Block right access to file called by Ajax function

Asked

Viewed 24 times

1

I’m adding layers of protection to a small system I own in PHP. In the requests via ajax, for example, I use the following code below to prevent people directly access the files that are called via Ajax.

if(!$_SERVER['HTTP_X_REQUESTED_WITH']){ //AQUI REDIRECIONO O USUÁRIO 'MAL INTENCIONADO' PARA UMA OUTRA PÁGINA }

Works perfectly! However, for a specific request type, which refers to Upload images, I was unable to make this validation work. It bars the operation of Upload. Below is the javascript code:

jQuery( "#profile-exp" ).photos( {
                    allowedFileSize: 5242880,
                    url: "../processupload.php",
                    type: "post",
                    dataType: "json",
                    quality: 1,
                    progress: false
                } );

The file in question would be processupload.php. That is, I would like to make it inaccessible for anyone who tries to access it directly via URL.

I have already tested another possibility, but also without success. Below:

function isHttpRequest() {
if( @$_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
    return true;
}
return false;

}

Later I intend to implement a Token to increase security.

What mistake am I making about the request above? I did several searches on Google and on the Stackoverflow repository itself.

No answers

Browser other questions tagged

You are not signed in. Login or sign up in order to post.