WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] AJAX Calls - Security? (2 posts)

  1. pipelineae
    Member
    Posted 6 years ago #

    Currently writing a plugin for both WP and WPMU that uses ajax calls to do it's job.

    It's coming along brilliantly, however I've hit a wall.
    The plugin uses SQL inserts, and since the ajax calls to a page that isn't checked for security (ie: not auth_redirect'd), it's quite prone to sql-injection in it's current form.

    Since the plugin uses the xjax responseText for a lot of the page layout, I'm not sure how to go about restricting access to the php file to only logged in users.

    So, I guess what I need to know is:

    • What's the best way to wp-admin authentications without affecting the layout?
    • What files need to be included by the sql-insert file in order to have all the proper database functions declared?

    Thanks

  2. pipelineae
    Member
    Posted 6 years ago #

    Nevermind.

    After a little fooling around, I managed to include admin.php properly from the plugin folder, without wp-config.php being not-found.

    That allowed me to use the auth_redirect() function, which securely checks the cookies ensuring the user is logged in before accessing the php file.

    Took a bit of thinking, but I finally got there.

Topic Closed

This topic has been closed to new replies.

About this Topic