Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
spido2021-12-11 20:42:15
AJAX
spido, 2021-12-11 20:42:15

How to prevent a function from working outside the form page?

Greetings!

The site engine is built on MVC.

There is a page on the site that has a registration form.
The registration.html page address is generated from the Login.php controller, the registration() page function.

public function registration() {  
        return View::fetch($this->template_dir . 'registration');
    }

The address of the registration page is obtained.
https://site.ru/Login/registration.html

The page https://site.ru/Login/registration.htmlhas a registration form, which is processed by another controller: Connectemail.php, send_mail() function.
The form parameters are passed to the send_mail() function and the form is processed.
<form method="post" action="/Connectemail/send_mail">
<input type="text" name="user_email"  />
<input type="text" name="user_name"  />
</form>

You can also run the form function separately
https://site.ru/Connectemail/send_mail.html?user_name=vaska&[email protected]


Question: how to disable the link
https://site.ru/Connectemail/send_mail.html?user_name=vaska&[email protected]

to work out independently, outside the page with the form, which is located at
https://site.ru/Login/registration.html?

Suppose the send_mail() function is in the Connectemail.php controller,
I define the controller and allow the function to work only on the Login.php controller page
public function send_mail() {
      //разрешаю работу функции только на странице контроллера Login.php
       $controller=request()->controller();
       if ($controller != 'Login') {
         echo lang('Системная ошибка');
         exit;
       }
      // бла-бла, код функции
}

But then the function stops working everywhere.

Then I tried to do this:
In the Connectemail.php controller, the send_mail() function allows the function to work only on the Login.php controller page in which I specified define("LOGIN_VERIFY_MODE", true);
public function send_mail() {
      //разрешаю работу функции только на странице контроллера Login.php у которого я указал define("LOGIN_VERIFY_MODE", true);
       if (!defined("LOGIN_VERIFY_MODE")) {
            header("HTTP/1.1 404 Not Found");
            echo "Not Found";
            exit(1);
        }
      // бла-бла, код функции
}

But the send_mail() function in the Connectemail.php controller does not see the defined define("LOGIN_VERIFY_MODE", true); in the Login.php controller.

What am I doing wrong?
Thanks in advance for your response.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
F
FanatPHP, 2021-12-12
@FanatPHP

Before building site engines using MVC, you must first read the web development primer.
And learn from it that
- PHP runs on the server. And all forms are displayed in the user's browser.
- PHP is restarted on each request. - there are no PHP functions
on the page with the form . PHP with all its functions remained on the server
- PHP knows nothing about any pages. It only sees HTTP requests. Which do not come "from the pages", but from the HTTP client. Which may be a browser, or may be any other program. But even if the browser, then again, the request does not come "from the page". And from the client's HTTP. In theory, the client can tell the server what page it requested before, but as the adjacent answer rightly states, this information is easy to fake.
- all the values ​​of the constants set about calling one script also remained on the server , and if after that you turn to a completely different script , then he knows nothing about what the first one did.
And already independently draw a conclusion from this information that
It is impossible to prevent "the link from working on its own, outside the page with the form".
And here we move on to the next question.
Why did robots from all over the world suddenly break the chain and try to register on the site?
And because for some reason, instead of registering, the script is called send_mail.
And bots love to write letters. And as soon as they find a script that sends mail, they immediately begin to pull it, like a calf - mom's boobs.
In order for them to stop, it is enough just to call a spade a spade . And from the registration page, send the client not to the script that sends mail, but to the script that handles the registration .

Similar questions
I
Igor2017-09-14 11:13:18
How to style form validation in Drupal? 2Reply
D
Den2992020-01-08 14:05:46
Submitting the form without reloading. Ajax code in a file with fields. How to make the form work without reloading? 0Reply
D
dicem2020-01-23 16:56:14
Why is a GET request converted to OPTIONS in axios? 1Reply
V
Vladimir Pogodaev2020-03-16 15:56:38
How to check the filled fields on ajax when sending data to the mail? 2Reply
R
RZ2018-01-24 22:40:44
Is it ok to create an XMLHttpRequest instance on every ajax request? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question