こんにちは、このスクリプトを直接の URL から保護する方法について質問がありますか?
メンバーは 'pages/map/hospital.php?status=healed' に行くだけで、ほら、待ち時間は必要ありません。どうすればこれを修正できますか?!
<?php
$status = $_GET['status'];
if(isset($status)){
session_start();
include('../../includes/core/member.php');
include('../../includes/core/config.php');
$member_id = $_SESSION['member_id'];
if($status == 'healed'){
mysql_query("UPDATE `members` SET `now_health` = '".$m_max_health."' WHERE `member_id` = '".$member_id."'");
}
}else{
include('includes/core/member.php');
}
$health = $m_max_health - $m_now_health;
$wait_time = $health * 5;
?>
<p id='health'>Healing (<?=$wait_time?>)</p>
<script>
$('#health').one('click', function() {
var count = <?=$wait_time?>;
countdown = setInterval(function(){
$("p#health").html(count + " seconds remaining!");
if (count == 0) {
$.ajax({
url: 'pages/map/hospital.php?status=healed',
success: function(data) {
clearInterval(countdown);
$("p#health").html('you have healed');
}
});
}
count--;
}, 1000);
});
</script>