-Karl- Posted August 25, 2012 Share Posted August 25, 2012 Hello, So I have a problem and I cannot think of a way around it. Basically, I use jQuery tabs and Ajax to load a file and include it. However, I don't want a user to be able to directly access the file which is included. Example: <ul> <li><a href="file1.php?id=<?php echo $_GET['id']; ?>">Link 1</a></li> <li><a href="file2.php">Link 2</a></li> </ul> Let's called the main page index.php, so when a user goes to index.php they have tabs, Link 1 and Link 2, when they click Link 1, file.php is included in to a pre-defined div through Ajax. I want the script to still be able to access the file, but I don't want visitors to be able to access it directly. So I came up with this cunning idea: index.php session_start(); $_SESSION['IS_INCLUDED'] = true; file1.php session_start(); if($_SESSION['IS_INCLUDED'] == true) { echo 'Do stuff!'; unset($_SESSION['IS_INCLUDED']); } else { echo 'You cannot access this file directly.'; } This works perfecty, but not as required. The problem is there is more than one tab, if they click Link 1, it works fine, if they click Link 2, it works fine because the SESSION isn't yet added, however, if they click back on to Link 1, they get the error. This happens because the SESSION is unset, but without it being unset anyone could access the file directly if they've visited the page once. Does anyone have any idea how I can get around this problem? Quote Link to comment https://forums.phpfreaks.com/topic/267560-jqueryajax-stop-direct-access-of-files/ Share on other sites More sharing options...
requinix Posted August 25, 2012 Share Posted August 25, 2012 You can't really. AJAX and a normal browser visit are more or less indistinguishable from each other. The most you can hope for is to make it harder but before you head down that path you really need to think about whether this is actually a problem you need to fix or not. What if someone sees the page without AJAX? It's not like they're seeing something they otherwise couldn't. Quote Link to comment https://forums.phpfreaks.com/topic/267560-jqueryajax-stop-direct-access-of-files/#findComment-1372335 Share on other sites More sharing options...
`Karl Posted August 25, 2012 Share Posted August 25, 2012 I see your point, but I don't want it to be something that will/can be abused. Quote Link to comment https://forums.phpfreaks.com/topic/267560-jqueryajax-stop-direct-access-of-files/#findComment-1372344 Share on other sites More sharing options...
Christian F. Posted August 25, 2012 Share Posted August 25, 2012 Then I'm afraid you're going about this the wrong way. First and foremost create your site so that it can be used perfectly without JavaScript enabled, then add the JS stuff to enhance the user experience. That way you are not throwing any artificial road blocks in front of your users, and you can now rely completely on the server-side of things to keep your process secured. Quote Link to comment https://forums.phpfreaks.com/topic/267560-jqueryajax-stop-direct-access-of-files/#findComment-1372349 Share on other sites More sharing options...
`Karl Posted August 25, 2012 Share Posted August 25, 2012 That's pretty much irrelevant, there's nothing the visitor will be able to do accessing them directly. I'd just prefer them not to be able to. So programming it all without JS would be stupid, especially since I'm using jQuery tabs to ENHANCE the users' experience. Quote Link to comment https://forums.phpfreaks.com/topic/267560-jqueryajax-stop-direct-access-of-files/#findComment-1372363 Share on other sites More sharing options...
Jessica Posted August 25, 2012 Share Posted August 25, 2012 Christian is 100% correct. Quote Link to comment https://forums.phpfreaks.com/topic/267560-jqueryajax-stop-direct-access-of-files/#findComment-1372368 Share on other sites More sharing options...
`Karl Posted August 25, 2012 Share Posted August 25, 2012 Christian is 100% correct. Evidently not, as I just stated, it's completely secure. I just don't want them accessing it directly as a personal preference. Whether I program the tabs with jQuery, or program them stand-alone, they're still going to have access to the file. Thus, he isn't right, unless of course there was a security whole, which there isn't. Quote Link to comment https://forums.phpfreaks.com/topic/267560-jqueryajax-stop-direct-access-of-files/#findComment-1372370 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.