I’ve gone around and looked for this solution for forever, here is my problem:
I have a file call function.PHP, which will receive POST data and execute PHP according to data, example:
if ($_POST["data"] == "delete") //Do something to delete something
if ($_POST["data"] == "reset") //Do something here
So basically I can Ajax from the same domain to make the file to run according to my data. Ajax absolutely can not cross domain here. My problem is in PHP, I found out a function call cURL() which can post data to my PHP site, and I have looked for a lot of methods on Google, but I can not find any solution to prevent people from cURL my site. I found out that they can use Session something, but even if I use Session, there always is a way to pass it (I’ve seen it while I made the search).
So my question is: Is there anyway to prevent people to post data to my site? I’m pretty sure they can not using Ajax, but I really am worried about cURL in PHP.
I appreciate for any suggestion.
Thank you guys in advanced.
[x]
Before you perform an action – check if current user has permissions to do that.
So there is no any special protection, just write your normal code (yes, in normal code you have to check permissions).
Actually (thanks to @alex) browser does the absolutely same work like curl does, so it is not even possible to detect whether you get request from browser or from cheater.