this.user Posted September 22, 2010 Share Posted September 22, 2010 I have a file that an ajax function calls on my site, and I want to make sure only the right pages access it. For example. I have page called home (home.php) and on that page i have an ajax call, which calls a file called ajax.php. I want to make sure that when ajax.php is being executed, it is being executed via an ajax call, which is coming from the home page. is this possible? Quote Link to comment https://forums.phpfreaks.com/topic/214116-limited-access-to-file/ Share on other sites More sharing options...
Psycho Posted September 22, 2010 Share Posted September 22, 2010 I can't say for sure, but I think the answer is no. When an ajax call is made it is coming from the user's browser anyway. You could add POST/GET parameters to the AJAX request to specify the calling page, but the user could easily replicate that if they wanted. One thought though is to use a session variable as a flag. I typically have a default script that is included at the top of every page that is user accessible which sets database connection info, default variables, etc. Assuming you are doing the same thing, just set a session variable on every page load to identify the page being viewed. Then when the AJAX call is made, the server AJAX script could check that session variable to see if it is the home page. If not, have the script return false or an empty string. Quote Link to comment https://forums.phpfreaks.com/topic/214116-limited-access-to-file/#findComment-1114162 Share on other sites More sharing options...
schilly Posted September 22, 2010 Share Posted September 22, 2010 Or use a hash of the page name and a secret word and pass it through the ajax vars then verify on the other end. Quote Link to comment https://forums.phpfreaks.com/topic/214116-limited-access-to-file/#findComment-1114163 Share on other sites More sharing options...
Psycho Posted September 22, 2010 Share Posted September 22, 2010 Or use a hash of the page name and a secret word and pass it through the ajax vars then verify on the other end. As I already stated you can pass a unique value via GET/POST vars, but those can be easily determined and replicated by a user since the values would have to be determine in the source of the HTML page. Quote Link to comment https://forums.phpfreaks.com/topic/214116-limited-access-to-file/#findComment-1114196 Share on other sites More sharing options...
schilly Posted September 22, 2010 Share Posted September 22, 2010 As I already stated you can pass a unique value via GET/POST vars, but those can be easily determined and replicated by a user since the values would have to be determine in the source of the HTML page. Ah right. True. Quote Link to comment https://forums.phpfreaks.com/topic/214116-limited-access-to-file/#findComment-1114202 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.