Codeigniter - Restricting direct access to control

2019-05-20 04:00发布

站内问答 / PHP
1421 5 5

I want to know if there is any way through which I can restrict access to my controller functions through URL. But I want to give them a call through my link in the site. For example if I have a link in my site which points to a controller function:

<a href='test/function'>Call me</a>

But I don't want the controller function to be called when I place the above URL in my browser address bar. Can anyone help with this?

5条回答
姐就是有狂的资本
2楼-- · 2019-05-20 04:11

As you stated in the comment, that if you want to load the link via AJAX:

Your markup:

<a href="test/function" data-key="abc">

Your jquery:

$('a').on('click',function(){
    var data = $(this).data('key');
    $('#result').load($(this).attr("href") + '?key=' + data);
});

Then in you CodeIgniter controller, you check to see if your key is present and matches ("abc"), else you return a 403 or something simillar.

Also, you could of course check the $_SERVER['HTTP_REFERER'] to see where the user came from (this is however quite easily spoofed) and only allow access when the GET-request is made from your own site.

查看更多
0人赞 添加讨论(0) 举报
狗以群分
3楼-- · 2019-05-20 04:22

Solution: put this code at the beginning of every controller method

if (defined('BASEPATH') && !$this->input->is_ajax_request()) 
    exit('No direct script access allowed');
查看更多
0人赞 添加讨论(0) 举报
老娘就宠你
4楼-- · 2019-05-20 04:28

This really helped. I also added this as an added check 

$allowed_host = gethostname();
$host = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST);
if(substr($host, 0 - strlen($allowed_host)) != $allowed_host)
  $this->redirect('/home');`
查看更多
0人赞 添加讨论(0) 举报
萌系小妹纸
5楼-- · 2019-05-20 04:29

This is not possible. Apache and, consequently CodeIgniter, is allowing access to your PHP script to the outside world whether through a manually entered browser URL or through a visited hyperlink. Both scenarios connect to your web application in the exact same way, but they just get there differently.

You can allow access to only your CodeIgniter scripts (i.e. prevent public users from accessing a controller) by using:

if ( ! defined('BASEPATH')) exit('No direct script access allowed');

As Marcus has pointed out, you could use something like:

if (!$_SERVER['HTTP_REFERER']) $this->redirect('/home');

But it's often very inconsistent.

查看更多
0人赞 添加讨论(0) 举报
我只想做你的唯一
6楼-- · 2019-05-20 04:31 
 In view: `<input type="hidden" value="1" name="back">`

 put inside your function in Controller: 


if(($this->input->post('back'))==1)
              {
                echo " what you want do here";
              }
              else
              {
                 $this->load->view('template',array('welcome_page')) ;
              }

form validation you will put inside this if condition..This will definitely work..

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)