1
Say guys I’m in a little trouble, I’m making a system that generates points for members only to generate it has to wait for 30 seconds on a specific page, after these 30 seconds I use (script) to call this file. So far so good, but there is always a smart guy who likes to search the source code and if he finds the file that is in the script there is it is already he will put in the browser and keep giving enter and generating points without waiting the 30 seconds.
And then someone has some hint of how I can block this file, so that it only works via js and on this specific page.
i did the test so put in the . htaccess
<FilesMatch "gerapontos\.php$>
order allow,deny
deny from all
</filesmatch>
he blocks on time, more tb blocks for me call him via js. :(
Sending some data via js? can put the code that does this sff
– Miguel
yes usage, that.. <script> $.get('gerapontos.php', Function(data) { });</script>
– jeffersondp
Who can help, Nav-tabs opening by URL
– Alisson Hoepers
This then you have to protect from the PHP side, there is no hiding anything that goes to the browser. View responses from the link above, and linked and related posts in the link described in the right margin of the page. Use sessions in PHP when logging in, and note in the
gmtime()
last request. If the interval is less than 30s, do not allow the addition,.– Bacco