Hi :) I want to forbid access of a page directly, what i mean is if some one try to access for example the page
proccess.php
He will get an error message. BUT! if the page is accessed via AJAX call, it will ac开发者_Python百科t normal.
i've tried:
if( preg_match( '/' . basename( __FILE__ ) . '/', $_SERVER['REQUEST_URI'] ) )
{
die("Error!");
}
but the problem is that when i access it via AJAX call, it act like i've accessed it directly...
please help :)
you can check the HTTP_X_REQUESTED_WITH header.
if($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
// ajax request
} else {
die('direct access is forbidden');
}
also read Can the “x-requested-with” http header be spoofed? on stackoverflow
if($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
die("Error!");
}
Would maybe be sufficient?
An easy solution would be to set a variable to something (either true, false, a string...anything really) in all of the scripts that call this script before it calls process.php. Then the top line in process.php should be"
if ($checkVar === NULL) {
die("Permission denied!");
}
But that would require you to edit all the pages that call the process page.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论