hi
i hav a front page from which an ajax page is called and an text field is written in the front page using this ajax page.
I need to validate the user access for this page:
1.the ajax page should be executed only when it is called via ajax(i,e) when the ajax page URL is typed in the address bar it should not show its contents.
2.or the parent page(i,e) the front page url should be taken without the knowledge of the users in the ajax page (i,e) without passing the url into the ajax page via js. so that i can validate valid users to access the ajax page.
Any ideas??
regards
vijay
7  5088   Ciary 247
Recognized Expert New Member
actually it isn't that difficult. you just do an ajax request using POST. there you send the URL of your main page. then in your PHP page, you detect if your $_POST['url'] is empty. if it isnt, you execute the php on your page.
EDIT:
some example code -
function send(){
-
XMLHttpRequestObject = GetXmlHttpObject();
-
var sended = "data="+data+"&url="+url;
-
var request = "yourpage.php";
-
XMLHttpRequestObject.open("POST",request,true);
-
-
XMLHttpRequestObject.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
-
XMLHttpRequestObject.setRequestHeader("Content-length", sended.length);
-
XMLHttpRequestObject.setRequestHeader("Connection", "close");
-
-
XMLHttpRequestObject.send(sended);
-
}
-
this would be your request object but i guess you already have that. -
function GetXmlHttpObject() {
-
try{
-
XMLHttpRequestObject = new ActiveXObject("MSXML2.XMLHTTP");
-
}catch(exception1){
-
try{
-
XMLHttpRequestObject = new ActiveXObject("Microsoft.XMLHTTP");
-
}catch(exception2){
-
XMLHttpRequestObject = false;
-
}
-
-
if(!XMLHttpRequestObject && window.XMLHttpRequest){
-
XMLHttpRequestObject = new XMLHttpRequest();
-
}
-
}
-
-
return XMLHttpRequestObject;
-
}
-
yes probably i can do like that.,
but in this case as u said when i post data from the front page to the ajaxpage it can be viewed by the user when he views the pagesource and the user can access it by just posting the data directly into the ajax page from his own designed html page.
this should not be done...
Dormilich 8,658
Recognized Expert Moderator Expert
most people won't do that, because
- they don't know anything about how websites work
- they don't want to (or don't care)
- it's too much work to do
despite that, you still can use a session to prevent "unauthoriz ed" access. but you can't stop people looking at your code. another possibility would be using Java Applets (but that's a totally different story)
Ciary 247
Recognized Expert New Member
other things you can do to secure it: putting your ajax request in a seperate js-file. or use SSI file. this will prevent the code from showing in pagesource.
one thing you'll never be able to work around is firebug. it will always make your Ajax requests readable. so whats the point in trying to hide it?
posting data is very difficult(as dormilich said) thats why most 'secure' Ajax-requests use posts rather then get.
Markus 6,050
Recognized Expert Expert @vjayis
It's not a huge deal where the data comes from, as long as it is validated/sanitised.
thanks for ur reply guys.
Frinavale 9,735
Recognized Expert Moderator Expert
Vjayis,
If your ajax page contains sensitive data that should only be displayed to people who are authorized (have permissions) to view this content you should consider implementing a system for user authentication/authorization (as Dormilich suggested in post 3).
This should be implemented in your server code because, as you have discovered, it's hard to do using a client side approach.
Sign in to post your reply or Sign up for a free account.
Similar topics | |
by: Yarco |
last post by:
I want to use "Ajax" to create my web for hobby.
But i don't know whether "Ajax" is mature...
And what about with php? Someone have experience on it?
....
|
by: Steve |
last post by:
I need to build a very dynamic client and would be interested in knowing the pros and
cons of using JSF and Ajax to accomplish this.
Thanks.
Steve
|
by: Jayyde |
last post by:
Is there any way to capture a button click inside an iFrame and
perform both an action on that page and one on the parent page?
Basically I have a page atm that allows the user to add a record to a
table and what I would like to have are save and cancel buttons (or
maybe just a save button with a close image on the DHTML "window") on
the page that, when save is clicked for instance, will save the record
(code in that page) and close the...
|
by: =?Utf-8?B?U2hhd24gU2VzbmE=?= |
last post by:
Greetings! I was researching AJAX to provide a solution to displaying status
messages while a long process executed. I found several examples online and
was able to use their code to get a quick application working. However, when
attempting to implement the solution, the AJAX calls weren't updating the
screen like the examples were and seemed not to fire until after the long
running process had completed.
I found the only real...
|
by: jaynick |
last post by:
Hello, everyone! I'm hoping that someone in this forum will be kind enough to help me out. I am having a Javascript issue related to Ajax and I just can't seem to figure it out. I am currently using the following Javascript code for Ajax purposes and it works perfectly:
<script language = "javascript">
var XMLHttpRequestObject = false;
if (window.XMLHttpRequest) {
XMLHttpRequestObject = new XMLHttpRequest();
} else if...
| | |
by: =?Utf-8?B?V2FubmFiZQ==?= |
last post by:
The following used to update a parent page:
ClientScript.RegisterStartupScript(typeof(Page), "ReloadParent",
"window.opener.location.href = 'ProjectOverview.aspx?projectID=" +
Request.QueryString.Get("projectID") + "';", true);
I added some Ajax, using the Ajax Toolkit, to the page, and now the script
does not update the parent. Is there a better way to update a parent page
than what I have above that will work with Ajax?
|
by: soms2m |
last post by:
HELLO ALL,
I want to fill the parent window height with respect to the sub window height which is loading using ajax (mootools).
For example if the parent window height is normal and the loading child window height is 1200px (saying), when the child window load the height of the parent window changs but the backgorund color which is given 100% not fill the parent window.
I have given my example codes, please give a solution as soon as...
|
by: =?Utf-8?B?R2VyaGFyZA==?= |
last post by:
I have run into a situation that if a page/tab that uses the Ajax toolkit
(using .net version 3.5) is closed before the Ajax enable controls complete
loading, then IE locks up. Does it in both IE7 and IE8. There is no issue
when the controls are allowed to complete loading.
Can you please tell me the best practice that handles this?
Thanks.
|
by: Bali |
last post by:
Default.aspx is the starting page containing a control(ascx) which
has
asp:button control on it. On the button click event it has to open a
new page as a modal control. Since refreshing a page in a dialog box
ended up opening up a new browser window with the aspx page, I read
on
a forum that I should use the iframe control and since I have to open
a bunch of pages as diaogboxes, I created a general
page(Container.aspx) which has an...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
