I tried to google my problem but I don´t even know exactly how to ask my question: When the user performs one specific event on my site I would like to call this function, which increases the credit of an other user in a mysql database:
function incrasecredit(){
$.ajax({
type: "POST",
url: "/increasecredit.php",
data: {},
success: function(html) {
}
});
}
...easy. The problem is (as the script name indicates) that this event is connected to a "credit-system" / money. So I guess it should be secure. "/increasecredit.php" should not be accessed by the user in any other way. E.g. simply by executing it via the browser. Only in this special case when I call it in my jquery script. To be more precise when the user clicks on an iframe, incrasecredit() should be executed. And ONLY in this case. How can I protect this script from beeing executed in a wrong way? I tried to solve it with tokens but didn´t figure it out, yet. I have the feeling I don´t get the bigger picture. Thanks in advance.