Possible duplicate:
Check PHP to make sure the request is either xmlhttp from my site or a regular request from a specific domain
not sure why this is not working, it redirects me to an // invalid page. I need to make this page accessible ONLY through an ajax request or a link from the specified domain (s). I tried to put this at the top of the page I'm trying to go to, as well as in a separate script and pointing the link from the allowed domain to the script.
<?php
if (preg_match('/alloweddomain.com\/pagewithlink.php/', $_SERVER['HTTP_REFERRER']) ||
$_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
// allowed
header('Location: http://www.domain.com/desiredpage.php');
} else {
// not allowed
header('Location: http://www.cnn.com');
}
?>
source
share