In my ajax.php has:
if(urlvar(2) == 'uploadphoto'){
do... echo '<img... />';
}
But this functions is only called by a jquery, returning on a specific div.
But if I visit the URL: [http://localhost/projectname/ajax/uploadphoto], this page returns the result of function with some erros (because the parameters are sent by jquery)
How I can prevent returns, if the file is accessed without jquery?
*SOLVED:
Use this function in functions that cannot be accessed without jquery method.
function isHttpRequest()
{
if( @$_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
return true; //acessed by jquery
}
exit; // or return false -> from access the file without method
}
When you access the file via jQuery, you write something like:
method: "get" or method:"post" (The default, if not specified, is GET, I think)
So, at the beginning of your ajax.php - put:
if(!$_GET){
//[...the ajax.php code, here ...]
}
I personally create a hash in every form and i check if that hash is correct , this prevents people from submitting forms from other servers too and it may help in your situation http://code.tutsplus.com/tutorials/secure-your-forms-with-form-keys--net-4753 if the hash is wrong then it's abviously not coming from the form that it should come from
Modify your ajax.php to check if the request is an ajax call.
if(empty($_SERVER['HTTP_X_REQUESTED_WITH'])
|| strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) !== 'xmlhttprequest') {
// not an ajax request
} else {
if(urlvar(2) == 'uploadphoto'){
do... echo '<img... />';
}
}
Or just check at the beginning of ajax.php