[英]Check for Ajax request in CodeIgniter
I'm in a PHP script and I want to check whether the request is an Ajax request. 我在PHP脚本中,我想检查请求是否是Ajax请求。 (Basically to NOT allow direct script access, other than Ajax calls.)
(基本上不允许直接脚本访问,而不是Ajax调用。)
So, I'm defining IS_AJAX
somewhere in the main index.php
file: 所以,我在主
index.php
文件中的某个地方定义了IS_AJAX
:
define('IS_AJAX',
isset($_SERVER['HTTP_X_REQUESTED_WITH']) &&
strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest');
And then checking it at the top of my script: 然后在我的脚本顶部检查它:
if (!IS_AJAX) exit('No direct script access allowed');
Since I'm new to CodeIgniter, I would like to know: 由于我是CodeIgniter的新手,我想知道:
There is no need to add an if (!$this->input->is_ajax_request())
to every AJAX method if you use hooks (CI docs) . 如果使用钩子(CI docs),则
if (!$this->input->is_ajax_request())
为每个AJAX方法添加if (!$this->input->is_ajax_request())
) 。 This is based on Jorge 's solution in here with a few slight improvements: 这是基于Jorge的解决方案 ,稍作改进:
config/config.php
Enable CI hooks by changing the default value (from FALSE
): 通过更改默认值(从
FALSE
)启用CI挂钩:
$config['enable_hooks'] = TRUE;
config/hooks.php
Add the following at the end: 最后添加以下内容:
$hook['post_controller_constructor'] = array(
'class' => 'Ajax_only',
'function' => 'show_404_on_illegal_ajax',
'filename' => 'Ajax_only.php',
'filepath' => 'hooks'
);
post_controller_constructor
: called immediately after your controller is instantiated, but prior to any method calls happeningpost_controller_constructor
:在实例化控制器之后立即调用 ,但在任何方法调用发生之前调用
config/ajax_methods.php
Create a new config file with all the controllers and methods that should only be invoked when an AJAX request is made: 创建一个新的配置文件,其中包含只应在发出AJAX请求时调用的所有控制器和方法:
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
/*
|--------------------------------------------------------------------------
| References to all AJAX controllers' methods or the controller itself
|--------------------------------------------------------------------------
|
| Based on Jorge's solution: https://stackoverflow.com/a/43484330/6225838
| Key: controller name
| Possible values:
| - array: method name as key and boolean as value (TRUE => IS_AJAX)
| - boolean: TRUE if all the controller's methods are for AJAX requests
|
*/
$config['welcome'] = [
'index' => FALSE, // or 0 -> this line can be removed (just for reference)
'ajax_request_method_1' => TRUE, // or 1
'ajax_request_method_2' => TRUE, // or 1
];
$config['ajax_troller'] = TRUE;
hooks/Ajax_only.php
Create the hook itself, which detects if the current controller and/or its methods are present on the new config file above. 创建钩子本身,它检测当前控制器和/或其方法是否存在于上面的新配置文件中。 If so, it shows the 404 default page when the current request is not AJAX and the method/controller has a truthy value in the config:
如果是这样,当当前请求不是AJAX并且方法/控制器在配置中具有真值时,它显示404默认页面:
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class Ajax_only {
public function __construct()
{
$this->CI = &get_instance();
$this->CI->config->load('ajax_methods');
}
public function show_404_on_illegal_ajax()
{
$fetched_troller_val = $this->CI->config->item(
$this->CI->router->fetch_class()
);
$fetched_method = $this->CI->router->fetch_method();
$is_ajax_method = is_array($fetched_troller_val) &&
// verify if the method's name is present
isset($fetched_troller_val[$fetched_method]) &&
// verify if the value is truthy
$fetched_troller_val[$fetched_method];
// if the controller is not in the config file then
// config->item() returned NULL
if($fetched_troller_val !== NULL &&
$this->CI->input->is_ajax_request() === FALSE &&
($fetched_troller_val === TRUE || $is_ajax_method)
) {
show_404();
}
}
}
if you want customize the requests from your codeigniter app, try this: You must create a hook named Ajax_only.php in application/hooks folder 如果要自定义来自codeigniter应用程序的请求,请尝试以下操作:您必须在application / hooks文件夹中创建名为Ajax_only.php的挂钩
class Ajax_only {
private $_controllers = [];
private $CI;
public function __construct() {
$this->CI =& get_instance();
}
public function eval_request() {
$controller = $this->CI->router->fetch_class();
$method = $this->CI->router->fetch_method();
if ( array_key_exists( $controller, $this->_controllers ) && $this->CI->input->is_ajax_request() === FALSE ) {
if ( ( $this->_controllers[ $controller ] === TRUE || ( is_array( $this->_controllers[ $controller ] ) && array_key_exists( $method, $this->_controllers[ $controller ] ) && $this->_controllers[ $controller ][ $method ] === TRUE ) ) ) {
show_404();
}
}
}
}
/*Examples
* $_controllers = [
* 'my_controller_name' => TRUE //all methods must be ajax
* 'my_controller_name => [
* 'method_name' => TRUE //only the selected methods must be ajax
* ]
* ]
*/
And configure your application/config/hooks.php file 并配置您的application / config / hooks.php文件
$hook['post_controller_constructor'] = array(
'class' => 'Ajax_only',
'function' => 'eval_request',
'filename' => 'Ajax_only.php',
'filepath' => 'hooks'
);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.