ProblemHelpPlease Posted April 24, 2008 Share Posted April 24, 2008 I am dynamically creating an xml file using php with data from a mysql database. The file is then used for a google map and is added to the map using "GDownloadURL" which is basically a "XMLHttpRequest". I am trying to prevent the php page that generates the xml from displaying anything if you visit it but for the "XMLHttpRequest" to still be able to get the data. Is their a way of only running the php script when the page with the "XMLHttpRequest" asks for it. The reason is that I don't want the database available to anyone visiting or requesting the php page with the xml in it. Link to comment https://forums.phpfreaks.com/topic/102696-php-page-load-security-issue/ Share on other sites More sharing options...
RMcLeod Posted April 24, 2008 Share Posted April 24, 2008 I don't know the specifics of your webhost but if it's possible you could just put the file outside of the web root directory. If this isn't possible you could check where the page was requested from using $_SERVER['HTTP_REFERER'] if this isn't the page with your Ajax on it then don't do anything. Link to comment https://forums.phpfreaks.com/topic/102696-php-page-load-security-issue/#findComment-525920 Share on other sites More sharing options...
ProblemHelpPlease Posted April 24, 2008 Author Share Posted April 24, 2008 I'd thought about putting the file outside of the web directory but it makes it impossible to call using the "GDownloadURL" function. Using $_SERVER['HTTP_REFERER'] doesnt seem to work either, I tried setting the script to only run if the $_SERVER['HTTP_REFERER'] matched the address of the script with the "GDownloadURL", but the "GDownloadURL" won't run and now returns that it can't find anything at the address of the php script. Link to comment https://forums.phpfreaks.com/topic/102696-php-page-load-security-issue/#findComment-525939 Share on other sites More sharing options...
ProblemHelpPlease Posted April 27, 2008 Author Share Posted April 27, 2008 The only solution I have been able to come up with is to dynamically add "?value=xxxxx" to the address where "xxxxx" is a different value each time that is only valid for a few seconds so that the php script using the address will run but if you wait for the page to load and copy the address in a new browser window then it will be out of date. My problem is that if you use the back & forward buttons on your browser, then when you return to the webpage in this manner it doesn't recreate the timed value xxxxx and the script is unable to get the data from the other page. Is their way of making the page reload if you go back then forwards again in your browser and not to fetch a cached version, without the page reloading continuosly or reloading when you first visit it. Link to comment https://forums.phpfreaks.com/topic/102696-php-page-load-security-issue/#findComment-528235 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.