[wp-hackers] wp-admin folder and admin-ajax.php

Paul paul at codehooligans.com
Wed Aug 11 11:48:42 UTC 2010 

For simple front-end AJAX needs which do not require authenticated access I don't use the admin-ajax.php hook.

Instead I just capture the action via my plugin's init function. Something like 

function init()
{
	// Normal init code here
	// blah blah blah

	// Handle front-end AJAX requests. 
	if (isset($_REQUEST['property_display_ajax_action']))
	{
		// Process my AJAX here!
		exit();		// Terminate the request
	}
}

You can still use the same code for your JS/AJAX as suggested on http://codex.wordpress.org/AJAX_in_Plugins
But with one issue. Since this is front-end the 'ajaxurl' is not set. So on your themes wp_footer(); action add it yourself. Mine just calls the front-end site url.

function property_wp_footer()
{
	?>
	<script type="text/javascript" >
		var ajaxurl = '<?php echo home_url( '/' );  ?>';
	</script>
	<?php
}
 




On Aug 11, 2010, at 7:18 AM, Gavin Pearce wrote:

> Hi Westi,
> 
> That would still mean pointing to wp-admin/admin-ajax.php though I believe?
> 
> Which goes back to the issue of being able to secure the wp-admin folder. Some users, as suggested in the codex, will secure the entire wp-admin folder via IP or htaccess password protection, which would break any front-end AJAX hooking into this.
> 
> As a plugin developer, automatic installations would obviously fail in this use-case. 
> 
> Cheers,
> Gav
> 
> -----Original Message-----
> From: wp-hackers-bounces at lists.automattic.com [mailto:wp-hackers-bounces at lists.automattic.com] On Behalf Of Peter Westwood
> Sent: 11 August 2010 11:49
> To: wp-hackers at lists.automattic.com
> Subject: Re: [wp-hackers] wp-admin folder and admin-ajax.php
> 
> 
> On 11 Aug 2010, at 10:14, Gavin Pearce wrote:
> 
>> Thanks Westi!
>> 
>> Out of interest then, and in that case - how would you personally best
>> handle non-auth, front-end, AJAX (and then having access to the various
>> WP instances/classes/DB) without hooking into the WordPress AJAX
>> function at admin-ajax.php?
>> 
>> All the main guides seem to point towards using admin-ajax ...
>> 
> 
> Sorry I missed this out my response earlier.
> 
> For unauthenticated actions use a no_priv action hook.
> 
> Line 46 of admin-ajax.php
> 
> do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] );
> 
> westi
> -- 
> Peter Westwood
> http://blog.ftwr.co.uk | http://westi.wordpress.com
> C53C F8FC 8796 8508 88D6 C950 54F4 5DCD A834 01C5
> 
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list