How to prevent direct access on method?

[lilmer]

I'm using a method  call from ajax. But how do I prevent the method not to be access directly?

I try.

 if(isset($_POST)){

 } else{
  die('Unauthorize page!'); 
}

but  still i can be access directly. What is the safest way to prevent it accessing directly?

 

[.josh]

The short answer is there is no absolute 100% way to prevent it.

 

But there are some tricks to help weed out some of the bots and noobs. Google "ajax obfuscation" and feel free to post any specific questions.

[lilmer]

Okay,

 

I just use this

  if(!$_SERVER['HTTP_X_REQUESTED_WITH'])
  {
            die('Not authorize!');
  }

[ignace]

The X-Requested-With is send by all popular javascript libraries. Put it in comments and it would still have the same effect.

[.josh]

not to mention the fact that anybody can fake that header easy enough. Like I said:
 

The short answer is there is no absolute 100% way to prevent it.

But there are some tricks to help weed out some of the bots and noobs. Google "ajax obfuscation" and feel free to post any specific questions.

[lilmer]

Yeah. I get it. Thank you guys.