问题
I am working on a problem where i want to restrict a user to open a PHP page This is my javascript-
<script>
$('input[id=f1email1]').on('blur', function(){
var k = $('input[id=f1email1]').val();
if (k != "")
$('span[id=showEmail]').load('emailCheck.php?email=' + k);
});
</script>
emailCheck.php can be accessed directly by typing into the browser and this might leak some information. I cannot even redirect the page because it connects me to database.
What can I do?
回答1:
There is no difference between a request made by Ajax and any other HTTP request (so you can't reliably distinguish between them, so you cannot prevent the URL from being visited directly if a user wants to visit it directly).
If the page contains information that the user shouldn't be able to get to, then don't put it in the page.
来源:https://stackoverflow.com/questions/18189464/how-to-restrict-user-to-open-a-existing-php-page