On an ajax request would this come up as the ip address of the server, or is there another way to confirm that the request is coming from the server directly?
$_SERVER['REMOTE_ADDR']
Printable View
On an ajax request would this come up as the ip address of the server, or is there another way to confirm that the request is coming from the server directly?
$_SERVER['REMOTE_ADDR']
The computer on which the Javascript is executing would process the request and that computer's IP would be on the server.
do you mean, you want to know if the ajax page is being requested from a page on your server or not?
use$_SERVER['HTTP_REFERER']
although it will work under normal usage, it is set by the user's browser, and can be changed or faked - so it's not good for anything critical.
if you need something more reliable, you could set a token in the session (much like you would in a form to prevent outside submissions):
on the first page (when user's session starts):
$_SESSION['userip'] = $_SERVER['REMOTE_ADDR'];
on the ajax page:
if($_SESSION['userip'] == $_SERVER['REMOTE_ADDR']){
/* request came from a legitimate visitor, so it's all good */
}
or something like that... never actually tried it before, but it ought to work.