1
I’m adding layers of protection to a small system I own in PHP. In the requests via ajax, for example, I use the following code below to prevent people directly access the files that are called via Ajax.
if(!$_SERVER['HTTP_X_REQUESTED_WITH']){ //AQUI REDIRECIONO O USUÁRIO 'MAL INTENCIONADO' PARA UMA OUTRA PÁGINA }
Works perfectly! However, for a specific request type, which refers to Upload images, I was unable to make this validation work. It bars the operation of Upload. Below is the javascript code:
jQuery( "#profile-exp" ).photos( {
allowedFileSize: 5242880,
url: "../processupload.php",
type: "post",
dataType: "json",
quality: 1,
progress: false
} );
The file in question would be processupload.php. That is, I would like to make it inaccessible for anyone who tries to access it directly via URL.
I have already tested another possibility, but also without success. Below:
function isHttpRequest() {
if( @$_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
return true;
}
return false;
}
Later I intend to implement a Token to increase security.
What mistake am I making about the request above? I did several searches on Google and on the Stackoverflow repository itself.