variable not being handed over to included php file

StackOverflow https://stackoverflow.com/questions/22555444

  •  18-06-2023
  •  | 
  •  

Question

I've got a construct of following php files:

  • a index.php which requires a header and a footer (works well)
  • a wrapper.php which calls the content of requested sites that are included in a protected folder "includes" (just readable via php server-side) per require_once
  • a login.php which lies within includes and is included by wrapper.php
  • header.php includes jquery and provides the header, while footer.php provides the closing tags etc.

I'll try to put a simplified code sample:

content of index.php:

<?
session_start();
session_name('platform');
require_once "includes/header.php";
$callwithinindex = 1;
if ($_SESSION['authenticated'] != 1)
  {
    echo'
      <script>
          $("#content").load("wrapper.php?target=login");
      </script>
      ';
  }

require_once "includes/footer.php";
?>

content of wrapper.php:

<?
if (isset($_SERVER['HTTP_X_REQUESTED_WITH'])
AND strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest' AND $callwithinindex == 1)  {
    $target = $_GET['target'];
    require_once 'includes/'.$target.'.php';
  }
?>

login.php provides html code for the login-window.

Problem is, that the $callwithinindex is not passed to wrapper.php and I don't understand why. The reason for this variable is to make sure that the wrapper.php can only be called if it's included in index.php besides the check if it is called as an xmlhttprequest.

If I leave the variable out it works (so the require itself works fine) but I don't understand why the wrapper.php doesn't get the $callwithinindex variable from index.php.

I didn't want to use a session variable because once it is set it would be possible to call wrapper.php without it being set in index.php anymore. Any hints?

Was it helpful?

Solution

It is completly possible... the problem you have is the condition in the file wrapper.php.

You are trying to validate some variables defined in the index.php but you're loading that page by ajax which implies that these variables are not available in the file wrapper.php

Load an ajax page is almost the same load that page directly in the browser.
So this is definitely not the best and secure way to validate a login action.

Now.. for OP code, main question and some explanations already given, I must add:

index.php

<!doctype html>
<html lang="en">
    <head>
        <meta charset="UTF-8" />
    </head>
    <body>
        <div id="content">dummy text</div>
        <script src="http://code.jquery.com/jquery-1.11.0.min.js"></script>
        <script type="text/javascript">
          $(function() {
            $("#content").load("wrapper.php?target=login");
          });
        </script>
    </body>
</html>

wrapper.php

<?PHP
    $target = $_GET['target'];
    require_once $target.'.php';
?>

login.php

<?PHP
    echo "I'm in!";
?>

Result of index.php in browser:

<div id="content">I'm in!</div>

So the logic works, but IMHO, is not suitable for this purpose.

OTHER TIPS

You are mixing server side programing language (PHP) with client-site (JavaScript). They are not inter-operable in this way.

It is NOT possible (feasible) to manage PHP includes via AJAX. Rethink what you are doing.

 echo'
 <script>
      $("#content").load("wrapper.php?target=login");
 </script>
 ';

This part of your code is javacript and it includes the rendered wrapper.php page already. PHP is server-side programming language.

If you want variables passed to wrapper.php, you must include it via php, like this:

 $target = 'login';
 include('wrapper.php');

Also remove this line from wrapper.php:

$target = $_GET['target'];

Your code is a mess ;-) You are generating server-side code and want the client-side code to include some files in your server-side code... not possible. The only way to get content from your server-side code is through Ajax in your client-side Javascript.

In general it is a bad idea to have client-side coding inlined in server-side coding and you should put your Javascript code in a seperate file and include that file with:

echo "<script src='myjavascript.js'></script>\n";

Instead of doing it your way I suggest halting or redirecting the user in case the user is not authenticated:

session_start();
session_name('platform');
require_once "includes/header.php";
$callwithinindex = 1;

if($_SESSION['authenticated'] != 1) {
  echo "You are not authenticated ... quitting!";
#  header("Location:/loginpage.php"); // maybe redirect them to a login-page
  exit();
}

require_once "includes/footer.php";

You can/need to pass $callwithinindex in the query string just like you did with $target, and process it in wrapper.php

<? /* index.php */
session_start();
session_name('platform');
require_once "includes/header.php";
$callwithinindex = 1;
if ($_SESSION['authenticated'] != 1){
  echo'
      <script>
          $("#content").load("wrapper.php?target=login&callwithinindex=$callwithinindex");
      </script>
      ';
}

require_once "includes/footer.php";
?>

And wrapper.php 

<?
if (isset($_SERVER['HTTP_X_REQUESTED_WITH'])
AND strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest' AND $_GET['callwithinindex'] == 1)  {
    $target = $_GET['target'];
    require_once 'includes/'.$target.'.php';
  }
?>

As mention by many other you should change your approach. But if you don't then this should work.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top