fxuser Posted January 11, 2011 Share Posted January 11, 2011 In my javascript code i use ajax so i load a php file .. then on the success i have a function where i load a file there.. the thing is how can i secure it from direct access from the browser? if i type the link of the file in the browser i can access it even tho it needs other files to run so it will return me errors.. how can i disable that? Thanks. EDIT: i have tried to put if(!defined("MAIN")){ die('<tt>You cannot view this file directly!</tt>'); } on the file i want to protect but then when i call the ajax on the success the file doesnt load on the page that i call it and shows the above die(); Quote Link to comment Share on other sites More sharing options...
phpchamps Posted January 11, 2011 Share Posted January 11, 2011 Below function will check whether its a ajax request or nt.. function isAjax() {return (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && ($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest'));} Quote Link to comment Share on other sites More sharing options...
fxuser Posted January 11, 2011 Author Share Posted January 11, 2011 Thanks for the reply phpchamps,ill try it , wouldnt a htaccess with Deny from all do the job aswell? EDIT : it doesnt allow me to direct check it with your code .. which is the same as mine with the define("main","true"); but when i go to ajax and press the button i get this: You cannot view this file directly! and doesnt allow me to load the file i want when it success Quote Link to comment Share on other sites More sharing options...
fxuser Posted January 12, 2011 Author Share Posted January 12, 2011 bump Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted January 12, 2011 Share Posted January 12, 2011 define("main","true"); is not the same as define("MAIN","true"); unless you set the 3rd parameter to TRUE. Perhaps if you posted the actual code you put into the main file to define the constant and the code you put into the include file to check if the constant is defined. Quote Link to comment Share on other sites More sharing options...
fxuser Posted January 12, 2011 Author Share Posted January 12, 2011 i tried defining a var in the file that i include the included file and checking if the defined var exists in the included file but that does not work.. also i tried phpchamps code above .. i putted it to a php file that i include and call it on the top of the included file where also ajax tells me that i cant load the file when on ajax success Quote Link to comment Share on other sites More sharing options...
phpchamps Posted January 12, 2011 Share Posted January 12, 2011 please post the full code. Quote Link to comment Share on other sites More sharing options...
fxuser Posted January 12, 2011 Author Share Posted January 12, 2011 please post the full code. this is how the file that loads the included file is: <?php define("MAIN", "True"); include_once 'config.php'; $status = "0"; $id = sanitizeString($_GET['id']); //e.x ?id=user1 we get user1 this is how my included file starts: <?php include_once $_SERVER['DOCUMENT_ROOT'] . '/config.php'; check_un($_GET['id']); $_GET['p'] = preg_replace('#[^0-9]#i', '', $_GET['p']); Quote Link to comment Share on other sites More sharing options...
fxuser Posted January 12, 2011 Author Share Posted January 12, 2011 bump Quote Link to comment Share on other sites More sharing options...
fxuser Posted January 15, 2011 Author Share Posted January 15, 2011 still havent found any answer regarding this issue. bump Quote Link to comment Share on other sites More sharing options...
phpfreak Posted January 15, 2011 Share Posted January 15, 2011 Please don't bump... Quote Link to comment Share on other sites More sharing options...
fxuser Posted January 15, 2011 Author Share Posted January 15, 2011 I really didnt want to... but im still searching for a solution. thanks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.