Jump to content
manlio

Ajax called files inside templates folder

Recommended Posts

Hi! I have a stupid question.

Usually I leave ajax called files outside PW, but in the case I wanna leave them in the templates folder which is the best approach to use?

Is it safe to create a unique template that can be associated for every ajax called file (for example based on template (sanitized) title)?

Just to explain it better, I could create a template  like (simplified version)

$path = $page->title;
$include ("$path");

and create a new page with this template for every ajax called script (changing accordingly the title).

Tthank you!

Share this post


Link to post
Share on other sites

Hello, 

I suppose there loads of ways of doing this, and it mostly comes down to person preference. I usually create a template called Ajax then give the template the ability to use segments, I use segment 1 for the group and segment 2 for the action, the rest I use GET. 

Then each action can live in an Ajax folder. The ajax.php will look like:

if($input->urlSegment1 == "users") {
	if($input->urlSegment2 == "get") {
		wireIncludeFile("ajax/users/get", ["id" => $input->get->id]);
	}
	if($input->urlSegement2 == "update") {
		wireIncludeFile("ajax/users/update", ["id" => $input->get->id, "email" => $input->get->email]);
	}
}

Then in ajax/users/get.php for example I do:

return $users->get($id);

Ajax request will be to the url domain.com/ajax/users/get/?id=1039 for example

Not sure if I'm answering your question here.

  • Like 2

Share this post


Link to post
Share on other sites

Thank you Tom, partially you replied to my question  :-) because I learned a new interesting approach. Thanks!

I think would be useful also to see other approaches.

For my specific question, do someone think it is a safety issue?

Thanks

 

Share this post


Link to post
Share on other sites
19 minutes ago, manlio said:

Thank you Tom, partially you replied to my question  :-) because I learned a new interesting approach. Thanks!

I think would be useful also to see other approaches.

For my specific question, do someone think it is a safety issue?

Thanks

 

I personally haven't had any issues, just make sure you do the standard checks that are built into ProcessWire's API https://processwire.com/api/ref/sanitizer/ also make sure you do permission checks such as updating a user:

$u = $users->get($id);
if($user == $u) {
	// Do stuff here
} else {
	// You don't have permission to edit this user
}

If for example you have profile pages which are a page, you will have a Page Reference field that will store the user then you can do:

$p = $pages->find("template=profile, user=$user");
$p->of(false);
if($location) {
	$p->location = $sanitizer->text($location); 
}
$p->save();

And the update will be url will be: 

domain.com/users/update/?location=England

In the ajax.php file you don't want to pass $user as this is built in however you do want to pass location:

if($input->urlSegment1 == "users") {
	if($input->urlSegment2 == "get") {
		wireIncludeFile("ajax/users/get", ["id" => $input->get->id]);
	}
	if($input->urlSegement2 == "update") {
		wireIncludeFile("ajax/users/update", ["location" => $input->get->location]);
	}
}

 

EDIT: 

Sorry, I didn't consider if you was using AJAX externally (websites on a different server), you will probably want some external authentication checks you can create fields for Users I would create a field called auth, salt the username and password then you can do a check on username and password salt and if it matches select that user as active $ajaxUser = $users->find("auth=$salt);
 

  • Like 2

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...