Hi,
I am using Yii 2 basic application template. I have a file data.php in web folder. This file contains the database results. Now in js folder I have app.js where app.js calls data.php to use the database results in order for displaying chart. Everything works very correctly.
Now on my subdomain when the user logs in as admin he can find the chart correctly. The requirement is that data.php should not be able to show its contents on the browser. If the user logs in to the application , then application.example.com/index.php?r=dashboard/index page is displayed which shows the chart.
If the user enters application.example.com/data.php, he will see the database results fetched that he should’nt see.
I have created .htaccess file in basic/web folder where there is data.php file.
In that file if I enter
Options -Indexes
still the user can access the data.php
If I enter below code in .htaccess
<Files ~ "^.*">
Deny from all
</Files>
<Files ~ "^index\.php|css|js|.*\.png|.*\.jpg|.*\.gif">
Allow from all
</Files>
then the user can’t access the data.php but graph is not displayed.
How to accomplish?
Here is my data.php
<?php
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Credentials: true');
header('Content-Type: application/json');
$servername = "example.com";
$username = "";
$password = "";
$dbname = "ex_shgrecords";
// Create connection
$conn = new mysqli($servername, $username, $password,$dbname);
// Check connection
if ($conn->connect_error) {
//die("Connection failed: " . $conn->connect_error);
}
//echo "Connected successfully";
$sql = "SELECT CONCAT(employee.FirstName,' ',employee.LastName) as FullName, count(*) as TotalGroups from groupdetails, employee WHERE groupdetails.EmpId=employee.EmpId group by groupdetails.EmpId";
$result = $conn->query($sql);
if ($result!=null) {
// output data of each row
$data = array();
foreach ($result as $row) {
$data[] = $row;
}
}
$conn->close();
print json_encode($data);
Below is app.js which uses data.php
$(document).ready(function(){
$.ajax({
url: "data.php",
method: "GET",
dataType: "json",
success: function(data) {
console.log(data);
var emp = [];
var groups = [];
for(var i in data) {
emp.push(" " +data[i].FullName);
groups.push(data[i].TotalGroups);
}
var chartdata = {
labels: emp,
datasets : [
{
label: 'SHG Groups',
backgroundColor: 'skyblue',
borderWidth:1,
data: groups
}
]
};
var ctx = document.getElementById("groupschart");
var barGraph = new Chart(ctx, {
type: 'bar',
data: chartdata,
options: {
scales: {
yAxes: [{
ticks: {
beginAtZero:true,
stepSize: 1
},
}],
xAxes: [{
barPercentage: 0.4
}]
},
title: {
display: true,
text: 'Representation of Total Groups for each Field Officer',
fontSize:15,
fontColor:"black",
fontStyle:"bold"
}
}
});
},
error: function(data) {
console.log(data);
}
});
});
Is there any other way by which I could accomplish above.