I have researched this but found luck and my question really is a hope and I'm doubting this is possible.
Can you route URLs to a specific PHP file using JavaScript? Like you would with rewrites in .htaccess. It would be a lot easier for several reasons for me to just link a fake URL to a PHP file with JavaScript.
The scenario is that I am creating a user profiles with PHP, a database and jQuery. Since I am using a history API script I can easily provide a profile for users without editing the .htaccess file IF a user navigates to a profile with a link. To do this I would preventDefault on the link click so you don't get a 404, get the href value, use AJAX to get JSON data from a PHP file and then AJAX in the template with info loaded in.
The problem is when a user directly enters the URL for example www.example.com/joebloggs, this would just cause a 404 since that file does not exist. I would like to intercept the page load with jQuery and instead load up the PHP template and ajax in info with JSON.
If not possible I will use .htaccess it would just be easier to do it with JavaScript
Related
I'm trying to update some text on a html page via jQuery ajax presently. This page's script calls an ajax request to a file in subfolder via jquery and displays that text.
I need to be able to update this file with text from a different html page.
I tried php, and found I didn't have file permissions to probably the ftp account or the webserver settings. Since php is the most popular method for file writing on a webserver, I haven't tried any other method.
I could try MYSQL + PHP for this, although I don't intend to put the root password in a text/php file.
I tried using Google Apps Spreadsheet with JSON output, and later found that JSON output was deactivated by Google (I guess).
Therefore, I was hoping to find a convenient way to get textual data from some source, and be able to update the textual data without any restrictions.
On most webservers, you will find at least one directory which is writable for PHP scripts. Else, you can place a file anywhere on the server and change the owner and write permissions, so that your PHP scripts will be able to write into that file. Please contact your webserver admin for details.
MySQL passwords in PHP files are no issue, as long as you put your PHP file outside of the directory that servers as root directory for your website. E.g. if your root is set to /var/www/user1/website1/, you can put a script inside /var/www/user1/, the PHP script shall be allowed to read that. This is the usual approach.
I dont know if this possible
But I have an ajax function in my javascript and as all, we know we need to provide php file path in the ajax request and this will be visible to all the users and unfortunately they can see the path of the ajax files and where they are stored .but i dont want this to happen i dont want user or client to see my ajax filed Is there a way to hide this path from the client, from seeing the path of ajax files? i know its something obfuscation but i only want the path to be done is it possible?
Update
so is there any way to stop user from viewing or opening php files from the url, I mean if user enters the path of ajax files and hits enter he can see all my files over there and he can easily hack my data so is there a way to stop user from entering them , i want only my pages to access php files not from users url,Thanks
It is not possible. The browser has to request the URI. The user can see what resources their browser is requesting.
"Ajax files" are not a special case. You need to secure them in exactly the same way as any other resource you provide over HTTP. i.e. use authentication and authorisation to make sure that only users who are allowed to access them do, input validation to make sure that any data sent to them is acceptable, and escaping to make sure that the data doesn't cause you problems if you try to insert it into SQL/HTML/JS/any other data format.
Response to update:
so is there any way to stop user from viewing or opening php files from the url
Still No!
I mean if user enters the path of ajax files and hits enter he can see all my files over there
You can configure your server to not serve a DirectoryIndex. The specifics depend on the server. Alternatively you can put a blank index.html file there.
and he can easily hack my data
How?
so is there a way to stop user from entering them
No.
i want only my pages to access php files not from users
Only an HTTP client can request a URI. There is no way to distinguish between an HTTP client responding to an instruction from JavaScript that you have written from one that is responding to user input.
a possible way would be to obfuscate it so that its not user readible. expl; by using a main script and including the file by switching on some POST/GET param your sending (could be a random string, hash, number).
more efficient obfuscation can be acchieved, when you would redirect all traffic to one script via mod_rewrite. Somewhere in the url, you hide a number, that tells you which file to use. Then you add random string before and after it (with specific length) and read it from your main script. But then the user will find out by looking at the javascript.
but srsly. why do you care? there is no security by obscurity!
/updated to your updated question;
I think you want to be looking at your apache configuration; use .htaccess files or better, disable indexing of a directory all together. The user wont be able to know about all your php files. Only the ones, you made public via links in your application. There is no such thing as "only letting ajax access file but not the user". because ajax IS the user and vice-verca! you are sending ajax request on behalf of the user! and if the user enters the url in the browserbar, its the same as sending an ajax request.
You could add a special header with your ajax call (or use the one already supplied), but that wouldn't change anything, as soon as the user looks at the traffic close enought.
What I think you want is a User Session to only allow privileged users to fully execute a script.
Unless you are using jsp technology with apache tomcat, you can place your folders in the WEB-INF.
No.
This is not possible. The client performs the request and the client is under the users control.
Consider I have a URL, now I want to have some information associated with the URL on my page same way as Facebook or other websites such as LinkedIn do. You submit a URL and the data about the website is retrieved to be submitted. I am using JQuery and HTML for an application and want to know how to do this thing. My application has few URL's retrieved from the different sources. I want to show some of the information instead of plane URL's. How is it possible to make such a thing using JQuery?
You cannot access external URL's directly by AJAX calls because of the Same Origin Policy. What you'll have to do is to submit a request to your own server, and have some serverside code request the external URL and retreive information.
How that is best achieved depends on what serverside setup you're running.
.NET example
PHP example
(basically just google "Screen scraping" + your language of choice)
You need to process the whole page to search for images or useful information.
I have a client request on one of my projects where they want to be able to enter a url and have it pull in some information form the site who's url they entered and save it in the database.
So the user enters: http://www.example.com/2342342 and my controller visits that site, and gets the content of the first <h1>Tag</h1> on the site and saves this in the database. Is this possible? If so, how would I go about doing it? Would I use some rails commands to do it, or something else, like jQuery?
Nokogiri is a great parser and can work directly with an url.
So two steps there:
Instantiate a Nokogiri object with the url as param
Parse the html page to get what you expect
Find instructions here: http://nokogiri.org/tutorials/parsing_an_html_xml_document.html
Because you'll work with another website, keep in mind two advice:
wrap your queries so that you can rescue if the website is down
consider using ajax request because it could be long
I would checkout the Railscast here:
http://railscasts.com/episodes/190-screen-scraping-with-nokogiri
It's explained very well on how to use Nokogiri and scrape content from other sites.
I'm new to web programming, so I need some help.
I am writing a custom file-creation app for my site. A user visits the page, clicks on some various options and toggles some checkboxes, and the presses a 'download now' link.
I have a PHP backend which will be processing the submission, and generating a PDF file. After the user presses the download link, I want the download to start like it would for any static link.
My question is: What is the best way to do this? From my limited understanding, I have a choice between using AJAX or somehow using forms to submit the data. What are the advantages/disadvantages of each? Does anyone have any good links to examples?
Thanks
Actually you cannot download a pdf via XMLHttpRequest (AJAX).
In general you should simply redirect the user to the resource that will generate the PDF with the proper MIME type, and then leave it up to the browser to figure out how to handle it.
AJAX will not work here, because you cannot use AJAX to download the file.
Instead, you should make a normal form, and have the PHP backend serve a file download when the form is submitted.
Just use a form. Ajax provides no benefits and a lot of complications under these circumstances. (You could use it, although you would have to use a non-XHR implementation, but it would be pointless to do so)