lilmer Posted November 7, 2013 Share Posted November 7, 2013 I'm using a method call from ajax. But how do I prevent the method not to be access directly?I try. if(isset($_POST)){ } else{ die('Unauthorize page!'); } but still i can be access directly. What is the safest way to prevent it accessing directly? Quote Link to comment https://forums.phpfreaks.com/topic/283679-how-to-prevent-direct-access-on-method/ Share on other sites More sharing options...
.josh Posted November 7, 2013 Share Posted November 7, 2013 The short answer is there is no absolute 100% way to prevent it. But there are some tricks to help weed out some of the bots and noobs. Google "ajax obfuscation" and feel free to post any specific questions. Quote Link to comment https://forums.phpfreaks.com/topic/283679-how-to-prevent-direct-access-on-method/#findComment-1457329 Share on other sites More sharing options...
Solution lilmer Posted November 7, 2013 Author Solution Share Posted November 7, 2013 Okay, I just use this if(!$_SERVER['HTTP_X_REQUESTED_WITH']) { die('Not authorize!'); } Quote Link to comment https://forums.phpfreaks.com/topic/283679-how-to-prevent-direct-access-on-method/#findComment-1457346 Share on other sites More sharing options...
ignace Posted November 7, 2013 Share Posted November 7, 2013 The X-Requested-With is send by all popular javascript libraries. Put it in comments and it would still have the same effect. Quote Link to comment https://forums.phpfreaks.com/topic/283679-how-to-prevent-direct-access-on-method/#findComment-1457349 Share on other sites More sharing options...
.josh Posted November 7, 2013 Share Posted November 7, 2013 not to mention the fact that anybody can fake that header easy enough. Like I said: The short answer is there is no absolute 100% way to prevent it.But there are some tricks to help weed out some of the bots and noobs. Google "ajax obfuscation" and feel free to post any specific questions. Quote Link to comment https://forums.phpfreaks.com/topic/283679-how-to-prevent-direct-access-on-method/#findComment-1457376 Share on other sites More sharing options...
lilmer Posted November 11, 2013 Author Share Posted November 11, 2013 Yeah. I get it. Thank you guys. Quote Link to comment https://forums.phpfreaks.com/topic/283679-how-to-prevent-direct-access-on-method/#findComment-1457810 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.