CXM_Julien Posted November 23, 2015 Share Posted November 23, 2015 Hello, in my admin module i am calling a PHP file with some ajax to change some prices in the database but anyone can run this script from outside so my question is, how can i secure the ajax call? i found some thing related to tokens and secure_key but i did not get it at all... Link to comment Share on other sites More sharing options...
garciasanchezdani Posted November 23, 2015 Share Posted November 23, 2015 (edited) Hi, in the file which receives the ajax call, you should check if the current user (connected user) has the administrator privileges... ( or the privileges to change the prices of the products ) Regards, Edited November 23, 2015 by garciasanchezdani (see edit history) Link to comment Share on other sites More sharing options...
CXM_Julien Posted November 23, 2015 Author Share Posted November 23, 2015 Thank you but where can i get these informations? There is almost no documentations for Prestashop (maybe i don't know where to find it also) Link to comment Share on other sites More sharing options...
CXM_Julien Posted November 25, 2015 Author Share Posted November 25, 2015 Found a way of checking if the current user has the administrator privileges by doing this include_once('../../config/config.inc.php'); include_once('../../config/settings.inc.php'); include_once('../../classes/Cookie.php'); $cookie = new Cookie('psAdmin'); if ($cookie->profile != 1) { die(); } Is that really secure? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now