How can I get my PHP script to only answer requests if the requesting script is on the same domain?
** Edit: The PHP file is being accessed by an ajax request and is proxy, so I don't want others directly requesting it to come up, is this possible?
views:
56answers:
3
+2
A:
You could use $_SERVER['REMOTE_ADDR'] to compare the IP of the user requesting the page. Or you could simply make it a command line script that (obviously) requires you to run it from the command line.
edit:
You want to prevent people from using that script other than via AJAX? Impossible, as AJAX itself is executed by the client, as such the request starts there. And it will be always possible to call that script alone; you can make it harder, but you won't be able to prevent it.
poke
2010-02-25 00:49:45
Oh it's not possible? Okay, thanks anyways!
Kyle
2010-02-25 01:08:12
A:
You shouldn't be sending requests to your own server. You should include the file and execute the functions directly.
Byron Whitlock
2010-02-25 00:51:45
It's actually being ajaxed in, I just wouldn't want others getting direct access to the file and abusing it because it's a scripting proxy.
Kyle
2010-02-25 00:55:09
A:
There is no safe way to do that. Some developers will naively use the HTTP referrer header field, but anyone smart enough to abuse your ajax interface will have no problem forging the referrer.
mikerobi
2010-02-25 01:19:29