Member Avatar for Olagsfark

I've got a simple php script here that recieves a POST data from my ajax script. But i want to make sure that only my own ajax script can have a successful request from the page and not some other ajax scripts to avoid brute attacks as ajax requests are faster and can consume website resources . Please, help on how to go about this guys. Thanks in advance

  • 3 Contributors
  • 3 Replies
  • 537 Views
  • 15 Hours Discussion Span
  • Latest Post Latest Post by Olagsfark

Recommended Answers

All 3 Replies

Member Avatar for minitauros

You could check from which website the user is referred to a page? Check out $_SERVER['HTTP_REFERER']. You can also add CAPTCHA validation to your form, which should be different for every form that is submitted. You store the correct CAPTCHA answer in a session when the form page is loaded, for example, and then validate if the answer is correct in the file in which the form data is processed.

By the way, AJAX requests are not simply always that much faster. It depends on which resources need to be loaded when you execute your AJAX file. If your base page needs to include 10 big files, and if your AJAX file needs those same files, you will have to include them again in your AJAX file, which does not necessarily speed up your application that much.

Oh and another thought: not only AJAX files are accessible through $_POST. Regular pages with a form on it can also be read; the target of a form can always be accessed.

Member Avatar for Noranterry

if you want to just get your ajax requests your php code, then you must pass token pass a variable type as well as any other variable you pass, then you should validate it on the server with php, Greetings

Member Avatar for Olagsfark

Thanks man, i've got it worked out with a session variable

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.