开发者

How can i check if page accessed directly?

Hi :) I want to forbid access of a page directly, what i mean is if some one try to access for example the page

proccess.php

He will get an error message. BUT! if the page is accessed via AJAX call, it will ac开发者_Python百科t normal.

i've tried:

if( preg_match( '/' . basename( __FILE__ ) . '/', $_SERVER['REQUEST_URI'] ) )
{
 die("Error!");
}

but the problem is that when i access it via AJAX call, it act like i've accessed it directly...

please help :)


you can check the HTTP_X_REQUESTED_WITH header.

if($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
  // ajax request
} else {
  die('direct access is forbidden');
}

also read Can the “x-requested-with” http header be spoofed? on stackoverflow


 if($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
     die("Error!");
 }

Would maybe be sufficient?


An easy solution would be to set a variable to something (either true, false, a string...anything really) in all of the scripts that call this script before it calls process.php. Then the top line in process.php should be"

if ($checkVar === NULL) {

    die("Permission denied!");

}

But that would require you to edit all the pages that call the process page.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜