But if there is "bad" user which have login? So he can access to this page. But I need protect it from auth and unauth users. From unauth users of course I can protect it with SESSION, but how I can protect it from auth users?
On 24 апр, 04:46, donb <falconwatc...@comcast.net> wrote: > Session variables will be shared between the ajax page and the calling > page. So, if you log in the user somehow and store a session variable > that indicates they are logged in, just check that the appropriate > variable exists. > > On Apr 23, 8:30 pm, Colonel <tcolo...@gmail.com> wrote: > > > For example I have a page:http://mysite.com/content/index.php. > > On this page I use $.ajax: > > $.ajax({ > > type: "GET", > > data: "data=123456", > > dataType: 'html', > > url: "temp.php", > > error: function(msg) {...}, > > success: function(msg) {...}, > > complete: function() {...}}); > > > where temp.php -http://mysite.com/content/temp.php. On temp.php I use > > requests for DB with param from $.ajax - data=123456. > > > How I can protect page temp.php? For example, somebody > > typinghttp://mysite.com/content/temp.php?data=123456andthen he can get all > > results. > > > I found one solution - using if($_SERVER['HTTP_REFERER'] == "http:// > > mysite.com/content/") {....} > > > But Am not shure that it can realy protect my page? Or Am not right? > > > Thanks.
