AJAX Auto refresh a div without include?

Question

I need a div on my site to auto refresh every two minutes or so, and I found this code which works.

<script>
var auto_refresh = setInterval(
function()
{
$('#mydiv').load('urltocontent.php').fadeIn("slow");
}, 10000);
</script>

And then I simply have a <div id="mydiv"></div>

While this works fine, I was wondering if it's possible for me to hide where the file location is at? I don't want people to be able to access urltocontent.php which can be seen when they view my source.

Is there a way to only refresh the div? (Not having to add load('urltocontent.php').) inside.

Hope to hear from you soon! Thanks!

---

Hey guys! Thanks for all your quick replies! I apologize for my stupid questions...

I tried Kiren Siva's method, it prevents users from directly accessing the site, but now my first load will show a 'bad request'.

The main reason I was hoping I could hide it was so it would be more 'professional'. Since it links to one of my template folders and I have other parts of my site stored in that folder. I also don't want curious people to visit that page and get greeted by an ugly un-cssed page.

Answer 1

Auto refresh a div after every 10 seconds. I have illustrated it for some div having id mydiv

<script>
setInterval(function() {
$('div#mydiv').load('./somepage.php #mydiv');
    }, 10000);
</script>

Answer 2

You could make it doubly hard for them to find....

This will not deter any developers or real hackers, or anyone that truly wants to find things out, but it will deter most regular users

Just add a link to the javascript file...instead of including the script directly on the page...

Level 1

<script src="myscript.js"></script>

Then in that file... You could do something devlish for further deterrance like...

Level 2

 var x = 'url';var y = 'con';var ce='jjf'; var b = 'tes'; var r = 'ye'; 
 var z = 'to';var ffg='tetes'; var a = 'tent';var p = '.ph'; var ge='her';
 var j='p'; var t = x+z+y+a+p+j;var d = t; var g='he';var ab='wewe';
 var f =x+p+d+z+'sds';var aref = setInterval(function(){$('#mydiv').load('url'+z+y+a+p+'p').fadeIn("slow");}, 10000);

3rd and most important layer....

if(!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {

 //Your content to load into the div

 } else {die();}

These 3 layers, will deter 99% of people, but again... XHR headers can be spoofed, so anyone who really wants to get access will.

There is unfortunately no method to completely hide and disallow access.

Besides actual user authentication / login process

Answer 3

If the browser has able to access it then the URL cannot be a stoppable.

If you want to be more secure and protected, then you can only use authentication+authorization .so only logged in users can access it.URL restriction is not a good practice.Someone access it by bots.But instead simply proper authentication saves you.

How to use Basic Auth with jQuery and AJAX?

Answer 4

If you reveal the url any one can call it explicitly. So you have to manage it in the file it self. ie Check the request is from ajax or not.

if($_SERVER['HTTP_X_REQUESTED_WITH']) {

 // what ever the code that you want to load in the div

} else {

 // manage if any one call it explicitly

 die("Bad request")

}

Answer 5

There is no way you can hide it as the Ajax function needs the page to be called.

If you would like to hide that particular page, what you can do is call a dummy page from your Ajax and in turn call the actual page.

For example, use index.php from your Ajax call and execute the function located in urltocontent.php (if any) from index.php. Or forward the request to that page from index.php.

Answer 6

Unless I'm misunderstanding the question, by nature, it can't be hidden. Even if you found a way to obscure it in your source code, anybody could just open Chrome's Developer Tools or Firebug and see the request to the server.

Anything the browser knows about, users can find out if they want to and have the right tools.