how to prevent PHP's file_get_contents( )

Question

one of my php page returns data like this:

but someone else use file_get_contents() to get m

Answer 1

you can also use sessions. if somewhere in your application, before the user gets the json data, you start a session, then in this page where you are outputting json data, you can check for the session variable. this way only users that have passed the session generator page, can view your output. suppose you have page A.php that generates the session. use this code before outputting anything in this page.

session_start();
$_SESSION['approvedForJson'] = true;

then in your page where you are outputting json data, before outputting anything, call session_start() again. the beginning of your PHP code is a good place to call it. then before outputting the json data, check if the session variable for approved users exists, or not.

if ( isset($_SESSION['approvedForJson']) && $_SESSION['approvedForJson'] ) {
    echo "json data";
} else {
  // bad request
}