Search code examples
phpjqueryajaxrequire

variable not being handed over to included php file

I've got a construct of following php files:

  • a index.php which requires a header and a footer (works well)
  • a wrapper.php which calls the content of requested sites that are included in a protected folder "includes" (just readable via php server-side) per require_once
  • a login.php which lies within includes and is included by wrapper.php
  • header.php includes jquery and provides the header, while footer.php provides the closing tags etc.

I'll try to put a simplified code sample:

content of index.php:

<?
session_start();
session_name('platform');
require_once "includes/header.php";
$callwithinindex = 1;
if ($_SESSION['authenticated'] != 1)
  {
    echo'
      <script>
          $("#content").load("wrapper.php?target=login");
      </script>
      ';
  }

require_once "includes/footer.php";
?>

content of wrapper.php:

<?
if (isset($_SERVER['HTTP_X_REQUESTED_WITH'])
AND strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest' AND $callwithinindex == 1)  {
    $target = $_GET['target'];
    require_once 'includes/'.$target.'.php';
  }
?>

login.php provides html code for the login-window.

Problem is, that the $callwithinindex is not passed to wrapper.php and I don't understand why. The reason for this variable is to make sure that the wrapper.php can only be called if it's included in index.php besides the check if it is called as an xmlhttprequest.

If I leave the variable out it works (so the require itself works fine) but I don't understand why the wrapper.php doesn't get the $callwithinindex variable from index.php.

I didn't want to use a session variable because once it is set it would be possible to call wrapper.php without it being set in index.php anymore. Any hints?

Solution

  • It is completly possible... the problem you have is the condition in the file wrapper.php.

    You are trying to validate some variables defined in the index.php but you're loading that page by ajax which implies that these variables are not available in the file wrapper.php

    Load an ajax page is almost the same load that page directly in the browser.
    So this is definitely not the best and secure way to validate a login action.

    Now.. for OP code, main question and some explanations already given, I must add:

    index.php

    <!doctype html>
<html lang="en">
    <head>
        <meta charset="UTF-8" />
    </head>
    <body>
        <div id="content">dummy text</div>
        <script src="http://code.jquery.com/jquery-1.11.0.min.js"></script>
        <script type="text/javascript">
          $(function() {
            $("#content").load("wrapper.php?target=login");
          });
        </script>
    </body>
</html>

    wrapper.php

    <?PHP
    $target = $_GET['target'];
    require_once $target.'.php';
?>

    login.php

    <?PHP
    echo "I'm in!";
?>

    Result of index.php in browser:

    <div id="content">I'm in!</div>

    So the logic works, but IMHO, is not suitable for this purpose.