I don't want to allow people to go directly to the pages in the AJAX directory but they still need to be served from their parent page. I have tried numerous .htaccess lines but they all block it from the main page as well. to sum up, I dont want people to be able to type in http://www.mysite.com/AJAX/page1.html and view it but page1.html needs to be brought into its parent page via AJAX.
<LIMIT GET POST>
Ord开发者_如何学编程er deny, allow
deny from all
</LIMIT>
blocks all access
Can you define a flag in the parent file define('IS_IN_SCRIPT',1);
and check for it in the AJAX pages? will that work with AJAX pages or only PHP includes?
Determining Referer in PHP
Check if $_SERVER['HTTP_REFERER']
is in your domain (or a list of acceptable domains)
Then redirect if not.
if (!empty($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'yourdomain.com') !== false)
{ echo 'probably from your own site'; }
You could always set up something so that if a particular argument isn't passed in via GET or POST, the ajax page will just redirect you elsewhere.
In php, it'd look like
if(!isset($_POST['some_var']))
header('Location: somePage.html');
$$ zoe_daemon
you need "linker" file to open private file from parent page via AJAX.
/*this is simple "linker" file to open private file in folder named "private" from parent page via AJAX.*/
//begin linker.php
<?php
$link = $_GET["link"];
include "../private/$link.php";
?>
//end linker.php
and then, file in "private" folder need to check if request URI is not contained string "private"; that is not valid to the user who want to directly private file. for axample, "login.php" inside folder named "private" cannot be accessed directly if you put this code before operational code you want to put
//begin login.php
$count = 0;
$test = str_replace("name_of_directory_cannot_directly","dummy_string",$_SERVER['REQUEST_URI'], $count ); //or
if ($count > 0) {
die "Ooouuuppppsss, you cannot access this file directly");
}
/*
//your code here....
*/
//end login.php
精彩评论