Porl123 Posted September 17, 2010 Share Posted September 17, 2010 I have a php script which is viewed with ajax. The script does some important things and I want to make sure that it's viewed by only the ajax and now the user so I was thinking I'd need to pass a code from the main page using a GET in either php or more likely javascript, as I don't want the user to be able to see the code and then be able to just copy it and view the script with it. I've tried to sort this by saving Math.random() to the database by using ajax using a separate file, then underneath it use it to access the file like this: function saveCode() { var xmlHttp = connect(); if(xmlHttp != false) {var code = Math.random(); xmlHttp.open('GET', '/inc/battle/saveCode.php?i='+code, true); xmlHttp.onreadystatechange = function() { if(xmlHttp.readyState == 4) { battleLog = xmlHttp.responseText; battleList = battleLog.split('\n'); battleCount = battleList.length; addLine(); } } xmlHttp.send('null'); } This would save the code to the database, then with a separate function, namely endBattle() the variable code would be used to access a file called endBattle.php?i= where this script would compare the code from the GET variable to the code in the database. However, I realised before finishing this that the user could manually set the code to whatever they want through the saveCode.php page, then view the endBattle.php Does anyone have any ideas how else I could validate my endBattle.php page so that users couldn't view it in their browser to run it? Forgive me if this is in the completely wrong forum, I just thought I'd see whether there were any php methods of doing this. Thanks! Quote Link to comment Share on other sites More sharing options...
meltingpoint Posted September 17, 2010 Share Posted September 17, 2010 Why couldn't you pass the variables with sessions. This way no one sees them, nor can they manipulate them. Another great benefit is that they are available for any page that gets called- rather than relying on passing them with the &_GET method. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.