Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to determine where posted or remote script is coming from 1

Status
Not open for further replies.
tyhand

tyhand

Programmer
Joined
Jul 3, 2002
Messages
186
Location
US
Hi all,

I have a website, herein called website "A", that has
a CGI script that posts (action = "post") to a PHP script
on another website, herein called website "B".

How can I tell from within the PHP script in website
"B" that the CGI script is actually coming from
website "A"?

Is there a function call for this? I've been browsing
php.net but haven't found any references. Any an all help,
ideas or references is greatly appreciated. Thanks. Peace!

T Y H A N D
 
Sort by date Sort by votes
in the $_SERVER array there should be a $_SERVER[HTTP_REFERER] value .. which is where the call originated.



______________________________________________________________________
There's no present like the time, they say. - Henry's Cat.
 
Upvote 0 Downvote
However with $_SERVER['HTTP_REFERER'] there are ways to "fake" these values as they are passed with the HTTP request.
If you administer server A and server B I would institute a scheme that sends an encrypted parameter with the request. Only if server B correctly decrypts the passed item it will proceed to take the posted values and process them.
 
Upvote 0 Downvote
$_SERVER['HTTP_REFERER'] is an arbitrary value that is reported in an HTTP header provided by the client software. As DRJ478 has said, it can be forged. Also that value is only reported when the client software has been configured to do so -- otherwise, the value is not present at all. Also, if client software goes directly to a URL, it wasn't referred there, so the value will be blank anyway.

But in any regard, $_SERVER['HTTP_REFERER'] doesn't tell you anything about from where the client software is connecting. It tells you, when present and not forged, the URL of the page which sent the client software to your site, not from where the client software is connecting.

If you need to know from where the client software is coming, use $_SERVER['REMOTE_ADDR']. It tells you the IP address with which the client software connected.



Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

P
  • Locked
  • Question Question
JPgraph - How to stop a line graph from dropping to zero?
Replies
2
Views
979
Chris Miller
Chris Miller
W
  • Locked
  • Question Question
how to send checked row data in php
Replies
0
Views
619
wiltang2004
W
R
  • Locked
  • Question Question
How Can I Use MySQL To Send Data To An Email
Replies
1
Views
879
Chris Miller
Chris Miller
rogerte
  • Locked
  • Question Question
How to parse associative array
Replies
13
Views
3K
Chris Miller
Chris Miller
ersatz
  • Locked
  • Question Question
How to send 2 select from mysql database in email like tables
Replies
5
Views
1K
ersatz
ersatz

Part and Inventory Search

Sponsor

Back
Top