I want to know if there is any way through which I can restrict access to my controller functions through URL. But I want to give them a call through my link in the site. For example if I have a link in my site which points to a controller function:
<a href='test/function'>Call me</a>
But I don't want the controller function to be called when I place the above URL in my browser address bar. Can anyone help with this?
As you stated in the comment, that if you want to load the link via AJAX:
Your markup:
<a href="test/function" data-key="abc">
Your jquery:
$('a').on('click',function(){
var data = $(this).data('key');
$('#result').load($(this).attr("href") + '?key=' + data);
});
Then in you CodeIgniter controller, you check to see if your key is present and matches ("abc"), else you return a 403 or something simillar.
Also, you could of course check the $_SERVER['HTTP_REFERER'] to see where the user came from (this is however quite easily spoofed) and only allow access when the GET-request is made from your own site.
This is not possible. Apache and, consequently CodeIgniter, is allowing access to your PHP script to the outside world whether through a manually entered browser URL or through a visited hyperlink. Both scenarios connect to your web application in the exact same way, but they just get there differently.
You can allow access to only your CodeIgniter scripts (i.e. prevent public users from accessing a controller) by using:
if ( ! defined('BASEPATH')) exit('No direct script access allowed');
As Marcus has pointed out, you could use something like:
if (!$_SERVER['HTTP_REFERER']) $this->redirect('/home');
But it's often very inconsistent.
Solution: put this code at the beginning of every controller method
if (defined('BASEPATH') && !$this->input->is_ajax_request())
exit('No direct script access allowed');
This really helped. I also added this as an added check
$allowed_host = gethostname();
$host = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST);
if(substr($host, 0 - strlen($allowed_host)) != $allowed_host)
$this->redirect('/home');`
In view: `<input type="hidden" value="1" name="back">`
put inside your function in Controller:
if(($this->input->post('back'))==1)
{
echo " what you want do here";
}
else
{
$this->load->view('template',array('welcome_page')) ;
}
form validation you will put inside this if condition..This will definitely work..
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 女痞 的文章《Codeigniter - Restricting direct access to control》','https://www.manongdao.com/article-855825.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}