Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming AJAX with Application Folder Above the Webroot
AJAX with Application Folder Above the Webroot
  • El Forum
    Guest
  •  
#1
01-23-2013, 04:04 PM

[eluser]Unknown[/eluser]
When I started development of my application, I was advised to install the Application and System folders above the webroot for better security. After several months of development, I was asked to add AJAX functions to improve the user experience, which mostly involve inserting and deleting db records. Since AJAX can not access files above the webroot I started creating PHP files for each AJAX function in the webroot. I created a db connector in each PHP file and a specific function. This was ok as a workaround, but now it's getting a bit ridiculous and unmanageable. It also negates the benefit of using a framework.

Is there a way to call a controller file in a folder not in the webroot from a public_html PHP file? Such as /root/public_html/do_ajax.php calls the controller /root/secure_html/application/controllers/ajax.php

Is there some better way of performing AJAX functions with my setup that I am not aware of?

Is there another way to update the database without reloading the page (WebSocket)?

Should I bite the bullet and migrate my Application and System Folders to the webroot?

Thank you for your time.
  • El Forum
    Guest
  •  
#2
01-23-2013, 07:06 PM

[eluser]xerobytez[/eluser]
How are you currently serving all the other non-ajax parts of the application? Is your index.php just pointing to the application and system folder in the parent directory outside the webroot?
  • El Forum
    Guest
  •  
#3
01-23-2013, 09:07 PM

[eluser]Aken[/eluser]
Yeah, there's zero reason your ajax should be requesting files that are in your application folder, regardless of its location. Ajax requests should be made to valid CI URI's, just like the ones on your website now.
  • El Forum
    Guest
  •  
#4
01-24-2013, 03:24 AM

[eluser]boltsabre[/eluser]
I've only just started to ajax my first CI application, not sure how others handle it, or if there is a better way, but this is how I'm doing it.

- I already have a custom built 404 helper function.
- In my controllers folder I have a folder called "ajax", and in there I have each "ajax" request stored in it's own file.
- Sorry, I don't have this code on hand, you'll have to find it yourself, as I'm at work, but there is some code that determines if it is a ajax request. I've put that into my "config/constants" file, which returns "IS_AJAX" when it's an ajax request (just google "codeigniter, how to tell if it is an ajax request", you'll find something that works, I think there may even be a built in function in the latest CI release?)

- And in my "controller/ajax/some_ajax_controller" controller I just check on the first line of code if it is a legitimate ajax request, and if not show them a 404 page! (with 404 http headers obviously! All handled direct in my 404 helper)
Code:
class Some_ajax_controller extends MY_Controller(){
   //constructor goes here, if you want you can put the below 404 code,
  // which would make sense if you have more than one function!
  
   function some_ajax_function(){
      if(!IS_AJAX){
         page_not_found() //which is my custom 404 helper, which is already autoloaded
      }
   }

I can make ajax calls to this file, it'll work fine, just echo back whatever you need to, else if google bot, or a user tries to navigate to the file via the browser it'll throw my custom 404 page, essentially locking out all unauthorised access to the file.

I like this system because I can group "related" ajax functionality into a class and call it by function names, or if it's an isolated ajax call it just get's its own controller and I call the function "index" like normal.

I'm sure there are better ways of handling this, but it's working fine for me. And of course if you have a HUGE amount of ajax and you find that having one "ajax" folder is restrictive (ie, application/controllers/ajax/), you can scale it up and create ajax1, ajax2, ajax3, etc, or even group them into CRUD:

- application/controllers/ajax_create/
- application/controllers/ajax_read/
- application/controllers/ajax_update/
- application/controllers/ajax_delete/

It's all pretty flexible on how you want to set your folder/controller/ structure, whatever is going to work best for your situation!

If anyone more experienced has any input into this methodology I'd be grateful for your input, I've only just started my ajax-ifcation process, so it be very easy for me to update (now, not in 3 months time) to a better methodology.

Hope it helps somewhat Marcello
  • El Forum
    Guest
  •  
#5
01-24-2013, 12:08 PM

[eluser]Aken[/eluser]
boltsabre, you might consider using a different HTTP error code for your ajax request URLs. 404 is technically the wrong error.
  • El Forum
    Guest
  •  
#6
01-25-2013, 01:06 AM

[eluser]boltsabre[/eluser]
Yeah right, I've just investigated that, looks like a "403 - Forbidden" seems to be the general consensus on the matter. Will update that this weekend.
http://stackoverflow.com/questions/52983...y-url?rq=1
http://stackoverflow.com/questions/11723...ajax-calls

Aken, do you have any other thoughts on the methodology I mentioned above? Do it closely mimic how/where you handle your ajax files?
  • El Forum
    Guest
  •  
#7
01-25-2013, 01:19 AM

[eluser]Aken[/eluser]
Actually, that's not at all what I do. Not saying that your method is incorrect, though.

I use my actual URLs that can be viewed in the browser, and add logic to check for an ajax request. That way, depending on what type of request it was, either a normal page is output, or my Javascript-specific response is output. I'm big on making sure my sites work without JS, and this way I also don't have to worry about a bunch of <a href="#"> links on my page that go nowhere.

Btw, this is a default CI function:

Code:
$this->input->is_ajax_request()




Theme © iAndrew 2016 - Forum software by © MyBB