开发者

restrict direct linking to AJAX pages in a certain directory

I don't want to allow people to go directly to the pages in the AJAX directory but they still need to be served from their parent page. I have tried numerous .htaccess lines but they all block it from the main page as well. to sum up, I dont want people to be able to type in http://www.mysite.com/AJAX/page1.html and view it but page1.html needs to be brought into its parent page via AJAX.

<LIMIT GET POST>
Ord开发者_如何学编程er deny, allow
deny from all
</LIMIT>

blocks all access

Can you define a flag in the parent file define('IS_IN_SCRIPT',1); and check for it in the AJAX pages? will that work with AJAX pages or only PHP includes?


Determining Referer in PHP

Check if $_SERVER['HTTP_REFERER'] is in your domain (or a list of acceptable domains)

Then redirect if not.

if (!empty($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'yourdomain.com') !== false) 
  { echo 'probably from your own site'; }


You could always set up something so that if a particular argument isn't passed in via GET or POST, the ajax page will just redirect you elsewhere.

In php, it'd look like

if(!isset($_POST['some_var']))
  header('Location: somePage.html');


$$ zoe_daemon

you need "linker" file to open private file from parent page via AJAX.

/*this is simple "linker" file to open private file in folder named "private" from parent page via AJAX.*/
//begin linker.php
<?php
   $link = $_GET["link"];
   include "../private/$link.php";
?>
//end linker.php

and then, file in "private" folder need to check if request URI is not contained string "private"; that is not valid to the user who want to directly private file. for axample, "login.php" inside folder named "private" cannot be accessed directly if you put this code before operational code you want to put

//begin login.php
$count = 0;
$test = str_replace("name_of_directory_cannot_directly","dummy_string",$_SERVER['REQUEST_URI'], $count ); //or
if ($count > 0) {
    die "Ooouuuppppsss, you cannot access this file directly");
}
/*
//your code here....
*/
//end login.php
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜