limited access to file?

[this.user]

I have a file that an ajax function calls on my site, and I want to make sure only the right pages access it.

 

For example.

 

I have page called home (home.php) and on that page i have an ajax call, which calls a file called ajax.php.

 

I want to make sure that when ajax.php is being executed, it is being executed via an ajax call, which is coming from the home page.

 

is this possible?

[Psycho]

I can't say for sure, but I think the answer is no. When an ajax call is made it is coming from the user's browser anyway. You could add POST/GET parameters to the AJAX request to specify the calling page, but the user could easily replicate that if they wanted.

 

One thought though is to use a session variable as a flag. I typically have a default script that is included at the top of every page that is user accessible which sets database connection info, default variables, etc. Assuming you are doing the same thing, just set a session variable on every page load to identify the page being viewed. Then when the AJAX call is made, the server AJAX script could check that session variable to see if it is the home page. If not, have the script return false or an empty string.

[schilly]

Or use a hash of the page name and a secret word and pass it through the ajax vars then verify on the other end.

[Psycho]

Or use a hash of the page name and a secret word and pass it through the ajax vars then verify on the other end.

 

 

As I already stated you can pass a unique value via GET/POST vars, but those can be easily determined and replicated by a user since the values would have to be determine in the source of the HTML page.

[schilly]

 

As I already stated you can pass a unique value via GET/POST vars, but those can be easily determined and replicated by a user since the values would have to be determine in the source of the HTML page.

 

 

Ah right. True.