开发者

How can i check if page accessed directly?

问答 作者:

Hi :) I want to forbid access of a page directly, what i mean is if some one try to access for example the page

proccess.php

He will get an error message. BUT! if the page is accessed via AJAX call, it will ac开发者_Python百科t normal.

i've tried:

if( preg_match( '/' . basename( __FILE__ ) . '/', $_SERVER['REQUEST_URI'] ) )
{
 die("Error!");
}

but the problem is that when i access it via AJAX call, it act like i've accessed it directly...

please help :)

you can check the HTTP_X_REQUESTED_WITH header.

if($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
  // ajax request
} else {
  die('direct access is forbidden');
}

also read Can the “x-requested-with” http header be spoofed? on stackoverflow

 if($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
     die("Error!");
 }

Would maybe be sufficient?

An easy solution would be to set a variable to something (either true, false, a string...anything really) in all of the scripts that call this script before it calls process.php. Then the top line in process.php should be"

if ($checkVar === NULL) {

    die("Permission denied!");

}

But that would require you to edit all the pages that call the process page.

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9