PHP / jQuery Question

[jordanj77]

I'm using jQuery load to update the content of a div when I click a button. Is there any way to make the loaded file (include.php) see the constant defined in index.php?

index.php:

define('CONSTANT', TRUE);
<div id="mydiv"></div>
<button onclick="$("#mydiv").load("include.php")">

include.php:

if(!defined('CONSTANT'){exit;} <-- I want this to work

Thanks.

 

[Sticks79]

Can't help with your php prob... but damn what a fuckin gorgeous asian, who is she?

 

[7figures]

You can pass in the constant as a GET parameter, as long as it isn't sensitive info (like a db password).

<button onclick="$("#mydiv").load("include.php?constant=<?= CONSTANT ?>")">

 

[moomycow]

You can pass in the constant as a GET parameter, as long as it isn't sensitive info (like a db password).

<button onclick="$("#mydiv").load("include.php?constant=<?= CONSTANT ?>")">

What he said

 

[jboeckman]

What happened to the pic

If you don't want to pass it you could always store it in a session

session_start();
define('CONSTANT', TRUE);
$_SESSION['CONSTANT'] = 'TRUE';
<div id="mydiv"></div>
<button onclick="$("#mydiv").load("include.php")">

include.php:
session_start();
if(!defined('CONSTANT') || $_SESSION['CONSTANT'] != 'TRUE'){exit;} // I want this to work

 

[jordanj77]

Thanks for the answers. I should have mentioned that I'm looking for a secure method...so GET wouldn't be secure enough, and I'm thinking sessions wouldn't be either (can be sniffed, right? I'm not using https)

I want to replicate the functionality of:

define('constant')
include('file')
in file: check if defined('constant') //kill script if it's not

as a security measure to prevent direct access to my .load()ed files. If they were PHP includes I'd just define the constant in the parent page and check for it in the include, but I'm kinda lost with how to do this securely when I'm using .load(). Of course there are other methods I could use to block access to those files...

Sorry the titties disappeared, here's more:

Sticks79: It's some chick named Mai Nadasaka, tbh just a random pic I found. Glad you liked!

 

[jryan21]

Using require will stop the php script with error on fail versus warning for include.

You can place php scripts (or text files, whatever) above the web root and give the server path of the files to require(). Depending on your setup, you can further restrict access to the files by tightening up the permissions. Take a look at how .htpasswd files are set up.

Another, more complicated way to do it - You could pass data back and forth from js to php with JSON via POST, essentially the same concept as AJAX. All you need is a http endpoint ( php script ) that handles POSTs and does what you need done. Restrict access to the endpoints so that only the calling script has access to it; you could also use https instead.