I have a form in my Joomla! site. Once completed, the form should send an e-mail but only if some conditions have been met.
Not having been able to use standard, commercially available mailers while also checking those conditions, I am using jQuery.ajax to POST the content of the form to a custom PHP page that uses Factory::getMailer to actually send the e-mail.
Maybe it’s convoluted, but it works.
This PHP page is called, sends a mail and then does nothing else. It is not a part of my page. Right now, it does not even know that it is part of my site.
Despite hiding this PHP file from spiders, the name and path of the php file is available by looking at the code on my page. The query string is also available by looking at the ajax function. Anybody could build their own page that calls my PHP page and use it to send mail around (why would they, I have no idea, but it worries me that they can.)
I already know how to stop this:
defined('_JEXEC') or die('Restricted access');
Of course, it’s pointless to just declare
define('_JEXEC',1); on the line above. The _JEXEC definition should come from within Joomla!… but I don’t know how to.
I have tried turning my PHP page into a module, thinking that embedding my PHP page in the structure of the CMS would have been enough. I know I successfully uploaded the module because the PHP page gets called, but I see the "Restricted access" response: _JEXEC is not defined.
What am I doing wrong and what should I do to define _JEXEC and pass it to my PHP file, rather than defining it directly in the PHP file?
I’m using Joomla! 3.9.19
There is no way to pass the
JEXEC constant to the file, other than including a file that defines it - Generally you would want to go through Joomla for this.
Turn the whole form to a module and use com_ajax to make the AJAX calls to the helper of your module.
Alternatively, you could have used a mature form builder extension that has already dealt with all these.
Answered by FFrewin on August 6, 2020
Get help from others!