How to make a non-joomla page safe?

A multipurpose module, plugin and component

How to make a non-joomla page safe?

New postby jerry1970 » Mon Jun 13, 2011 8:49 am

Hi,

When I include a jumi script into a joomla page the usual way, I can do this:

<?php
defined('_JEXEC') ...
?>

But I am working on a script (contacts.php) dat has to load table data using AJAX from another script (ajax.contacts.php). The ajax.contacts.php is not included in a joomla wrapper, so '_JEXEC' is not defined. I cannot include it as a joomla page, because the joomla headers would be sent with the table data.

What is the best way to make sure people do not call the ajax.contacts.php directly?

Thanks!
Jerry
jerry1970
 
Posts: 1
Joined: Mon Jun 13, 2011 8:42 am

Re: How to make a non-joomla page safe?

New postby rawiri » Thu Jun 16, 2011 7:51 pm

if you are using
Code: Select all
<?php
defined('_JEXEC') OR defined('_VALID_MOS') OR die( "Direct Access Is Not Allowed" );
?>


then maybe this link helps:

http://bit.ly/kEvYB2

Good luck!

Dave
rawiri
 
Posts: 1
Joined: Thu Jun 16, 2011 7:46 pm

Re: How to make a non-joomla page safe?

New postby Simon » Sat Jul 16, 2011 1:17 am

Hi

Surely that is nothing to do with jumi:)
Any case you can use some logic to prevent direct access to script. For example when you send ajax request, send some parameter to ajax.contacts.php, and then just verify if it's isset, then continue.
For example, if you send $_POST[_JEXEC] in your request, then just do the following
Code: Select all
isset($_POST[_JEXEC]) or die( "Direct Access Is Not Allowed" );
User avatar
Simon
Site Admin
 
Posts: 1306
Joined: Wed Jul 13, 2011 8:53 pm


Return to Jumi

Who is online

Users browsing this forum: No registered users and 0 guests

cron