I have a page in my WordPress website that have a couple of links. Each link should refer to a PHP script file to do an action like downloading a file while staying in the same page without reloading the page.
I have created a folder called "scripts" in my WordPress theme to put all my PHP files inside it, and i have tested using direct links to those PHP scripts to be sure they work fine, like:
The links worked just fine when clicking them and the page wasn't reloaded of course. But since those links are invalid for WordPress and they expose my website, i am looking for a way to do the same behavior but with valid WordPress links, like:
Is there anyway i could do this?
I was able to fix this using the page-links-to WordPress plugin. It replaces my original PHP links with normal WordPress links.
If you wish to load PHP files without redirecting to them (and without using a plugin) I suggest you use an Ajax call. Add this to a Javascript that loads on your page:
$('.doAjax').click(function(){
$.ajax({
url: 'http://my_wordpress_website.com/my_ajax_handler.php'
type: "POST",
data: { action:'include_files_from_url', url:$(this).attr('href') },
success : function (data) {
//Actions upon success if needed.
}
});
return false;
});
Make sure to fill the correct URL for your Ajax handler. The action data should be the name of the function that handles your Ajax request on the PHP side. The next step would be to add that PHP function to functions.php:
function include_files_from_url()
{
//Optional data validation to prevent abuse.
if ( !isset($_POST['url']) )
{
echo 'invalid file name.';
die;
}
$allowedFiles = array(''); //Fill this with the file names you allow to be accessed.
if ( !in_array($_POST['url'], $allowedFiles) ) return FALSE;
//End of Optional data validation to prevent abuse.
$result = @include_once('includes/' . $_POST['url']); //This function assumes your files are in an includes folder. Change as needed.
if ($result) echo 'Successfully included ' . $_POST['url'];
else echo 'Failed to include ' . $_POST['url'] . '. File was not found.';
}
add_action( 'wp_ajax_nopriv_include_files_from_url', 'include_files_from_url' ); //To allow non-logged in user to use this call
add_action( 'wp_ajax_include_files_from_url', 'include_files_from_url' ); //To allow logged in user to use this call
Notice how this method gives you much more security options. First, the Javascript Ajax call does not specify your includes folder - that folder is only specified in the PHP file. On the PHP side we also check to see that a valid URL is asked for and that it is in your list of valid files to include. I encourage you to also add an array of valid ajax function names inside your ajax handler (so that any call to a function that you did not create will be refused).
Lastly, you can add URLs to be included to your HTML as such:
<a href="hello.php" class="doAjax">URL</a>