开发者

Block direct access to PHP files and allow json

问答 作者:

I'm trying to block out some files with a php script, however, i want my javascript ajax calls to allow the scripts, i don't know if this is even possible but..

What i do now is,

$filename = array('index.php');

$basename = basename($_SERVER['REQUEST_URI']);

if(!in_array($basename, $filename)) {
    die('...');
}

This will block all files and not index.php, but what if i have an login.php that makes my ajax cal开发者_StackOverflow中文版ls possible?

When you send a JavaScript AJAX call it adds

X-Requested-With : XmlHTTPRequest

To the HTTP headers. So if you want to do something in case of an AJAX call you can check for something like this:

$headers = getallheaders();
if($headers['X-Requested-With') == 'XMLHttpRequest') {
    // ...
}

Keep in mind that any HTTP client can modify headers, so it doesn't really add any security (but e.g. a browser couldn't call your PHP scripts directly with the default settings).

继续阅读:blockphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9