Sanks Sanks - 27 days ago 8
PHP Question

Codeigniter - Restricting direct access to controller functions from URL call

I want to know if there is any way through which I can restrict access to my controller functions through URL. But I want to give them a call through my link in the site. For example if I have a link in my site which points to a controller function:

<a href='test/function'>Call me</a>


But I don't want the controller function to be called when I place the above URL in my browser address bar. Can anyone help with this?

Answer

As you stated in the comment, that if you want to load the link via AJAX:

Your markup:

<a href="test/function" data-key="abc">

Your jquery:

$('a').on('click',function(){
    var data = $(this).data('key');
    $('#result').load($(this).attr("href") + '?key=' + data);
});

Then in you CodeIgniter controller, you check to see if your key is present and matches ("abc"), else you return a 403 or something simillar.

Also, you could of course check the $_SERVER['HTTP_REFERER'] to see where the user came from (this is however quite easily spoofed) and only allow access when the GET-request is made from your own site.