Reputation:
How can i check if page accessed directly?
Hi :) I want to forbid access of a page directly, what i mean is if some one try to access for example the page
proccess.php
He will get an error message. BUT! if the page is accessed via AJAX call, it will act normal.
i've tried:
if( preg_match( '/' . basename( __FILE__ ) . '/', $_SERVER['REQUEST_URI'] ) )
{
die("Error!");
}
but the problem is that when i access it via AJAX call, it act like i've accessed it directly...
please help :)
Upvotes: 1
Views: 3890
Answers (3)
Reputation: 265271
you can check the HTTP_X_REQUESTED_WITH header.
if($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
// ajax request
} else {
die('direct access is forbidden');
}
also read Can the “x-requested-with” http header be spoofed? on stackoverflow
Upvotes: 5
Reputation: 708
An easy solution would be to set a variable to something (either true, false, a string...anything really) in all of the scripts that call this script before it calls process.php. Then the top line in process.php should be"
if ($checkVar === NULL) {
die("Permission denied!");
}
But that would require you to edit all the pages that call the process page.
Upvotes: 0
Reputation: 1109
if($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
die("Error!");
}
Would maybe be sufficient?
Upvotes: 0
Related Questions
- check if page was redirected or opened directly in php
- How can I detect how a user accesses a page in php? (from a form or directly)
- Detect if website was visited directly..is it possible?
- Joomla php how to check if user is viewing specific page
- Check where page is being accessed from
- Check if Page is being Accessed by a Browser vs. HTTP Request
- check if a page is accessed from address bar or from submitted form
- check if page is viewed in browser? PHP
- PHP check if user viewed specific page
- How to check address a page is accessed from?