防止直接访问 php
[英]Prevent direct access to a php
问题描述
I don't want to use .htaccess.
我不想使用.htaccess。
- a.php b.php c.php compute.php a.php b.php c.php 计算.php
a.php b.php and c.php uses it like this a.php b.php和c.php像这样使用它
$.get( compute.php ?number=800) $.get( compute.php ?number=800)
I want a.php b.php and c.php to be able to access compute.php我希望a.php b.php和c.php能够访问compute.php
but I don't want to allow this to public.但我不想让这个公开。
http://localhost/ compute.php ?number=800 http: //localhost/compute.php ?number=800
Is this possible?这可能吗? 🥺 🥺
2 个解决方案
解决方案1
1 2022-05-15 13:25:53
There is no difference between making an ajax call and navigate the target directly via web browser.进行 ajax 调用和直接通过 Web 浏览器导航目标之间没有区别。 So this is not possible.所以这是不可能的。 You can use a secret key and make it's type post instead of get if you want your backend accept requests from only defined pages.如果您希望后端仅接受来自已定义页面的请求,则可以使用密钥并将其设置为 post 而不是 get。
解决方案2
0 2022-05-15 13:27:10
if you import (require or include functions) the file, one way to do it is to create a pre-defined variable in a.php b.php and c.php which is not set on compute.php by default.如果您导入(需要或包含函数)文件,一种方法是在a.php b.php and c.php中创建一个预定义变量,默认情况下未在compute.php上设置。 Then you can check it in the compute.php file to see if it was imported by an authenticated "file"/"end".然后你可以在compute.php文件中检查它,看看它是否是由经过身份验证的“文件”/“结束”导入的。
But if you're required to use AJAX, you might want to implement authentication which is accessible to the public or access the file using the local IP address of the server.但是如果您需要使用 AJAX,您可能希望实现公众可访问的身份验证或使用服务器的本地 IP 地址访问文件。 (which I think is too much complex and annoying solution) (我认为这是太复杂和烦人的解决方案)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.