CMS Joomla Mastering Development

How do I pass _JEXEC to a php file?

I have a form in my Joomla! site. Once completed, the form should send an e-mail but only if some conditions have been met.

Not having been able to use standard, commercially available mailers while also checking those conditions, I am using jQuery.ajax to POST the content of the form to a custom PHP page that uses Factory::getMailer to actually send the e-mail.

Maybe it’s convoluted, but it works.

This PHP page is called, sends a mail and then does nothing else. It is not a part of my page. Right now, it does not even know that it is part of my site.

Despite hiding this PHP file from spiders, the name and path of the php file is available by looking at the code on my page. The query string is also available by looking at the ajax function. Anybody could build their own page that calls my PHP page and use it to send mail around (why would they, I have no idea, but it worries me that they can.)

I already know how to stop this: defined('_JEXEC') or die('Restricted access');

Of course, it’s pointless to just declare define('_JEXEC',1); on the line above. The _JEXEC definition should come from within Joomla!… but I don’t know how to.

I have tried turning my PHP page into a module, thinking that embedding my PHP page in the structure of the CMS would have been enough. I know I successfully uploaded the module because the PHP page gets called, but I see the "Restricted access" response: _JEXEC is not defined.

What am I doing wrong and what should I do to define _JEXEC and pass it to my PHP file, rather than defining it directly in the PHP file?

I’m using Joomla! 3.9.19

Leave a Reply

Your email address will not be published. Required fields are marked *