1

files i have:
1 index.html
2 ajax.php

When User clicks a button on index file, AJAX call happens with some parameters taken from index files inline jquery to ajax.php and bring data back to index.html. how can i prevent user from directly accessing the ajax.php file by typing url in browser.

I know the token thing but it seem like an hack, i want more decent way.

any help will be greatly appreciated. Thanks.

Improve this question
2
  • Read about CORS, you can make sure only your domain can get access to the ajax page. Commented Mar 11, 2019 at 7:00
  • Is index.html visible for your logged in user or all of your visitors Commented Mar 11, 2019 at 7:02

1 Answer 1

Reset to default
1

Do with $_SERVER['HTTP_REFERER'] .Its only shown on ajax call .not direct browser call

<?php
  if(isset($_SERVER['HTTP_REFERER'])){
    //do stiff
  }else{
     //include your 404 page 
  }
 ?>

As per documentation HTTP_REFERER as removed or Not trusted one.

My self HTTP_REFERER is enough.You need something different use this simple Approach

print_r($_SERVER); You could see the all param. Run both ajax and direct call.Check the difference in param.use as your wise

OR

Set Some header with in calling

Prevent Direct Access To File Called By ajax Function

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

From the docs, "The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted." - php.net/reserved.variables.server
@Qirel.I know.I already read the document.I just post myself.And also post alternative solution also

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.