CODEWITHSUNDEEP
phpjqueryincludeload
Jelmer
Jelmer

Reputation: 989

How to prevent direct accessing in php while using Jquery.load to include .php files?

This is a part of my index.php file:

<body>
    <?php include_once 'includes/sidemenu.php' ?>
    <div class="container">
        <!--Site body!-->
            <?php include_once 'pages/index/home.php' ?>
        <!--End Site body-->
    </div><!--container!-->
</body>

I made my site so everything goes through the index.php (no hrefs)

So in my sidemenu, whenever I click an item to go to another page I do this (e.x):

<li><a class="gn-icon gn-icon-cog" onclick="$('.container').load('pages/index/about.php'); $('#indextitle').html('About');">About</a></li>

I load the .php file into my index.php and it shows it just fine.

about.php:

    <header style="font-size: 20px; padding-left: 200px">
        <h1>About myself</h1>
        <p>My name is Jelmer, a guy from The Netherlands and currently I am 20 years old.</p>
        <p>At the moment I'm studying computer science at Avans Hogeschool University of Applied Sciences</p>
    </header>

Now... the problem is that when I want to check the direct access to about.php (Which shouldn't be possible) I can't check it since it doesn't include the php file but loads it via JQuery. I have nothing to fall back to...

I tried using a variable to check if it was defined but in about.php, it can't find the variable because of the .load .

I also tried checking if the count(get_included_filed) == 1 . But on about.php, the amount of included files seems to be always 1 (so 0 included files).

It doesn't seem to count the included files from index.php that are already there. I assume this is all because of Jquery.load .

How am I going to solve this?

Upvotes: 1

Views: 220

Answers (1)

user5383734
user5383734

Reputation:

As checking the API reference of .load() in http://api.jquery.com/load/, we find that we can set params to target file, so I think out a workaround leveraging this feature.

JS: $( ".container" ).load( "about.php", {access:true});

about.php:

<?php
if(isset($_POST['access'])&&$_POST['access']==true){
    echo <<<HTML
<header style="font-size: 20px; padding-left: 200px">
        <h1>About myself</h1>
        <p>My name is Jelmer, a guy from The Netherlands and currently I am 20 years old.</p>
        <p>At the moment I'm studying computer science at Avans Hogeschool University of Applied Sciences</p>
</header>   
HTML;
}else{
    echo "Access denied!";
}
?>

Upvotes: 1

Related Questions