How to prevent access to the PHP page directly?

Question

How to prevent access to the PHP page directly?

Below is a javascript snippet that I use as part of an AJAX script. How to prevent user direct access to user_back_end_friends.php? I don’t want people to be able to go to domain.com/user_back_end_friends.php and see a list of friends.

Javascript Code:

<script type="text/javascript">
    $(document).ready(function() {
        $("#user_friends").tokenInput("/user_back_end_friends.php", {
            theme: "sometheme", userid: "<?php echo $id; ?>"
        });
    });
</script>

This is what I found, but not sure how to implement it using javascript code above:

I use this on the page I need to call:

$included=1;include("user_back_end_friends.php");

When I have to prevent direct access, I use:

if(!$included){ die("Error"); }

But how to add this $ included part of the script to my javascript code?

+3

javascript ajax php token

ariel May 15, '12 at 1:53

source share

3 answers

jeroen · Answer 1 · 2012-05-15T01:59:22+0000

It makes no sense to protect javascript code, you only need to protect the server code.

, , ; / , , javascript. , .

, :

session_start();
if (isset($_SESSION['user_id'))
{
  // do stuff with the user ID
}
else
{
  // display error message?
}

Scuzzy · Answer 2 · 2012-05-15T02:00:31+0000

script .

, , , .

Andy · Answer 3 · 2012-05-15T02:08:28+0000

. , , , script ( ), -

define('_REFERURL',              'http://www.example.com');            // This is the full URL of your domain that will be calling your PHP (s)

, URL ( )

function allow_user()
{
        if ($_SERVER['HTTP_REFERER'] == _REFERURL)
        {
                return true;
        }
        else
        {
                return false;
        }
}

:

if (allow_user())
{
     // Do things
}
else
{
     // Alert, direct access attempted
}

Easy passage: http://www.datatrendsoftware.com/spoof.html

How to prevent access to the PHP page directly?

More articles: