Reputation: 6006
PHP And jQuery - Chat Security
I have a problem I can't solve.
I have built a chat for an online game, and I want that every page will have a different chat room.
The url goes like this = play.php?plc=[arena/advanture/bank/...].
I have a SQL table named pages that defines every page. For instance:
╔════╦══════════════╗
║ id ║ name ║
╠════╬══════════════╣
║ 1 ║ arena ║
║ 2 ║ advanture ║
║ 3 ║ bank ║
║ 4 ║ weapons ║
╚════╩══════════════╝
Every page do his uniqe calculations, if you're allowed to go in, or you can't.
if you can't, I do header(), and exit;.
I'll explain how it's connected to the problem.
How can the ajax file know whether the page was successfuly served, or the permission denied and the exited?
I thought about putting a hidden <input>, but then it'll be hackble. If a user can't go into the page, he can still change the input value to some id, and get access to the page's chat.
Upvotes: 0
Views: 203
Answers (1)
Reputation: 6908
The ajax-file can get the param via window.location but you should use a session in php, otherwise users can manipulate this value and read all chats even if they're not there.
session_start();
$_SESSION['area'] = ...;
Upvotes: 1