checking which originatin page called the script. - The Geek Culture Forums

The Geek Culture Forums

checking which originatin page called the script.

profile | register | preferences | faq | search

UBBFriend: Email This Page to Someone!

next newest topic | next oldest topic

Author	Topic: checking which originatin page called the script.
mephisto Highlie Posts: 601 From: Registered: Feb 2001	posted June 15, 2002 09:57 i was thinking of using http_referrrer environment variable to check where a page was being requested from but it can be faked easily. i want to let only one page call the script. is there any way you guys know how to do it and can help me out? its php code by the way. IP: Logged
quantumfluff Uber Geek Posts: 844 From: under the mouse pad Registered: Jun 2000	posted June 15, 2002 17:09 Yes. referrer is easy to fake. I'm the author of a web page fetching tool which has that, along with browser impersonation, as one of it's options. Do do this you have to resort to much more advanced methods. The usual way is to establish a session with the browser. You would have the entry page initiate the session, and have the protected page check for the session, but never create it. I don't do PHP, so I don't know what they have built in, but it make do it. Sadly, this still doesn't win. Someone could still write a script which would visit the first page, start the session and immediatly go to the second page. Yahoo found this out with their free mail system. That's why they have the image which you have to read the word from. (If you don't know what I'm talking about, sign up for a yahoo mail account and see). Unless you resort to something that absolutely requires a human to read the page, someone will be able to script around it. IP: Logged
mephisto Highlie Posts: 601 From: Registered: Feb 2001	posted June 17, 2002 21:00 code: <? $referers = array ('www.monkeys.com' , '216.XX2.XX8.XX'); if($referers) { if (count($referers)) { $found = false; $temp = explode("/",getenv("HTTP_REFERER")); $referer = $temp[2]; for ($x=0; $x < count($referers); $x++) { if (ereg ($referers[$x], $referer)) { $found = true; } } if (!$found) { $error_no = 4; } } else { return true; // not a good idea, if empty, it will allow it. } } ?> does this look right people? i'm new to php.....just need help with this IP: Logged
mephisto Highlie Posts: 601 From: Registered: Feb 2001	posted June 18, 2002 10:40 Its okay I'm using sessions now. thanks qf..... IP: Logged
Super Flippy Super Geek Posts: 156 From: South Carolina Registered: Jan 2002	posted June 18, 2002 19:53 If I may, I'd like to point you towards a favorite site of mine that's a great place for asking these sorts of questions (not that Geek Culture isn't, this is just more specialized). www.hiveminds.info is where everyone from C\|Net's Builder Buzz community went after the company more or less shut it off. The folks there are friendly web developers who know their stuff. (I don't feel bad about semi-spamming this thread b/c I've also promoted GC to the Hiveminds community. This sort of thing got me in trouble in high school; why can't I leave well enough alone? ) IP: Logged

All times are Pacific Time	next newest topic \| next oldest topic
Administrative Options: Close Topic \| Archive/Move \| Delete Topic
	Hop to:

Contact Us | Geek Culture Home Page

� 2002 Geek Culture� All Rights Reserved.

Powered by Infopop www.infopop.com © 2000
Ultimate Bulletin Board 5.47e