站直达(的.htaccess),并允许Ajax请求到子文件夹 [英] stop direct access (.htaccess) and allow ajax request to subfolder
问题描述
我试图阻止直接访问子目录及其子目录中的PHP文件。我已经添加了以下code以下的子目录中的.htaccess文件,但现在AJAX请求不工作。
如何停止使用www.example.com/subdir,但允许jQuery的负载和放大器; AJAX功能工作?
选项-Indexes
为了允许,拒绝
所有否认
感谢您
我把Apache指令一边,-perhaps-专注于一个基于PHP的解决方案:
-
确认包含了jQuery AJAX调用您的文件有一个的.php扩展名。 当然这个文件里面的(所有的jQuery必须包含在
<脚本>
和< / SCRIPT>
标签 -
只是里面的AJAX调用之前的jQuery的功能,键入:
< PHP $ _SESSION [允许] =授予>
(PHP标签,如果它们包含在脚本标签仍然运行)
-
打开你的ajax(PHP)的文件,并在最高层类型的:
< PHP 在session_start(); 如果(!(使用isset($ _ SESSION ['允许']))及及($ _SESSION ['允许'] =授予)!){死亡();}其他 取消设置($ _ SESSION ['允许']); (...休息你的PHP code在这里...) ?>
...和你做!
P.S。当然,你可以(或更好:应)!重命名会话,并给予他们不同或更复杂的值,但我只是想指出的基本思想......快乐编码
I am trying to stop direct access to a subdirectories and the php files within subdirectories. I've added the following code below to the .htaccess file within the subdirectories, however now the AJAX request are not working.
How can I stop access to www.example.com/subdir, but allow jQuery load & ajax functions to work?
Options -Indexes
order allow,deny
deny from all
Thank You
I would put apache directives aside, and -perhaps- focus on a php-based solution:
Make sure your file containing the jquery ajax call has a ".php" extension. (of course inside that file, all jquery must be contained within
<script>
and</script>
tags.Inside your jquery function just before the ajax call, type that:
<?php $_SESSION["allow"] = "granted" ?>
(php tags run even if they are contained in "script" tags)
Open your ajax (php) file and at the very top type this:
<?php session_start(); if((!isset($_SESSION['allow'])) && ($_SESSION['allow']!="granted")){die();}else unset($_SESSION['allow']); (...rest of your php code here...) ?>
... and you are Done!
P.S. Naturally, you may (or better: should) rename the sessions and give them different or more complex values, but I was just trying to point out the basic idea... Happy coding!
这篇关于站直达(的.htaccess),并允许Ajax请求到子文件夹的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!