Reputation: 16055
Ajax verify page before executing
I have an ajax.php file to which all of my ajax calls point with an extra parameter of the script the current call demands to execute. My problem is that I want to limit some scripts to being executed by specific pages only, say for example sendComment.php should only be called from www.mysite.com/user/{any user}.
What I have done is put this code on top of every script that I want to limit:
if(strstr($_SERVER['HTTP_REFERRER'],'mysite.com/{page_allowed_to_exec_script}'){
Then do stuff here
}
But what I've come to notice is that not all browsers support the HTTP_REFERRER ( I might have spelled that incorrectly, I'm writing this by memory ), and as well as not being cross-browser it's also a pain in the butt having to hardcode this stuff in all of the files and is going to be an even bigger pain when it comes to changing stuff.. I'm looking for a way I can possibly have all the scripts in an array with all the pages that are able to execute them, and perform a check in the ajax.php file at start.
Does anyone have any idea how this can be achieved?
Upvotes: 0
Views: 70
Answers (1)
Reputation: 1689
Even all browsers may not send "referer" because of some kind of "proxy","firewall" or "security" suite strips it out or even changes it.So you can trust on it.
If you control the referring page you can use sessions, cookies or the URL to pass the information if you feel it's that vital. If it's absolutely vital, your only option is sessions. The other two can easily be removed.
Upvotes: 1
Related Questions
- Verify submission using Ajax
- Send ajax - check and confirm
- Verify AJAX-Requests
- How to run PHP with Ajax to validate results?
- Ajax validate response data that is not an empty page
- Validate URLs in jQuery or Javascript before sending
- Ajax validation using jquery and php where php file is also used as another page
- Double checking validation PHP and Ajax
- Verify a submitted form without the PHP redirection to the action page
- ajax and php validation