I've got a simple php script here that recieves a POST data from my ajax script. But i want to make sure that only my own ajax script can have a successful request from the page and not some other ajax scripts to avoid brute attacks as ajax requests are faster and can consume website resources . Please, help on how to go about this guys. Thanks in advance
Olagsfark 0 Newbie Poster
minitauros 151 Junior Poster Featured Poster
You could check from which website the user is referred to a page? Check out $_SERVER['HTTP_REFERER']. You can also add CAPTCHA validation to your form, which should be different for every form that is submitted. You store the correct CAPTCHA answer in a session when the form page is loaded, for example, and then validate if the answer is correct in the file in which the form data is processed.
By the way, AJAX requests are not simply always that much faster. It depends on which resources need to be loaded when you execute your AJAX file. If your base page needs to include 10 big files, and if your AJAX file needs those same files, you will have to include them again in your AJAX file, which does not necessarily speed up your application that much.
Oh and another thought: not only AJAX files are accessible through $_POST. Regular pages with a form on it can also be read; the target of a form can always be accessed.
Noranterry 0 Newbie Poster
if you want to just get your ajax requests your php code, then you must pass token pass a variable type as well as any other variable you pass, then you should validate it on the server with php, Greetings
Olagsfark 0 Newbie Poster
Thanks man, i've got it worked out with a session variable
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.