Ajax Controller

[eluser]JanDoToDo[/eluser]
Hey guys,

I currently have a controller which handles all my Ajax functions however I want to make the controller inaccessible to a browser. How would I go about doing this?

i.e. my controller is called 'process' and has various functions

When someone submits a contact request, it loads submit_contact() in the process controller via jquery Ajax call. However, it is possible for someone to go to domain.com/process/submit_contact which is obviously bad as I dont want them to be able to do this.

Thanks in advance.

Alternatively is there a better way to handle ajax calls?

[eluser]Jeremy Gimbel - Conflux Group[/eluser]
Just doing a quick bit of searching around, it looks like a most JavaScript frameworks set a header to indicate it came from AJAX. You could use code like this:

Code:

if( isset( $_SERVER['HTTP_X_REQUESTED_WITH'] ) && ( $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest' ) )
{
        // allow access....
} else {
        // ignore....
}

[eluser]danmontgomery[/eluser]
Personally, I prefer to set a constant in constants.php:

Code:

define('IS_AJAX', isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest');

[eluser]Rob Gordijn[/eluser]
noctum's version, minimal style using the input class from CI:

Code:

define('IS_AJAX', (strtolower($this->input->server('HTTP_X_REQUESTED_WITH')) == 'xmlhttprequest'));

cheers!

[eluser]Jeremy Gimbel - Conflux Group[/eluser]
Yes, I'd use the CI input class as well. Good stuff.

[eluser]ciKD[/eluser]
Can I use that also in e.g. error_db.php ?

To be able to return a json_encoded {"success":false,"message":"$message"} to the calling script?

Or in error_404.php ?

The output itself seems to works fine, but 2 problems [both SOLVED, see next post]:

1. How can I change the "500 Internal Server Error" header?
2. As soon as I add header('Content-Type: application/x-json; charset=utf-8'); nothing seems to be sent?

Code:

<?php
// called by ajax? look for http-header
if ((isset($_SERVER['HTTP_X_REQUESTED_WITH'])) && ($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')) {
   // found the header
    
   $json_arr = array(
      'success' => FALSE,
      'message' => trim(strip_tags($heading)) . ' ' . trim(strip_tags($message))
   );

   // as soon as the header is added, response is not as expected
   //header('Content-Type: application/x-json; charset=utf-8');
   echo json_encode($json_arr);

} else {
   // no header found, use normal html
?>
<html>
<head>
<title>Database Error</title>
...

[eluser]ciKD[/eluser]
After more investigation, I found the problem.

The default error-code 500 which is set before inclusion of error_db is the reason, in my case, browsers did not care about the content if error 500 is found and json-header is set.

If I set the error-code to e.g. 200, the ajax content-type can be added and all is fine. Took me quite some digging in Exceptions.php and database.php though but again I learned more about CI.

Of course it depends on your ajax-framework if you simply want a plain error 500 and handle this exception in javascript when loading the json or handling it via 'successProperty' e.g. in ExtJS and being able displaying more information to user.

New (working) code, can be used also with other errors:

Code:

<?php
// called by ajax? look for http-header
if ((isset($_SERVER['HTTP_X_REQUESTED_WITH'])) && ($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')) {
   // found the header
    
   // if $message was an array (e.g. via error_general.php ...)
   $message = str_replace('</p><p>', ' - ', $message);  

   $json_arr = array(
      'success' => FALSE,
      'message' => trim(strip_tags($heading)) . ' ' . trim(strip_tags($message))
   );

   set_status_header(200); // if ajax-framework/browser wants this not 500
   header('Content-Type: application/x-json; charset=utf-8');
   echo json_encode($json_arr);

} else {
   // no header found, use normal html
?&gt;
&lt;html&gt;
&lt;head&gt;
&lt;title&gt;Database Error&lt;/title&gt;
...