duanmao1919 2012-04-19 02:04
浏览 16
已采纳

仅允许PHP文件与之前网页的“授权”一起运行[重复]

Possible Duplicate:
AJAX only access

So I have these javascript functions I run depending on who won a contest.

function winA() 
{
var x = "<?php echo $id;?>"
$.ajax({ url: 'win.php' ,
         data: { id: x }
   }); 
}

function winB() 
{
var val = "<?php echo $i;?>"
$.ajax({ url: 'win.php' ,
         data: { id: val }
   }); 
}

The file win.php updates a MySQL with who won. What troubles me is if someone simply goes to

http://mysite.com/win.php?id=1

and refreshes it a whole lot of times I clearly will have some incorrect results on the MySQL server.

I am wondering exactly how one would make it so that URL could only be accessed when appropriate, via this ajax call. Alternatively make it so the win.php file only to actually execute when it has 'authorization' that expires after loading the php file.

Thanks in advance, Aaron.

  • 写回答

3条回答 默认 最新

  • douquanqiao6788 2012-04-19 02:24
    关注

    You could use a session, expanding from my comment:

    Main game page

    <?php
session_start();

//Do game....

//Decide Winner

$_SESSION['winner']='A'; //or B depending on who won

?>

    Then an AJAX request with blank params ect, just so won.php gets touched

    function win(){
  $.ajax({
    url: "win.php",
    cache: false
  }).done(function(html){
   //Dont do anything or you could get a response from the won.php request an update something
  });
 }

    Win.php

    <?php
session_start();

if(isset($_SESSION['winner'])){
    $winner=$_SESSION['winner'];
    //Do update ect

    //Unset Winner session var, by unsetting the user would need to play the game again to get it set
    unset($_SESSION['winner']);
}else{
    header('Location: ./index.php');
}

?>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥60 求一个简单的网页(标签-安全|关键词-上传)
  • ¥35 lstm时间序列共享单车预测,loss值优化,参数优化算法
  • ¥15 基于卷积神经网络的声纹识别
  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值
  • ¥15 我想咨询一下路面纹理三维点云数据处理的一些问题,上传的坐标文件里是怎么对无序点进行编号的,以及xy坐标在处理的时候是进行整体模型分片处理的吗
  • ¥15 CSAPPattacklab
  • ¥15 一直显示正在等待HID—ISP