How to protect the php file from viewing users, but not from ajax requests?
- from viewing - that is, that the source could not look? but then what does the ajax request do? he will not fulfill it. That is, these things are mutually exclusive. Or do you want only ajax requests to execute the code, but a direct request through the browser is not? - KoVadim
- There is a php file. It is necessary that if you directly contact him, you get an error through php to do it easily, but then the ajax request is not executed - ahserg
- 2@ahserg, you just do not expect that this idea provides some kind of protection - xEdelweiss
- ... because the one who really wants to look at the file will be able to fake the headers. - VladD 4:26 pm
|
2 answers
You can try this way to check:
if(isset( $_SERVER['HTTP_X_REQUESTED_WITH'] ) && ( $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest' )){ // это ajax-запрос } 
Deonis deonis
32.3k 1 golden mark 24 silver marks 45 bronze marks
|
First you need to accept the fact that a request through ajax is done by the same browser, so it is difficult to distinguish these requests. But no one bothers to add additional parameters to the request, and php will check them. same session, same cookies.
Sleeping Owl
141 1 golden mark 2 silver marks 9 bronze marks
KoVadim KoVadim
85.7k 5 gold signs 67 silver marks 128 bronze marks
|