How to check if the request is an AJAX request with PHP

Question

I would like to check server-side if a request to my php page is an ajax request or not   I saw two ways to do this   First way  sending a GET parameter in the request which tells the page that this is an AJAX request   mypage php ajax   mypage php   if isset   GET  ajax             this is an ajax request  process data here      Second way  set a header to the xmlHttpRequest   client-side js   xmlHttpRequestObject open    GET    url true   xmlHttpRequestObject setRequestHeader  X-Requested-With    XMLHttpRequest      mypage php   if   empty   SERVER  HTTP X REQUESTED WITH     amp  amp  strtolower   SERVER  HTTP X REQUESTED WITH        xmlhttprequest            request is ajax       The fact is  those two ways of doing it can easily be hacked  so it s not secure to check if i get an AJAX request like this   How can i check if i m receiving an AJAX request

User · Answer

Try below code snippet  if  empty   SERVER  HTTP X REQUESTED WITH         amp  amp  strtolower   SERVER  HTTP X REQUESTED WITH        xmlhttprequest               This is one ajax call

User · Answer

There is no sure-fire way of knowing that a request was made via Ajax  You can never trust data coming from the client  You could use a couple of different methods but they can be easily overcome by spoofing

User · Answer

Set a session variable for every page on your site  actual pages not includes or rpcs  that contains the current page name  then in your Ajax call pass a nonce salted with the   SERVER  SCRIPT NAME      lt  php function create nonce  optional salt           return hash hmac  sha256   session id    optional salt  date  YmdG    someSalt    SERVER  REMOTE ADDR         SESSION  current page       SERVER  SCRIPT NAME      gt    lt form gt     lt input name  formNonce  id  formNonce  type  hidden  value   lt   create nonce   SERVER  SCRIPT NAME      gt   gt     lt label class  form-group  gt      Login lt br   gt       lt input name  userName  id  userName  type  text    gt     lt  label gt     lt label class  form-group  gt      Password lt br   gt       lt input name  userPassword  id  userPassword  type  password    gt     lt  label gt     lt button type  button  class  btnLogin  gt Sign in lt  button gt   lt  form gt   lt script type  text javascript  gt         form login button   on  click   function             authorize     userName   val       userPassword   val       formNonce   val                  function authorize  authUser  authPassword  authNonce              ajax             type   POST             url    inc rpc php             dataType   json             data   userID   authUser   amp password   authPassword   amp nonce   authNonce                     success function  msg                   some successful stuff                    lt  script gt    Then in the rpc you are calling test the nonce you passed  if it is good then odds are pretty great that your rpc was legitimately called    lt  php function check nonce  nonce   optional salt            lasthour   date  G  -1 lt 0   date  Ymd    23    date  YmdG  -1      if  hash hmac  sha256   session id    optional salt  date  YmdG    someSalt    SERVER  REMOTE ADDR        nonce             hash hmac  sha256   session id    optional salt   lasthour  someSalt    SERVER  REMOTE ADDR        nonce                return true        else           return false            ret   array    header  Content-Type  application json    if  check nonce   POST  nonce      SESSION  current page            ret  nonce check      passed     else        ret  nonce check      failed     echo json encode  ret   exit    gt    edit  FYI the way I have it set the nonce is only good for an hour and change  so if they have not refreshed the page doing the ajax call in the last hour or 2 the ajax request will fail

User · Answer

This function is using in yii framework for ajax call check   public function isAjax             return isset   SERVER  HTTP X REQUESTED WITH     amp  amp    SERVER  HTTP X REQUESTED WITH        XMLHttpRequest

User · Answer

From PHP 7 with null coalescing operator it will be shorter    is ajax    xmlhttprequest     strtolower    SERVER  HTTP X REQUESTED WITH

User · Answer

headers   apache request headers     is ajax    isset  headers  X-Requested-With     amp  amp   headers  X-Requested-With       XMLHttpRequest

User · Answer

You could try using a   SESSION variable to make sure that a request was made from a browser   Otherwise  you could have the request sent through a database or file  server-side

User · Answer

Here is the tutorial of achieving the result   Example   if  empty   SERVER  HTTP X REQUESTED WITH     amp  amp  strtolower   SERVER  HTTP X REQUESTED WITH        xmlhttprequest           exit        continue       This checks if the HTTP X REQUESTED WITH parameter is not empty and if it s equal to xmlhttprequest  then it will exit from the script

[php] How to check if the request is an AJAX request with PHP

Examples related to php

Examples related to ajax

Examples related to xmlhttprequest