prevent直接访问PHP页面 [英] Prevent direct access to a PHP page

问题描述

我如何prevent我的用户直接访问网页意味着阿贾克斯只要求？

How do I prevent my users from accessing directly pages meant for ajax calls only?

Ajax调用过程中传递的关键似乎是一个解决方案，而无需键访问将不会被处理。但它也容易制造的键，无？中查看源诅咒......

Passing a key during ajax call seems like a solution, whereas access without the key will not be processed. But it is also easy to fabricate the key, no? Curse of View Source...

P / S：使用Apache Web服务器为

p/s: Using Apache as webserver.

编辑：要回答为什么，我jQuery的用户界面，标签在我的index.php，而这些选项卡里面的形式与剧本，如果他们直接访问，这将无法正常工作。为什么用户会想这样做，我不知道，我只是想我会更用户通过preventing直接访问形式没有验证脚本友好。

To answer why, I have jQuery ui-tabs in my index.php, and inside those tabs are forms with scripts, which won't work if they're accessed directly. Why a user would want to do that, I don't know, I just figure I'd be more user friendly by preventing direct access to forms without validation scripts.

推荐答案

正如其他人所说，Ajax请求可以模拟要创建正确的头。 如果你想有一个基本的检查，看是否该请求是一个Ajax请求，你可以使用：

As others have said, Ajax request can be emulated be creating the proper headers. If you want to have a basic check to see if the request is an Ajax request you can use:

 if($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
     //Request identified as ajax request
 }

但是你不应该基于你对这个检查安全。这将消除直接访问的网页，如果这是你所需要的。

However you should never base your security on this check. It will eliminate direct accesses to the page if that is what you need.

这篇关于prevent直接访问PHP页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！