how to make sure a php is run only from a particular page
Question
I have a php file (advanced.php) which is run through ajax/javascript by a particular page, accessible only to premium users. How can I ensure on the server side that this php is run only from this particular page and no other.
I am concerned about this since there is another page available to all users which runs other php file (regular.php). It gives results in same format but are restricted. Now some user may just change the regular page to have the name advanced.php instead of regular.php in his frontend and access paid functionality for free.
How can I ensure that this doesn't happen.
2 answers
solution1
2 ACCPTED 2014-06-02 08:42:25
Instead of trying to block the script processing depending on where is it being loaded, you may encapsulate all the script inside a control structure.
Say you have
<?php my_page(); ?>
You could do
<?php
if ( $premium ) {
// do stuff
my_page();
} else {
// you could be premium ;)
become_premium_page();
}
?>
Just check if the user trying to load the page is a premium user or not.
solution2
1 2014-06-02 08:34:49
How can I ensure on the server side that this php is run only from this particular page and no other.
Don't do this. There is no reliable way to prevent this. Rather, make it so only the users with proper authorisation can access the page. This is very easy if you already have an authentication mechanism.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.