I have an jquery ajax request that calls a PHP script that will send an email. This email is happening from the admin, so a user must be authenticated in order to be able to do this. I've got two questions:
- How can I lock this PHP file down from somebody being able to go directly to the path in the browser and keep submitting it?
- How do I only run the file if the user is authenticated?
PHP:
$emailer = new GiftCardEmailer();
$emailer->SendGiftCardEmail($gift_card);
jQuery:
$(document).ready(function() {
var status = $('p#status');
status.hide();
$('#sendemail').click(function() {
$.ajax({
url: 'mail-handler.php',
beforeSend: function() {
status.fadeIn();
status.html('<img src="images/ajax-loader.gif" />');
},
success: function( data ) {
if (console && console.log){
console.log( 'Sample of data:', data.slice(0,100) );
}
status.html('Email Sent Successfully.');
setTimeout(function() {
status.fadeOut();
}, 4000);
}
});
});
});