How to not let user access the php file directly from browser, which used by AJAX?

41
March 11, 2019, at 4:20 PM

files i have:
1 index.html
2 ajax.php

When User clicks a button on index file, AJAX call happens with some parameters taken from index files inline jquery to ajax.php and bring data back to index.html. how can i prevent user from directly accessing the ajax.php file by typing url in browser.

I know the token thing but it seem like an hack, i want more decent way.

any help will be greatly appreciated. Thanks.

Answer 1

Do with $_SERVER['HTTP_REFERER'] .Its only shown on ajax call .not direct browser call

<?php
  if(isset($_SERVER['HTTP_REFERER'])){
    //do stiff
  }else{
     //include your 404 page 
  }
 ?>

As per documentation HTTP_REFERER as removed or Not trusted one.

My self HTTP_REFERER is enough.You need something different use this simple Approach

print_r($_SERVER); You could see the all param. Run both ajax and direct call.Check the difference in param.use as your wise

OR

Set Some header with in calling

Prevent Direct Access To File Called By ajax Function

READ ALSO
how to fetch string messages from raw buffer objects Kafka java

how to fetch string messages from raw buffer objects Kafka java

There is a nodejs Kafka producer which send the file content to KafkaWhen Kafka consumer consumed the messages from Kafka it looks like -

31
Check if &lt;div data&gt; exists, if exist delete it

Check if <div data> exists, if exist delete it

Hi guys so I'm trying to run from backend in PHP where if the front-end has a div data for example

9
Can I ignore &amp;nbsp; when taking the data for a var?

Can I ignore &nbsp; when taking the data for a var?

I have a table and script that generates the values for the table cells based on one price that exist on this same pageThe problem is that when the prices is > 1000 then the way that pages is created is that it adds &nbsp; in order to separate...

45