get parent url in ajax page using php

**Ciary** · May 7 '09, 07:31 AM

actually it isn't that difficult. you just do an ajax request using POST. there you send the URL of your main page. then in your PHP page, you detect if your $_POST['url'] is empty. if it isnt, you execute the php on your page.

EDIT:
some example code

Code:

function send(){
				XMLHttpRequestObject = GetXmlHttpObject();
				var sended = "data="+data+"&url="+url;
				var request = "yourpage.php";
				XMLHttpRequestObject.open("POST",request,true);
				
				XMLHttpRequestObject.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
				XMLHttpRequestObject.setRequestHeader("Content-length", sended.length);
				XMLHttpRequestObject.setRequestHeader("Connection", "close");
				
				XMLHttpRequestObject.send(sended);
}

this would be your request object but i guess you already have that.

Code:

function GetXmlHttpObject() {
				try{
					XMLHttpRequestObject = new ActiveXObject("MSXML2.XMLHTTP");
				}catch(exception1){
					try{
						XMLHttpRequestObject = new ActiveXObject("Microsoft.XMLHTTP");
					}catch(exception2){
						XMLHttpRequestObject = false;
					}
			
					if(!XMLHttpRequestObject && window.XMLHttpRequest){
						XMLHttpRequestObject = new XMLHttpRequest();
					}
				}
				
				return XMLHttpRequestObject;
			}

**vjayis** · May 7 '09, 08:53 AM

yes probably i can do like that.,

but in this case as u said when i post data from the front page to the ajaxpage it can be viewed by the user when he views the pagesource and the user can access it by just posting the data directly into the ajax page from his own designed html page.

this should not be done...

**Dormilich** · May 7 '09, 09:30 AM

most people won't do that, because
- they don't know anything about how websites work
- they don't want to (or don't care)
- it's too much work to do

despite that, you still can use a session to prevent "unauthoriz ed" access. but you can't stop people looking at your code. another possibility would be using Java Applets (but that's a totally different story)

**Ciary** · May 7 '09, 09:54 AM

other things you can do to secure it: putting your ajax request in a seperate js-file. or use SSI file. this will prevent the code from showing in pagesource.

one thing you'll never be able to work around is firebug. it will always make your Ajax requests readable. so whats the point in trying to hide it?
posting data is very difficult(as dormilich said) thats why most 'secure' Ajax-requests use posts rather then get.

**Markus** · May 7 '09, 09:55 AM

Originally posted by vjayis

yes probably i can do like that.,

but in this case as u said when i post data from the front page to the ajaxpage it can be viewed by the user when he views the pagesource and the user can access it by just posting the data directly into the ajax page from his own designed html page.

this should not be done...

It's not a huge deal where the data comes from, as long as it is validated/sanitised.

**vjayis** · May 7 '09, 12:07 PM

thanks for ur reply guys.

**Frinavale** · May 7 '09, 01:38 PM

Vjayis,

If your ajax page contains sensitive data that should only be displayed to people who are authorized (have permissions) to view this content you should consider implementing a system for user authentication/authorization (as Dormilich suggested in post 3).

This should be implemented in your server code because, as you have discovered, it's hard to do using a client side approach.

get parent url in ajax page using php

get parent url in ajax page using php

Comment

Comment

Comment

Comment

Comment

Comment

Comment