Why is Ajax request by default searching for index.php file in directory instead of specified path?

Question

This is my folder structure:

This is my .htaccess code:

RewriteEngine on

# redirect all requests except only POST
RewriteCond %{REQUEST_METHOD} !POST
RewriteCond %{THE_REQUEST} \s/+(.*?/)?(?:index)?(.*?)\.(?:php?)[\s?/] [NC]
RewriteRule ^ /%1%2 [R=302,L,NE]

RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]

RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.+?)/?$ $1.php [L]

Allow from all

# disable directory browsing
Options All -Indexes

This is my AdController.js Code:

$(document).ready(function()
  {
    $("body").on("change click keypress", "select#state",function() 
        {
            var state_id = $("#state").val();

            var host = window.location.hostname;

            if(state_id != "")
                {
                    $.ajax({
                            url: '/manage/modules/Controllers/ControllerRequestHandlers/AddRequestHandler.php?id=getCity',
                            type: 'POST',
                            dataType: 'html',
                            data: {state_id : state_id},
                        })
                        .done(function(resp)
                            {
                                $("#city").html("<option value='' selected disabled>Select State To List Cities</option>");
                                $("#city").append(resp);
                            })
                        .fail(function()
                            {
                                console.log("error");
                            });
                }
        });
});

This is my AddRequestHandler.php Code:

<?php
    if(isset($_SESSION['user_id']) AND !empty($_SESSION['user_id']) AND isset($_SESSION['role']) AND !empty($_SESSION['role']))
        {
            if(extract($_POST) > 0)
                {
                    $id = $_GET['id'];

                    switch($id)
                        {
                            case 'getCity':
                            echo $add->listCities($_POST['state_id']);
                            break;

                            default:
                            // echo "None";
                            break;
                        }
                }
        }
    else 
        {
            header("Location: ../../index.php");
        }
?>

This is my frontend page code: (create_city.php - Present in the modules folder)

<?php
  if(isset($_SESSION['user_id']) AND !empty($_SESSION['user_id']) AND isset($_SESSION['role']) AND !empty($_SESSION['role']))
      {
?>
        <!DOCTYPE html>
        <html>
          <head>
            <?php
                include("/modules/Controllers/AddController.php");
                include("title_meta_css.php");
            ?>
          </head>
          <body class="skin-blue sidebar-mini">
            <div class="wrapper">
              <?php include("header.php"); ?>
              <!-- Left side column. contains the logo and sidebar -->
              <?php include("sidebar.php"); ?>
              <!-- Content Wrapper. Contains page content -->
              <div class="content-wrapper">
                <!-- Content Header (Page header) -->
                <section class="content-header">
                  <h1>
                    Control Panel
                    <small>Create City</small>
                  </h1>
                  <ol class="breadcrumb">
                    <li class="active"><a href="dashboard">Dashboard</a></li>
                    <li class="active">Create City</li>
                  </ol>
                </section>
                <!-- Main content -->
                <section class="content">
                  <!-- general form elements -->
                  <div class="box box-primary">
                    <div class="box-header">
                      <h3 class="box-title">Create New City</h3>
                    </div><!-- /.box-header -->
                    <!-- form start -->
                    <form role="form">
                      <div class="box-body">
                        <div class="form-group col-xs-12 col-md-6">
                          <label>Select State To List Cities</label>
                          <select required id="state" class="form-control">
                            <option value="" selected disabled>Select State</option>
                            <?php $add->listStates(); ?>
                          </select>
                        </div>
                        <div class="form-group col-xs-12 col-md-6">
                          <label>Select City</label>
                          <select required id="city" class="form-control">
                            <option value="" selected disabled>Select State To List Cities</option>
                          </select>
                        </div>
                        <div class="checkbox text-justify col-xs-12 col-md-12">
                          <label>
                            <input id="user-status" type="checkbox"> Click the checkbox to set the city <b>Active</b>, else leave it unchecked to be deactivated and activate it later.
                          </label>
                        </div>
                      </div><!-- /.box-body -->
                      <div class="box-footer">
                        <button type="submit" id="user-create" class="col-xs-12 col-md-4 col-md-offset-4 btn btn-success">Create City</button>
                      </div>
                    </form>
                  </div>
                </section><!-- /.content -->
              </div><!-- /.content-wrapper -->
              <?php
                include("footer.php");
                //include("right-sidebar.php");
              ?>
            </div><!-- ./wrapper -->
            <?php include("scripts.php"); ?>
            <script src="<?php echo $site_url; ?>modules/Controllers/ControllerScripts/AddController.js"></script>
          </body>
        </html>
<?php
      }
  else 
      {
        header("Location: ../index.php");
      }    
?>

In the create_city.php the $site_url variable holds the value www.vendor.com/manage/ where www.vendor.com is my virtual host created in WAMP Server

The problem is whenever i am making an ajax request from the create_city.php page it shows me the error in the following snapshot below

When i am providing the correct path in AddController.js, why is it stopping the control in modules folder that too it is by default searching for the file index

i don't know why this is happening. Please can anyone help me out with this bug..

Answer 1

if(isset($_SESSION['user_id']) AND !empty($_SESSION['user_id']) AND isset($_SESSION['role']) AND !empty($_SESSION['role']))

this is the culprit, your ajax call is not passing the session parameters user_id and role.

Before working with ajax always try testing with plain php session. form post if you are not sure.

The ajax call is just sending $_POST['state_id'] = 'state_id'; nothing else so the case if condition will never satisfy / work with this.

Session are maintained in server side. in order to validate users role, and ID you have to always send the is_login check using may be using MD5 and cookies that are stored in the browser.

you will be able to send those cookie value to validate. Ajax only support GET or POST that could be obtained by php as $_GET or $_POST

you can not use $_SESSION with ajax in PHP as said earlier it is maintained only on server.

You can do something like this

when user

in login model/controller

<?php

session_start();
if(login_success){
$_SESSION['user_id'] = 'what users name'
$_SESSION['role'] = 'role'
}

if(logout) {clear session} ?>

Answer 2

The user is being redirected to the index.php file from AddRequestHandler.php. It seems the ajax call is not sending the session cookies to the server.

The session cookies should be set at the time the ajax call is make. Is the user correctly logged in to your application ?. You can also check if the session cookies are being sent from FireBug. See this link: Why is jquery's .ajax() method not sending my session cookie?