deerly Posted September 6, 2009 Share Posted September 6, 2009 Hi all! I have been dabbling in some ajax/jquery and noticed that the .post/.get methods can only utilize php documents that are above the document root. This makes sense enough but I have to wonder how I can protect these files from nosy snoopers. For some reason trying to use my admin->checkLogin() class isn't working on these pages and is disrupting how they function. For example, I have a photo gallery administration page that only an authenticated user should be able to use. This page has a pretty ajax way of saving the title/description/price/tags/etc for each individual image. It calls an external PHP document that does the more serious filtering and saves the information to the database. How can I keep that PHP page from being accessed directly? Trying to hide it behind the document root and then accessing it through ../includes/blahblah doesn't work with ajax near as I can tell. Thanks so much! Quote Link to comment Share on other sites More sharing options...
deerly Posted September 6, 2009 Author Share Posted September 6, 2009 More information: It seems that the problem with $admin->checkLogin() is that the page, when accessed by $.post, isn't able to read the 'auth' cookie. Also, using $.post I cannot check the referring page, as weak a security attempt that would be at least it would be something. I'm wondering if there is some kind of htaccess trick that can prevent a file from being accessed directly but still allows jQuery to utilize it? Pipe dreams? How do people secure their jQuery/ajax external pages then? :confused: Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.