PHP Security that allows AJAX to access

[Axcelcius]

I have two files. index.html and system_check.php. I was using the following code to prevent hackers from accessing system_check.php directly. The problem is that it also prevents index.html from accessing that file.

 

<?php
//Protects from Unauthorized Access
if(eregi("system_check.php", $_SERVER['PHP_SELF'])) die("Hacking Attempt");
?>

 

Is there an alternate way of denying direct access to system_check.php but will allow index.html to access it?

[MadTechie]

Opps miss-read..

 

it would be easier if index.html was index.php, is that possible ?

[sKunKbad]

I believe what I've seen is a simple check of the HTTP_Referer, and redirect to somewhere else or block access to anything that isn't from your domain.

[kratsg]

Why not use sessions?

 

index

session_start();
$_SESSION['confirmindex'] = true;

 

system_check

if(!$_SESSION['confirmindex']){die("I'm sorry, an illegal attempt to access this page has been identified.");}

[Locked]

Why not only allow the localhost to access the page? Basicly the same as what mysql does