I know this question has been asked several times but I am still struggling and fail to comprehend the answers provided already.
I have a side bar with a category "abc". On clicking a pop up div loads asking the user to login or register. Once the user logs in it loads the page "xyz.php" through ajax:
{
var dataString1 = 'emaillogin=' + emaillogin + '&submitted=1';
$.ajax({
type: "POST",
url: "xyz-login.php",
data: dataString1,
beforeSend: function()
{
//Show loading image
},
success: function(response)
{
//Check to see if the message is sent or not
window.location='http://www.123.com/xyz.php';
$("#emaillogin").val('Email');
}
});
}
Hence on success I load the URL. However, I want to prevent users from directly accessing the URL which would make them bypass login. How do I prevent this? Do I block this inside the ajax call?Should I add it to the xyz.php page and check there whether XmlHttpRequest is in the header of the request. Can somebody explain how and where does can the check be applied to?