Home/ Questions/Q 7015859
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T22:42:28+00:00

I have a jQuery script using .live() to load it’s page content. $(‘#content’).load(content.php? +

  • 0

I have a jQuery script using .live() to load it’s page content.

$('#content').load("content.php?" + id);

Question: How can I deny a user from accessing the file content.php directly via a URL?

I tried to put this code on top of content.php but Access Denied appear in my #content div

if (!empty($_SERVER['SCRIPT_FILENAME']) && 'content.php' == basename($_SERVER['SCRIPT_FILENAME']))
    die('Access Denied');

What is the correct way to make sure users can’t access my content.php file using a URL?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You could use some sort of hashing. For example if content.php has the parameter id; you add an additional parameter hash which contains the MD5 hash of “‘some random string’ + id*15”. In content.php you check if the hash & id match; if not access denied.

    The computation has to be done in PHP (not ajax) because the user must not know the hashing algprithmus.

    With this method the user can look up the source code and access the page directly but you can’t disallow that completly because the browser need to access the page to show it. But the user can’t access pages he hasn’t accessed through ajax before. You could use some headers (HTTP_X_REQUESTED_WITH) to prevent most internet users to access the page directly but experienced users will change the header and access it anyway.

    • 0