#StackBounty: #javascript #php #jquery #ajax #cordova PhoneGap Allow (Ajax Request) Server side PHP files access just for this app (Sec…

Bounty: 50

I have created a android app using PhoneGap (PhoneGap is a tool which supports you to create apps using the web languages like HTML, CSS, and JavaScript.).

This is my function.


    $(document).ready(function() {
        $("#insert").click(function() {
            var title = $("#title").val();
            var duration = $("#duration").val();
            var price = $("#price").val();
            var dataString = "title=" + title + "&duration=" + duration + "&price=" + price + "&insert=";
            if ($.trim(title).length > 0 & $.trim(duration).length > 0 & $.trim(price).length > 0) {
                $.ajax({
                    type: "POST",
                    url: "http://www.example.com/test/insert.php",
                    data: dataString,
                    crossDomain: true,
                    cache: false,
                    beforeSend: function() {
                        $("#insert").val('Connecting...');
                    },
                    success: function(data) {
                        if (data == "success") {
                            alert("inserted");
                            $("#insert").val('submit');
                        } else if (data == "error") {
                            alert("error");
                        }
                    }
                });
            }
            return false;
        });
    });
    

This function should update the table which is on the server using http://www.example.com/test/insert.php. It works fine without any problems when the app is installed on a android phone.

But other users could easily update my table using above function. I mean if they know the URL (http://www.example.com/test/insert.php) they can also update my table passing necessary post requests.

How do I prevent this from happening? How could I allow accessing the page http://www.example.com/test/insert.php limited to just my app. I mean if request are coming from my app http://www.example.com/test/insert.php it should work.


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.