Jump to content

Recommended Posts

I have a file that an ajax function calls on my site, and I want to make sure only the right pages access it.

 

For example.

 

I have page called home (home.php) and on that page i have an ajax call, which calls a file called ajax.php.

 

I want to make sure that when ajax.php is being executed, it is being executed via an ajax call, which is coming from the home page.

 

is this possible?

Link to comment
https://forums.phpfreaks.com/topic/214116-limited-access-to-file/
Share on other sites

I can't say for sure, but I think the answer is no. When an ajax call is made it is coming from the user's browser anyway. You could add POST/GET parameters to the AJAX request to specify the calling page, but the user could easily replicate that if they wanted.

 

One thought though is to use a session variable as a flag. I typically have a default script that is included at the top of every page that is user accessible which sets database connection info, default variables, etc. Assuming you are doing the same thing, just set a session variable on every page load to identify the page being viewed. Then when the AJAX call is made, the server AJAX script could check that session variable to see if it is the home page. If not, have the script return false or an empty string.

Or use a hash of the page name and a secret word and pass it through the ajax vars then verify on the other end.

 

 

As I already stated you can pass a unique value via GET/POST vars, but those can be easily determined and replicated by a user since the values would have to be determine in the source of the HTML page.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.