Catching jQuery AJAX calls in index.php

[gm1984]

Hello everyone,

UF is working great for my project and I really appreciate everyone providing such a wonderful free system for us to use. I am able to catch POSTs on index.php when I submit stuff through forms, just like in the UF tutorials. My challenge now, is that there is a part on my page when I call jQuery AJAX via JavaScript. Right now, the ajax call works fine, but I can't catch it in the index.php. Here is the call:

$.ajax({
type: 'POST',
    url: '/ajax_handler.php',
    data: 'article_id=' + strData,
    success: OnLookupSuccess,
    error: OnLookupFail
});

Then, on ajax_handler.php I have this:

if (isset($_POST["article_id"]))
{
    echo "you are searching for " . $_POST["article_id"];
}

My query works just fine and I can retrieve whatever data I wish. However, I would like to catch this in index.php, but no matter what I try, it won't catch it, for example, in index.php I want to do something like:

$app->post('/ajax_handler.php/?', function () use ($app) {

    // check for authorized access
    if (!$app->user->checkAccess('uri_account-corpusdb')){
        $app->notFound();
    }
    // do cool stuff here...
    ]);

Do you guys have any thoughts on what to do? The only reason I want to catch it in index.php is so I can check for authorization, I don't want non-authorized people calling my AJAX..

Thanks so much in advance for any help!

Sincerely, Greg

[alexweissman]

Hey @gm1984, glad you're enjoying UF and welcome!

A couple things:

• you don't need a .php extension in your route name. One of the advantages of the front-controller pattern is that you can name your routes whatever you want. So, you don't need to call it ajax_handler.php. Call it something nice, like /article.
• I'm also a little confused when you say "on ajax_handler.php". Do you mean that you also have a file called ajax_handler.php? If so, you don't need that. The route $app->post('/ajax_handler.php/?', function () use ($app) { ... is the access point for when your AJAX request is submitted to the server. All requests are sent to index.php (using Apache directives in .htaccess), and then Slim uses the original URL in the request to invoke the appropriate route. Read this to learn more about MVC and the front controller pattern. It might just blow your mind.
• It sounds like you're just trying to look up an article based on its id, correct? For requests where you are simply retrieving data (as opposed to modifying it), you should use GET instead of POST. You may want to read up on HTTP request methods.
• Not sure what you mean by "I don't want non-authorized people calling my AJAX." You mean that you don't want unauthorized people to access article information? You can't control what code gets executed on the client side (issuing the AJAX request). It's what happens on your server that you can control, and that is where you need to do the authorization check. It appears that you are starting to figure it out, though, and using checkAccess is the correct approach.

Go ahead and read up a little more about the fundamental design patterns used by UF, and then hit us up in chat if you're still confused.

[gm1984]

Alex,

Thank you so much for your quick response! I will respond point by point:

• Okay, I think I didn't quite understand the front-controller pattern. I will give it a prettier name
• Yes, I created a file called ajax_handler.php. Calling the ajax the oldschool way outside of the UF design modal was the only way I could get it to work (temporarily). I will read up about the MVC front controller pattern. Thanks so much for posting it.
• Yes, I just wanted to look up an id of an article. Thank you, I will use GET for this operation.
• Correct, I don't want my server to return any ajax query data unless the user is a logged in member of some UF group that I specify.

Well, I think your post has already greatly helped me gain a more fundamental understanding of how things work. I really appreciate the time you've put in to answer my question. I'll follow up to this thread once I get it up and working.

Cheers, Greg

[alexweissman]

Cool, good luck! So yeah, if you have a pre-existing codebase, it will probably require some modification to integrate into UF.

My general advice is to check the dates of any online tutorials/guides you use. PHP and jQuery change very rapidly, and with anything written more than 3-4 years ago, there is a significant chance that you will be getting outdated information. For example, the success and error callbacks in jQuery are probably not the best way to chain asynchronous code anymore. Nowadays, people use .done(..., .fail(..., and .always(....

[gm1984]

Alex, great news, I got everything working the right way, thanks to your guidance! I changed my call to AJAX to:

            $.ajax({
                type: 'GET',
                url: '/article/?',
                data: 'article_id=' + strData,
                success: OnLookupSuccess,
                error: OnLookupFail
            });

(I know I'm bad I haven't used .done and .fail yet but I will change that today)

And in index.php I added this:

$app->get('/article/?', function () use ($app) {
    if (!$app->user->checkAccess('uri_account-corpusdb')){
        $app->notFound();
    }
    if (isset($_GET["article_id"]))
    {
        echo "you are searching for " . $_GET["article_id"];
    }
});

Everything is working great! This is my first experience with PHP, I'm coming from ASP.NET. I can't believe it took me so long to make the switch. I'm never going back! Big thanks!!!

[alexweissman]

Awesome! Glad it's working for you and you're enjoying UF and PHP. PHP has really come into its own in the past few years, with community coding standards, a package manager and community package repository, and recent improvements in performance. It's definitely no longer the toy scripting language that it was in the early 2000's.

As an additional note, you might also want to use Slim's wrappers for request parameters instead of the raw $_GET and $_POST superglobals. This provides a more uniform way to work with request parameters.

[alexweissman]

Let us know if you're having any more problems!