ajax called file (for example based on template (sanitized) title)?

Just to explain it better, I could create a template  like (simplified version)

$path = $page->title;
$include ("$path");

and create a new page with this template for every ajax called script (changing accordingly the title).

Tthank you!

Link to comment
Share on other sites

Hello, 

I suppose there loads of ways of doing this, and it mostly comes down to person preference. I usually create a template called Ajax then give the template the ability to use segments, I use segment 1 for the group and segment 2 for the action, the rest I use GET. 

Then each action can live in an Ajax folder. The ajax.php will look like:

if($input->urlSegment1 == "users") {
	if($input->urlSegment2 == "get") {
		wireIncludeFile("ajax/users/get", ["id" => $input->get->id]);
	}
	if($input->urlSegement2 == "update") {
		wireIncludeFile("ajax/users/update", ["id" => $input->get->id, "email" => $input->get->email]);
	}
}

Then in ajax/users/get.php for example I do:

return $users->get($id);

Ajax request will be to the url domain.com/ajax/users/get/?id=1039 for example

Not sure if I'm answering your question here.

  • Like 2
Link to comment
Share on other sites

Thank you Tom, partially you replied to my question  :-) because I learned a new interesting approach. Thanks!

I think would be useful also to see other approaches.

For my specific question, do someone think it is a safety issue?

Thanks

 

Link to comment
Share on other sites

19 minutes ago, manlio said:

Thank you Tom, partially you replied to my question  :-) because I learned a new interesting approach. Thanks!

I think would be useful also to see other approaches.

For my specific question, do someone think it is a safety issue?

Thanks

 

I personally haven't had any issues, just make sure you do the standard checks that are built into ProcessWire's API https://processwire.com/api/ref/sanitizer/ also make sure you do permission checks such as updating a user:

$u = $users->get($id);
if($user == $u) {
	// Do stuff here
} else {
	// You don't have permission to edit this user
}

If for example you have profile pages which are a page, you will have a Page Reference field that will store the user then you can do:

$p = $pages->find("template=profile, user=$user");
$p->of(false);
if($location) {
	$p->location = $sanitizer->text($location); 
}
$p->save();

And the update will be url will be: 

domain.com/users/update/?location=England

In the ajax.php file you don't want to pass $user as this is built in however you do want to pass location:

if($input->urlSegment1 == "users") {
	if($input->urlSegment2 == "get") {
		wireIncludeFile("ajax/users/get", ["id" => $input->get->id]);
	}
	if($input->urlSegement2 == "update") {
		wireIncludeFile("ajax/users/update", ["location" => $input->get->location]);
	}
}

 

EDIT: 

Sorry, I didn't consider if you was using AJAX externally (websites on a different server), you will probably want some external authentication checks you can create fields for Users I would create a field called auth, salt the username and password then you can do a check on username and password salt and if it matches select that user as active $ajaxUser = $users->find("auth=$salt);
 

  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...