CODEWITHSUNDEEP
phphttp-redirectweb
sgkdnay
sgkdnay

Reputation: 327

PHP - Redirect REQUEST_URI - Proper Way?

I created a site (pure hobby). What I'm basically doing is calling all ajax in background using jquery. Yes, it's safe from SQL Injection, so no harm done, however I do not wish for user to check into firebug/developer tool and try to use the URI and manually input it in the URL toolbar and get result. How would I go preventing that?

Example, user input into the URL box: www.something.com/datapull.php?get=Data&Person=Sean

I have something like:

if(strpos($_SERVER['REQUEST_URI'],'/datapull.php') !== false) { header('Location: /'); }

but when I do, my web get caught in a infinite loop. I basically want the web to be at, all times: www.something.com

How do I go about keep it at THAT address without manual inputted by users?

Upvotes: 2

Views: 2316

Answers (2)

Dale
Dale

Reputation: 10469

To elaborate on my comment you could try this..

In the ajax request file you can check for $_SERVER['HTTP_REFERER'] being set, and containing your own domain name..

Here's a quick example..

index.php

<!DOCTYPE html>
<html>
    <head>
        <meta charset="utf-8" />
        <title>Ajax Test</title>
        <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.1/jquery.min.js"></script>
    </head>
    <body>
        <div class="ajax_receiver">

        </div>
        <script>

            $('.ajax_receiver').load('data.php');

        </script>
    </body>
</html>

data.php

<?php

    print_r($_SERVER);

If you run this as is you'll see the contents of $_SERVER and should see the HTTP_REFERER.

All we need to do now is add a condition to the ajax request page, in this case data.php, to exit if this isn't set, or if it isn't a request from our domain.

data.php (updated)

<?php
    if ( ! isset($_SERVER['HTTP_REFERER']) || strpos($_SERVER['HTTP_REFERER'], $_SERVER['SERVER_NAME']) === false)
    {
        exit;
        // or take whatever exit action you want here
    }
    print_r($_SERVER);

Hopefully you can use this to get you started.

Upvotes: 2

invisal
invisal

Reputation: 11181

What I'm basically doing is calling all ajax in background using jquery. Yes, it's safe from SQL Injection, so no harm done

Sorry if I say it does not help preventing SQL Injection.

However I do not wish for user to check into firebug/developer tool and try to use the URI and manually input it in the URL toolbar and get result.

If a link is inaccessible by a web browser, so is your AJAX.

Upvotes: 0

Related Questions