deerly Posted September 6, 2009 Share Posted September 6, 2009 Hi all! I have been dabbling in some ajax/jquery and noticed that the .post/.get methods can only utilize php documents that are above the document root. This makes sense enough but I have to wonder how I can protect these files from nosy snoopers. For some reason trying to use my admin->checkLogin() class isn't working on these pages and is disrupting how they function. For example, I have a photo gallery administration page that only an authenticated user should be able to use. This page has a pretty ajax way of saving the title/description/price/tags/etc for each individual image. It calls an external PHP document that does the more serious filtering and saves the information to the database. How can I keep that PHP page from being accessed directly? Trying to hide it behind the document root and then accessing it through ../includes/blahblah doesn't work with ajax near as I can tell. Thanks so much! Link to comment https://forums.phpfreaks.com/topic/173292-protectingrestricting-pages-above-the-document-root/ Share on other sites More sharing options...
deerly Posted September 6, 2009 Author Share Posted September 6, 2009 More information: It seems that the problem with $admin->checkLogin() is that the page, when accessed by $.post, isn't able to read the 'auth' cookie. Also, using $.post I cannot check the referring page, as weak a security attempt that would be at least it would be something. I'm wondering if there is some kind of htaccess trick that can prevent a file from being accessed directly but still allows jQuery to utilize it? Pipe dreams? How do people secure their jQuery/ajax external pages then? :confused: Link to comment https://forums.phpfreaks.com/topic/173292-protectingrestricting-pages-above-the-document-root/#findComment-913459 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.