Re: php includes and ajax [message #173097 is a reply to message #173095] |
Mon, 21 March 2011 01:37 |
Jerry Stuckle
Messages: 2598 Registered: September 2010
Karma:
|
Senior Member |
|
|
On 3/20/2011 8:35 PM, Lwangaman wrote:
> Ok you answered while I was formulating my next post; just wanted to let you know that I am doing user verification client side, for example the div that will be opened by the administrative buttons on the jquery-ui dialog will only exist on the page if you are an administrator. So even if you make the page believe you are an administrator it won't get you anywhere because you'll see buttons that don't actually do anything.
>
> But my problem is more than just user verification.
>
> For example, I have a div where a privileged user can fill out an event to be written to a calendar which is connected to a google calendar via a form submit. Instead of refreshing the page to submit the form I prefer to use ajax, so I have a php file called createEvent.php that has to include the ZEND GDATA libraries in order to submit the event.
> And I'm having the same include problems. These includes ARE server side. The ajax request is client side, coming from javascript, but the actual include IS server side because it's in my php file, not in my javascript file.
>
>
Which can easily be faked on the client. There is absolutely NOTHING to
prevent me from creating my own page with the buttons, for instance, and
submitting it to your server.
NEVER do verification client-side without server-side verification!
So what is your include problem? You have shown no PHP code so far.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|