如何确保仅从特定页面运行php
[英]how to make sure a php is run only from a particular page
问题描述
I have a php file (advanced.php) which is run through ajax/javascript by a particular page, accessible only to premium users. 
我有一个php文件(advanced.php),该文件通过ajax / javascript在特定页面上运行,仅高级用户可以访问。 How can I ensure on the server side that this php is run only from this particular page and no other. 我如何才能确保在服务器端仅从该特定页面运行此php,而没有其他运行。
I am concerned about this since there is another page available to all users which runs other php file (regular.php). 我担心这一点,因为还有一个可供所有用户运行的页面,该页面运行其他php文件(regular.php)。 It gives results in same format but are restricted. 它以相同的格式给出结果,但是受到限制。 Now some user may just change the regular page to have the name advanced.php instead of regular.php in his frontend and access paid functionality for free. 现在,某些用户可能只是将常规页面更改为在其前端使用名称Advanced.php而不是regular.php即可免费使用付费功能。
How can I ensure that this doesn't happen. 我如何确保不会发生这种情况。
2 个解决方案
解决方案1
2 已采纳 2014-06-02 08:42:25
Instead of trying to block the script processing depending on where is it being loaded, you may encapsulate all the script inside a control structure. 您可以尝试将所有脚本封装在控制结构中,而不是尝试根据脚本的加载位置阻止脚本处理。
Say you have 说你有
<?php my_page(); ?>
You could do 你可以做
<?php
if ( $premium ) {
// do stuff
my_page();
} else {
// you could be premium ;)
become_premium_page();
}
?>
Just check if the user trying to load the page is a premium user or not. 只需检查尝试加载页面的用户是否为高级用户即可。
解决方案2
1 2014-06-02 08:34:49
How can I ensure on the server side that this php is run only from this particular page and no other.
Don't do this. 不要这样 There is no reliable way to prevent this. 没有可靠的方法来防止这种情况。 Rather, make it so only the users with proper authorisation can access the page. 而是,使它只有具有适当授权的用户才能访问该页面。 This is very easy if you already have an authentication mechanism. 如果您已经具有身份验证机制,这将非常容易。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.