/    Sign up×
Community /Pin to ProfileBookmark

protect direct url of php page?

Copy linkTweet thisAlerts:
Jun 04.2007

ok i have a php page that i call from javascript (kinda like a AJAX thing).

the php page add clicks to a mysql database (say a user clicks on a banner).

these clicks are then able to be used to get things, say a free download of something. the script takes prams as: script.php?username=auser&points=1

now what i need is to protect this so that a user cant do the following:
script.php?username=auser&points=9999
calling the script directly from the url this would be cheating!
password protecting the dir wont work because the script needs a username for it to be usefull so the user has be signed up already.

so i need the php script to only work when its called from my javascript, any ideas?

to post a comment
PHP

2 Comments(s)

Copy linkTweet thisAlerts:
@tgpfarmauthorJun 04.2007 — well i think i found something

using:

if (!$_SERVER['HTTP_REFERER']){

print "This page can't be accessed directly. Please click back to start over.";

}

else{

something

}

works, is this good enough protection or is there something better? i know if the user mods their header they will still be able to hack.
Copy linkTweet thisAlerts:
@CharlesJun 04.2007 — Not all browsers send a referrer, so your page will not be working for those folks. But you've already eliminated a huge number of users by relying upon JavaScript so don't worry about it.
×

Success!

Help @tgpfarm spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.28,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...